From harri at afaics.de Sat Jan 2 14:54:28 2016 From: harri at afaics.de (Harald Dunkel) Date: Sat, 2 Jan 2016 15:54:28 +0100 Subject: [Freeipa-users] NIS support gone with 4.2? Message-ID: <5687E4A4.5010502@afaics.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi folks, Using FreeIPA 4.2 (Centos 7.2) I have enabled NIS support as described in Red_Hat_Enterprise_Linux-7-Linux_Domain_Identity_Authentication_and_Policy_Guide-en-US.pdf 14.5.2 "Enabling the NIS Listener". Esp. I ran ipa-nis-manage enable ipa-compat-manage enable systemctl enable rpcbind and rebooted the server. Next: # ipa-nis-manage enable Directory Manager password: Plugin already Enabled # ipa-compat-manage status Directory Manager password: Plugin Enabled Problem: ypcat woes # ypcat -h localhost -d example.com passwd No such map passwd.byname. Reason: No such map in server's domain # ypcat -h localhost -d example.com group No such map group.byname. Reason: No such map in server's domain AFAICS this is not supposed to happen. I am stuck due to this problem. Every helpful comment is highly appreciated. Harri -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJWh+SkAAoJEAqeKp5m04HLkxAH/3ZPdRN1FHhLU6oWAkxJlqOu ftCgIxSP4nYYUdJdnZxcTyDF7INmIDQOgKCJ0uGImmNwBo/YAmEfsYyF+V8SMcqR pkZxZfDiNI3+mbREvJnwX7GWrz7q0AP76IzfQSHNjhzS1dTJDQcq1bjZTx+sX/Rq 9HputYQZhbhCaDVlyuJ8WkG6j13l6CnVzX9WL7SeR6KdvEYma3Uo/yXqEyqZTCAB Of7794UH9Vuw4+315g6OqmKSFzsBkGBwL9RuBrrXWY2ccDbHu2Xa5jDeqfHJXvq+ 5aBp/+3xiDT4OU5js+PXnVYPJsNeu5eeCvDMq+A2/5hU0weTM2vATHZDXANJGNA= =Zm2r -----END PGP SIGNATURE----- From harri at afaics.de Sat Jan 2 13:08:44 2016 From: harri at afaics.de (Harald Dunkel) Date: Sat, 02 Jan 2016 14:08:44 +0100 Subject: [Freeipa-users] NIS support gone with 4.2? Message-ID: <87a8oonn6r.fsf@cecil.afaics.de> Hi folks, I have enabled NIS support as described on https://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/migrating-from-nis.html Esp. I have run ipa-nis-manage enable ipa-compat-manage enable systemctl enable rpcbind and rebooted the FreeIPA server (Centos 7.2, FreeIPA 4.2 as shipped). Problem: Basic verification on the ipa server failed # ypcat -h localhost -d example.com passwd No such map passwd.byname. Reason: No such map in server's domain # ypcat -h localhost -d example.com group No such map group.byname. Reason: No such map in server's domain Every helpful hint is highly appreciated. Regards Harri From harald.dunkel at aixigo.de Sun Jan 3 08:54:04 2016 From: harald.dunkel at aixigo.de (Harald Dunkel) Date: Sun, 3 Jan 2016 09:54:04 +0100 Subject: [Freeipa-users] NIS support gone with 4.2? In-Reply-To: <5687E4A4.5010502@afaics.de> References: <5687E4A4.5010502@afaics.de> Message-ID: <5688E1AC.9010701@aixigo.de> PS: Please excuse the double post. It was an accident. Harri -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From jpazdziora at redhat.com Sun Jan 3 12:22:22 2016 From: jpazdziora at redhat.com (Jan Pazdziora) Date: Sun, 3 Jan 2016 13:22:22 +0100 Subject: [Freeipa-users] FreeIPA 4.x + CentOS 6.4 In-Reply-To: <29287_1450890213_567AD3E5_29287_3990_1_1D24A0A1407AA6499AADBA43C8A73ED505A5C2@OPEXCNORM63.corporate.adroot.infra.ftgroup> References: <29287_1450890213_567AD3E5_29287_3990_1_1D24A0A1407AA6499AADBA43C8A73ED505A5C2@OPEXCNORM63.corporate.adroot.infra.ftgroup> Message-ID: <20160103122222.GB30776@redhat.com> On Wed, Dec 23, 2015 at 05:03:32PM +0000, fvende.ext at orange.com wrote: > > Do you know the compatibility between the different "FreeIPA 4" versions and CentOS 6.4, please ? > I have tried to get the information but I don't have a clear response to this question. Do you try to run FreeIPA 4 on CentOS 6.4 or do you want to IPA-enroll that CentOS 6 machine to FreeIPA server? What services / areas are you concerned about from the compatibility POV? -- Jan Pazdziora Senior Principal Software Engineer, Identity Management Engineering, Red Hat From abokovoy at redhat.com Sun Jan 3 12:31:17 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Sun, 3 Jan 2016 14:31:17 +0200 Subject: [Freeipa-users] NIS support gone with 4.2? In-Reply-To: <87a8oonn6r.fsf@cecil.afaics.de> References: <87a8oonn6r.fsf@cecil.afaics.de> Message-ID: <20160103123117.GA4316@redhat.com> On Sat, 02 Jan 2016, Harald Dunkel wrote: >Hi folks, > >I have enabled NIS support as described on > >https://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/migrating-from-nis.html > >Esp. I have run > > ipa-nis-manage enable > ipa-compat-manage enable > systemctl enable rpcbind > >and rebooted the FreeIPA server (Centos 7.2, FreeIPA 4.2 as shipped). >Problem: Basic verification on the ipa server failed > > # ypcat -h localhost -d example.com passwd > No such map passwd.byname. Reason: No such map in server's domain > # ypcat -h localhost -d example.com group > No such map group.byname. Reason: No such map in server's domain > > >Every helpful hint is highly appreciated. https://bugzilla.redhat.com/show_bug.cgi?id=1286781 is the bug. It has recommended workaround in comment 1. -- / Alexander Bokovoy From abokovoy at redhat.com Sun Jan 3 12:32:13 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Sun, 3 Jan 2016 14:32:13 +0200 Subject: [Freeipa-users] FreeIPA 4.x + CentOS 6.4 In-Reply-To: <29287_1450890213_567AD3E5_29287_3990_1_1D24A0A1407AA6499AADBA43C8A73ED505A5C2@OPEXCNORM63.corporate.adroot.infra.ftgroup> References: <29287_1450890213_567AD3E5_29287_3990_1_1D24A0A1407AA6499AADBA43C8A73ED505A5C2@OPEXCNORM63.corporate.adroot.infra.ftgroup> Message-ID: <20160103123213.GB4316@redhat.com> On Wed, 23 Dec 2015, fvende.ext at orange.com wrote: >Hi, > >Do you know the compatibility between the different "FreeIPA 4" >versions and CentOS 6.4, please ? I have tried to get the information >but I don't have a clear response to this question. CentOS 6 clients can be enrolled into FreeIPA 4.x deployments. CentOS 6 server cannot be used as a FreeIPA 4.x master. -- / Alexander Bokovoy From harri at afaics.de Sun Jan 3 16:59:32 2016 From: harri at afaics.de (Harald Dunkel) Date: Sun, 3 Jan 2016 17:59:32 +0100 Subject: [Freeipa-users] NIS support gone with 4.2? In-Reply-To: <20160103123117.GA4316@redhat.com> References: <87a8oonn6r.fsf@cecil.afaics.de> <20160103123117.GA4316@redhat.com> Message-ID: <56895374.1060800@afaics.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi Alex, On 01/03/16 13:31, Alexander Bokovoy wrote: > https://bugzilla.redhat.com/show_bug.cgi?id=1286781 is the bug. It has recommended workaround in comment 1. > What exactly is meant by "remove all NIS plugin entries"? I had the impression that modifying the LDAP database using vi is strictly prohibited. Is this correct? Regards Harri -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJWiVNvAAoJEAqeKp5m04HLT40H/igxgJPK2q2pIGRoULu1PZST X+zfcPivBNlcVGm/em2XhwyF47MNlMaUdsr45Q6S3ykLngPVrRRNzeyD0w/FC4WJ eWr8BT74nzlRrFbzI+QRAWp7wxAjnxoYN5E3pLv5X61mSZ9vWrNB3Tpy9Oyv5Gc6 OJ2zdxCg7wZbHIHcRFnU7OcFgR+MBKHMv9TzyLV74MJ/zSij49TACqydZSP6i7yR qFU86CdiCaihOF6fswHwRpaQ3zjF/s/hAvlGlgJS114QJxCiYGPHV8GU1p33Bx3w 3FKd0XAQcyXmcTTtz7r4PHCqe07o85rfZx1rpMcorl6yU6QNbj5o1cKh9CvbV7I= =nZxr -----END PGP SIGNATURE----- From abokovoy at redhat.com Sun Jan 3 18:29:41 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Sun, 3 Jan 2016 20:29:41 +0200 Subject: [Freeipa-users] NIS support gone with 4.2? In-Reply-To: <56895374.1060800@afaics.de> References: <87a8oonn6r.fsf@cecil.afaics.de> <20160103123117.GA4316@redhat.com> <56895374.1060800@afaics.de> Message-ID: <20160103182941.GC4316@redhat.com> On Sun, 03 Jan 2016, Harald Dunkel wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA256 > >Hi Alex, > >On 01/03/16 13:31, Alexander Bokovoy wrote: >> https://bugzilla.redhat.com/show_bug.cgi?id=1286781 is the bug. It has recommended workaround in comment 1. >> > >What exactly is meant by "remove all NIS plugin entries"? >I had the impression that modifying the LDAP database using >vi is strictly prohibited. Is this correct? Alternatively, do following: ipa-nis-manage disable ldapsearch -xLLL -D "cn=Directory Manager" -W -s onelevel -b "cn=NIS Server,cn=plugins,cn=config" dn You'll get list of DNs like this: dn: nis-domain=+nis-map=ethers.byaddr,cn=NIS Server,cn=plugins,cn=config dn: nis-domain=+nis-map=ethers.byname,cn=NIS Server,cn=plugins,cn=config Run ldapdelete -D "cn=Directory Manager" -W "" "" ... where is what you've got after "dn: " This is how you can delete those entries. After that, run 'ipa-nis-manage enable'. -- / Alexander Bokovoy From abokovoy at redhat.com Sun Jan 3 18:55:16 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Sun, 3 Jan 2016 20:55:16 +0200 Subject: [Freeipa-users] Cockpit integration part I - Single Sign On In-Reply-To: <83poxr4zio.fsf@echidna.jochen.org> References: <83poxr4zio.fsf@echidna.jochen.org> Message-ID: <20160103185516.GD4316@redhat.com> On Sun, 27 Dec 2015, Jochen Hein wrote: > >Hi, > >here is what I did on my system - may be helpful to others as well. > >Cockpit: enable Single-Sign-On with FreeIPA >=========================================== > >I wanted to use SSO to access the Cockpit already installed on my >freeipa server. > >Upstream documentation is on >http://cockpit-project.org/guide/latest/sso.html, so we only add some >remarks here. > >Upstream: >,---- >| There must be a valid Kerberos host key for the server in the >| /etc/krb5.keytab file. It may be necessary to create a kerberos >| service principal and update the keytab if it is not >| present. Depending on your domain type different service names are >| required: >| >| Active Directory HOST/server.example.com at EXAMPLE.COM >| IPA and MIT HTTP/server.example.com at EXAMPLE.COM >`---- > >This has already happened - apache on my server uses the service >HTTP/server.example.com at EXAMPLE.COM, but the service is not present in >the server keytab. So we need to add the service principal there. > >If we just generate a new keytab, we invalidate the keytab used by >apache. So we need to only retrieve the keytab, not regenerate >it. This is only possible after we allowed the retrieval of the >keytab for either the admin principal, the host principal or some >users/host groups. Here we go for the host principal: > ># kinit admin ># ipa service-allow-retrieve-keytab HTTP/freeipa.jochen.org at JOCHEN.ORG --hosts=freeipa.jochen.org > >Finally we retrieve the service keytab into /etc/krb5.keytab: > ># ipa-getkeytab -r -s freeipa.jochen.org -p HTTP/freeipa.jochen.org at JOCHEN.ORG -k /etc/krb5.keytab > >After that Single Sign On works as expected. Thanks. I think we actually could do better by using gss-proxy -- if only cockpit-ws would cooperate[1]. I'll file a bug -- when cockpit-ws launches cockpit-session it doesn't pass anything from the environment cockpit-ws was launched with. This prevents use of gss-proxy, unfortunately. With gss-proxy you would not need to retrieve and maintain separate keytabs or give cockpit any access to the keytab at all. When this would be fixed, a config section for /etc/gssproxy/gssproxy.conf like this would allow the gss-proxy interposer would kick in and obtain the ticket: [service/cockpit-ws] mechs = krb5 cred_store = keytab:/etc/httpd/conf/ipa.keytab cred_store = ccache:FILE:/var/lib/gssproxy/clients/krb5cc_%U cred_store = client_keytab:/var/lib/gssproxy/clients/%U.keytab # uid of cockpit-ws euid = 981 You also would need to add Environment=GSS_USE_PROXY=yes to the cockpit.service, so that GSSAPI library would start using gss-proxy. I've CC:ed Marius to make Cockpit guys aware of the issue. [1] https://github.com/cockpit-project/cockpit/blob/master/src/ws/cockpitauth.c#L391 -- / Alexander Bokovoy From harri at afaics.de Sun Jan 3 20:06:02 2016 From: harri at afaics.de (Harald Dunkel) Date: Sun, 3 Jan 2016 21:06:02 +0100 Subject: [Freeipa-users] NIS support gone with 4.2? In-Reply-To: <20160103182941.GC4316@redhat.com> References: <87a8oonn6r.fsf@cecil.afaics.de> <20160103123117.GA4316@redhat.com> <56895374.1060800@afaics.de> <20160103182941.GC4316@redhat.com> Message-ID: <56897F2A.3090707@afaics.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 01/03/16 19:29, Alexander Bokovoy wrote: > Alternatively, do following: > > ipa-nis-manage disable > > ldapsearch -xLLL -D "cn=Directory Manager" -W -s onelevel -b "cn=NIS Server,cn=plugins,cn=config" dn > > You'll get list of DNs like this: dn: nis-domain=+nis-map=ethers.byaddr,cn=NIS Server,cn=plugins,cn=config > > dn: nis-domain=+nis-map=ethers.byname,cn=NIS Server,cn=plugins,cn=config > > Run ldapdelete -D "cn=Directory Manager" -W "" "" ... > > where is what you've got after "dn: " > > This is how you can delete those entries. > > After that, run 'ipa-nis-manage enable'. > Hi Alex, sorry to say, but it did not work: [root at ipa2 ~]# ipa-nis-manage disable Directory Manager password: This setting will not take effect until you restart Directory Server. [root at ipa2 ~]# systemctl restart dirsrv at EXAMPLE-COM [root at ipa2 ~]# ldapsearch -xLLL -D "cn=Directory Manager" -W -s onelevel -b "cn=NIS Server,cn=plugins,cn=config" dn Enter LDAP Password: dn: nis-domain=example.com+nis-map=ethers.byaddr,cn=NIS Server,cn=plugins,cn=con fig dn: nis-domain=example.com+nis-map=ethers.byname,cn=NIS Server,cn=plugins,cn=con fig [root at ipa2 ~]# ldapdelete -D "cn=Directory Manager" -W "nis-domain=example.com+nis-map=ethers.byaddr,cn=NIS Server,cn=plugins,cn=config" "nis-domain=example.com+nis-map=ethers.byname,cn=NIS Server,cn=plugins,cn=config" Enter LDAP Password: [root at ipa2 ~]# ipa-nis-manage enable Directory Manager password: Enabling plugin This setting will not take effect until you restart Directory Server. The portmap service may need to be started. [root at ipa2 ~]# systemctl restart dirsrv at EXAMPLE-COM [root at ipa2 ~]# systemctl restart rpcbind [root at ipa2 ~]# ypcat -h localhost -d example.com passwd No such map passwd.byname. Reason: No such map in server's domain [root at ipa2 ~]# ldapsearch -xLLL -D "cn=Directory Manager" -W -s onelevel -b "cn=NIS Server,cn=plugins,cn=config" dn Enter LDAP Password: [root at ipa2 ~]# I tried it on a replica, though. Regards Harri -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJWiX8pAAoJEAqeKp5m04HLx2AH/igd+rgZf5FAXRBKk+M5qmHN kofjuCJ2aTaLRMmqY1J9FINsRax4pThP71bC34jHo2mQFWW15aNi7SYaur4cpEzW XA+0DLFmryS1yocg0HoFFfUK/lJxjL/uMm5yY7HI0A04QcrxCfoDjtOR4IqNLpGn eQwi6UmQdvv7srLfd2nKHtCgsmssq9jVzcH8c+EHm4aR/qL6V7dsDDiFYvuqvGu8 3mdw3sPCpxNC/9a259E5FUFZVocTrmucUKURzn07Ff6pckzonWY7kVVuieRZGzWC NYSsjl/Ai8o/qKW4DY+1dp3NeYYXnUG69PuO4EkgJ/l5oU3CCJJTkv6MVO6tFhs= =GIng -----END PGP SIGNATURE----- From abokovoy at redhat.com Sun Jan 3 20:39:48 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Sun, 3 Jan 2016 22:39:48 +0200 Subject: [Freeipa-users] NIS support gone with 4.2? In-Reply-To: <56897F2A.3090707@afaics.de> References: <87a8oonn6r.fsf@cecil.afaics.de> <20160103123117.GA4316@redhat.com> <56895374.1060800@afaics.de> <20160103182941.GC4316@redhat.com> <56897F2A.3090707@afaics.de> Message-ID: <20160103203947.GE4316@redhat.com> On Sun, 03 Jan 2016, Harald Dunkel wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA256 > >On 01/03/16 19:29, Alexander Bokovoy wrote: >> Alternatively, do following: >> >> ipa-nis-manage disable >> >> ldapsearch -xLLL -D "cn=Directory Manager" -W -s onelevel -b "cn=NIS Server,cn=plugins,cn=config" dn >> >> You'll get list of DNs like this: dn: nis-domain=+nis-map=ethers.byaddr,cn=NIS Server,cn=plugins,cn=config >> >> dn: nis-domain=+nis-map=ethers.byname,cn=NIS Server,cn=plugins,cn=config >> >> Run ldapdelete -D "cn=Directory Manager" -W "" "" ... >> >> where is what you've got after "dn: " >> >> This is how you can delete those entries. >> >> After that, run 'ipa-nis-manage enable'. >> > >Hi Alex, > >sorry to say, but it did not work: > >[root at ipa2 ~]# ipa-nis-manage disable >Directory Manager password: > >This setting will not take effect until you restart Directory Server. >[root at ipa2 ~]# systemctl restart dirsrv at EXAMPLE-COM >[root at ipa2 ~]# ldapsearch -xLLL -D "cn=Directory Manager" -W -s onelevel -b "cn=NIS Server,cn=plugins,cn=config" dn >Enter LDAP Password: >dn: nis-domain=example.com+nis-map=ethers.byaddr,cn=NIS Server,cn=plugins,cn=con > fig > >dn: nis-domain=example.com+nis-map=ethers.byname,cn=NIS Server,cn=plugins,cn=con > fig > >[root at ipa2 ~]# ldapdelete -D "cn=Directory Manager" -W "nis-domain=example.com+nis-map=ethers.byaddr,cn=NIS Server,cn=plugins,cn=config" "nis-domain=example.com+nis-map=ethers.byname,cn=NIS Server,cn=plugins,cn=config" >Enter LDAP Password: >[root at ipa2 ~]# ipa-nis-manage enable >Directory Manager password: > >Enabling plugin >This setting will not take effect until you restart Directory Server. >The portmap service may need to be started. >[root at ipa2 ~]# systemctl restart dirsrv at EXAMPLE-COM >[root at ipa2 ~]# systemctl restart rpcbind >[root at ipa2 ~]# ypcat -h localhost -d example.com passwd >No such map passwd.byname. Reason: No such map in server's domain >[root at ipa2 ~]# ldapsearch -xLLL -D "cn=Directory Manager" -W -s onelevel -b "cn=NIS Server,cn=plugins,cn=config" dn >Enter LDAP Password: >[root at ipa2 ~]# > >I tried it on a replica, though. Yes, this looks like a bug in the ipa-nis-manage which is a bit larger than I thought originally. You can restore maps by running ipa-ldap-updater /usr/share/ipa/nis.uldif after that and restarting the dirsrv, you should be seeing the maps. -- / Alexander Bokovoy From harri at afaics.de Sun Jan 3 21:50:26 2016 From: harri at afaics.de (Harald Dunkel) Date: Sun, 3 Jan 2016 22:50:26 +0100 Subject: [Freeipa-users] NIS support gone with 4.2? In-Reply-To: <20160103203947.GE4316@redhat.com> References: <87a8oonn6r.fsf@cecil.afaics.de> <20160103123117.GA4316@redhat.com> <56895374.1060800@afaics.de> <20160103182941.GC4316@redhat.com> <56897F2A.3090707@afaics.de> <20160103203947.GE4316@redhat.com> Message-ID: <568997A2.6010101@afaics.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 01/03/16 21:39, Alexander Bokovoy wrote: > Yes, this looks like a bug in the ipa-nis-manage which is a bit larger than I thought originally. > > You can restore maps by running > > ipa-ldap-updater /usr/share/ipa/nis.uldif > > after that and restarting the dirsrv, you should be seeing the maps. > Now it works. Thanx very much Harri -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJWiZeiAAoJEAqeKp5m04HLgsIH+wX09FFSWtb2r/lXAenlKBtl /IpdBMF5BUCIUGc/+o1iCl9d1Dwr4yYZxxwMFekHST1x1OZ1dz5g5OxFfFE1L92u HgKOOFb7FM9t7dWKUIUQ/5yhWxIJlhvMYuOCN62fExtd8Ca9V85QJDxgIvlDui4E XHi1wjA41mg4XNIXjEPGzQe3RmmOUDZ97PHiM7iIfBT4iPCod0KvQhcS9CI7CZdu MTNhnkfrY7oEItWCX4dnuMYmF0Q/hOAOOtHeOIwIco/cc3+jdWP4yaUHhoskDvQA LcZz6Du7LlH7a/6qnyC8YP31pvtvV9csVh7+moVhxxnaAqIG8omFzUWZYqWMydw= =vjgZ -----END PGP SIGNATURE----- From ftweedal at redhat.com Mon Jan 4 01:43:26 2016 From: ftweedal at redhat.com (Fraser Tweedale) Date: Mon, 4 Jan 2016 11:43:26 +1000 Subject: [Freeipa-users] Cockpit Integration part II - SSL certificates In-Reply-To: <83lh8f4zbf.fsf@echidna.jochen.org> References: <83lh8f4zbf.fsf@echidna.jochen.org> Message-ID: <20160104014326.GD31821@dhcp-40-8.bne.redhat.com> On Sun, Dec 27, 2015 at 05:43:32PM +0100, Jochen Hein wrote: > > Hi, > > Right now cockpit still uses a locally created TLS certificate, that > should be changed to a IPA issued certificate. What I understood is > that a certificate is for a host (e.g. ipa.example.com), so apache and > cockpit should use the same certificate. Is that understanding correct? > > So this is what I did: > > # cp cert8.db key3.db secmod.db pwdfile.txt /tmp/ > # cd /tmp > # pk12util -o keys.p12 -n 'Server-Cert' -d . -k /etc/httpd/alias/pwdfile.txt > # openssl pkcs12 -in keys.p12 -out freeipa.key -nodes -clcerts > # cp freeipa.key /etc/cockpit/ws-certs.d/freeipa.cert > # systemctl restart cockpit.service > > Now Cockpit and apache use the same certificate, but the cockpit > certificate is not tracked by certmonger. Any idea how that could > work? > Either Cockpit should use the certificate and private key directly from the NSSDB so that certmonger only has to track one certificate (but Cockpit appears to require key and cert in PEM format so this may not be possible), or use Certmonger to issue and track a different certificate for Cockpit (perhaps with a dedicated service principal for Cockpit, but this is not necessary). Use the `-f' and `-k' getcert-request(1) options to get Certmonger to create and track PEM key and cert instead of NSSDB. Cheers, Fraser > Jochen > > -- > The only problem with troubleshooting is that the trouble shoots back. > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project From jhrozek at redhat.com Mon Jan 4 08:04:57 2016 From: jhrozek at redhat.com (Jakub Hrozek) Date: Mon, 4 Jan 2016 09:04:57 +0100 Subject: [Freeipa-users] deny read Access to passwd for external users In-Reply-To: <1450348518.2279.8.camel@zap.co.ao> References: <1450348518.2279.8.camel@zap.co.ao> Message-ID: <2F4971CE-EA85-4BCC-BD97-69E21673724C@redhat.com> > On 17 Dec 2015, at 11:35, Jos? Garcia wrote: > > Hi guys, merry christmas and happy new year. > > I have a freeipa (4.1.0) server on a centos 7 machine and its working fine even with active directory integration. > > But I would like to know if is it possible to deny read access to certain system configuration files and directories > within the server and on clients , such as /etc/passwd for example. Same as for any users - either with UNIX DAC file permissions or SELinux. There is really nothing special about IPA users with this respect. btw The IPA users are not stored in /etc/passwd and in general the data in /etc/passwd is not sensitive. > -- > Best Regards > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project From abokovoy at redhat.com Mon Jan 4 08:52:26 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Mon, 4 Jan 2016 10:52:26 +0200 Subject: [Freeipa-users] Cockpit integration part I - Single Sign On In-Reply-To: <87k2npd9ih.fsf@redhat.com> References: <83poxr4zio.fsf@echidna.jochen.org> <20160103185516.GD4316@redhat.com> <87k2npd9ih.fsf@redhat.com> Message-ID: <20160104085226.GJ4316@redhat.com> On Mon, 04 Jan 2016, Marius Vollmer wrote: >Alexander Bokovoy writes: > >> Thanks. I think we actually could do better by using gss-proxy -- if >> only cockpit-ws would cooperate[1]. I'll file a bug > >Thanks! > >> -- when cockpit-ws launches cockpit-session it doesn't pass anything >> from the environment cockpit-ws was launched with. > >It uses NULL as the envp argument, which means that cockpit-session >inherits the environment from cockpit-ws, no? You're right. >cockpit-session itself calls clearenv() very early, and that is probably >the reason why GSS_USE_PROXY doesn't work. > >https://github.com/cockpit-project/cockpit/blob/master/src/ws/session.c#L955 In that case adding GSS_USE_PROXY to env_names and moving restore of the environment before the PAM processing would probably be a solution? -- / Alexander Bokovoy From mbasti at redhat.com Mon Jan 4 09:48:13 2016 From: mbasti at redhat.com (Martin Basti) Date: Mon, 4 Jan 2016 10:48:13 +0100 Subject: [Freeipa-users] Failed upgrade to 4.2 via RHEL 7.2 In-Reply-To: <611D1200-92B8-4F2B-B8FC-110F7BA51FC5@gmail.com> References: <611D1200-92B8-4F2B-B8FC-110F7BA51FC5@gmail.com> Message-ID: <568A3FDD.1020609@redhat.com> On 23.12.2015 08:28, Brian Topping wrote: > Greetings all! Thanks for all the continued work on FreeIPA! :) > > I saw that 4.2 made it to RHEL 7.2 and upgraded. Unfortunately, the > system did not come up cleanly. > > It seems to be some problem with the DNS server: > >> [root at ipa01 ~]# systemctl status named-pkcs11 >> ? named-pkcs11.service - Berkeley Internet Name Domain (DNS) with >> native PKCS#11 >> Loaded: loaded (/usr/lib/systemd/system/named-pkcs11.service; >> disabled; vendor preset: disabled) >> Active: failed (Result: exit-code) since Wed 2015-12-23 01:56:37 >> EST; 4s ago >> Process: 16506 ExecStart=/usr/sbin/named-pkcs11 -u named >> $OPTIONS (code=exited, status=1/FAILURE) >> Process: 16503 ExecStartPre=/bin/bash -c if [ ! >> "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf >> -z /etc/named.conf; else echo "Checking of zone files is disabled"; >> fi (code=exited, status=0/SUCCESS) >> >> Dec 23 01:56:37 ipa01.example.com >> named-pkcs11[16509]: GSSAPI client step 2 >> Dec 23 01:56:37 ipa01.example.com >> named-pkcs11[16509]: LDAP error: Invalid credentials: >> SASL(-14): authorization failure: security flags do not match >> required: bind to LDAP server failed >> Dec 23 01:56:37 ipa01.example.com >> named-pkcs11[16509]: couldn't establish connection in LDAP connection >> pool: permission denied >> Dec 23 01:56:37 ipa01.example.com >> named-pkcs11[16509]: dynamic database 'ipa' configuration failed: >> permission denied >> Dec 23 01:56:37 ipa01.example.com >> named-pkcs11[16509]: loading configuration: permission denied >> Dec 23 01:56:37 ipa01.example.com >> named-pkcs11[16509]: exiting (due to fatal error) >> Dec 23 01:56:37 ipa01.example.com >> systemd[1]: named-pkcs11.service: control process exited, >> code=exited status=1 >> Dec 23 01:56:37 ipa01.example.com >> systemd[1]: Failed to start Berkeley Internet Name Domain (DNS) with >> native PKCS#11. >> Dec 23 01:56:37 ipa01.example.com >> systemd[1]: Unit named-pkcs11.service entered failed state. >> Dec 23 01:56:37 ipa01.example.com >> systemd[1]: named-pkcs11.service failed. > > https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/NamedCannotStart provides > some good information. After manually starting 389, I was able to > confirm that the LDAP credentials are able to retrieve the DNS tree with: > >> [root at ipa01 ~]# ldapsearch -H >> 'ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket' >> -Y GSSAPI -b >> 'cn=dns,dc=example,dc=com' > > I was also able to confirm that I the named.keytab file is correct: > >> [root at ipa01 ~]# kinit -k -t /etc/named.keytab DNS/ipa01.example.com >> >> [root at ipa01 ~]# klist >> Ticket cache: KEYRING:persistent:0:krb_ccache_th1WCcV >> Default principal: DNS/ipa01.example.com at EXAMPLE.COM >> >> >> Valid starting Expires Service principal >> 12/23/2015 02:07:14 12/24/2015 02:07:14 >> krbtgt/EXAMPLE.COM at EXAMPLE.COM > > I have disabled unencrypted binds to 389, but I read somewhere this > evening this should not be an issue since passwords were being sent > and the STARTTLS is always being used. > > https://fedorahosted.org/freeipa/ticket/5232 seems to be related here, > but I did the install on a healthy server, so I can't imagine that > it's the same. I also don't see any recovery techniques listed here or > in the issue that it links to at > https://bugzilla.redhat.com/show_bug.cgi?id=1254412. I searched the > list archives for this error and came up empty. The versions I have > are as follows: > >> bind-license-9.9.4-29.el7_2.1.noarch >> bind-libs-lite-9.9.4-29.el7_2.1.x86_64 >> bind-utils-9.9.4-29.el7_2.1.x86_64 >> bind-pkcs11-libs-9.9.4-29.el7_2.1.x86_64 >> bind-dyndb-ldap-8.0-1.el7.x86_64 >> bind-pkcs11-utils-9.9.4-29.el7_2.1.x86_64 >> bind-9.9.4-29.el7_2.1.x86_64 >> bind-pkcs11-9.9.4-29.el7_2.1.x86_64 >> bind-libs-9.9.4-29.el7_2.1.x86_64 >> ipa-python-4.2.0-15.el7.centos.3.x86_64 >> ipa-admintools-4.2.0-15.el7.centos.3.x86_64 >> sssd-ipa-1.13.0-40.el7_2.1.x86_64 >> ipa-client-4.2.0-15.el7.centos.3.x86_64 >> ipa-server-dns-4.2.0-15.el7.centos.3.x86_64 >> ipa-server-4.2.0-15.el7.centos.3.x86_64 >> python-libipa_hbac-1.13.0-40.el7_2.1.x86_64 >> libipa_hbac-1.13.0-40.el7_2.1.x86_64 > > I'm also attaching the ipaupgrade.log > > Hopefully I am missing something simple here. Can anyone help? > > Happy solstice! > > Brian > > > > > Hello, can you check your value of umask? -------------- next part -------------- An HTML attachment was scrubbed... URL: From pspacek at redhat.com Mon Jan 4 10:08:12 2016 From: pspacek at redhat.com (Petr Spacek) Date: Mon, 4 Jan 2016 11:08:12 +0100 Subject: [Freeipa-users] DNSSEC Question (KSK ZSK) In-Reply-To: <5682B725.6070202@redhat.com> References: <3743165.C1AC4MrIvI@techz> <5682B725.6070202@redhat.com> Message-ID: <568A448C.8010300@redhat.com> On 29.12.2015 17:39, Martin Basti wrote: > > > On 29.12.2015 14:30, G?nther J. Niederwimmer wrote: >> Hello, >> >> Is it possible to install a DSNSEC Master with my before created KSK ZSK? >> >> Background: >> >> I have installed a IPA Master on my System now I have change the Hardware and >> make a new installation with new Hardware? >> >> I have only a backup from the Files in >> /var/named/dyndb-ldap/ipa/master/example.com/keys/ >> >> When I now enable a new DNSSEC Master create freeIPA new KSK ZSK for the >> Domain ? >> >> Then I have to wait after the holidays to UPDATE the DS Record on my ISP :-(. >> >> Thanks for a answer, >> > I'm not sure if this is possible, > > IPA uses openDNSSEC, and it needs softhsm database and database of keys > metadata, which are not located in /var/named/... > > New installation of DNSSEC master will create new keys. > > My colleague is more familiar with bind-dyndb-ldap, but he will be available > after holidays too. We did not try import, so there is no 100 % certain answer. In general, it should work if you create the zone in IPA first, then import new keys into OpenDNSSEC using OpenDNSSEC's means, then delete keys generated by IPA. Let me repeat that it is not tested. I hope this helps. -- Petr^2 Spacek From abokovoy at redhat.com Mon Jan 4 11:11:04 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Mon, 4 Jan 2016 13:11:04 +0200 Subject: [Freeipa-users] Cockpit integration part I - Single Sign On In-Reply-To: <20160104085226.GJ4316@redhat.com> References: <83poxr4zio.fsf@echidna.jochen.org> <20160103185516.GD4316@redhat.com> <87k2npd9ih.fsf@redhat.com> <20160104085226.GJ4316@redhat.com> Message-ID: <20160104111104.GN4316@redhat.com> On Mon, 04 Jan 2016, Alexander Bokovoy wrote: >On Mon, 04 Jan 2016, Marius Vollmer wrote: >>Alexander Bokovoy writes: >> >>>Thanks. I think we actually could do better by using gss-proxy -- if >>>only cockpit-ws would cooperate[1]. I'll file a bug >> >>Thanks! >> >>>-- when cockpit-ws launches cockpit-session it doesn't pass anything >>>from the environment cockpit-ws was launched with. >> >>It uses NULL as the envp argument, which means that cockpit-session >>inherits the environment from cockpit-ws, no? >You're right. > >>cockpit-session itself calls clearenv() very early, and that is probably >>the reason why GSS_USE_PROXY doesn't work. >> >>https://github.com/cockpit-project/cockpit/blob/master/src/ws/session.c#L955 >In that case adding GSS_USE_PROXY to env_names and moving restore of the >environment before the PAM processing would probably be a solution? I've filed an issue to cockpit: https://github.com/cockpit-project/cockpit/issues/3407 It is a bit more complicated due to cockpit-session fiddling with setuid(). -- / Alexander Bokovoy From mkosek at redhat.com Mon Jan 4 12:00:56 2016 From: mkosek at redhat.com (Martin Kosek) Date: Mon, 4 Jan 2016 13:00:56 +0100 Subject: [Freeipa-users] Queries on migrating nis netgroups In-Reply-To: <56792F90.10506@ast.cam.ac.uk> References: <56792F90.10506@ast.cam.ac.uk> Message-ID: <568A5EF8.6030901@redhat.com> On 12/22/2015 12:10 PM, Roderick Johnstone wrote: > Hi > > I'm migrating our nis environment to freeipa 4.2.0 on Redhat 7. > > I need to have the netgroups set up in freeipa before migrating systems to be > freeipa clients. > > At this point I'm trying to understand the relationship between hostgroups and > netgroups and whether I should just be using ipa netgroup-add and ipa > netgroup-add-member commands or whether I should be using equivalent ipa > hostgroup* commands. > > Section 14.5.1 of the Redhat 7 Domain Identity Authentication and Policy Guide > is telling me that I get a shadow netgroup for every hostgroup I create and > that I can manage these netgroups with the "ipa-host-net-manage" command. > > I don't see the ipa-host-net-manage command. There are > ipa host* commands but these don't include ipa host-net* commands. What am I > missing here? Good catch, this is actually a doc bug. I filed a Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1295408 Netgroups normally simply mirror host groups, so you do not have to use "netgroup-*" commands if you do not manage native netgroup. > Also the ipa netgroup* commands don't seem to be able to manage the shadow > netgroups so I'm currently unable to manipulate my shadow netgroups to eg > change the nisdomain associated with them. How do I do that? Shadow netgroups should be only manipulated by updating the source hostgroups, AFAIK. > Also it looks like I can't add non-ipa clients into hostgroups so presumable > not into shadow netgroups either, so maybe this is a non-starter for me. Did I > understand that correctly? I personally do not have practical experience with netgroups, but it is true that non-ipa clients cannot be added to host groups. Maybe Rob (CCed) as NIS knowledgeable person knows more what is the best solution here. I anyway tried to add externalHost to the shadow hostgroup via ldapmodify as DM and it worked: # ipa netgroup-show masters Netgroup name: masters Description: ipaNetgroup masters NIS domain name: rhel72 External host: foo Member Hostgroup: masters I am still unable to add membership as admin though: # ipa netgroup-add-member masters --hosts foo2 ipa: ERROR: Insufficient access: Insufficient 'write' privilege to the 'externalHost' attribute of entry 'cn=masters,cn=ng,cn=alt,dc=rhel72'. Martin From mkosek at redhat.com Mon Jan 4 12:03:14 2016 From: mkosek at redhat.com (Martin Kosek) Date: Mon, 4 Jan 2016 13:03:14 +0100 Subject: [Freeipa-users] Want faster user-add In-Reply-To: <1450797411.7465.3.camel@redhat.com> References: <56782EFA.1090300@umanitoba.ca> <567916C4.3020905@redhat.com> <1450797411.7465.3.camel@redhat.com> Message-ID: <568A5F82.5040207@redhat.com> On 12/22/2015 04:16 PM, Simo Sorce wrote: > On Tue, 2015-12-22 at 10:24 +0100, thierry bordaz wrote: >> On 12/21/2015 05:55 PM, Daryl Fonseca-Holt wrote: >>> Hi all, >>> >>> Environment: RHEL6 with IPA 3.0 at current RedHat level. 64-core >>> 256-GB RAM Oracle x4470 M2. >>> >>> During our migration from NIS on Solaris 140,000+ accounts will be >>> added. After tuning per the guides dbmon.sh shows no roevicts and we >>> get high cache hit ratios. >>> >>> Per a previous discussion with the list the input is broken down into >>> batches of less than 1,000 users and the default IPA group is changed >>> before each batch. This helped greatly. >>> >>> Adding all the users takes many hours. Initially ipa user-add takes an >>> average 2.3 seconds per user but degrades by the time there are >>> 140,000 users to an average 6.7 seconds per user. >>> >>> In tracing it appears that a significant portion of the time ipa >>> user-add takes is not the add itself, it is the query at the end that >>> displays the resulting user account. Is there any legit way to prevent >>> this query? >>> >>> The length of time it takes to migrate is not a big concern. The >>> concern is the start of the fall school term when we typically add >>> approximately 1,300 accounts per hour during the registration period >>> with our current system. >>> >>> All suggestions will be appreciated. >>> >>> Regards, Daryl >>> >> Hi Daryl, >> >> I can reproduce similar trend of user-add becoming slower and slower. >> >> Now in my tests (etime=7s) the time was spent half by authentication and >> half by ADD and MOD (update of ipausers group). I agree there are many >> direct SRCH (~10) but they all seems to be rapid. >> >> I know that the vast majority of the time is spent in DS schema-compat >> plugin. Disabling it, during provisioning, reduce the duration by ~3. >> Now I do not know if it is a valid option to disable this plugin during >> provisioning. > > As long as the schema compat is not needed by users during the > provisioning, turning it off is fine. All the contents are regenerated > at startup anyway. So it can be re-enabled and the server restarted > after the bulk provisioning is done. +1. When provisioning users via "ipa migrate-ds" command, schema compat is strongly suggested to be turned off too. From mkosek at redhat.com Mon Jan 4 12:04:09 2016 From: mkosek at redhat.com (Martin Kosek) Date: Mon, 4 Jan 2016 13:04:09 +0100 Subject: [Freeipa-users] Want faster user-add In-Reply-To: <56795D4B.4060206@umanitoba.ca> References: <56782EFA.1090300@umanitoba.ca> <567916C4.3020905@redhat.com> <567959B7.4020805@redhat.com> <56795D4B.4060206@umanitoba.ca> Message-ID: <568A5FB9.9090708@redhat.com> On 12/22/2015 03:25 PM, Daryl Fonseca-Holt wrote: > > > On 12/22/15 08:09, Petr Vobornik wrote: >> On 12/22/2015 10:24 AM, thierry bordaz wrote: >>> On 12/21/2015 05:55 PM, Daryl Fonseca-Holt wrote: >>>> Hi all, >>>> >>>> Environment: RHEL6 with IPA 3.0 at current RedHat level. 64-core >>>> 256-GB RAM Oracle x4470 M2. >>>> >>>> During our migration from NIS on Solaris 140,000+ accounts will be >>>> added. After tuning per the guides dbmon.sh shows no roevicts and we >>>> get high cache hit ratios. >>>> >>>> Per a previous discussion with the list the input is broken down into >>>> batches of less than 1,000 users and the default IPA group is changed >>>> before each batch. This helped greatly. >>>> >>>> Adding all the users takes many hours. Initially ipa user-add takes an >>>> average 2.3 seconds per user but degrades by the time there are >>>> 140,000 users to an average 6.7 seconds per user. >>>> >>>> In tracing it appears that a significant portion of the time ipa >>>> user-add takes is not the add itself, it is the query at the end that >>>> displays the resulting user account. Is there any legit way to prevent >>>> this query? >>>> >>>> The length of time it takes to migrate is not a big concern. The >>>> concern is the start of the fall school term when we typically add >>>> approximately 1,300 accounts per hour during the registration period >>>> with our current system. >>>> >>>> All suggestions will be appreciated. >>>> >>>> Regards, Daryl >>>> >>> Hi Daryl, >>> >>> I can reproduce similar trend of user-add becoming slower and slower. >>> >>> Now in my tests (etime=7s) the time was spent half by authentication and >>> half by ADD and MOD (update of ipausers group). I agree there are many >>> direct SRCH (~10) but they all seems to be rapid. >>> >>> I know that the vast majority of the time is spent in DS schema-compat >>> plugin. Disabling it, during provisioning, reduce the duration by ~3. >>> Now I do not know if it is a valid option to disable this plugin during >>> provisioning. >>> >>> thanks >>> thierry >> >> We must also distinguish performance on IPA 3.x (RHEL 6.x) and FreeIPA 4.2/4.3 >> >> FreeIPA 4.2 got some performance improvements mostly related to group >> membership handling. >> >> Improving user-add is one of primary goals for 4.4 release: >> * https://fedorahosted.org/freeipa/ticket/5448 >> >> There are couple issues tracked about plugins output (also planned to be >> fixed in 4.4): >> * https://fedorahosted.org/freeipa/ticket/5281 >> * https://fedorahosted.org/freeipa/ticket/5282 >> * https://fedorahosted.org/freeipa/ticket/4995 >> >> You can try to call user-add with --raw options but it won't help much >> because some parts ignore it. Other than that, there is not clean workaround. >> >> When user is added, the user_add typically: >> * adds the user to ipadefaultprimarygroup >> * converts manger dn to human friedly value (should not cause perf. issues) >> * set description to magic value to cause generation of user private group >> (calls user-mod) >> * fetches password attributes and resolves ssh pub keys (does couple of >> searches) >> >> An unsupported possibility - do on your own risk - is to remove these >> operations from user_add post_callback in ipalib/plugins/user.py (around line >> 535 on 6.7). >> >> Other thing which might help is to remove 'memberof' and 'memberofindirect' >> values from default_attributes in user.py (~line 216). Note that it also >> affects other user-* commands. >> >> All should be tried in testing environment. >> >> Another performance improvement is to call IPA API directly and use batch >> command - with that it is possible to add e.g. 100 users with one call and >> save some network calls. >> >> Example could be seen in this ugly script: >> https://pvoborni.fedorapeople.org/scripts/ipa-generate-users.sh > I did test with RHEL7 and IPA 4.2 and the performance was much better. We don't > have RHEL7 deployed yet so there are some issues with change management but we > may have to revisit that. > > I looked at changing the code but we can't end up with an unsupported product. > We depend on our Red Hat support heavily for production. So I could speed up > the migration from the NIS server but I won't be able to keep the optimization > during day-to-day operation. > > Thanks for the script. Ugly scripts are good learning examples because it's > easy to see the real purpose without the distraction of frills. Just for the record, higher performance of user-add and management interface overall is one of the planned areas we want to focus on in next FreeIPA version. As you noticed, some portion of performance improvements are done in FreeIPA 4.2/RHEL-7.2, next are planned, so please stay tuned :-) From mkosek at redhat.com Mon Jan 4 12:08:54 2016 From: mkosek at redhat.com (Martin Kosek) Date: Mon, 4 Jan 2016 13:08:54 +0100 Subject: [Freeipa-users] IPA DS migration In-Reply-To: <3033736F-E924-4A3F-9B02-E645113880B0@caci.com> References: <3033736F-E924-4A3F-9B02-E645113880B0@caci.com> Message-ID: <568A60D6.7080704@redhat.com> On 12/29/2015 08:36 PM, Sean Conley - US wrote: > Hello, > > I need to migrate the users from an existing IPA server to a new IPA server on an isolated network. It appears that ?ipa migrate-ds? works only when direct connection to source LDAP server is possible. I have searched with no success for a method that would be more like an LDIF-based migration. These servers are in different realms and so have different base DNs. My hope is that I could create an LDIF file from a query against the source server, modify records to reflect the new base DN, copy result to destination server, and import it there. > > Can anyone direct me to some good resources or other recommendations to accomplish this? > > The source server in this case is CentOS 7 with FreeIPA v4.1.0. The planned destination server is RHEL 7 with FreeIPA v4.2.0. > > Thanks much in advance! Hello, You are more or less looking for http://www.freeipa.org/page/Howto/Migration#Migrating_from_other_FreeIPA_to_FreeIPA There are some tips there already, but FreeIPA itself do not have off-the-shelf solution, yet. From mkosek at redhat.com Mon Jan 4 12:15:19 2016 From: mkosek at redhat.com (Martin Kosek) Date: Mon, 4 Jan 2016 13:15:19 +0100 Subject: [Freeipa-users] FreeIPA 4.x + CentOS 6.4 In-Reply-To: <20160103123213.GB4316@redhat.com> References: <29287_1450890213_567AD3E5_29287_3990_1_1D24A0A1407AA6499AADBA43C8A73ED505A5C2@OPEXCNORM63.corporate.adroot.infra.ftgroup> <20160103123213.GB4316@redhat.com> Message-ID: <568A6257.7030205@redhat.com> On 01/03/2016 01:32 PM, Alexander Bokovoy wrote: > On Wed, 23 Dec 2015, fvende.ext at orange.com wrote: >> Hi, >> >> Do you know the compatibility between the different "FreeIPA 4" >> versions and CentOS 6.4, please ? I have tried to get the information >> but I don't have a clear response to this question. > CentOS 6 clients can be enrolled into FreeIPA 4.x deployments. > > CentOS 6 server cannot be used as a FreeIPA 4.x master. To clarify even more, FreeIPA 4.x clients can work as clients with CentOS 6 server, except "ipa" management tool. More on: http://www.freeipa.org/page/Client#Compatibility From jcholast at redhat.com Mon Jan 4 12:44:17 2016 From: jcholast at redhat.com (Jan Cholasta) Date: Mon, 4 Jan 2016 13:44:17 +0100 Subject: [Freeipa-users] Using 3rd party certificates for HTTP/LDAP In-Reply-To: <56782C27.3000102@pakos.pl> References: <56782C27.3000102@pakos.pl> Message-ID: <568A6921.6000708@redhat.com> Hi Peter, On 21.12.2015 17:43, Peter Pakos wrote: > Hi, > > I tried to install a wildcard SSL certificate for HTTP/LDAP in our > FreeIPA 4.1 (Centos 7.1) installation by following instructions from > wiki page at > http://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP: Unfortunately ipa-server-certinstall is currently broken. We plan to fix it some day, see and . > > # ipa-server-certinstall -w -d shdc01.ipa.wandisco.com.pem > Directory Manager password: > Enter private key unlock password: > Command /usr/bin/certutil' '-d' '/etc/httpd/alias' '-D' '-n' > 'Server-Cert returned non-zero exit status 255 > > After this I was unable to start httpd service, error_log revealed the > following error messages: > > [Wed Nov 25 18:15:44.262751 2015] [:error] [pid 22124] Certificate not > found: 'Server-Cert' > > In order to resurrect the service I had to change NSSNickname in > /etc/httpd/conf.d/nss.conf to match the new certificate's nickname. > > Although the httpd service started, I couldn't get into Authentication > tab in FreeIPA UI - I kept getting the following error message: "Unable > to communicate with CMS (Service Unavailable)". > > [root at shdc01 ~]# yum list installed | grep ipa-server > ipa-server.x86_64 4.1.0-18.el7.centos.4 @updates > > [root at shdc01 ~]# cat /etc/redhat-release > CentOS Linux release 7.1.1503 (Core) > > At this point I was forced to restore our FreeIPA installation from a > snapshot as I wasn't able to fix it (I got some useful hints from > #freeipa Freenode channel however we still didn't manage to fully > resurrect the server). > > My question is, what is the correct way of installing a 3rd party > certificate for HTTP/LDAP that will actually work? 1. Install the CA certificate chain of the issuer of the 3rd party certificate to IPA using "ipa-cacert-manage install" 2. Run "ipa-certupdate" to update CA certificate related IPA configuration. 3. Manually import the server certificate into the /etc/dirsrv/slapd-REALM NSS database, configure the correct nickname in LDAP in the nsSSLPersonalitySSL attribute of cn=RSA,cn=encryption,cn=config and restart DS. 4. Manually import the server certificate into the /etc/httpd/alias NSS database, configure the correct nickname in /etc/httpd/conf.d/nss.conf using the NSSNickname directive and restart httpd. > > Many thanks in advance. > > BTW, I also added a comment describing this problem to the ticket at > https://fedorahosted.org/freeipa/ticket/5496. Honza -- Jan Cholasta From pspacek at redhat.com Mon Jan 4 13:06:21 2016 From: pspacek at redhat.com (Petr Spacek) Date: Mon, 4 Jan 2016 14:06:21 +0100 Subject: [Freeipa-users] Failed upgrade to 4.2 via RHEL 7.2 In-Reply-To: <568A3FDD.1020609@redhat.com> References: <611D1200-92B8-4F2B-B8FC-110F7BA51FC5@gmail.com> <568A3FDD.1020609@redhat.com> Message-ID: <568A6E4D.3050105@redhat.com> On 4.1.2016 10:48, Martin Basti wrote: > >> [root at ipa01 ~]# kinit -k -t /etc/named.keytab DNS/ipa01.example.com >> >> [root at ipa01 ~]# klist >> Ticket cache: KEYRING:persistent:0:krb_ccache_th1WCcV >> Default principal: DNS/ipa01.example.com at EXAMPLE.COM >> >> >> Valid starting Expires Service principal >> 12/23/2015 02:07:14 12/24/2015 02:07:14 krbtgt/EXAMPLE.COM at EXAMPLE.COM >> > > I have disabled unencrypted binds to 389, but I read somewhere this evening > this should not be an issue since passwords were being sent and the STARTTLS > is always being used. Please write down *exact* configuration changes you did. Generally named-pkcs11 is using GSSAPI and not TLS, so it will not work if you enforced TLS on all connections. -- Petr^2 Spacek From peter at pakos.pl Mon Jan 4 13:10:36 2016 From: peter at pakos.pl (Peter Pakos) Date: Mon, 4 Jan 2016 13:10:36 +0000 Subject: [Freeipa-users] Using 3rd party certificates for HTTP/LDAP In-Reply-To: <568A6921.6000708@redhat.com> References: <56782C27.3000102@pakos.pl> <568A6921.6000708@redhat.com> Message-ID: <568A6F4C.3060009@pakos.pl> Hi Jan, On 04/01/2016 12:44, Jan Cholasta wrote: > 1. Install the CA certificate chain of the issuer of the 3rd party > certificate to IPA using "ipa-cacert-manage install" > > 2. Run "ipa-certupdate" to update CA certificate related IPA configuration. > > 3. Manually import the server certificate into the > /etc/dirsrv/slapd-REALM NSS database, configure the correct nickname in > LDAP in the nsSSLPersonalitySSL attribute of > cn=RSA,cn=encryption,cn=config and restart DS. > > 4. Manually import the server certificate into the /etc/httpd/alias NSS > database, configure the correct nickname in /etc/httpd/conf.d/nss.conf > using the NSSNickname directive and restart httpd. Would it be the same procedure for FreIPA 4.2 shipped with Centos 7.2? TIA -- Kind regards, Peter Pakos From tbordaz at redhat.com Mon Jan 4 13:11:57 2016 From: tbordaz at redhat.com (thierry bordaz) Date: Mon, 04 Jan 2016 14:11:57 +0100 Subject: [Freeipa-users] Want faster user-add In-Reply-To: <568A5F82.5040207@redhat.com> References: <56782EFA.1090300@umanitoba.ca> <567916C4.3020905@redhat.com> <1450797411.7465.3.camel@redhat.com> <568A5F82.5040207@redhat.com> Message-ID: <568A6F9D.2030707@redhat.com> On 01/04/2016 01:03 PM, Martin Kosek wrote: > On 12/22/2015 04:16 PM, Simo Sorce wrote: >> On Tue, 2015-12-22 at 10:24 +0100, thierry bordaz wrote: >>> On 12/21/2015 05:55 PM, Daryl Fonseca-Holt wrote: >>>> Hi all, >>>> >>>> Environment: RHEL6 with IPA 3.0 at current RedHat level. 64-core >>>> 256-GB RAM Oracle x4470 M2. >>>> >>>> During our migration from NIS on Solaris 140,000+ accounts will be >>>> added. After tuning per the guides dbmon.sh shows no roevicts and we >>>> get high cache hit ratios. >>>> >>>> Per a previous discussion with the list the input is broken down into >>>> batches of less than 1,000 users and the default IPA group is changed >>>> before each batch. This helped greatly. >>>> >>>> Adding all the users takes many hours. Initially ipa user-add takes an >>>> average 2.3 seconds per user but degrades by the time there are >>>> 140,000 users to an average 6.7 seconds per user. >>>> >>>> In tracing it appears that a significant portion of the time ipa >>>> user-add takes is not the add itself, it is the query at the end that >>>> displays the resulting user account. Is there any legit way to prevent >>>> this query? >>>> >>>> The length of time it takes to migrate is not a big concern. The >>>> concern is the start of the fall school term when we typically add >>>> approximately 1,300 accounts per hour during the registration period >>>> with our current system. >>>> >>>> All suggestions will be appreciated. >>>> >>>> Regards, Daryl >>>> >>> Hi Daryl, >>> >>> I can reproduce similar trend of user-add becoming slower and slower. >>> >>> Now in my tests (etime=7s) the time was spent half by authentication and >>> half by ADD and MOD (update of ipausers group). I agree there are many >>> direct SRCH (~10) but they all seems to be rapid. >>> >>> I know that the vast majority of the time is spent in DS schema-compat >>> plugin. Disabling it, during provisioning, reduce the duration by ~3. >>> Now I do not know if it is a valid option to disable this plugin during >>> provisioning. >> As long as the schema compat is not needed by users during the >> provisioning, turning it off is fine. All the contents are regenerated >> at startup anyway. So it can be re-enabled and the server restarted >> after the bulk provisioning is done. > +1. When provisioning users via "ipa migrate-ds" command, schema compat is > strongly suggested to be turned off too. For information, accelerating user-add is investigated under https://fedorahosted.org/freeipa/ticket/5448. Schema-compat has a significant impact on ldap ADD and MOD done during user-add. Now appropriate setting of scope of others plugins (dna, memberof, uniqueness, uuid...) shows that ADD can be reduced by 10 and MOD by 2, this even if schema-compat is still enabled. So there are also possible improvements in plugin tuning. -------------- next part -------------- An HTML attachment was scrubbed... URL: From jcholast at redhat.com Mon Jan 4 13:19:50 2016 From: jcholast at redhat.com (Jan Cholasta) Date: Mon, 4 Jan 2016 14:19:50 +0100 Subject: [Freeipa-users] Using 3rd party certificates for HTTP/LDAP In-Reply-To: <568A6F4C.3060009@pakos.pl> References: <56782C27.3000102@pakos.pl> <568A6921.6000708@redhat.com> <568A6F4C.3060009@pakos.pl> Message-ID: <568A7176.50605@redhat.com> On 4.1.2016 14:10, Peter Pakos wrote: > Hi Jan, > > On 04/01/2016 12:44, Jan Cholasta wrote: > >> 1. Install the CA certificate chain of the issuer of the 3rd party >> certificate to IPA using "ipa-cacert-manage install" >> >> 2. Run "ipa-certupdate" to update CA certificate related IPA > configuration. >> >> 3. Manually import the server certificate into the >> /etc/dirsrv/slapd-REALM NSS database, configure the correct nickname in >> LDAP in the nsSSLPersonalitySSL attribute of >> cn=RSA,cn=encryption,cn=config and restart DS. >> >> 4. Manually import the server certificate into the /etc/httpd/alias NSS >> database, configure the correct nickname in /etc/httpd/conf.d/nss.conf >> using the NSSNickname directive and restart httpd. > > Would it be the same procedure for FreIPA 4.2 shipped with Centos 7.2? Yes. -- Jan Cholasta From pdomineaux at gmail.com Mon Jan 4 14:13:43 2016 From: pdomineaux at gmail.com (Domineaux Philippe) Date: Mon, 4 Jan 2016 15:13:43 +0100 Subject: [Freeipa-users] Fwd: NetworkError : invalid continuation byte with utf8 codec In-Reply-To: <20151223041124.GA16124@dhcp-40-8.bne.redhat.com> References: <20151222013001.GT23644@dhcp-40-8.bne.redhat.com> <20151223041124.GA16124@dhcp-40-8.bne.redhat.com> Message-ID: Hello, Happy new year. So the content of my /etc/locale.conf : LANG="fr_FR.UTF-8" ---------- Forwarded message ---------- From: Fraser Tweedale Date: 2015-12-23 5:11 GMT+01:00 Subject: Re: [Freeipa-users] NetworkError : invalid continuation byte with utf8 codec To: Gmail Cc: freeipa-users at redhat.com On Tue, Dec 22, 2015 at 08:39:09AM +0100, Gmail wrote: > Here are the files you ask for: > Thank you. I see Tomcat is running in an fr_FR locale. Could you also provide contents of `/etc/locale.conf'? Cheers, Fraser > > > Le 22 d?cembre 2015 ? 02:30:06, Fraser Tweedale (ftweedal at redhat.com) a ?crit: > > On Mon, Dec 21, 2015 at 05:29:01PM +0100, Gmail wrote: > > Hi all, > > > > When trying to install on a fresh new Centos 7 I?ve got this error : > > > > 2015-12-21T16:04:44Z DEBUG The ipa-server-install command failed, exception: NetworkError: cannot connect to ' https://freeipa.ipa.local:8443/ca/rest/profiles/raw': 'utf8' codec can't decode byte 0xea in position 13: invalid continuation byte > > 2015-12-21T16:04:44Z ERROR cannot connect to ' https://freeipa.ipa.local:8443/ca/rest/profiles/raw': 'utf8' codec can't decode byte 0xea in position 13: invalid continuation byte > > > > My freeipa-server version is : 4.2.0 > > I?m running a Centos 3.10.0-327.3.1.el7.x86_64 > > > > Any idea of what goes wrong? > > > Thanks for reporting. I have not seen this error before. Could you > please include the following log files and I will take a closer > look: > > /var/log/ipaserver-install.log > /var/log/pki/pki-tomcat/ca/debug > > Cheers, > Fraser -------------- next part -------------- An HTML attachment was scrubbed... URL: From marius.vollmer at redhat.com Mon Jan 4 08:38:46 2016 From: marius.vollmer at redhat.com (Marius Vollmer) Date: Mon, 04 Jan 2016 10:38:46 +0200 Subject: [Freeipa-users] Cockpit integration part I - Single Sign On In-Reply-To: <20160103185516.GD4316@redhat.com> References: <83poxr4zio.fsf@echidna.jochen.org>, <20160103185516.GD4316@redhat.com> Message-ID: <87k2npd9ih.fsf@redhat.com> Alexander Bokovoy writes: > Thanks. I think we actually could do better by using gss-proxy -- if > only cockpit-ws would cooperate[1]. I'll file a bug Thanks! > -- when cockpit-ws launches cockpit-session it doesn't pass anything > from the environment cockpit-ws was launched with. It uses NULL as the envp argument, which means that cockpit-session inherits the environment from cockpit-ws, no? cockpit-session itself calls clearenv() very early, and that is probably the reason why GSS_USE_PROXY doesn't work. https://github.com/cockpit-project/cockpit/blob/master/src/ws/session.c#L955 From jpazdziora at redhat.com Mon Jan 4 14:41:29 2016 From: jpazdziora at redhat.com (Jan Pazdziora) Date: Mon, 4 Jan 2016 15:41:29 +0100 Subject: [Freeipa-users] FreeIPA server in Docker containers -- upcoming changes In-Reply-To: <20151217103053.GA526@redhat.com> References: <20151217103053.GA526@redhat.com> Message-ID: <20160104144129.GC29736@redhat.com> On Thu, Dec 17, 2015 at 11:30:53AM +0100, Jan Pazdziora wrote: > > if you are running FreeIPA servers in containers, you might want to > be aware of a change that is coming -- in branch master-systemd of > > https://github.com/adelton/docker-freeipa > > we run the FreeIPA services via native systemd in the container, > instead of the emulation of systemctl that the current branches and > images use. That requires new option to be passed to the docker run If you've tried the systemd-based installation, you might have noticed that the output you get from docker run is different from the old ways. Instead of the ipa-server-install output http://fpaste.org/306943/ you will see systemd output listing its operations on services, namely many starts and stops: http://fpaste.org/306944/ The old output definitely made it easier to see what is happening, the new output is closer to what you'd expect from IPA server on a machine. Similar change happens during subsequent start or upgrade from older version of the data volome. It should be pretty easy to bring the ipa-server-install output back to the systemd-based containers but I wanted to check with you, FreeIPA admins and users, to see what you'd expect and what you prefer. Do you have a preference, or suggestion for something completely different? Thank you, -- Jan Pazdziora Senior Principal Software Engineer, Identity Management Engineering, Red Hat From janellenicole80 at gmail.com Mon Jan 4 16:30:08 2016 From: janellenicole80 at gmail.com (Janelle) Date: Mon, 4 Jan 2016 08:30:08 -0800 Subject: [Freeipa-users] SSSD to IPA connection? Message-ID: <568A9E10.5080800@gmail.com> Happy New Year everyone! I came across a couple of my servers having some strange connection problems and was wondering if anyone else has seen this or know what might cause it? This is IPA 4.1.4 and client on RHEL 7.1. When you look at the status, for some reason, SSSD has lost contact with the servers, and a restart is required. What I don't understand is what this "Preauth" failure is? Ideas? ~Janelle Redirecting to /bin/systemctl status sssd.service sssd.service - System Security Services Daemon Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled) Drop-In: /etc/systemd/system/sssd.service.d ??journal.conf Active: active (running) since Sat 2015-12-12 07:41:55 EST; 2 weeks 4 days ago Process: 24482 ExecStart=/usr/sbin/sssd -D -f (code=exited, status=0/SUCCESS) Main PID: 24483 (sssd) CGroup: /system.slice/sssd.service ??24483 /usr/sbin/sssd -D -f ??24484 /usr/libexec/sssd/sssd_be --domain example.com --uid 0 --gid 0 --debug-to-files ??24485 /usr/libexec/sssd/sssd_nss --uid 0 --gid 0 --debug-to-files ??24486 /usr/libexec/sssd/sssd_pam --uid 0 --gid 0 --debug-to-files ??24487 /usr/libexec/sssd/sssd_ssh --uid 0 --gid 0 --debug-to-files ??24488 /usr/libexec/sssd/sssd_pac --uid 0 --gid 0 --debug-to-files Jan 01 07:55:24 client.example.com [sssd[krb5_child[10456]]][10456]: Preauthentication failed Jan 01 07:56:07 client.example.com [sssd[krb5_child[10464]]][10464]: Preauthentication failed Jan 01 07:57:16 client.example.com [sssd[krb5_child[10471]]][10471]: Preauthentication failed Jan 01 08:10:48 client.example.com sssd_be[12345]: GSSAPI client step 1 Jan 01 08:10:48 client.example.com sssd_be[12345]: GSSAPI client step 1 Jan 01 08:10:49 client.example.com sssd_be[12345]: GSSAPI client step 1 Jan 01 08:10:49 client.example.com sssd_be[12345]: GSSAPI client step 2 Jan 01 08:20:10 client.example.com [sssd[krb5_child[10538]]][10538]: Preauthentication failed Jan 01 08:20:29 client.example.com [sssd[krb5_child[10541]]][10541]: Preauthentication failed Jan 01 08:20:48 client.example.com [sssd[krb5_child[10596]]][10596]: Preauthentication failed From jhrozek at redhat.com Mon Jan 4 17:11:04 2016 From: jhrozek at redhat.com (Jakub Hrozek) Date: Mon, 4 Jan 2016 18:11:04 +0100 Subject: [Freeipa-users] SSSD to IPA connection? In-Reply-To: <568A9E10.5080800@gmail.com> References: <568A9E10.5080800@gmail.com> Message-ID: <20160104171104.GB3507@hendrix.redhat.com> On Mon, Jan 04, 2016 at 08:30:08AM -0800, Janelle wrote: > Happy New Year everyone! > > I came across a couple of my servers having some strange connection problems > and was wondering if anyone else has seen this or know what might cause it? > This is IPA 4.1.4 and client on RHEL 7.1. When you look at the status, for > some reason, SSSD has lost contact with the servers, and a restart is > required. What I don't understand is what this "Preauth" failure is? > > Ideas? > ~Janelle > > Redirecting to /bin/systemctl status sssd.service > sssd.service - System Security Services Daemon > Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled) > Drop-In: /etc/systemd/system/sssd.service.d > ??journal.conf > Active: active (running) since Sat 2015-12-12 07:41:55 EST; 2 weeks 4 > days ago > Process: 24482 ExecStart=/usr/sbin/sssd -D -f (code=exited, > status=0/SUCCESS) > Main PID: 24483 (sssd) > CGroup: /system.slice/sssd.service > ??24483 /usr/sbin/sssd -D -f > ??24484 /usr/libexec/sssd/sssd_be --domain example.com --uid 0 > --gid 0 --debug-to-files > ??24485 /usr/libexec/sssd/sssd_nss --uid 0 --gid 0 > --debug-to-files > ??24486 /usr/libexec/sssd/sssd_pam --uid 0 --gid 0 > --debug-to-files > ??24487 /usr/libexec/sssd/sssd_ssh --uid 0 --gid 0 > --debug-to-files > ??24488 /usr/libexec/sssd/sssd_pac --uid 0 --gid 0 > --debug-to-files > > Jan 01 07:55:24 client.example.com [sssd[krb5_child[10456]]][10456]: > Preauthentication failed > Jan 01 07:56:07 client.example.com [sssd[krb5_child[10464]]][10464]: > Preauthentication failed > Jan 01 07:57:16 client.example.com [sssd[krb5_child[10471]]][10471]: > Preauthentication failed Preauthentication failed means more or less wrong password, but since the message is from krb5_child, I guess it's during user login. What exactly is not working? > Jan 01 08:10:48 client.example.com sssd_be[12345]: GSSAPI client step 1 > Jan 01 08:10:48 client.example.com sssd_be[12345]: GSSAPI client step 1 > Jan 01 08:10:49 client.example.com sssd_be[12345]: GSSAPI client step 1 > Jan 01 08:10:49 client.example.com sssd_be[12345]: GSSAPI client step 2 > Jan 01 08:20:10 client.example.com [sssd[krb5_child[10538]]][10538]: > Preauthentication failed > Jan 01 08:20:29 client.example.com [sssd[krb5_child[10541]]][10541]: > Preauthentication failed > Jan 01 08:20:48 client.example.com [sssd[krb5_child[10596]]][10596]: > Preauthentication failed > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project From janellenicole80 at gmail.com Mon Jan 4 17:17:39 2016 From: janellenicole80 at gmail.com (Janelle) Date: Mon, 4 Jan 2016 09:17:39 -0800 Subject: [Freeipa-users] SSSD to IPA connection? In-Reply-To: <20160104171104.GB3507@hendrix.redhat.com> References: <568A9E10.5080800@gmail.com> <20160104171104.GB3507@hendrix.redhat.com> Message-ID: <568AA933.7080703@gmail.com> When this happens - it stops accepting logins for any of my users. I have to restart SSSD to get it to work again. And it is just kind of random when this happens. How can a STATUS command sent to SSSD show a wrong password? ~J On 1/4/16 9:11 AM, Jakub Hrozek wrote: > On Mon, Jan 04, 2016 at 08:30:08AM -0800, Janelle wrote: >> Happy New Year everyone! >> >> I came across a couple of my servers having some strange connection problems >> and was wondering if anyone else has seen this or know what might cause it? >> This is IPA 4.1.4 and client on RHEL 7.1. When you look at the status, for >> some reason, SSSD has lost contact with the servers, and a restart is >> required. What I don't understand is what this "Preauth" failure is? >> >> Ideas? >> ~Janelle >> >> Redirecting to /bin/systemctl status sssd.service >> sssd.service - System Security Services Daemon >> Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled) >> Drop-In: /etc/systemd/system/sssd.service.d >> ??journal.conf >> Active: active (running) since Sat 2015-12-12 07:41:55 EST; 2 weeks 4 >> days ago >> Process: 24482 ExecStart=/usr/sbin/sssd -D -f (code=exited, >> status=0/SUCCESS) >> Main PID: 24483 (sssd) >> CGroup: /system.slice/sssd.service >> ??24483 /usr/sbin/sssd -D -f >> ??24484 /usr/libexec/sssd/sssd_be --domain example.com --uid 0 >> --gid 0 --debug-to-files >> ??24485 /usr/libexec/sssd/sssd_nss --uid 0 --gid 0 >> --debug-to-files >> ??24486 /usr/libexec/sssd/sssd_pam --uid 0 --gid 0 >> --debug-to-files >> ??24487 /usr/libexec/sssd/sssd_ssh --uid 0 --gid 0 >> --debug-to-files >> ??24488 /usr/libexec/sssd/sssd_pac --uid 0 --gid 0 >> --debug-to-files >> >> Jan 01 07:55:24 client.example.com [sssd[krb5_child[10456]]][10456]: >> Preauthentication failed >> Jan 01 07:56:07 client.example.com [sssd[krb5_child[10464]]][10464]: >> Preauthentication failed >> Jan 01 07:57:16 client.example.com [sssd[krb5_child[10471]]][10471]: >> Preauthentication failed > Preauthentication failed means more or less wrong password, but since > the message is from krb5_child, I guess it's during user login. > > What exactly is not working? > >> Jan 01 08:10:48 client.example.com sssd_be[12345]: GSSAPI client step 1 >> Jan 01 08:10:48 client.example.com sssd_be[12345]: GSSAPI client step 1 >> Jan 01 08:10:49 client.example.com sssd_be[12345]: GSSAPI client step 1 >> Jan 01 08:10:49 client.example.com sssd_be[12345]: GSSAPI client step 2 >> Jan 01 08:20:10 client.example.com [sssd[krb5_child[10538]]][10538]: >> Preauthentication failed >> Jan 01 08:20:29 client.example.com [sssd[krb5_child[10541]]][10541]: >> Preauthentication failed >> Jan 01 08:20:48 client.example.com [sssd[krb5_child[10596]]][10596]: >> Preauthentication failed >> >> -- >> Manage your subscription for the Freeipa-users mailing list: >> https://www.redhat.com/mailman/listinfo/freeipa-users >> Go to http://freeipa.org for more info on the project From rcritten at redhat.com Mon Jan 4 19:07:40 2016 From: rcritten at redhat.com (Rob Crittenden) Date: Mon, 4 Jan 2016 14:07:40 -0500 Subject: [Freeipa-users] IPA, autofs, kerberos In-Reply-To: <566ACEB1.5090009@blue-bolt.com> References: <566ACEB1.5090009@blue-bolt.com> Message-ID: <568AC2FC.6080807@redhat.com> Cal Sawyer wrote: > Hi > > After getting autofs working using automountmaps in IPA, i've discovered > that upon rebooting a client i have no automounts. If i ssh into the > client and obtain a ticket as admin, after restarting autofs (as root), > I can once again see access automounted directories. Until then, user > logins which depend on network home mount consistently fail > > Question is, how can this be made automatic on reboot? Credentials are needed to do the mounts so it depends on what credentials you want/need to use for that. What mounts are these that require Kerberos, home directories or something else? GSS-Proxy can do this unattended, https://fedorahosted.org/gss-proxy/wiki/NFS rob From rcritten at redhat.com Mon Jan 4 19:14:51 2016 From: rcritten at redhat.com (Rob Crittenden) Date: Mon, 4 Jan 2016 14:14:51 -0500 Subject: [Freeipa-users] Avoid auto-setting krbpasswordexpiration to pwdpolicy? In-Reply-To: <5672B6EB.6050906@adm.ku.dk> References: <5672B6EB.6050906@adm.ku.dk> Message-ID: <568AC4AB.1000401@redhat.com> Martin Ren? Mortensen wrote: > Hi, > > I am setting up an LDAP connection from our Identity Management system > which provisions our IPA servers with fresh users and groups. > I set it up pretty nice so far, with some added privileges for change > admin passwords and avoiding password resets. > But when we create a brand new user with a password, IPA resets the > krbPasswordExpiration to match the IPA password policy - but we have > another policy in our central identity management which gets must get > set at user create time. > > So the question is: > Is there any way I can avoid getting krbPasswordExpiration reset to > match the password policy? I assume you are binding via LDAP to manage the users in which case you can use this to not automatically expire reset passwords: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/pass-sync.html#password-sync > and a followup question: > Is this the same with AD sync? passwords from AD gets synced, but > expiration is determined by local password policies on the IPA servers? You'd need to keep the password policies in sync between the two systems. Once they are synced they are independent unless the password is changed. rob From rcritten at redhat.com Mon Jan 4 19:23:23 2016 From: rcritten at redhat.com (Rob Crittenden) Date: Mon, 4 Jan 2016 14:23:23 -0500 Subject: [Freeipa-users] unable to effectively delete a replica agreement In-Reply-To: References: Message-ID: <568AC6AB.4000108@redhat.com> Karl Forner wrote: > I am running a master freeIPA called "ipa" in an adelton/freeipa-server > (freeIPA 4.1.4). > I am able to create a replica server "ipa2", still in an > adelton/freeipa-server. > > If I stop my ipa2 replica, and try to delete the replication agreement: > > |%ipa-replica-manage del ipa2.example.com > --force -v| > > It hangs forever. How long is forever? > If I run it using the --cleanup option, it seems to work. That does other things. > > But when I try to run again from scratch my replica, using the same > name, I get: > > Checking forwarders, please wait ... > WARNING: DNS forwarder 10.9.70.7 does not return DNSSEC signatures in > answers > Please fix forwarder configuration to enable DNSSEC support. > (For BIND 9 add directive "dnssec-enable yes;" to "options {}") > WARNING: DNSSEC validation will be disabled > Warning: skipping DNS resolution of host ipa2.example.com > > Warning: skipping DNS resolution of host ipa.example.com > > Using reverse zone(s) 0.17.172.in-addr.arpa. > A replication agreement for this host already exists. It needs to be > removed. > Run this on the master that generated the info file: > % ipa-replica-manage del ipa2.example.com > --force > > On my master: > # ipa-replica-manage list > ipas.example.com: master > ipa.example.com: master > > I manually removed all DNS entries from the 3 zones mentioning ipa2. I > can check in the web UI, using the search feature that ipa2 has no > occurrence. > > So I do not understand why the replica install thinks there's still a > replication agreement. > And I'd like to know: > 1) why this command did not work > > |ipa-replica-manage del ipa2.example.com > --force -v| Because replication agreements are separate from IPA masters, DNS, etc. > > 2) How could I manually effectively delete this agrrement left-over. > To see the agreements on any given master: $ ldapsearch -x -D 'cn=directory manager' -W -b 'cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config' Use ldapdelete to delete the orphan one, or use something like Apache Studio if you're uncomfortable on the CLI. rob From rcritten at redhat.com Mon Jan 4 21:41:07 2016 From: rcritten at redhat.com (Rob Crittenden) Date: Mon, 4 Jan 2016 16:41:07 -0500 Subject: [Freeipa-users] Queries on migrating nis netgroups In-Reply-To: <568A5EF8.6030901@redhat.com> References: <56792F90.10506@ast.cam.ac.uk> <568A5EF8.6030901@redhat.com> Message-ID: <568AE6F3.6010702@redhat.com> Martin Kosek wrote: > On 12/22/2015 12:10 PM, Roderick Johnstone wrote: >> Hi >> >> I'm migrating our nis environment to freeipa 4.2.0 on Redhat 7. >> >> I need to have the netgroups set up in freeipa before migrating systems to be >> freeipa clients. >> >> At this point I'm trying to understand the relationship between hostgroups and >> netgroups and whether I should just be using ipa netgroup-add and ipa >> netgroup-add-member commands or whether I should be using equivalent ipa >> hostgroup* commands. >> >> Section 14.5.1 of the Redhat 7 Domain Identity Authentication and Policy Guide >> is telling me that I get a shadow netgroup for every hostgroup I create and >> that I can manage these netgroups with the "ipa-host-net-manage" command. >> >> I don't see the ipa-host-net-manage command. There are >> ipa host* commands but these don't include ipa host-net* commands. What am I >> missing here? > > Good catch, this is actually a doc bug. I filed a Bugzilla: > https://bugzilla.redhat.com/show_bug.cgi?id=1295408 > > Netgroups normally simply mirror host groups, so you do not have to use > "netgroup-*" commands if you do not manage native netgroup. > >> Also the ipa netgroup* commands don't seem to be able to manage the shadow >> netgroups so I'm currently unable to manipulate my shadow netgroups to eg >> change the nisdomain associated with them. How do I do that? > > Shadow netgroups should be only manipulated by updating the source hostgroups, > AFAIK. It depends on what you want. If the netgroup is a mirror of a hostgroup then you have to manage it via the hostgroup commands and you don't control the NIS domain. If you need more control or a real netgroup, use the netgroup commands. But I'll note that we've done little to no testing of the IPA fake NIS server providing multiple NIS domains. It should work for netgroup but I think for other maps it won't because only maps for the IPA domain are created by default. >> Also it looks like I can't add non-ipa clients into hostgroups so presumable >> not into shadow netgroups either, so maybe this is a non-starter for me. Did I >> understand that correctly? > > I personally do not have practical experience with netgroups, but it is true > that non-ipa clients cannot be added to host groups. Maybe Rob (CCed) as NIS > knowledgeable person knows more what is the best solution here. > > I anyway tried to add externalHost to the shadow hostgroup via ldapmodify as DM > and it worked: > > # ipa netgroup-show masters > Netgroup name: masters > Description: ipaNetgroup masters > NIS domain name: rhel72 > External host: foo > Member Hostgroup: masters > > I am still unable to add membership as admin though: > > # ipa netgroup-add-member masters --hosts foo2 > ipa: ERROR: Insufficient access: Insufficient 'write' privilege to the > 'externalHost' attribute of entry 'cn=masters,cn=ng,cn=alt,dc=rhel72'. That is the right way to do it. Unknown hosts to IPA are marked as "external" and stored separately. Just be aware that you can put anything in there so beware of typoes. This command works fine for me using IPA using ipa-server-4.2.0-15.el7 so I'm not sure where the permission bug lies. rob rob From prasun.gera at gmail.com Mon Jan 4 21:47:16 2016 From: prasun.gera at gmail.com (Prasun Gera) Date: Tue, 5 Jan 2016 03:17:16 +0530 Subject: [Freeipa-users] IPA, autofs, kerberos In-Reply-To: <568AC2FC.6080807@redhat.com> References: <566ACEB1.5090009@blue-bolt.com> <568AC2FC.6080807@redhat.com> Message-ID: I would like to understand this better too. I'm not using kerberized NFS. I'm using regular nfs for user home dirs as well as other mount points, which used to work quite well with autofs + NIS. For the most part it works fine with ipa too. However, I have occasionally faced problems with autofs not working well on clients. In such cases, the only thing that has worked is calling the ipa-automount uninstall script, and reinstalling it. Is this indicative of stale sss cache values ? On Tue, Jan 5, 2016 at 12:37 AM, Rob Crittenden wrote: > Cal Sawyer wrote: > > Hi > > > > After getting autofs working using automountmaps in IPA, i've discovered > > that upon rebooting a client i have no automounts. If i ssh into the > > client and obtain a ticket as admin, after restarting autofs (as root), > > I can once again see access automounted directories. Until then, user > > logins which depend on network home mount consistently fail > > > > Question is, how can this be made automatic on reboot? > > Credentials are needed to do the mounts so it depends on what > credentials you want/need to use for that. What mounts are these that > require Kerberos, home directories or something else? > > GSS-Proxy can do this unattended, > https://fedorahosted.org/gss-proxy/wiki/NFS > > rob > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project > -------------- next part -------------- An HTML attachment was scrubbed... URL: From karl.forner at gmail.com Mon Jan 4 23:16:48 2016 From: karl.forner at gmail.com (Karl Forner) Date: Tue, 5 Jan 2016 00:16:48 +0100 Subject: [Freeipa-users] how to force switch to another kdc Message-ID: Hello, My freeipa master has crashed, and I have a replica running. The problem is that I can not use anymore the webapps on my main server which use a kerberos authentication since my server will not switch to the kdc on my replica. I remember that someone replied me on this list about that problem, but I'd like to konw if there's something I can do besides rebooting my main server ? freeipa 4.3 sssd 1.12.5-1 running on ubuntu 14.04 Thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: From karl.forner at gmail.com Mon Jan 4 19:28:20 2016 From: karl.forner at gmail.com (Karl Forner) Date: Mon, 4 Jan 2016 20:28:20 +0100 Subject: [Freeipa-users] unable to effectively delete a replica agreement In-Reply-To: <568AC6AB.4000108@redhat.com> References: <568AC6AB.4000108@redhat.com> Message-ID: > > > It hangs forever. > > How long is forever? > officially it's about 15 mns. Do you mean that this delay could be expected ? > > > If I run it using the --cleanup option, it seems to work. > > That does other things. > and actually it did not really work. > > > > > But when I try to run again from scratch my replica, using the same > > name, I get: > > > > Checking forwarders, please wait ... > > WARNING: DNS forwarder 10.9.70.7 does not return DNSSEC signatures in > > answers > > Please fix forwarder configuration to enable DNSSEC support. > > (For BIND 9 add directive "dnssec-enable yes;" to "options {}") > > WARNING: DNSSEC validation will be disabled > > Warning: skipping DNS resolution of host ipa2.example.com > > > > Warning: skipping DNS resolution of host ipa.example.com > > > > Using reverse zone(s) 0.17.172.in-addr.arpa. > > A replication agreement for this host already exists. It needs to be > > removed. > > Run this on the master that generated the info file: > > % ipa-replica-manage del ipa2.example.com > > --force > > > > On my master: > > # ipa-replica-manage list > > ipas.example.com: master > > ipa.example.com: master > > > > I manually removed all DNS entries from the 3 zones mentioning ipa2. I > > can check in the web UI, using the search feature that ipa2 has no > > occurrence. > > > > So I do not understand why the replica install thinks there's still a > > replication agreement. > > And I'd like to know: > > 1) why this command did not work > > > > |ipa-replica-manage del ipa2.example.com > > --force -v| > > Because replication agreements are separate from IPA masters, DNS, etc. > > > > > 2) How could I manually effectively delete this agrrement left-over. > > > > To see the agreements on any given master: > > $ ldapsearch -x -D 'cn=directory manager' -W -b > 'cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config' > > Use ldapdelete to delete the orphan one, or use something like Apache > Studio if you're uncomfortable on the CLI. > > rob > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mkosek at redhat.com Tue Jan 5 07:00:48 2016 From: mkosek at redhat.com (Martin Kosek) Date: Tue, 5 Jan 2016 08:00:48 +0100 Subject: [Freeipa-users] Queries on migrating nis netgroups In-Reply-To: <568AE6F3.6010702@redhat.com> References: <56792F90.10506@ast.cam.ac.uk> <568A5EF8.6030901@redhat.com> <568AE6F3.6010702@redhat.com> Message-ID: <568B6A20.1020406@redhat.com> On 01/04/2016 10:41 PM, Rob Crittenden wrote: > Martin Kosek wrote: ... >> I anyway tried to add externalHost to the shadow hostgroup via ldapmodify as DM >> and it worked: >> >> # ipa netgroup-show masters >> Netgroup name: masters >> Description: ipaNetgroup masters >> NIS domain name: rhel72 >> External host: foo >> Member Hostgroup: masters >> >> I am still unable to add membership as admin though: >> >> # ipa netgroup-add-member masters --hosts foo2 >> ipa: ERROR: Insufficient access: Insufficient 'write' privilege to the >> 'externalHost' attribute of entry 'cn=masters,cn=ng,cn=alt,dc=rhel72'. > > That is the right way to do it. Unknown hosts to IPA are marked as > "external" and stored separately. Just be aware that you can put > anything in there so beware of typoes. > > This command works fine for me using IPA using ipa-server-4.2.0-15.el7 > so I'm not sure where the permission bug lies. Did you try it on native netgroup (added via netgroup-add) or hostgroup shadow group? As it works for me on native netgroups, but not on shadow netgroups, where I can only add the external host with as DM. From jhrozek at redhat.com Tue Jan 5 07:12:29 2016 From: jhrozek at redhat.com (Jakub Hrozek) Date: Tue, 5 Jan 2016 08:12:29 +0100 Subject: [Freeipa-users] SSSD to IPA connection? In-Reply-To: <568AA933.7080703@gmail.com> References: <568A9E10.5080800@gmail.com> <20160104171104.GB3507@hendrix.redhat.com> <568AA933.7080703@gmail.com> Message-ID: <20160105071229.GD21527@hendrix.arn.redhat.com> On Mon, Jan 04, 2016 at 09:17:39AM -0800, Janelle wrote: > When this happens - it stops accepting logins for any of my users. Can you please generate logs when this happens? I suspect sssd might go offline for one reason or another.. > I have to restart SSSD to get it to work again. ..and a restart would re-set the offline status. > And it is just kind of random when this happens. > How can a STATUS command sent to SSSD show a wrong password? I think krb5_child logs some of its errors to syslog, perhaps we shouldn't log preauth failed, though. > > > ~J > > On 1/4/16 9:11 AM, Jakub Hrozek wrote: > >On Mon, Jan 04, 2016 at 08:30:08AM -0800, Janelle wrote: > >>Happy New Year everyone! > >> > >>I came across a couple of my servers having some strange connection problems > >>and was wondering if anyone else has seen this or know what might cause it? > >>This is IPA 4.1.4 and client on RHEL 7.1. When you look at the status, for > >>some reason, SSSD has lost contact with the servers, and a restart is > >>required. What I don't understand is what this "Preauth" failure is? > >> > >>Ideas? > >>~Janelle > >> > >>Redirecting to /bin/systemctl status sssd.service > >>sssd.service - System Security Services Daemon > >> Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled) > >> Drop-In: /etc/systemd/system/sssd.service.d > >> ??journal.conf > >> Active: active (running) since Sat 2015-12-12 07:41:55 EST; 2 weeks 4 > >>days ago > >> Process: 24482 ExecStart=/usr/sbin/sssd -D -f (code=exited, > >>status=0/SUCCESS) > >> Main PID: 24483 (sssd) > >> CGroup: /system.slice/sssd.service > >> ??24483 /usr/sbin/sssd -D -f > >> ??24484 /usr/libexec/sssd/sssd_be --domain example.com --uid 0 > >>--gid 0 --debug-to-files > >> ??24485 /usr/libexec/sssd/sssd_nss --uid 0 --gid 0 > >>--debug-to-files > >> ??24486 /usr/libexec/sssd/sssd_pam --uid 0 --gid 0 > >>--debug-to-files > >> ??24487 /usr/libexec/sssd/sssd_ssh --uid 0 --gid 0 > >>--debug-to-files > >> ??24488 /usr/libexec/sssd/sssd_pac --uid 0 --gid 0 > >>--debug-to-files > >> > >>Jan 01 07:55:24 client.example.com [sssd[krb5_child[10456]]][10456]: > >>Preauthentication failed > >>Jan 01 07:56:07 client.example.com [sssd[krb5_child[10464]]][10464]: > >>Preauthentication failed > >>Jan 01 07:57:16 client.example.com [sssd[krb5_child[10471]]][10471]: > >>Preauthentication failed > >Preauthentication failed means more or less wrong password, but since > >the message is from krb5_child, I guess it's during user login. > > > >What exactly is not working? > > > >>Jan 01 08:10:48 client.example.com sssd_be[12345]: GSSAPI client step 1 > >>Jan 01 08:10:48 client.example.com sssd_be[12345]: GSSAPI client step 1 > >>Jan 01 08:10:49 client.example.com sssd_be[12345]: GSSAPI client step 1 > >>Jan 01 08:10:49 client.example.com sssd_be[12345]: GSSAPI client step 2 > >>Jan 01 08:20:10 client.example.com [sssd[krb5_child[10538]]][10538]: > >>Preauthentication failed > >>Jan 01 08:20:29 client.example.com [sssd[krb5_child[10541]]][10541]: > >>Preauthentication failed > >>Jan 01 08:20:48 client.example.com [sssd[krb5_child[10596]]][10596]: > >>Preauthentication failed > >> > >>-- > >>Manage your subscription for the Freeipa-users mailing list: > >>https://www.redhat.com/mailman/listinfo/freeipa-users > >>Go to http://freeipa.org for more info on the project > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project From jhrozek at redhat.com Tue Jan 5 07:14:08 2016 From: jhrozek at redhat.com (Jakub Hrozek) Date: Tue, 5 Jan 2016 08:14:08 +0100 Subject: [Freeipa-users] how to force switch to another kdc In-Reply-To: References: Message-ID: <20160105071408.GE21527@hendrix.arn.redhat.com> On Tue, Jan 05, 2016 at 12:16:48AM +0100, Karl Forner wrote: > Hello, > > My freeipa master has crashed, and I have a replica running. > The problem is that I can not use anymore the webapps on my main server > which use a kerberos authentication since my server will not switch to the > kdc on my replica. As long as the authentication is done via sssd this should happen automatically, but you can send USR1 followed by USR2 to sssd to force going offline and back online. It would be nice to look into the logs, though, to see why wouldn't sssd fail over itself. > > I remember that someone replied me on this list about that problem, but I'd > like to konw if there's something I can do besides rebooting my main server > ? > > freeipa 4.3 > > sssd 1.12.5-1 running on ubuntu 14.04 > > Thanks. > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project From rcritten at redhat.com Tue Jan 5 14:08:17 2016 From: rcritten at redhat.com (Rob Crittenden) Date: Tue, 5 Jan 2016 09:08:17 -0500 Subject: [Freeipa-users] unable to effectively delete a replica agreement In-Reply-To: References: <568AC6AB.4000108@redhat.com> Message-ID: <568BCE51.7040402@redhat.com> Karl Forner wrote: > > > > > > It hangs forever. > > How long is forever? > > > officially it's about 15 mns. Do you mean that this delay could be > expected ? Forever is a measurement of patience. I'd have expected a timeout at some point. To really diagnose things we'd probably need to instrument ipa-replica-manage to find out where it is getting stuck. > > > > If I run it using the --cleanup option, it seems to work. > > That does other things. > > > and actually it did not really work. All cleanup does is remove the host as an IPA master. It does nothing with agreements. Did you find the agreement using the ldapsearch I proposed? rob > > > > > > > But when I try to run again from scratch my replica, using the same > > name, I get: > > > > Checking forwarders, please wait ... > > WARNING: DNS forwarder 10.9.70.7 does not return DNSSEC signatures in > > answers > > Please fix forwarder configuration to enable DNSSEC support. > > (For BIND 9 add directive "dnssec-enable yes;" to "options {}") > > WARNING: DNSSEC validation will be disabled > > Warning: skipping DNS resolution of host ipa2.example.com > > > > Warning: skipping DNS resolution of host ipa.example.com > > > > Using reverse zone(s) 0.17.172.in-addr.arpa. > > A replication agreement for this host already exists. It needs to be > > removed. > > Run this on the master that generated the info file: > > % ipa-replica-manage del ipa2.example.com > > > --force > > > > On my master: > > # ipa-replica-manage list > > ipas.example.com : master > > ipa.example.com : master > > > > I manually removed all DNS entries from the 3 zones mentioning ipa2. I > > can check in the web UI, using the search feature that ipa2 has no > > occurrence. > > > > So I do not understand why the replica install thinks there's still a > > replication agreement. > > And I'd like to know: > > 1) why this command did not work > > > > |ipa-replica-manage del ipa2.example.com > > > --force -v| > > Because replication agreements are separate from IPA masters, DNS, etc. > > > > > 2) How could I manually effectively delete this agrrement left-over. > > > > To see the agreements on any given master: > > $ ldapsearch -x -D 'cn=directory manager' -W -b > 'cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config' > > Use ldapdelete to delete the orphan one, or use something like Apache > Studio if you're uncomfortable on the CLI. > > rob > > From bahanw042014 at gmail.com Tue Jan 5 14:11:34 2016 From: bahanw042014 at gmail.com (bahan w) Date: Tue, 5 Jan 2016 15:11:34 +0100 Subject: [Freeipa-users] FreeIPA 4.x + CentOS 6.4 In-Reply-To: <568A6257.7030205@redhat.com> References: <29287_1450890213_567AD3E5_29287_3990_1_1D24A0A1407AA6499AADBA43C8A73ED505A5C2@OPEXCNORM63.corporate.adroot.infra.ftgroup> <20160103123213.GB4316@redhat.com> <568A6257.7030205@redhat.com> Message-ID: Hello. I have some questions related to this point : 1. On a RHEL6.6, may I install the package ipa-client 4.x and enroll to an ipa server 4.x located on a RHEL7 ? May you remind me the version of sssd embedded with ipa-client 4.x ? 2. The ipa-server 4.x can only be installed on RHEL7+, true/false ? Best regards. Bahan -------------- next part -------------- An HTML attachment was scrubbed... URL: From lslebodn at redhat.com Tue Jan 5 14:31:55 2016 From: lslebodn at redhat.com (Lukas Slebodnik) Date: Tue, 5 Jan 2016 15:31:55 +0100 Subject: [Freeipa-users] FreeIPA 4.x + CentOS 6.4 In-Reply-To: References: <29287_1450890213_567AD3E5_29287_3990_1_1D24A0A1407AA6499AADBA43C8A73ED505A5C2@OPEXCNORM63.corporate.adroot.infra.ftgroup> <20160103123213.GB4316@redhat.com> <568A6257.7030205@redhat.com> Message-ID: <20160105143154.GH6431@mail.corp.redhat.com> On (05/01/16 15:11), bahan w wrote: >Hello. > >I have some questions related to this point : >1. On a RHEL6.6, may I install the package ipa-client 4.x and enroll to an >ipa server 4.x located on a RHEL7 ? May you remind me the version of sssd >embedded with ipa-client 4.x ? rhel6.6 has ipa-client-3.0.0-47.el6 and sssd-1.11.x rhel6.7 has ipa-client-3.0.0-47.el6 and sssd-1.12.x and sssd-1.11+ works well with ipa-server 4.x >2. The ipa-server 4.x can only be installed on RHEL7+, true/false ? > true ( +fedora :-) LS From bahanw042014 at gmail.com Tue Jan 5 14:34:35 2016 From: bahanw042014 at gmail.com (bahan w) Date: Tue, 5 Jan 2016 15:34:35 +0100 Subject: [Freeipa-users] FreeIPA 4.x + CentOS 6.4 In-Reply-To: <20160105143154.GH6431@mail.corp.redhat.com> References: <29287_1450890213_567AD3E5_29287_3990_1_1D24A0A1407AA6499AADBA43C8A73ED505A5C2@OPEXCNORM63.corporate.adroot.infra.ftgroup> <20160103123213.GB4316@redhat.com> <568A6257.7030205@redhat.com> <20160105143154.GH6431@mail.corp.redhat.com> Message-ID: Thanks. And for the ipa-client package ? Is it installable on Redhat 6.6 ? Or is it only installable on Redhat 7.x ? Best regards. Bahan On Tue, Jan 5, 2016 at 3:31 PM, Lukas Slebodnik wrote: > On (05/01/16 15:11), bahan w wrote: > >Hello. > > > >I have some questions related to this point : > >1. On a RHEL6.6, may I install the package ipa-client 4.x and enroll to an > >ipa server 4.x located on a RHEL7 ? May you remind me the version of sssd > >embedded with ipa-client 4.x ? > rhel6.6 has ipa-client-3.0.0-47.el6 and sssd-1.11.x > rhel6.7 has ipa-client-3.0.0-47.el6 and sssd-1.12.x > > and sssd-1.11+ works well with ipa-server 4.x > > >2. The ipa-server 4.x can only be installed on RHEL7+, true/false ? > > > true ( +fedora :-) > > LS > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rcritten at redhat.com Tue Jan 5 14:36:50 2016 From: rcritten at redhat.com (Rob Crittenden) Date: Tue, 5 Jan 2016 09:36:50 -0500 Subject: [Freeipa-users] FreeIPA 4.x + CentOS 6.4 In-Reply-To: <20160105143154.GH6431@mail.corp.redhat.com> References: <29287_1450890213_567AD3E5_29287_3990_1_1D24A0A1407AA6499AADBA43C8A73ED505A5C2@OPEXCNORM63.corporate.adroot.infra.ftgroup> <20160103123213.GB4316@redhat.com> <568A6257.7030205@redhat.com> <20160105143154.GH6431@mail.corp.redhat.com> Message-ID: <568BD502.6020207@redhat.com> Lukas Slebodnik wrote: > On (05/01/16 15:11), bahan w wrote: >> Hello. >> >> I have some questions related to this point : >> 1. On a RHEL6.6, may I install the package ipa-client 4.x and enroll to an >> ipa server 4.x located on a RHEL7 ? May you remind me the version of sssd >> embedded with ipa-client 4.x ? > rhel6.6 has ipa-client-3.0.0-47.el6 and sssd-1.11.x > rhel6.7 has ipa-client-3.0.0-47.el6 and sssd-1.12.x > > and sssd-1.11+ works well with ipa-server 4.x Strictly speaking, sssd isn't "embedded" with ipa-client. There is some correlation based on distro release, as Lukas has listed, but that's about it. There is no IPA 4.x for RHEL 6.x. >> 2. The ipa-server 4.x can only be installed on RHEL7+, true/false ? >> > true ( +fedora :-) > > LS > From rcritten at redhat.com Tue Jan 5 15:24:31 2016 From: rcritten at redhat.com (Rob Crittenden) Date: Tue, 5 Jan 2016 10:24:31 -0500 Subject: [Freeipa-users] Queries on migrating nis netgroups In-Reply-To: <568B6A20.1020406@redhat.com> References: <56792F90.10506@ast.cam.ac.uk> <568A5EF8.6030901@redhat.com> <568AE6F3.6010702@redhat.com> <568B6A20.1020406@redhat.com> Message-ID: <568BE02F.3030908@redhat.com> Martin Kosek wrote: > On 01/04/2016 10:41 PM, Rob Crittenden wrote: >> Martin Kosek wrote: > ... >>> I anyway tried to add externalHost to the shadow hostgroup via ldapmodify as DM >>> and it worked: >>> >>> # ipa netgroup-show masters >>> Netgroup name: masters >>> Description: ipaNetgroup masters >>> NIS domain name: rhel72 >>> External host: foo >>> Member Hostgroup: masters >>> >>> I am still unable to add membership as admin though: >>> >>> # ipa netgroup-add-member masters --hosts foo2 >>> ipa: ERROR: Insufficient access: Insufficient 'write' privilege to the >>> 'externalHost' attribute of entry 'cn=masters,cn=ng,cn=alt,dc=rhel72'. >> >> That is the right way to do it. Unknown hosts to IPA are marked as >> "external" and stored separately. Just be aware that you can put >> anything in there so beware of typoes. >> >> This command works fine for me using IPA using ipa-server-4.2.0-15.el7 >> so I'm not sure where the permission bug lies. > > Did you try it on native netgroup (added via netgroup-add) or hostgroup shadow > group? As it works for me on native netgroups, but not on shadow netgroups, > where I can only add the external host with as DM. > I didn't but I can reproduce it. It is probably due to this deny ACI: aci: (targetfilter = "(objectClass=mepManagedEntry)")(targetattr = "*")(version 3.0; acl "Managed netgroups cannot be modified"; deny (write) userdn = "ldap:///all";) Not very nice behavior (and deny ACIs are icky). I guess the netgroup mod commands should look to see if it is a real netgroup before trying to do a write and otherwise raise a more reasonable error. rob From abokovoy at redhat.com Tue Jan 5 17:06:47 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Tue, 5 Jan 2016 19:06:47 +0200 Subject: [Freeipa-users] FreeIPA 4.x + CentOS 6.4 In-Reply-To: References: <29287_1450890213_567AD3E5_29287_3990_1_1D24A0A1407AA6499AADBA43C8A73ED505A5C2@OPEXCNORM63.corporate.adroot.infra.ftgroup> <20160103123213.GB4316@redhat.com> <568A6257.7030205@redhat.com> <20160105143154.GH6431@mail.corp.redhat.com> Message-ID: <20160105170647.GU4316@redhat.com> On Tue, 05 Jan 2016, bahan w wrote: >Thanks. > >And for the ipa-client package ? Is it installable on Redhat 6.6 ? There *is* already ipa-client in RHEL 6.6, version 3.0. It is enough to enroll this client to IPA version 4.0 server. >Or is it only installable on Redhat 7.x ? ipa-client-4.x is only provided on RHEL 7.x/CentOS 7.x/Fedora. -- / Alexander Bokovoy From mkosek at redhat.com Tue Jan 5 17:11:15 2016 From: mkosek at redhat.com (Martin Kosek) Date: Tue, 5 Jan 2016 18:11:15 +0100 Subject: [Freeipa-users] Queries on migrating nis netgroups In-Reply-To: <568BE02F.3030908@redhat.com> References: <56792F90.10506@ast.cam.ac.uk> <568A5EF8.6030901@redhat.com> <568AE6F3.6010702@redhat.com> <568B6A20.1020406@redhat.com> <568BE02F.3030908@redhat.com> Message-ID: <568BF933.6070701@redhat.com> On 01/05/2016 04:24 PM, Rob Crittenden wrote: > Martin Kosek wrote: >> On 01/04/2016 10:41 PM, Rob Crittenden wrote: >>> Martin Kosek wrote: >> ... >>>> I anyway tried to add externalHost to the shadow hostgroup via ldapmodify as DM >>>> and it worked: >>>> >>>> # ipa netgroup-show masters >>>> Netgroup name: masters >>>> Description: ipaNetgroup masters >>>> NIS domain name: rhel72 >>>> External host: foo >>>> Member Hostgroup: masters >>>> >>>> I am still unable to add membership as admin though: >>>> >>>> # ipa netgroup-add-member masters --hosts foo2 >>>> ipa: ERROR: Insufficient access: Insufficient 'write' privilege to the >>>> 'externalHost' attribute of entry 'cn=masters,cn=ng,cn=alt,dc=rhel72'. >>> >>> That is the right way to do it. Unknown hosts to IPA are marked as >>> "external" and stored separately. Just be aware that you can put >>> anything in there so beware of typoes. >>> >>> This command works fine for me using IPA using ipa-server-4.2.0-15.el7 >>> so I'm not sure where the permission bug lies. >> >> Did you try it on native netgroup (added via netgroup-add) or hostgroup shadow >> group? As it works for me on native netgroups, but not on shadow netgroups, >> where I can only add the external host with as DM. >> > > I didn't but I can reproduce it. > > It is probably due to this deny ACI: > > aci: (targetfilter = "(objectClass=mepManagedEntry)")(targetattr = > "*")(version 3.0; acl "Managed netgroups cannot be modified"; deny > (write) userdn = "ldap:///all";) Ah, good catch. I was suspecting something like that, I just did not know we went that far to create deny ACI. > Not very nice behavior (and deny ACIs are icky). > > I guess the netgroup mod commands should look to see if it is a real > netgroup before trying to do a write and otherwise raise a more > reasonable error. Potentially yes, although I do not see that as the most important part. I rather do not know how to solve Roderick's issue and add external hosts as part of the shadow netgroups. Currently, the only workaround is to create plain host/ghost entries for these non-ipa clients and use them in host groups. From rcritten at redhat.com Tue Jan 5 17:17:30 2016 From: rcritten at redhat.com (Rob Crittenden) Date: Tue, 5 Jan 2016 12:17:30 -0500 Subject: [Freeipa-users] Queries on migrating nis netgroups In-Reply-To: <568BF933.6070701@redhat.com> References: <56792F90.10506@ast.cam.ac.uk> <568A5EF8.6030901@redhat.com> <568AE6F3.6010702@redhat.com> <568B6A20.1020406@redhat.com> <568BE02F.3030908@redhat.com> <568BF933.6070701@redhat.com> Message-ID: <568BFAAA.5000106@redhat.com> Martin Kosek wrote: > On 01/05/2016 04:24 PM, Rob Crittenden wrote: >> Martin Kosek wrote: >>> On 01/04/2016 10:41 PM, Rob Crittenden wrote: >>>> Martin Kosek wrote: >>> ... >>>>> I anyway tried to add externalHost to the shadow hostgroup via ldapmodify as DM >>>>> and it worked: >>>>> >>>>> # ipa netgroup-show masters >>>>> Netgroup name: masters >>>>> Description: ipaNetgroup masters >>>>> NIS domain name: rhel72 >>>>> External host: foo >>>>> Member Hostgroup: masters >>>>> >>>>> I am still unable to add membership as admin though: >>>>> >>>>> # ipa netgroup-add-member masters --hosts foo2 >>>>> ipa: ERROR: Insufficient access: Insufficient 'write' privilege to the >>>>> 'externalHost' attribute of entry 'cn=masters,cn=ng,cn=alt,dc=rhel72'. >>>> >>>> That is the right way to do it. Unknown hosts to IPA are marked as >>>> "external" and stored separately. Just be aware that you can put >>>> anything in there so beware of typoes. >>>> >>>> This command works fine for me using IPA using ipa-server-4.2.0-15.el7 >>>> so I'm not sure where the permission bug lies. >>> >>> Did you try it on native netgroup (added via netgroup-add) or hostgroup shadow >>> group? As it works for me on native netgroups, but not on shadow netgroups, >>> where I can only add the external host with as DM. >>> >> >> I didn't but I can reproduce it. >> >> It is probably due to this deny ACI: >> >> aci: (targetfilter = "(objectClass=mepManagedEntry)")(targetattr = >> "*")(version 3.0; acl "Managed netgroups cannot be modified"; deny >> (write) userdn = "ldap:///all";) > > Ah, good catch. I was suspecting something like that, I just did not know we > went that far to create deny ACI. > >> Not very nice behavior (and deny ACIs are icky). >> >> I guess the netgroup mod commands should look to see if it is a real >> netgroup before trying to do a write and otherwise raise a more >> reasonable error. > > Potentially yes, although I do not see that as the most important part. I > rather do not know how to solve Roderick's issue and add external hosts as part > of the shadow netgroups. > > Currently, the only workaround is to create plain host/ghost entries for these > non-ipa clients and use them in host groups. > That or use real netgroups created via netgroup-add instead of hostgroups. That is the only way to have control over the advertised NIS domain in the triple anyway. rob From karl.forner at gmail.com Tue Jan 5 17:16:47 2016 From: karl.forner at gmail.com (Karl Forner) Date: Tue, 5 Jan 2016 18:16:47 +0100 Subject: [Freeipa-users] how to force switch to another kdc In-Reply-To: <20160105071408.GE21527@hendrix.arn.redhat.com> References: <20160105071408.GE21527@hendrix.arn.redhat.com> Message-ID: On Tue, Jan 5, 2016 at 8:14 AM, Jakub Hrozek wrote: > On Tue, Jan 05, 2016 at 12:16:48AM +0100, Karl Forner wrote: > > Hello, > > > > My freeipa master has crashed, and I have a replica running. > > The problem is that I can not use anymore the webapps on my main server > > which use a kerberos authentication since my server will not switch to > the > > kdc on my replica. > > As long as the authentication is done via sssd this should happen > automatically, well it does not seem to. The way I test it is using kinit. The only log that gets updated in /var/log/sssd is ldap_child.log.1 (what's strange is that there's a ldap_child.log which is empty). Each time I try a kinit, I get a log line like: (Tue Jan 5 18:10:55 2016) [[sssd[ldap_child[10069]]]] [ldap_child_get_tgt_sync] (0x0010): Failed to init credentials: Cannot contact any KDC for realm 'EXAMPLE.COM' I tried to send USR1 then USR2 to the main sssd process, without any improvement, In a previous email, Simo Sorce explained me that: Unfortunately it is, it is a bug in the way we update the krb5 libraries > to point to a KDC. > > SSSD updates this information in a file under /var/lib/sss/pubconf and > krb5 libraries read from it, however kinit cannot force sssd to > re-evaluate if the file needs updating. > > If you do a local login instead of a kinit, you will see that SSSD will > switch to the new server and subsequent kinit will start using it. > > This is tracked here: > https://fedorahosted.org/sssd/ticket/941 > Could this be related ? but you can send USR1 followed by USR2 to sssd to force > going offline and back online. It would be nice to look into the logs, > though, to see why wouldn't sssd fail over itself. > > > > > I remember that someone replied me on this list about that problem, but > I'd > > like to konw if there's something I can do besides rebooting my main > server > > ? > > > > freeipa 4.3 > > > > sssd 1.12.5-1 running on ubuntu 14.04 > > > > Thanks. > > > -- > > Manage your subscription for the Freeipa-users mailing list: > > https://www.redhat.com/mailman/listinfo/freeipa-users > > Go to http://freeipa.org for more info on the project > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project > -------------- next part -------------- An HTML attachment was scrubbed... URL: From karl.forner at gmail.com Tue Jan 5 18:06:08 2016 From: karl.forner at gmail.com (Karl Forner) Date: Tue, 5 Jan 2016 19:06:08 +0100 Subject: [Freeipa-users] how to force switch to another kdc In-Reply-To: References: Message-ID: Another piece of information: the linux boxes are running ubuntu too, with the same configuration. I have configured 2 dns servers, the first for my main freeipa server (which is down), and rhe second for the replica. After boot, the linux box can resolve addresses just fine, using the secondary dns. But the box does not pick the kdc from the replica. It seems to only use the cache, since when I do a klist, I have a ticked expiring at 01/01/1970: Valid starting Expires Service principal 01/01/1970 01:00:00 01/01/1970 01:00:00 If I do a kinit: kinit: Cannot contact any KDC for realm 'EXAMPLE.COM' while getting initial credentials And once again, from a box just rebooted. When I look at my /etc/krb5.conf, there's a kdc, master_kdc, and admin_server set for my domain. >From what I had understood, I thought they should be ignored, and that the auto discovery should still happen. Is that so ? Thanks. On Tue, Jan 5, 2016 at 12:16 AM, Karl Forner wrote: > Hello, > > My freeipa master has crashed, and I have a replica running. > The problem is that I can not use anymore the webapps on my main server > which use a kerberos authentication since my server will not switch to the > kdc on my replica. > > I remember that someone replied me on this list about that problem, but > I'd like to konw if there's something I can do besides rebooting my main > server ? > > freeipa 4.3 > > sssd 1.12.5-1 running on ubuntu 14.04 > > Thanks. > -------------- next part -------------- An HTML attachment was scrubbed... URL: From karl.forner at gmail.com Tue Jan 5 18:22:57 2016 From: karl.forner at gmail.com (Karl Forner) Date: Tue, 5 Jan 2016 19:22:57 +0100 Subject: [Freeipa-users] how to force switch to another kdc In-Reply-To: References: Message-ID: update: modifying the /etc/krb5.conf, and replacing the name of my freeipa master by the replica fixes the problem. So that proves that the kdc is not picked up by discovery. The problem is that my ubuntu box was enrolled using the ipa-client-install script, and so should be properly configured. Did I miss any critical option ? What should the /etc/krb5.conf be like ? Thanks. On Tue, Jan 5, 2016 at 7:06 PM, Karl Forner wrote: > Another piece of information: > > the linux boxes are running ubuntu too, with the same configuration. > I have configured 2 dns servers, the first for my main freeipa server > (which is down), and rhe second for the replica. > After boot, the linux box can resolve addresses just fine, using the > secondary dns. But the box does not pick the kdc from the replica. > > It seems to only use the cache, since when I do a klist, I have a ticked > expiring at 01/01/1970: > Valid starting Expires Service principal > 01/01/1970 01:00:00 01/01/1970 01:00:00 > > If I do a kinit: > kinit: Cannot contact any KDC for realm 'EXAMPLE.COM' while getting > initial credentials > > And once again, from a box just rebooted. > > When I look at my /etc/krb5.conf, there's a kdc, master_kdc, and > admin_server set for my domain. > From what I had understood, I thought they should be ignored, and that the > auto discovery should still happen. > Is that so ? > > Thanks. > > > > On Tue, Jan 5, 2016 at 12:16 AM, Karl Forner > wrote: > >> Hello, >> >> My freeipa master has crashed, and I have a replica running. >> The problem is that I can not use anymore the webapps on my main server >> which use a kerberos authentication since my server will not switch to the >> kdc on my replica. >> >> I remember that someone replied me on this list about that problem, but >> I'd like to konw if there's something I can do besides rebooting my main >> server ? >> >> freeipa 4.3 >> >> sssd 1.12.5-1 running on ubuntu 14.04 >> >> Thanks. >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From natxo.asenjo at gmail.com Tue Jan 5 18:34:44 2016 From: natxo.asenjo at gmail.com (Natxo Asenjo) Date: Tue, 5 Jan 2016 19:34:44 +0100 Subject: [Freeipa-users] how to force switch to another kdc In-Reply-To: References: Message-ID: On Tue, Jan 5, 2016 at 7:31 PM, Natxo Asenjo wrote: > includedir /var/lib/sss/pubconf/krb5.include.d/ > #File modified by ipa-client-install > > [libdefaults] > default_realm = IPA.DOMAIN.TLD > dns_lookup_realm = true > dns_lookup_kdc = true > rdns = false > ticket_lifetime = 24h > forwardable = yes > > [realms] > IPA.DOMAIN.TLD = { > pkinit_anchors = FILE:/etc/ipa/ca.crt > } > > [domain_realm] > .ipa.domain.tld = IPA.DOMAIN.TLD > ipa.domain.tld = IPA.DOMAIN.TLD > > ]$ cat /etc/krb5.conf > with this config I can reach any realm, by the way, provided it has srv records. It works for our AD forests as well. -- Groeten, natxo -------------- next part -------------- An HTML attachment was scrubbed... URL: From abokovoy at redhat.com Tue Jan 5 18:55:20 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Tue, 5 Jan 2016 20:55:20 +0200 Subject: [Freeipa-users] how to force switch to another kdc In-Reply-To: References: Message-ID: <20160105185520.GV4316@redhat.com> On Tue, 05 Jan 2016, Karl Forner wrote: >update: > >modifying the /etc/krb5.conf, and replacing the name of my freeipa master >by the replica fixes the problem. >So that proves that the kdc is not picked up by discovery. This implies you have explicit line stating the KDC address in your krb5.conf. That means no DNS SRV record discovery will be done at all because there is no need to discover anything. Look at the Natxo's example in the other email. -- / Alexander Bokovoy From karl.forner at gmail.com Tue Jan 5 18:54:23 2016 From: karl.forner at gmail.com (Karl Forner) Date: Tue, 5 Jan 2016 19:54:23 +0100 Subject: [Freeipa-users] how to force switch to another kdc In-Reply-To: References: Message-ID: Thanks a lot, that works if I comment out the explicit reference to a server name, and that I switch dns_lookup_kdc to true. I think I understand why it was not working from the install: I used the ipa-client-install with the option --server. According to the man page, in the "Failover" section, I understand that "DNS Autodiscovery" is enabled when no "fixed server was passed to the installer", which makes sense a posteriori. I think that closes my topic, thanks again for all the help I got ! On Tue, Jan 5, 2016 at 7:34 PM, Natxo Asenjo wrote: > > > On Tue, Jan 5, 2016 at 7:31 PM, Natxo Asenjo > wrote: > >> includedir /var/lib/sss/pubconf/krb5.include.d/ >> #File modified by ipa-client-install >> >> [libdefaults] >> default_realm = IPA.DOMAIN.TLD >> dns_lookup_realm = true >> dns_lookup_kdc = true >> rdns = false >> ticket_lifetime = 24h >> forwardable = yes >> >> [realms] >> IPA.DOMAIN.TLD = { >> pkinit_anchors = FILE:/etc/ipa/ca.crt >> } >> >> [domain_realm] >> .ipa.domain.tld = IPA.DOMAIN.TLD >> ipa.domain.tld = IPA.DOMAIN.TLD >> >> ]$ cat /etc/krb5.conf >> > > with this config I can reach any realm, by the way, provided it has srv > records. It works for our AD forests as well. > > -- > Groeten, > natxo > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project > -------------- next part -------------- An HTML attachment was scrubbed... URL: From cal-s at blue-bolt.com Tue Jan 5 19:49:40 2016 From: cal-s at blue-bolt.com (BlueBolt) Date: Tue, 5 Jan 2016 19:49:40 +0000 Subject: [Freeipa-users] Freeipa-users Digest, Vol 90, Issue 9 In-Reply-To: References: Message-ID: <929C0B2B-173F-464A-B189-F667EDF5CA60@blue-bolt.com> Wow, that's fairly horrifying stuff, Rob. All of my NFS servers (and current ldap-auth'd clients, which are not migrated to ipa-client) are constrained to nfs3. I have no plans to v4 any of my nfs infrastructure apart from one server eventually which will serve mostly Macs for acl richness. At any rate: "To use GSS-Proxy with the NFS server you need a recent enough kernel. Anything more recent than 3.10 should work just fine." Servers are CentOS6 and Nexenta where they'll remain for the foreseeable future. Surely this is anticipated somewhere in the ipa/sssd universe allowing autofs to act in some autonomous way as it does currently with ldap backend? thank you, - cal sawyer > Date: Mon, 4 Jan 2016 14:07:40 -0500 > From: Rob Crittenden > To: Cal Sawyer , freeipa-users at redhat.com > Subject: Re: [Freeipa-users] IPA, autofs, kerberos > Message-ID: <568AC2FC.6080807 at redhat.com> > Content-Type: text/plain; charset=ISO-8859-1 > > Cal Sawyer wrote: >> Hi >> >> After getting autofs working using automountmaps in IPA, i've discovered >> that upon rebooting a client i have no automounts. If i ssh into the >> client and obtain a ticket as admin, after restarting autofs (as root), >> I can once again see access automounted directories. Until then, user >> logins which depend on network home mount consistently fail >> >> Question is, how can this be made automatic on reboot? > > Credentials are needed to do the mounts so it depends on what > credentials you want/need to use for that. What mounts are these that > require Kerberos, home directories or something else? > > GSS-Proxy can do this unattended, > https://fedorahosted.org/gss-proxy/wiki/NFS > > rob -------------- next part -------------- An HTML attachment was scrubbed... URL: From natxo.asenjo at gmail.com Tue Jan 5 18:31:41 2016 From: natxo.asenjo at gmail.com (Natxo Asenjo) Date: Tue, 5 Jan 2016 19:31:41 +0100 Subject: [Freeipa-users] how to force switch to another kdc In-Reply-To: References: Message-ID: On Tue, Jan 5, 2016 at 7:22 PM, Karl Forner wrote: > update: > > modifying the /etc/krb5.conf, and replacing the name of my freeipa master > by the replica fixes the problem. > So that proves that the kdc is not picked up by discovery. > > The problem is that my ubuntu box was enrolled using the > ipa-client-install script, and so should be properly configured. > > Did I miss any critical option ? > What should the /etc/krb5.conf be like ? > Could you post your krb5.conf ? This is a working example in a centos 6 host: al-only additions here, put content in /etc/motd-local ## ]$ cat /etc/krb5.conf includedir /var/lib/sss/pubconf/krb5.include.d/ #File modified by ipa-client-install [libdefaults] default_realm = IPA.DOMAIN.TLD dns_lookup_realm = true dns_lookup_kdc = true rdns = false ticket_lifetime = 24h forwardable = yes [realms] IPA.DOMAIN.TLD = { pkinit_anchors = FILE:/etc/ipa/ca.crt } [domain_realm] .ipa.domain.tld = IPA.DOMAIN.TLD ipa.domain.tld = IPA.DOMAIN.TLD -- regards, natxo -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmj at ast.cam.ac.uk Tue Jan 5 21:17:42 2016 From: rmj at ast.cam.ac.uk (Roderick Johnstone) Date: Tue, 5 Jan 2016 21:17:42 +0000 Subject: [Freeipa-users] Queries on migrating nis netgroups In-Reply-To: <568BFAAA.5000106@redhat.com> References: <56792F90.10506@ast.cam.ac.uk> <568A5EF8.6030901@redhat.com> <568AE6F3.6010702@redhat.com> <568B6A20.1020406@redhat.com> <568BE02F.3030908@redhat.com> <568BF933.6070701@redhat.com> <568BFAAA.5000106@redhat.com> Message-ID: <568C32F6.1040309@ast.cam.ac.uk> On 05/01/2016 17:17, Rob Crittenden wrote: > Martin Kosek wrote: >> On 01/05/2016 04:24 PM, Rob Crittenden wrote: >>> Martin Kosek wrote: >>>> On 01/04/2016 10:41 PM, Rob Crittenden wrote: >>>>> Martin Kosek wrote: >>>> ... >>>>>> I anyway tried to add externalHost to the shadow hostgroup via ldapmodify as DM >>>>>> and it worked: >>>>>> >>>>>> # ipa netgroup-show masters >>>>>> Netgroup name: masters >>>>>> Description: ipaNetgroup masters >>>>>> NIS domain name: rhel72 >>>>>> External host: foo >>>>>> Member Hostgroup: masters >>>>>> >>>>>> I am still unable to add membership as admin though: >>>>>> >>>>>> # ipa netgroup-add-member masters --hosts foo2 >>>>>> ipa: ERROR: Insufficient access: Insufficient 'write' privilege to the >>>>>> 'externalHost' attribute of entry 'cn=masters,cn=ng,cn=alt,dc=rhel72'. >>>>> >>>>> That is the right way to do it. Unknown hosts to IPA are marked as >>>>> "external" and stored separately. Just be aware that you can put >>>>> anything in there so beware of typoes. >>>>> >>>>> This command works fine for me using IPA using ipa-server-4.2.0-15.el7 >>>>> so I'm not sure where the permission bug lies. >>>> >>>> Did you try it on native netgroup (added via netgroup-add) or hostgroup shadow >>>> group? As it works for me on native netgroups, but not on shadow netgroups, >>>> where I can only add the external host with as DM. >>>> >>> >>> I didn't but I can reproduce it. >>> >>> It is probably due to this deny ACI: >>> >>> aci: (targetfilter = "(objectClass=mepManagedEntry)")(targetattr = >>> "*")(version 3.0; acl "Managed netgroups cannot be modified"; deny >>> (write) userdn = "ldap:///all";) >> >> Ah, good catch. I was suspecting something like that, I just did not know we >> went that far to create deny ACI. >> >>> Not very nice behavior (and deny ACIs are icky). >>> >>> I guess the netgroup mod commands should look to see if it is a real >>> netgroup before trying to do a write and otherwise raise a more >>> reasonable error. >> >> Potentially yes, although I do not see that as the most important part. I >> rather do not know how to solve Roderick's issue and add external hosts as part >> of the shadow netgroups. >> >> Currently, the only workaround is to create plain host/ghost entries for these >> non-ipa clients and use them in host groups. >> > > That or use real netgroups created via netgroup-add instead of > hostgroups. That is the only way to have control over the advertised NIS > domain in the triple anyway. > > rob > Martin/Rob Thanks for all your analysis on this query. I had come to the conclusion that using the real netgroups was probably the way to go on this in my particular circumstances. I'm happy now that I'm not missing something obvious about the managed netgroups which would make them a better choice. Thanks again. Roderick From rcritten at redhat.com Tue Jan 5 21:49:19 2016 From: rcritten at redhat.com (Rob Crittenden) Date: Tue, 5 Jan 2016 16:49:19 -0500 Subject: [Freeipa-users] Freeipa-users Digest, Vol 90, Issue 9 In-Reply-To: <929C0B2B-173F-464A-B189-F667EDF5CA60@blue-bolt.com> References: <929C0B2B-173F-464A-B189-F667EDF5CA60@blue-bolt.com> Message-ID: <568C3A5F.2070300@redhat.com> BlueBolt wrote: > Wow, that's fairly horrifying stuff, Rob. All of my NFS servers (and > current ldap-auth'd clients, which are not migrated to ipa-client) are > constrained to nfs3. I have no plans to v4 any of my nfs infrastructure > apart from one server eventually which will serve mostly Macs for acl > richness. At any rate: > > "To use GSS-Proxy with the NFS server you need a recent enough kernel. > Anything more recent than 3.10 should work just fine." > > Servers are CentOS6 and Nexenta where they'll remain for the foreseeable > future. > > Surely this is anticipated somewhere in the ipa/sssd universe allowing > autofs to act in some autonomous way as it does currently with ldap backend? I think you're confusing things. This doesn't remove any existing behavior. You can still use ldap auth against autofs if you want, and that is the default in ipa-client-automount using the host credentials. But that isn't what you originally asked about. You asked about the mounts themselves requiring Kerberos security. If you want want Kerberos in the NFS mounts there is more pain in EL 6 than in EL 7. The typical workaround is to use a keytab. We can only move the earth so much at a time. rob > > thank you, > > - cal sawyer > > Date: Mon, 4 Jan 2016 14:07:40 -0500 >> From: Rob Crittenden > >> To: Cal Sawyer >, >> freeipa-users at redhat.com >> Subject: Re: [Freeipa-users] IPA, autofs, kerberos >> Message-ID: <568AC2FC.6080807 at redhat.com >> > >> Content-Type: text/plain; charset=ISO-8859-1 >> >> Cal Sawyer wrote: >>> Hi >>> >>> After getting autofs working using automountmaps in IPA, i've discovered >>> that upon rebooting a client i have no automounts. If i ssh into the >>> client and obtain a ticket as admin, after restarting autofs (as root), >>> I can once again see access automounted directories. Until then, user >>> logins which depend on network home mount consistently fail >>> >>> Question is, how can this be made automatic on reboot? >> >> Credentials are needed to do the mounts so it depends on what >> credentials you want/need to use for that. What mounts are these that >> require Kerberos, home directories or something else? >> >> GSS-Proxy can do this unattended, >> https://fedorahosted.org/gss-proxy/wiki/NFS >> >> rob > > From ftweedal at redhat.com Wed Jan 6 04:32:30 2016 From: ftweedal at redhat.com (Fraser Tweedale) Date: Wed, 6 Jan 2016 14:32:30 +1000 Subject: [Freeipa-users] Fwd: NetworkError : invalid continuation byte with utf8 codec In-Reply-To: References: <20151222013001.GT23644@dhcp-40-8.bne.redhat.com> <20151223041124.GA16124@dhcp-40-8.bne.redhat.com> Message-ID: <20160106043230.GK31821@dhcp-40-8.bne.redhat.com> On Mon, Jan 04, 2016 at 03:13:43PM +0100, Domineaux Philippe wrote: > Hello, > > Happy new year. > > So the content of my /etc/locale.conf : > > LANG="fr_FR.UTF-8" > Happy new year to you too, and thanks for the info. I reproduced the issue and there is a now a patch awaiting review. Ticket: https://fedorahosted.org/freeipa/ticket/5578 Cheers, Fraser > ---------- Forwarded message ---------- > From: Fraser Tweedale > Date: 2015-12-23 5:11 GMT+01:00 > Subject: Re: [Freeipa-users] NetworkError : invalid continuation byte with > utf8 codec > To: Gmail > Cc: freeipa-users at redhat.com > > > On Tue, Dec 22, 2015 at 08:39:09AM +0100, Gmail wrote: > > Here are the files you ask for: > > > Thank you. I see Tomcat is running in an fr_FR locale. Could you > also provide contents of `/etc/locale.conf'? > > Cheers, > Fraser > > > > > > > Le 22 d?cembre 2015 ? 02:30:06, Fraser Tweedale (ftweedal at redhat.com) a > ?crit: > > > > On Mon, Dec 21, 2015 at 05:29:01PM +0100, Gmail wrote: > > > Hi all, > > > > > > When trying to install on a fresh new Centos 7 I?ve got this error : > > > > > > 2015-12-21T16:04:44Z DEBUG The ipa-server-install command failed, > exception: NetworkError: cannot connect to ' > https://freeipa.ipa.local:8443/ca/rest/profiles/raw': 'utf8' codec can't > decode byte 0xea in position 13: invalid continuation byte > > > 2015-12-21T16:04:44Z ERROR cannot connect to ' > https://freeipa.ipa.local:8443/ca/rest/profiles/raw': 'utf8' codec can't > decode byte 0xea in position 13: invalid continuation byte > > > > > > My freeipa-server version is : 4.2.0 > > > I?m running a Centos 3.10.0-327.3.1.el7.x86_64 > > > > > > Any idea of what goes wrong? > > > > > Thanks for reporting. I have not seen this error before. Could you > > please include the following log files and I will take a closer > > look: > > > > /var/log/ipaserver-install.log > > /var/log/pki/pki-tomcat/ca/debug > > > > Cheers, > > Fraser > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project From Lachlan.Simpson at petermac.org Wed Jan 6 04:45:00 2016 From: Lachlan.Simpson at petermac.org (Simpson Lachlan) Date: Wed, 6 Jan 2016 04:45:00 +0000 Subject: [Freeipa-users] Importing from shadow: ERROR: Constraint violation: pre-hashed passwords are not valid Message-ID: <0137003026EBE54FBEC540C5600C03C432BA3F@PMC-EXMBX02.petermac.org.au> Hi, New install of FreeIPA 4.2.0-15.el7.centos.3 on Centos 7.2.1511 (and I'm very new to FreeIPA) Following the advice I got from here: http://www.freeipa.org/page/NIS_accounts_migration_preserving_Passwords I dumped old shadow into a csv, then wrote a small bash script to import all the users: #!/bin/bash INPUT=s.csv IFS=, kinit admin [ ! -f $INPUT ] && { echo "$INPUT file not found"; exit 99; } while read lname pw do echo "Importing user $lname" FIRST=${lname:0:1} LAST=${lname:1} ipa user-add $lname --first $FIRST --last $LAST --setattr userpassword={crypt}"$pw" done < $INPUT When I execute this, I get this error for every entry: "ipa: ERROR: Constraint violation: pre-hashed passwords are not valid" What have I done wrong? Cheers L. This email (including any attachments or links) may contain confidential and/or legally privileged information and is intended only to be read or used by the addressee. If you are not the intended addressee, any use, distribution, disclosure or copying of this email is strictly prohibited. Confidentiality and legal privilege attached to this email (including any attachments) are not waived or lost by reason of its mistaken delivery to you. If you have received this email in error, please delete it and notify us immediately by telephone or email. Peter MacCallum Cancer Centre provides no guarantee that this transmission is free of virus or that it has not been intercepted or altered and will not be liable for any delay in its receipt. From delldudedevin at gmail.com Wed Jan 6 05:42:56 2016 From: delldudedevin at gmail.com (Devin) Date: Tue, 5 Jan 2016 22:42:56 -0700 Subject: [Freeipa-users] FreeIPA 4.2.0 / CentOS 7.2 / DNS Strangeness (Sub-domains) Message-ID: I am noticing a very strange issue with FreeIPA, I installed FreeIPA on a fresh Virtual Machine called (idm.servers.lnx.ninja) and registered the Kerberos domain as LNX.NINJA. Everything installs just fine without any issues, and even when I log into FreeIPA and go to the DNS Manager i see that it created a few zones as I would have expected (ie: Reverse zone for 10.10.10.x, lnx.ninja zone, and servers.lnx.ninja zone. What I notice is that if I try to do a DNS query for any record on the (lnx.ninja) zone it fails even though there are records there, and if I query any records inside the servers.lnx.ninja zone they work just fine. What I can't understand is why are my DNS queries dying on the (lnx.ninja) zone. So for my test I created 2 (A) records one inside (lnx.ninja) and one inside (servers.lnx.ninja). What would cause any DNS queries to lnx.ninja to not succeed? I have duplicated this issue multiple times with several other VM's using different domains and they have have same issue. Any advise is appreciated! [root at idm ~]# dig @localhost blah.lnx.ninja ; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.1 <<>> @localhost blah.lnx.ninja ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 50913 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;blah.lnx.ninja. IN A ;; Query time: 1 msec ;; SERVER: ::1#53(::1) ;; WHEN: Wed Jan 06 05:30:15 UTC 2016 ;; MSG SIZE rcvd: 43 [root at idm ~]# dig @localhost blah.servers.lnx.ninja ; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.1 <<>> @localhost blah.servers.lnx.ninja ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64481 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;blah.servers.lnx.ninja. IN A ;; ANSWER SECTION: blah.servers.lnx.ninja. 86400 IN A 10.10.10.1 ;; AUTHORITY SECTION: servers.lnx.ninja. 86400 IN NS idm.servers.lnx.ninja. ;; ADDITIONAL SECTION: idm.servers.lnx.ninja. 1200 IN A 10.10.10.10 ;; Query time: 0 msec ;; SERVER: ::1#53(::1) ;; WHEN: Wed Jan 06 05:30:32 UTC 2016 ;; MSG SIZE rcvd: 101 Thanks Much. Devin -------------- next part -------------- An HTML attachment was scrubbed... URL: From pspacek at redhat.com Wed Jan 6 07:25:03 2016 From: pspacek at redhat.com (Petr Spacek) Date: Wed, 6 Jan 2016 08:25:03 +0100 Subject: [Freeipa-users] FreeIPA 4.2.0 / CentOS 7.2 / DNS Strangeness (Sub-domains) In-Reply-To: References: Message-ID: <568CC14F.6010701@redhat.com> On 6.1.2016 06:42, Devin wrote: > I am noticing a very strange issue with FreeIPA, I installed FreeIPA on a > fresh Virtual Machine called (idm.servers.lnx.ninja) and registered the > Kerberos domain as LNX.NINJA. Everything installs just fine without any > issues, and even when I log into FreeIPA and go to the DNS Manager i see > that it created a few zones as I would have expected (ie: Reverse zone for > 10.10.10.x, lnx.ninja zone, and servers.lnx.ninja zone. What I notice is > that if I try to do a DNS query for any record on the (lnx.ninja) zone it > fails even though there are records there, and if I query any records > inside the servers.lnx.ninja zone they work just fine. What I can't > understand is why are my DNS queries dying on the (lnx.ninja) zone. > > So for my test I created 2 (A) records one inside (lnx.ninja) and one > inside (servers.lnx.ninja). What would cause any DNS queries to lnx.ninja > to not succeed? I have duplicated this issue multiple times with several > other VM's using different domains and they have have same issue. Any > advise is appreciated! > > [root at idm ~]# dig @localhost blah.lnx.ninja > > ; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.1 <<>> @localhost blah.lnx.ninja > ; (2 servers found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 50913 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 4096 > ;; QUESTION SECTION: > ;blah.lnx.ninja. IN A > > ;; Query time: 1 msec > ;; SERVER: ::1#53(::1) > ;; WHEN: Wed Jan 06 05:30:15 UTC 2016 > ;; MSG SIZE rcvd: 43 > > [root at idm ~]# dig @localhost blah.servers.lnx.ninja > > ; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.1 <<>> @localhost > blah.servers.lnx.ninja > ; (2 servers found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64481 > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 4096 > ;; QUESTION SECTION: > ;blah.servers.lnx.ninja. IN A > > ;; ANSWER SECTION: > blah.servers.lnx.ninja. 86400 IN A 10.10.10.1 > > ;; AUTHORITY SECTION: > servers.lnx.ninja. 86400 IN NS idm.servers.lnx.ninja. > > ;; ADDITIONAL SECTION: > idm.servers.lnx.ninja. 1200 IN A 10.10.10.10 > > ;; Query time: 0 msec > ;; SERVER: ::1#53(::1) > ;; WHEN: Wed Jan 06 05:30:32 UTC 2016 > ;; MSG SIZE rcvd: 101 Hello, this is strange, but I do not have sufficient information right now. Please add following information: # list all configured DNS master zones $ ipa dnszone-find # list all DNS forward zones $ ipa dnsforwardzone-find # tell us exact RPM versions $ rpm -q bind bind-dyndb-ldap ipa-server Thank you. -- Petr^2 Spacek From pspacek at redhat.com Wed Jan 6 07:26:56 2016 From: pspacek at redhat.com (Petr Spacek) Date: Wed, 6 Jan 2016 08:26:56 +0100 Subject: [Freeipa-users] FreeIPA 4.2.0 / CentOS 7.2 / DNS Strangeness (Sub-domains) In-Reply-To: <568CC14F.6010701@redhat.com> References: <568CC14F.6010701@redhat.com> Message-ID: <568CC1C0.1010109@redhat.com> On 6.1.2016 08:25, Petr Spacek wrote: > On 6.1.2016 06:42, Devin wrote: >> I am noticing a very strange issue with FreeIPA, I installed FreeIPA on a >> fresh Virtual Machine called (idm.servers.lnx.ninja) and registered the >> Kerberos domain as LNX.NINJA. Everything installs just fine without any >> issues, and even when I log into FreeIPA and go to the DNS Manager i see >> that it created a few zones as I would have expected (ie: Reverse zone for >> 10.10.10.x, lnx.ninja zone, and servers.lnx.ninja zone. What I notice is >> that if I try to do a DNS query for any record on the (lnx.ninja) zone it >> fails even though there are records there, and if I query any records >> inside the servers.lnx.ninja zone they work just fine. What I can't >> understand is why are my DNS queries dying on the (lnx.ninja) zone. >> >> So for my test I created 2 (A) records one inside (lnx.ninja) and one >> inside (servers.lnx.ninja). What would cause any DNS queries to lnx.ninja >> to not succeed? I have duplicated this issue multiple times with several >> other VM's using different domains and they have have same issue. Any >> advise is appreciated! >> >> [root at idm ~]# dig @localhost blah.lnx.ninja >> >> ; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.1 <<>> @localhost blah.lnx.ninja >> ; (2 servers found) >> ;; global options: +cmd >> ;; Got answer: >> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 50913 >> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 >> >> ;; OPT PSEUDOSECTION: >> ; EDNS: version: 0, flags:; udp: 4096 >> ;; QUESTION SECTION: >> ;blah.lnx.ninja. IN A >> >> ;; Query time: 1 msec >> ;; SERVER: ::1#53(::1) >> ;; WHEN: Wed Jan 06 05:30:15 UTC 2016 >> ;; MSG SIZE rcvd: 43 >> >> [root at idm ~]# dig @localhost blah.servers.lnx.ninja >> >> ; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.1 <<>> @localhost >> blah.servers.lnx.ninja >> ; (2 servers found) >> ;; global options: +cmd >> ;; Got answer: >> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64481 >> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 >> >> ;; OPT PSEUDOSECTION: >> ; EDNS: version: 0, flags:; udp: 4096 >> ;; QUESTION SECTION: >> ;blah.servers.lnx.ninja. IN A >> >> ;; ANSWER SECTION: >> blah.servers.lnx.ninja. 86400 IN A 10.10.10.1 >> >> ;; AUTHORITY SECTION: >> servers.lnx.ninja. 86400 IN NS idm.servers.lnx.ninja. >> >> ;; ADDITIONAL SECTION: >> idm.servers.lnx.ninja. 1200 IN A 10.10.10.10 >> >> ;; Query time: 0 msec >> ;; SERVER: ::1#53(::1) >> ;; WHEN: Wed Jan 06 05:30:32 UTC 2016 >> ;; MSG SIZE rcvd: 101 > > > Hello, > > this is strange, but I do not have sufficient information right now. > > Please add following information: > # list all configured DNS master zones > $ ipa dnszone-find > > # list all DNS forward zones > $ ipa dnsforwardzone-find > > # tell us exact RPM versions > $ rpm -q bind bind-dyndb-ldap ipa-server Ee, I forgot to ask for logs from named-pkcs11 service: Please run $ journalctl -u named-pkcs11 and look for messages related to the zone which has problems. I'm sorry for the noise :-) -- Petr^2 Spacek From wdh at dds.nl Wed Jan 6 07:56:27 2016 From: wdh at dds.nl (wdh at dds.nl) Date: Wed, 06 Jan 2016 08:56:27 +0100 Subject: [Freeipa-users] IPA, AD Trust and Domain Local Groups In-Reply-To: <568C3A5F.2070300@redhat.com> References: <929C0B2B-173F-464A-B189-F667EDF5CA60@blue-bolt.com> <568C3A5F.2070300@redhat.com> Message-ID: Hi all, Using an AD trust with IPA 4.2 all works well, but on the IPA/Linux site we're just not able to see AD "Domain Local Groups". Is that just not possible (a limitation of the current version that is), is some extra configuration needed of is just something wrong....? Hope one can give an answer! Winny From sbose at redhat.com Wed Jan 6 08:19:11 2016 From: sbose at redhat.com (Sumit Bose) Date: Wed, 6 Jan 2016 09:19:11 +0100 Subject: [Freeipa-users] IPA, AD Trust and Domain Local Groups In-Reply-To: References: <929C0B2B-173F-464A-B189-F667EDF5CA60@blue-bolt.com> <568C3A5F.2070300@redhat.com> Message-ID: <20160106081911.GL6480@p.redhat.com> On Wed, Jan 06, 2016 at 08:56:27AM +0100, wdh at dds.nl wrote: > Hi all, > > Using an AD trust with IPA 4.2 all works well, but on the IPA/Linux site > we're just not able to see AD "Domain Local Groups". > > Is that just not possible (a limitation of the current version that is), is > some extra configuration needed of is just something wrong....? > > Hope one can give an answer! This is by design. As the name says the groups are 'Domain Local' i.e. only valid in the own AD domain (not even in the whole AD forest). Since the IPA domain is a completely different forest from the AD perspective the Domain Local Groups do not apply here. IPA just does the same here as AD does. HTH bye, Sumit > > Winny > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project From wdh at dds.nl Wed Jan 6 08:32:39 2016 From: wdh at dds.nl (wdh at dds.nl) Date: Wed, 06 Jan 2016 09:32:39 +0100 Subject: [Freeipa-users] IPA, AD Trust and Domain Local Groups In-Reply-To: <20160106081911.GL6480@p.redhat.com> References: <929C0B2B-173F-464A-B189-F667EDF5CA60@blue-bolt.com> <568C3A5F.2070300@redhat.com> <20160106081911.GL6480@p.redhat.com> Message-ID: Hi, OK, clear. Thanks for the information! Winny Sumit Bose schreef op 06-01-2016 9:19: > On Wed, Jan 06, 2016 at 08:56:27AM +0100, wdh at dds.nl wrote: >> Hi all, >> >> Using an AD trust with IPA 4.2 all works well, but on the IPA/Linux >> site >> we're just not able to see AD "Domain Local Groups". >> >> Is that just not possible (a limitation of the current version that >> is), is >> some extra configuration needed of is just something wrong....? >> >> Hope one can give an answer! > > This is by design. As the name says the groups are 'Domain Local' i.e. > only valid in the own AD domain (not even in the whole AD forest). > Since > the IPA domain is a completely different forest from the AD perspective > the Domain Local Groups do not apply here. IPA just does the same here > as AD does. > > HTH > > bye, > Sumit > >> >> Winny >> >> -- >> Manage your subscription for the Freeipa-users mailing list: >> https://www.redhat.com/mailman/listinfo/freeipa-users >> Go to http://freeipa.org for more info on the project From abokovoy at redhat.com Wed Jan 6 08:42:41 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Wed, 6 Jan 2016 10:42:41 +0200 Subject: [Freeipa-users] Importing from shadow: ERROR: Constraint violation: pre-hashed passwords are not valid In-Reply-To: <0137003026EBE54FBEC540C5600C03C432BA3F@PMC-EXMBX02.petermac.org.au> References: <0137003026EBE54FBEC540C5600C03C432BA3F@PMC-EXMBX02.petermac.org.au> Message-ID: <20160106084241.GY4316@redhat.com> On Wed, 06 Jan 2016, Simpson Lachlan wrote: >Hi, > >New install of FreeIPA 4.2.0-15.el7.centos.3 on Centos 7.2.1511 (and >I'm very new to FreeIPA) > >Following the advice I got from here: >http://www.freeipa.org/page/NIS_accounts_migration_preserving_Passwords > >I dumped old shadow into a csv, then wrote a small bash script to >import all the users: > >#!/bin/bash >INPUT=s.csv >IFS=, > >kinit admin > >[ ! -f $INPUT ] && { echo "$INPUT file not found"; exit 99; } >while read lname pw >do > > echo "Importing user $lname" > FIRST=${lname:0:1} > LAST=${lname:1} > > ipa user-add $lname --first $FIRST --last $LAST --setattr userpassword={crypt}"$pw" > > >done < $INPUT > >When I execute this, I get this error for every entry: "ipa: ERROR: >Constraint violation: pre-hashed passwords are not valid" > >What have I done wrong? Did you enable migration mode? The check in the password plugin is conditioned on allowing pre-hashed passwords only when the migration mode is on. -- / Alexander Bokovoy From FE9817 at FE-DDIS.DK Wed Jan 6 08:59:22 2016 From: FE9817 at FE-DDIS.DK (FE9817 FE-DDIS.DK) Date: Wed, 6 Jan 2016 08:59:22 +0000 Subject: [Freeipa-users] changing password on user using ldappasswd Message-ID: Hi, Im trying to change password for a user, using ldap, but it hangs. Here is what is done. :~$ ldappasswd -h idm.com -ZZ -p 636 -x -D "uid=admin,cn=users,cn=accounts,dc=com" -W -S "uid=test000,cn=users,cn=accounts,dc=com" -d9 -v -A Old password: Re-enter old password: New password: Re-enter new password: ldap_initialize( ldap://idm.com:636 ) ldap_create ldap_url_parse_ext(ldap://idm.com:636) ldap_extended_operation_s ldap_extended_operation ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP idm.com:636 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 10.10.10.10:636 ldap_pvt_connect: fd: 3 tm: -1 async: 0 ldap_open_defconn: successful ldap_send_server_request ber_scanf fmt ({it) ber: ber_scanf fmt ({) ber: ber_flush2: 31 bytes to sd 3 ldap_result ld 0x7fc7f40de370 msgid 1 wait4msg ld 0x7fc7f40de370 msgid 1 (infinite timeout) wait4msg continue ld 0x7fc7f40de370 msgid 1 all 1 ** ld 0x7fc7f40de370 Connections: * host: idm01.dap.cfcs.dk port: 636 (default) refcnt: 2 status: Connected last used: Wed Jan 6 09:29:43 2016 ** ld 0x7fc7f40de370 Outstanding Requests: * msgid 1, origid 1, status InProgress outstanding referrals 0, parent count 0 ld 0x7fc7f40de370 request count 1 (abandoned 0) ** ld 0x7fc7f40de370 Response Queue: Empty ld 0x7fc7f40de370 response count 0 ldap_chkResponseList ld 0x7fc7f40de370 msgid 1 all 1 ldap_chkResponseList returns ld 0x7fc7f40de370 NULL ldap_int_select It works when using kpasswd, but not ldappasswd. Any suggestions? Cheers Emil -------------- next part -------------- An HTML attachment was scrubbed... URL: From bahanw042014 at gmail.com Wed Jan 6 09:44:46 2016 From: bahanw042014 at gmail.com (bahan w) Date: Wed, 6 Jan 2016 10:44:46 +0100 Subject: [Freeipa-users] FreeIPA - Mixing clients using sssd for some and nscd/nslcd for others Message-ID: Hello ! I send you this mail because I am using this topology : - FreeIPA 3.0.0-42 - RHEL6.6 - Two masters (replicated) - n clients My question is the following : May I use for some clients sssd and for others the couple nscd/nslcd ? I would like to perform tests to compare both and I wondering if I can do that ? Best regards. Bahan -------------- next part -------------- An HTML attachment was scrubbed... URL: From lslebodn at redhat.com Wed Jan 6 10:10:09 2016 From: lslebodn at redhat.com (Lukas Slebodnik) Date: Wed, 6 Jan 2016 11:10:09 +0100 Subject: [Freeipa-users] FreeIPA - Mixing clients using sssd for some and nscd/nslcd for others In-Reply-To: References: Message-ID: <20160106101008.GA8766@mail.corp.redhat.com> On (06/01/16 10:44), bahan w wrote: >Hello ! > >I send you this mail because I am using this topology : >- FreeIPA 3.0.0-42 >- RHEL6.6 >- Two masters (replicated) >- n clients > >My question is the following : >May I use for some clients sssd and for others the couple nscd/nslcd ? I >would like to perform tests to compare both and I wondering if I can do >that ? > ipa-client-install has argument "--no-sssd" which shoudl configure machine with nslcd + pam_ldap. I have never used it. If it doesn't work you might configure it yourself. There is no blocker. But failover in sssd is in better state than in nslcd and pam_ldap in rhel6.6 create ldap connection to server with each authentication + another ldap connection in nslcd. So load of your server might be higher that with sssd. it depends on counf of client machines and count of users which will use that machine. I would like to ask why do you want to compare both. Is sssd slow for you? LS From mkosek at redhat.com Wed Jan 6 11:17:49 2016 From: mkosek at redhat.com (Martin Kosek) Date: Wed, 6 Jan 2016 12:17:49 +0100 Subject: [Freeipa-users] changing password on user using ldappasswd In-Reply-To: References: Message-ID: <568CF7DD.9040902@redhat.com> On 01/06/2016 09:59 AM, FE9817 FE-DDIS.DK wrote: > Hi, > > Im trying to change password for a user, using ldap, but it hangs. Here is what is done. > > :~$ ldappasswd -h idm.com -ZZ -p 636 -x -D "uid=admin,cn=users,cn=accounts,dc=com" -W -S "uid=test000,cn=users,cn=accounts,dc=com" -d9 -v -A > Old password: > Re-enter old password: > New password: > Re-enter new password: > ldap_initialize( ldap://idm.com:636 ) > ldap_create > ldap_url_parse_ext(ldap://idm.com:636) > ldap_extended_operation_s > ldap_extended_operation > ldap_send_initial_request > ldap_new_connection 1 1 0 > ldap_int_open_connection > ldap_connect_to_host: TCP idm.com:636 > ldap_new_socket: 3 > ldap_prepare_socket: 3 > ldap_connect_to_host: Trying 10.10.10.10:636 > ldap_pvt_connect: fd: 3 tm: -1 async: 0 > ldap_open_defconn: successful > ldap_send_server_request > ber_scanf fmt ({it) ber: > ber_scanf fmt ({) ber: > ber_flush2: 31 bytes to sd 3 > ldap_result ld 0x7fc7f40de370 msgid 1 > wait4msg ld 0x7fc7f40de370 msgid 1 (infinite timeout) > wait4msg continue ld 0x7fc7f40de370 msgid 1 all 1 > ** ld 0x7fc7f40de370 Connections: > * host: idm01.dap.cfcs.dk port: 636 (default) > refcnt: 2 status: Connected > last used: Wed Jan 6 09:29:43 2016 > > > ** ld 0x7fc7f40de370 Outstanding Requests: > * msgid 1, origid 1, status InProgress > outstanding referrals 0, parent count 0 > ld 0x7fc7f40de370 request count 1 (abandoned 0) > ** ld 0x7fc7f40de370 Response Queue: > Empty > ld 0x7fc7f40de370 response count 0 > ldap_chkResponseList ld 0x7fc7f40de370 msgid 1 all 1 > ldap_chkResponseList returns ld 0x7fc7f40de370 NULL > ldap_int_select > > It works when using kpasswd, but not ldappasswd. Any suggestions? I had similar problem when kadmin did not start fully because of low entropy on my VM, I wonder if this is your case as well. You can find out with # systemctl status kadmin.service But I am surprised that kadmin password change works and ldappasswd does not. This would mean that "ipa passwd" command is also not working as it uses LDAP way also. From sbose at redhat.com Wed Jan 6 12:03:18 2016 From: sbose at redhat.com (Sumit Bose) Date: Wed, 6 Jan 2016 13:03:18 +0100 Subject: [Freeipa-users] changing password on user using ldappasswd In-Reply-To: References: Message-ID: <20160106120318.GP6480@p.redhat.com> On Wed, Jan 06, 2016 at 08:59:22AM +0000, FE9817 FE-DDIS.DK wrote: > Hi, > > Im trying to change password for a user, using ldap, but it hangs. Here is what is done. > > :~$ ldappasswd -h idm.com -ZZ -p 636 -x -D "uid=admin,cn=users,cn=accounts,dc=com" -W -S "uid=test000,cn=users,cn=accounts,dc=com" -d9 -v -A I think you are using the SSL/TLS option wrongly. -p 636 indicates that you want to use the LDAPS port where the SSL/TLS handshake is done automatically. -Z will use the StartTLS command to start the handshake and the second Z will require that this will be successful. First, ldappasswd will not do an automatic SSL/TLS handshake with this options and hence you see the hang because the server waits for the handshake. To tell ldappasswd to do the handshake please replace '-h idm.com' by '-H LDAPS://idm.com'. Second, you will still see an error like 'SSL connection already established' because the StartTLS command started due to the -Z option see that the SSL/TLS tunnel is already established, returns the error and since the second Z requires a success here ldappasswd fail. Since it is redundant to do both, using the ldaps port and calling StartTLS I would recommend to just use StartTLS as in ldappasswd -h idm.com -ZZ -x -D "uid=admin,cn=users,cn=accounts,dc=com" -W -S "uid=test000,cn=users,cn=accounts,dc=com" -A Using the ldaps port should work with ldappasswd -H LDAPS://idm.com -x -D "uid=admin,cn=users,cn=accounts,dc=com" -W -S "uid=test000,cn=users,cn=accounts,dc=com" -A And if you really want to double-stitch it use use a single -Z like ldappasswd -H LDAPS://idm.com -Z -x -D "uid=admin,cn=users,cn=accounts,dc=com" -W -S "uid=test000,cn=users,cn=accounts,dc=com" -A then you will still see the 'SSL connection already established' error but ldappasswd can proceed since StartTLS is not required to be successful. But please note that this will not increase security because -Z/StartTLS is a no-op in this case. HTH bye, Sumit > Old password: > Re-enter old password: > New password: > Re-enter new password: > ldap_initialize( ldap://idm.com:636 ) > ldap_create > ldap_url_parse_ext(ldap://idm.com:636) > ldap_extended_operation_s > ldap_extended_operation > ldap_send_initial_request > ldap_new_connection 1 1 0 > ldap_int_open_connection > ldap_connect_to_host: TCP idm.com:636 > ldap_new_socket: 3 > ldap_prepare_socket: 3 > ldap_connect_to_host: Trying 10.10.10.10:636 > ldap_pvt_connect: fd: 3 tm: -1 async: 0 > ldap_open_defconn: successful > ldap_send_server_request > ber_scanf fmt ({it) ber: > ber_scanf fmt ({) ber: > ber_flush2: 31 bytes to sd 3 > ldap_result ld 0x7fc7f40de370 msgid 1 > wait4msg ld 0x7fc7f40de370 msgid 1 (infinite timeout) > wait4msg continue ld 0x7fc7f40de370 msgid 1 all 1 > ** ld 0x7fc7f40de370 Connections: > * host: idm01.dap.cfcs.dk port: 636 (default) > refcnt: 2 status: Connected > last used: Wed Jan 6 09:29:43 2016 > > > ** ld 0x7fc7f40de370 Outstanding Requests: > * msgid 1, origid 1, status InProgress > outstanding referrals 0, parent count 0 > ld 0x7fc7f40de370 request count 1 (abandoned 0) > ** ld 0x7fc7f40de370 Response Queue: > Empty > ld 0x7fc7f40de370 response count 0 > ldap_chkResponseList ld 0x7fc7f40de370 msgid 1 all 1 > ldap_chkResponseList returns ld 0x7fc7f40de370 NULL > ldap_int_select > > It works when using kpasswd, but not ldappasswd. Any suggestions? > > Cheers > Emil > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project From FE9817 at FE-DDIS.DK Wed Jan 6 12:08:41 2016 From: FE9817 at FE-DDIS.DK (FE9817 FE-DDIS.DK) Date: Wed, 6 Jan 2016 12:08:41 +0000 Subject: [Freeipa-users] changing password on user using ldappasswd In-Reply-To: <20160106120318.GP6480@p.redhat.com> References: , <20160106120318.GP6480@p.redhat.com> Message-ID: Thank you Sumit for the answer, it solved my problem. Cheers Emil _______________________________________ From: Sumit Bose Sent: Wednesday, January 6, 2016 1:03 PM To: FE9817 FE-DDIS.DK Cc: freeipa-users at redhat.com Subject: Re: [Freeipa-users] changing password on user using ldappasswd On Wed, Jan 06, 2016 at 08:59:22AM +0000, FE9817 FE-DDIS.DK wrote: > Hi, > > Im trying to change password for a user, using ldap, but it hangs. Here is what is done. > > :~$ ldappasswd -h idm.com -ZZ -p 636 -x -D "uid=admin,cn=users,cn=accounts,dc=com" -W -S "uid=test000,cn=users,cn=accounts,dc=com" -d9 -v -A I think you are using the SSL/TLS option wrongly. -p 636 indicates that you want to use the LDAPS port where the SSL/TLS handshake is done automatically. -Z will use the StartTLS command to start the handshake and the second Z will require that this will be successful. First, ldappasswd will not do an automatic SSL/TLS handshake with this options and hence you see the hang because the server waits for the handshake. To tell ldappasswd to do the handshake please replace '-h idm.com' by '-H LDAPS://idm.com'. Second, you will still see an error like 'SSL connection already established' because the StartTLS command started due to the -Z option see that the SSL/TLS tunnel is already established, returns the error and since the second Z requires a success here ldappasswd fail. Since it is redundant to do both, using the ldaps port and calling StartTLS I would recommend to just use StartTLS as in ldappasswd -h idm.com -ZZ -x -D "uid=admin,cn=users,cn=accounts,dc=com" -W -S "uid=test000,cn=users,cn=accounts,dc=com" -A Using the ldaps port should work with ldappasswd -H LDAPS://idm.com -x -D "uid=admin,cn=users,cn=accounts,dc=com" -W -S "uid=test000,cn=users,cn=accounts,dc=com" -A And if you really want to double-stitch it use use a single -Z like ldappasswd -H LDAPS://idm.com -Z -x -D "uid=admin,cn=users,cn=accounts,dc=com" -W -S "uid=test000,cn=users,cn=accounts,dc=com" -A then you will still see the 'SSL connection already established' error but ldappasswd can proceed since StartTLS is not required to be successful. But please note that this will not increase security because -Z/StartTLS is a no-op in this case. HTH bye, Sumit > Old password: > Re-enter old password: > New password: > Re-enter new password: > ldap_initialize( ldap://idm.com:636 ) > ldap_create > ldap_url_parse_ext(ldap://idm.com:636) > ldap_extended_operation_s > ldap_extended_operation > ldap_send_initial_request > ldap_new_connection 1 1 0 > ldap_int_open_connection > ldap_connect_to_host: TCP idm.com:636 > ldap_new_socket: 3 > ldap_prepare_socket: 3 > ldap_connect_to_host: Trying 10.10.10.10:636 > ldap_pvt_connect: fd: 3 tm: -1 async: 0 > ldap_open_defconn: successful > ldap_send_server_request > ber_scanf fmt ({it) ber: > ber_scanf fmt ({) ber: > ber_flush2: 31 bytes to sd 3 > ldap_result ld 0x7fc7f40de370 msgid 1 > wait4msg ld 0x7fc7f40de370 msgid 1 (infinite timeout) > wait4msg continue ld 0x7fc7f40de370 msgid 1 all 1 > ** ld 0x7fc7f40de370 Connections: > * host: idm01.dap.cfcs.dk port: 636 (default) > refcnt: 2 status: Connected > last used: Wed Jan 6 09:29:43 2016 > > > ** ld 0x7fc7f40de370 Outstanding Requests: > * msgid 1, origid 1, status InProgress > outstanding referrals 0, parent count 0 > ld 0x7fc7f40de370 request count 1 (abandoned 0) > ** ld 0x7fc7f40de370 Response Queue: > Empty > ld 0x7fc7f40de370 response count 0 > ldap_chkResponseList ld 0x7fc7f40de370 msgid 1 all 1 > ldap_chkResponseList returns ld 0x7fc7f40de370 NULL > ldap_int_select > > It works when using kpasswd, but not ldappasswd. Any suggestions? > > Cheers > Emil > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project From karl.forner at gmail.com Wed Jan 6 13:13:17 2016 From: karl.forner at gmail.com (Karl Forner) Date: Wed, 6 Jan 2016 14:13:17 +0100 Subject: [Freeipa-users] faking DNS autodiscovery of servers Message-ID: Hello, I have some web applications that use LDAP for authentication/authorization, and which do not support LDAP auto-discovery. I'm wondering if it's possible to fake the auto-discovery of server. For instance, I could imagine using a DNS CNAME ldap_current.example.com which should point to a currently available ldap server. Then a cron job would query the DNS/ldaps to find an available ldap server, and if different from the current, update the DNS CNAME ldap_current.example.com. Does it make sense ? In that case, how to discover a working ldap server ? Thanks. Karl -------------- next part -------------- An HTML attachment was scrubbed... URL: From pspacek at redhat.com Wed Jan 6 13:24:37 2016 From: pspacek at redhat.com (Petr Spacek) Date: Wed, 6 Jan 2016 14:24:37 +0100 Subject: [Freeipa-users] FreeIPA 4.2.0 / CentOS 7.2 / DNS Strangeness (Sub-domains) In-Reply-To: References: <568CC14F.6010701@redhat.com> <568CC1C0.1010109@redhat.com> Message-ID: <568D1595.6040905@redhat.com> Please always include ipa-users list when replying. On 6.1.2016 11:48, Devin wrote: > Jan 06 01:37:45 idm.servers.lnx.ninja named-pkcs11[5524]: zone > lnx.ninja/IN: NS 'idm.servers.lnx.ninja' has no address records (A or AAAA) > Jan 06 01:37:45 idm.servers.lnx.ninja named-pkcs11[5524]: zone > lnx.ninja/IN: not loaded due to errors. > Jan 06 01:37:45 idm.servers.lnx.ninja named-pkcs11[5524]: zone > servers.lnx.ninja/IN: loaded serial 1452044265 Apparently the zone lnx.ninja does not contain any (A or AAAA) records for name idm.servers.lnx.ninja listed in NS record. You need to fix this (add so-called glue record) otherwise BIND will not load that zone. I hope this helps. -- Petr^2 Spacek From anthony.wan.cheng at gmail.com Wed Jan 6 15:06:00 2016 From: anthony.wan.cheng at gmail.com (Anthony Cheng) Date: Wed, 6 Jan 2016 10:06:00 -0500 Subject: [Freeipa-users] Issue with fresh install of FreeRADIUS Message-ID: Hi all, Just did a fresh install of FreeRADIUS following this guide on a Centos 7 box - http://www.freeipa.org/page/Using_FreeIPA_and_FreeRadius_as_a_RADIUS_based_software_token_OTP_system_with_CentOS/RedHat_7 Local testing with radtest works, however radiusd have issues. I do find it odd that these line indicated success: Process: 1270 ExecStartPre=/bin/chown -R radiusd.radiusd /var/run/radiusd (code=exited, status=0/SUCCESS) But then: [root at ipa1test ~]# systemctl status radiusd.service -l ? radiusd.service - FreeRADIUS high performance RADIUS server. Loaded: loaded (/usr/lib/systemd/system/radiusd.service; enabled; vendor preset: disabled) Active: failed (Result: exit-code) since Tue 2016-01-05 18:32:09 EST; 15h ago Process: 1334 ExecStartPre=/usr/sbin/radiusd -C (code=exited, status=1/FAILURE) Process: 1270 ExecStartPre=/bin/chown -R radiusd.radiusd /var/run/radiusd (code=exited, status=0/SUCCESS) Jan 05 18:32:07 ipa1test.lab.net systemd[1]: Starting FreeRADIUS high performance RADIUS server.... Jan 05 18:32:09 ipa1test.lab.net systemd[1]: radiusd.service: control process exited, code=exited status=1 Jan 05 18:32:09 ipa1test.lab.net systemd[1]: Failed to start FreeRADIUS high performance RADIUS server.. Jan 05 18:32:09 ipa1test.lab.net systemd[1]: Unit radiusd.service entered failed state. Jan 05 18:32:09 ipa1test.lab.net systemd[1]: radiusd.service failed. I find a few google hits but they had different error codes & issues which seemed different. Anyone have any suggestion or should I just go to latest stable which is 3.0.10? [root at ipa1test ~]# radiusd -v radiusd: FreeRADIUS Version 3.0.4, for host x86_64-redhat-linux-gnu, built on Mar 5 2015 at 23:41:36 Thanks, Anthony From Steven.Jones at vuw.ac.nz Wed Jan 6 19:58:26 2016 From: Steven.Jones at vuw.ac.nz (Steven Jones) Date: Wed, 6 Jan 2016 19:58:26 +0000 Subject: [Freeipa-users] Trying to reset the admin password and failing... In-Reply-To: References: <201510061616.t96GGoG8031302@d01av03.pok.ibm.com> <5614017C.3010700@redhat.com>, <56147E1B.1040608@redhat.com>, Message-ID: Hi, Any idea how to fix this please? [root at vuwunicoipam002 ~]# ldappasswd -ZZ -D 'cn=directory manager' -W -S uid=admin,cn=users,cn=accounts,dc=xx,dc=xxx,dc=xx,dc=xx -H ldap://vuwunicoipam002.xxxxxxxxxxx New password: Re-enter new password: ldap_start_tls: Connect error (-11) additional info: Start TLS request accepted.Server willing to negotiate SSL. [root at vuwunicoipam002 ~]# regards Steven From carlosla1987 at gmail.com Wed Jan 6 21:21:24 2016 From: carlosla1987 at gmail.com (=?UTF-8?Q?Carlos_Ra=C3=BAl_Laguna?=) Date: Wed, 6 Jan 2016 16:21:24 -0500 Subject: [Freeipa-users] Fwd: NetworkError : invalid continuation byte with utf8 codec In-Reply-To: <20160106043230.GK31821@dhcp-40-8.bne.redhat.com> References: <20151222013001.GT23644@dhcp-40-8.bne.redhat.com> <20151223041124.GA16124@dhcp-40-8.bne.redhat.com> <20160106043230.GK31821@dhcp-40-8.bne.redhat.com> Message-ID: Happy new year to all, just to point out that this also affect Fedora23 Free-IPA 4.2.0 and 4.3.0 from corps. locale are set to es_ES.UTF-8. Regards 2016-01-05 23:32 GMT-05:00 Fraser Tweedale : > On Mon, Jan 04, 2016 at 03:13:43PM +0100, Domineaux Philippe wrote: > > Hello, > > > > Happy new year. > > > > So the content of my /etc/locale.conf : > > > > LANG="fr_FR.UTF-8" > > > Happy new year to you too, and thanks for the info. > > I reproduced the issue and there is a now a patch awaiting review. > Ticket: https://fedorahosted.org/freeipa/ticket/5578 > > Cheers, > Fraser > > > ---------- Forwarded message ---------- > > From: Fraser Tweedale > > Date: 2015-12-23 5:11 GMT+01:00 > > Subject: Re: [Freeipa-users] NetworkError : invalid continuation byte > with > > utf8 codec > > To: Gmail > > Cc: freeipa-users at redhat.com > > > > > > On Tue, Dec 22, 2015 at 08:39:09AM +0100, Gmail wrote: > > > Here are the files you ask for: > > > > > Thank you. I see Tomcat is running in an fr_FR locale. Could you > > also provide contents of `/etc/locale.conf'? > > > > Cheers, > > Fraser > > > > > > > > > > > Le 22 d?cembre 2015 ? 02:30:06, Fraser Tweedale (ftweedal at redhat.com) > a > > ?crit: > > > > > > On Mon, Dec 21, 2015 at 05:29:01PM +0100, Gmail wrote: > > > > Hi all, > > > > > > > > When trying to install on a fresh new Centos 7 I?ve got this error : > > > > > > > > 2015-12-21T16:04:44Z DEBUG The ipa-server-install command failed, > > exception: NetworkError: cannot connect to ' > > https://freeipa.ipa.local:8443/ca/rest/profiles/raw': 'utf8' codec can't > > decode byte 0xea in position 13: invalid continuation byte > > > > 2015-12-21T16:04:44Z ERROR cannot connect to ' > > https://freeipa.ipa.local:8443/ca/rest/profiles/raw': 'utf8' codec can't > > decode byte 0xea in position 13: invalid continuation byte > > > > > > > > My freeipa-server version is : 4.2.0 > > > > I?m running a Centos 3.10.0-327.3.1.el7.x86_64 > > > > > > > > Any idea of what goes wrong? > > > > > > > Thanks for reporting. I have not seen this error before. Could you > > > please include the following log files and I will take a closer > > > look: > > > > > > /var/log/ipaserver-install.log > > > /var/log/pki/pki-tomcat/ca/debug > > > > > > Cheers, > > > Fraser > > > -- > > Manage your subscription for the Freeipa-users mailing list: > > https://www.redhat.com/mailman/listinfo/freeipa-users > > Go to http://freeipa.org for more info on the project > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project > -------------- next part -------------- An HTML attachment was scrubbed... URL: From Lachlan.Simpson at petermac.org Wed Jan 6 21:21:30 2016 From: Lachlan.Simpson at petermac.org (Simpson Lachlan) Date: Wed, 6 Jan 2016 21:21:30 +0000 Subject: [Freeipa-users] Importing from shadow: ERROR: Constraint violation: pre-hashed passwords are not valid In-Reply-To: <20160106084241.GY4316@redhat.com> References: <0137003026EBE54FBEC540C5600C03C432BA3F@PMC-EXMBX02.petermac.org.au> <20160106084241.GY4316@redhat.com> Message-ID: <0137003026EBE54FBEC540C5600C03C432BBFF@PMC-EXMBX02.petermac.org.au> > -----Original Message----- > From: Alexander Bokovoy [mailto:abokovoy at redhat.com] > > >When I execute this, I get this error for every entry: "ipa: ERROR: > >Constraint violation: pre-hashed passwords are not valid" > > > >What have I done wrong? > Did you enable migration mode? The check in the password plugin is conditioned > on allowing pre-hashed passwords only when the migration mode is on. Well that's embarrassing. It's even right there, on the page I quoted. Didn't even see that paragraph when I was reading it. Thank you L. This email (including any attachments or links) may contain confidential and/or legally privileged information and is intended only to be read or used by the addressee. If you are not the intended addressee, any use, distribution, disclosure or copying of this email is strictly prohibited. Confidentiality and legal privilege attached to this email (including any attachments) are not waived or lost by reason of its mistaken delivery to you. If you have received this email in error, please delete it and notify us immediately by telephone or email. Peter MacCallum Cancer Centre provides no guarantee that this transmission is free of virus or that it has not been intercepted or altered and will not be liable for any delay in its receipt. From jim.groffen at gmail.com Thu Jan 7 05:11:24 2016 From: jim.groffen at gmail.com (Jim Groffen) Date: Thu, 7 Jan 2016 15:41:24 +1030 Subject: [Freeipa-users] IE10 Dialogs close on Enter keypress Message-ID: Hello, I found that when running FreeIPA Web UI on IE10 that modal dialogs close when enter is pressed. Normal functionality is to 'submit' the dialog on an enter keypress. I found a solution by adding a type="button" attribute to the close button of the dialog (in /install/ui/src/freeipa/dialog.js). I have tested on recent Chrome, IE and Firefox versions as well as on IE10. Seems to be no side-effects. Attached is a patch showing the change I made. Apologies if the patch isn't formatted correctly. Regards, Jim G -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: fix_ie10_dialog_close_on_keypress_enter.patch Type: text/x-patch Size: 826 bytes Desc: not available URL: From pspacek at redhat.com Thu Jan 7 08:37:18 2016 From: pspacek at redhat.com (Petr Spacek) Date: Thu, 7 Jan 2016 09:37:18 +0100 Subject: [Freeipa-users] faking DNS autodiscovery of servers In-Reply-To: References: Message-ID: <568E23BE.3090200@redhat.com> On 6.1.2016 14:13, Karl Forner wrote: > Hello, > > I have some web applications that use LDAP for > authentication/authorization, and which do not support LDAP auto-discovery. > > I'm wondering if it's possible to fake the auto-discovery of server. > For instance, I could imagine using a DNS CNAME ldap_current.example.com > which should point to a currently available ldap server. > > Then a cron job would query the DNS/ldaps to find an available ldap server, > and if different from the current, update the DNS CNAME > ldap_current.example.com. > > Does it make sense ? It does, but it is certainly sub-optimal solution. For web applications it would be best to migrate them to SSSD so they will automatically get all the benefits of caching and fail-over. Please see http://www.freeipa.org/page/Web_App_Authentication for details. > In that case, how to discover a working ldap server ? You need to script this... theoretically you can run ldapsearch against servers listed in DNS SRV records and pick one which is working. -- Petr^2 Spacek From yks0000 at gmail.com Thu Jan 7 11:43:43 2016 From: yks0000 at gmail.com (Yogesh Sharma) Date: Thu, 7 Jan 2016 17:13:43 +0530 Subject: [Freeipa-users] Need Suggestion on Multi Realm Environment Message-ID: List, I have a FreeIPA Server in domain/Realm *klikpay.int *. We have few hosts/client in another domain *sd.int . *As the number of servers are very few we do not want to have a new FreeIPA server for same, and I think having a common will be easy to manage. I have create a separate forward and reverse zone for sd.int, and able to register the server successfully, but somehow, while registering a client, we noticed that the sd.int domain servers are still going in klikpay.int realm only. Further, they are not getting registered with DNS also. Below are the some test I executed: Test-1 *ipa-client-install --principal=admin --password=xxxxxxxxxxxxx --mkhomedir --no-ntp* DNS discovery failed to determine your DNS domain Provide the domain name of your IPA server (ex: example.com): Test-2 *ipa-client-install --principal=admin --password=xxxxxxxxxxxxxxxxxxx --mkhomedir --no-ntp --domain=sd.int * Provide your IPA server name (ex: ipa.example.com): ipa-inf-prd-sg1-01.klikpay.int Failed to verify that ipa-inf-prd-sg1-01.klikpay.int is an IPA Server. This may mean that the remote server is not up or is not reachable due to network or firewall settings. Please make sure the following ports are opened in the firewall settings: TCP: 80, 88, 389 UDP: 88 (at least one of TCP/UDP ports 88 has to be open) Also note that following ports are necessary for ipa-client working properly after enrollment: TCP: 464 UDP: 464, 123 (if NTP enabled) Installation failed. Rolling back changes. IPA client is not configured on this system. However, I can confirm all ports are reachable *# for i in 80 88 389 636 464;do nc -vz ipa-inf-prd-sg1-01.klikpay.int $i;done* Connection to ipa-inf-prd-sg1-01.klikpay.int 80 port [tcp/http] succeeded! Connection to ipa-inf-prd-sg1-01.klikpay.int 88 port [tcp/kerberos] succeeded! Connection to ipa-inf-prd-sg1-01.klikpay.int 389 port [tcp/ldap] succeeded! Connection to ipa-inf-prd-sg1-01.klikpay.int 636 port [tcp/ldaps] succeeded! Connection to ipa-inf-prd-sg1-01.klikpay.int 464 port [tcp/kpasswd] succeeded! Test-3: *ipa-client-install --principal=admin --password=xxxxxxxxxxxxxxxxxxx --mkhomedir --no-ntp --domain=klikpay.int --nisdomain=sd.int * Discovery was successful! Hostname: imsadmin-app-prd-sg1-01.sd.int Realm: KLIKPAY.INT DNS Domain: klikpay.int IPA Server: ipa-inf-prd-ng2-02.klikpay.int BaseDN: dc=klikpay,dc=int Continue to configure the system with these values? [no]: yes Synchronizing time with KDC... Unable to sync time with IPA NTP server, assuming the time is in sync. Please check that 123 UDP port is opened. Successfully retrieved CA cert Subject: CN=Certificate Authority,O=KLIKPAY.INT Issuer: CN=Certificate Authority,O=KLIKPAY.INT Valid From: Fri Aug 14 11:39:47 2015 UTC Valid Until: Tue Aug 14 11:39:47 2035 UTC *Enrolled in IPA realm KLIKPAY.INT * Created /etc/ipa/default.conf New SSSD config will be created Configured sudoers in /etc/nsswitch.conf Configured /etc/sssd/sssd.conf Configured /etc/krb5.conf for IPA realm KLIKPAY.INT trying https://ipa-inf-prd-ng2-02.klikpay.int/ipa/xml Forwarding 'env' to server u'https://ipa-inf-prd-ng2-02.klikpay.int/ipa/xml' *Hostname (imsadmin-app-prd-sg1-01.sd.int ) not found in DNS* *Failed to update DNS records.* Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub Forwarding 'host_mod' to server u' https://ipa-inf-prd-ng2-02.klikpay.int/ipa/xml' Could not update DNS SSHFP records. SSSD enabled Configuring sd.int as NIS domain Configured /etc/openldap/ldap.conf Configured /etc/ssh/ssh_config Configured /etc/ssh/sshd_config Client configuration complete. Would be helpful I can get some reference as how can we do it. *Best Regards,* *__________________________________________* *Yogesh Sharma* *Email: yks0000 at gmail.com | Web: www.initd.in * *RHCE, VCE-CIA, RACKSPACE CLOUD U Certified* -------------- next part -------------- An HTML attachment was scrubbed... URL: From yks0000 at gmail.com Thu Jan 7 12:20:02 2016 From: yks0000 at gmail.com (Yogesh Sharma) Date: Thu, 7 Jan 2016 17:50:02 +0530 Subject: [Freeipa-users] Need Suggestion on Multi Realm Environment In-Reply-To: References: Message-ID: This is fixed. Found an issue with BIND Update Policy and got some reference from " https://www.redhat.com/archives/freeipa-users/2015-May/msg00399.html" . Working fine now. grant KLIKPAY.INT krb5-self * A; grant KLIKPAY.INT krb5-self * AAAA; grant KLIKPAY.INT krb5-self * SSHFP; *Best Regards,* *__________________________________________* *Yogesh Sharma* *Email: yks0000 at gmail.com | Web: www.initd.in * *RHCE, VCE-CIA, RACKSPACE CLOUD U Certified* On Thu, Jan 7, 2016 at 5:13 PM, Yogesh Sharma wrote: > List, > > I have a FreeIPA Server in domain/Realm *klikpay.int *. > We have few hosts/client in another domain *sd.int . *As > the number of servers are very few we do not want to have a new FreeIPA > server for same, and I think having a common will be easy to manage. > > I have create a separate forward and reverse zone for sd.int, and able to > register the server successfully, but somehow, while registering a client, > we noticed that the sd.int domain servers are still going in klikpay.int > realm only. Further, they are not getting registered with DNS also. > > > Below are the some test I executed: > > Test-1 > > *ipa-client-install --principal=admin --password=xxxxxxxxxxxxx --mkhomedir > --no-ntp* > DNS discovery failed to determine your DNS domain > Provide the domain name of your IPA server (ex: example.com): > > > Test-2 > > > *ipa-client-install --principal=admin --password=xxxxxxxxxxxxxxxxxxx > --mkhomedir --no-ntp --domain=sd.int * > Provide your IPA server name (ex: ipa.example.com): > ipa-inf-prd-sg1-01.klikpay.int > Failed to verify that ipa-inf-prd-sg1-01.klikpay.int is an IPA Server. > This may mean that the remote server is not up or is not reachable due to > network or firewall settings. > Please make sure the following ports are opened in the firewall settings: > TCP: 80, 88, 389 > UDP: 88 (at least one of TCP/UDP ports 88 has to be open) > Also note that following ports are necessary for ipa-client working > properly after enrollment: > TCP: 464 > UDP: 464, 123 (if NTP enabled) > Installation failed. Rolling back changes. > IPA client is not configured on this system. > > However, I can confirm all ports are reachable > > *# for i in 80 88 389 636 464;do nc -vz ipa-inf-prd-sg1-01.klikpay.int > $i;done* > Connection to ipa-inf-prd-sg1-01.klikpay.int 80 port [tcp/http] succeeded! > Connection to ipa-inf-prd-sg1-01.klikpay.int 88 port [tcp/kerberos] > succeeded! > Connection to ipa-inf-prd-sg1-01.klikpay.int 389 port [tcp/ldap] > succeeded! > Connection to ipa-inf-prd-sg1-01.klikpay.int 636 port [tcp/ldaps] > succeeded! > Connection to ipa-inf-prd-sg1-01.klikpay.int 464 port [tcp/kpasswd] > succeeded! > > > Test-3: > > *ipa-client-install --principal=admin --password=xxxxxxxxxxxxxxxxxxx > --mkhomedir --no-ntp --domain=klikpay.int > --nisdomain=sd.int * > Discovery was successful! > Hostname: imsadmin-app-prd-sg1-01.sd.int > Realm: KLIKPAY.INT > DNS Domain: klikpay.int > IPA Server: ipa-inf-prd-ng2-02.klikpay.int > BaseDN: dc=klikpay,dc=int > > Continue to configure the system with these values? [no]: yes > Synchronizing time with KDC... > Unable to sync time with IPA NTP server, assuming the time is in sync. > Please check that 123 UDP port is opened. > Successfully retrieved CA cert > Subject: CN=Certificate Authority,O=KLIKPAY.INT > Issuer: CN=Certificate Authority,O=KLIKPAY.INT > Valid From: Fri Aug 14 11:39:47 2015 UTC > Valid Until: Tue Aug 14 11:39:47 2035 UTC > > *Enrolled in IPA realm KLIKPAY.INT * > Created /etc/ipa/default.conf > New SSSD config will be created > Configured sudoers in /etc/nsswitch.conf > Configured /etc/sssd/sssd.conf > Configured /etc/krb5.conf for IPA realm KLIKPAY.INT > trying https://ipa-inf-prd-ng2-02.klikpay.int/ipa/xml > Forwarding 'env' to server u' > https://ipa-inf-prd-ng2-02.klikpay.int/ipa/xml' > *Hostname (imsadmin-app-prd-sg1-01.sd.int > ) not found in DNS* > *Failed to update DNS records.* > Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub > Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub > Forwarding 'host_mod' to server u' > https://ipa-inf-prd-ng2-02.klikpay.int/ipa/xml' > Could not update DNS SSHFP records. > SSSD enabled > Configuring sd.int as NIS domain > Configured /etc/openldap/ldap.conf > Configured /etc/ssh/ssh_config > Configured /etc/ssh/sshd_config > Client configuration complete. > > > > Would be helpful I can get some reference as how can we do it. > > > > *Best Regards,* > > *__________________________________________* > > *Yogesh Sharma* > *Email: yks0000 at gmail.com | Web: www.initd.in > * > > *RHCE, VCE-CIA, RACKSPACE CLOUD U Certified* > > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From bahanw042014 at gmail.com Fri Jan 8 10:58:10 2016 From: bahanw042014 at gmail.com (bahan w) Date: Fri, 8 Jan 2016 11:58:10 +0100 Subject: [Freeipa-users] How to secure the access to ldap with IPA Message-ID: Hello ! I configured my IPA server 3.0.0.42 without SSL/TLS access to the LDAP and I would like to enable this for the ldap. Is there something specific to use with FreeIPA or may I follow the DS389 doc http://directory.fedoraproject.org/docs/389ds/howto/howto-ssl.html#configuring-tlsssl-enabled-389-directory-server ? Best regards. Bahan -------------- next part -------------- An HTML attachment was scrubbed... URL: From mkosek at redhat.com Fri Jan 8 11:19:51 2016 From: mkosek at redhat.com (Martin Kosek) Date: Fri, 8 Jan 2016 12:19:51 +0100 Subject: [Freeipa-users] How to secure the access to ldap with IPA In-Reply-To: References: Message-ID: <568F9B57.5000808@redhat.com> On 01/08/2016 11:58 AM, bahan w wrote: > Hello ! > > I configured my IPA server 3.0.0.42 without SSL/TLS access to the LDAP and > I would like to enable this for the ldap. > > Is there something specific to use with FreeIPA or may I follow the DS389 > doc > http://directory.fedoraproject.org/docs/389ds/howto/howto-ssl.html#configuring-tlsssl-enabled-389-directory-server > ? > > Best regards. > > Bahan Hello, How did you again configured FreeIPA LDAP without SSL/TLS access? This is mandatory part of FreeIPA LDAP configuration, we always enable TLS, AFAIK. BTW, did you consider moving to RHEL-7? It has much newer and cooler FreeIPA version there :-) From markus at die5roths.de Fri Jan 8 12:06:02 2016 From: markus at die5roths.de (Markus Roth) Date: Fri, 08 Jan 2016 13:06:02 +0100 Subject: [Freeipa-users] Setup of freeipa 4.2.3 failed In-Reply-To: <2588793.PXhtNmgmCt@shdehenw2471> References: <2588793.PXhtNmgmCt@shdehenw2471> Message-ID: <1452254762.30824.13.camel@die5roths.de> Hi all, I tried to install freeipa server (freeipa-server.armv7hl ?4.2.3- 1.1.fc23), but the installation failed. ----------------------------------------------------- Configuring NTP daemon (ntpd) ? [1/4]: stopping ntpd ? [2/4]: writing configuration ? [3/4]: configuring ntpd to start on boot ? [4/4]: starting ntpd Done configuring NTP daemon (ntpd). Configuring directory server (dirsrv). Estimated time: 1 minute ? [1/43]: creating directory server user ? [2/43]: creating directory server instance ? [3/43]: adding default schema ? [4/43]: enabling memberof plugin ? [5/43]: enabling winsync plugin ? [6/43]: configuring replication version plugin ? [7/43]: enabling IPA enrollment plugin ? [8/43]: enabling ldapi ? [9/43]: configuring uniqueness plugin ? [10/43]: configuring uuid plugin ? [11/43]: configuring modrdn plugin ? [12/43]: configuring DNS plugin ? [13/43]: enabling entryUSN plugin ? [14/43]: configuring lockout plugin ? [15/43]: creating indices ? [16/43]: enabling referential integrity plugin ? [17/43]: configuring certmap.conf ? [18/43]: configure autobind for root ? [19/43]: configure new location for managed entries ? [20/43]: configure dirsrv ccache ? [21/43]: enable SASL mapping fallback ? [22/43]: restarting directory server ? [23/43]: adding default layout ? [24/43]: adding delegation layout ? [25/43]: creating container for managed entries ? [26/43]: configuring user private groups ? [27/43]: configuring netgroups from hostgroups ? [28/43]: creating default Sudo bind user ? [29/43]: creating default Auto Member layout ? [30/43]: adding range check plugin ? [31/43]: creating default HBAC rule allow_all ? [32/43]: creating default CA ACL rule ? [33/43]: adding entries for topology management ? [34/43]: initializing group membership ? [35/43]: adding master entry ? [36/43]: initializing domain level ? [37/43]: configuring Posix uid/gid generation ? [38/43]: adding replication acis ? [39/43]: enabling compatibility plugin ? [40/43]: activating sidgen plugin ? [41/43]: activating extdom plugin ? [42/43]: tuning directory server ? [43/43]: configuring directory to start on boot Done configuring directory server (dirsrv). Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes 30 seconds ? [1/25]: creating certificate server user ? [2/25]: configuring certificate server instance ? [3/25]: stopping certificate server instance to update CS.cfg ? [4/25]: backing up CS.cfg ? [5/25]: disabling nonces ? [6/25]: set up CRL publishing ? [7/25]: enable PKIX certificate path discovery and validation ? [8/25]: starting certificate server instance ? [9/25]: creating RA agent certificate database ? [10/25]: importing CA chain to RA certificate database ? [11/25]: fixing RA database permissions ? [12/25]: setting up signing cert profile ? [13/25]: setting audit signing renewal to 2 years ? [14/25]: restarting certificate server ? [15/25]: requesting RA certificate from CA ? [16/25]: issuing RA agent certificate ? [17/25]: adding RA agent as a trusted user ? [18/25]: authorizing RA to modify profiles ? [19/25]: configure certmonger for renewals ? [20/25]: configure certificate renewals ? [21/25]: configure RA certificate renewal ? [22/25]: configure Server-Cert certificate renewal ? [23/25]: Configure HTTP to proxy connections ? [24/25]: restarting certificate server ? [25/25]: Importing IPA certificate profiles Done configuring certificate server (pki-tomcatd). Configuring directory server (dirsrv). Estimated time: 10 seconds ? [1/3]: configuring ssl for ds instance ? [error] RuntimeError: Certificate issuance failed ipa.ipapython.install.cli.install_tool(Server): ERROR????Certificate issuance failed? ----------------------------------------------- The last messages in the log file (/var/log/ipaserver-install.log): ?File "/usr/lib/python2.7/site- packages/ipaserver/install/dsinstance.py", line 637, in __enable_ssl ????self.nickname, self.fqdn, cadb) ? File "/usr/lib/python2.7/site-packages/ipaserver/install/certs.py", line 337, in create_server_cert ????cdb.issue_server_cert(self.certreq_fname, self.certder_fname) ? File "/usr/lib/python2.7/site-packages/ipaserver/install/certs.py", line 419, in issue_server_cert ????raise RuntimeError("Certificate issuance failed") 2016-01-08T09:33:47Z DEBUG The ipa-server-install command failed, exception: RuntimeError: Certificate issuance failed 2016-01-08T09:33:47Z ERROR Certificate issuance failed any ideas about this error? Markus -------------- next part -------------- An HTML attachment was scrubbed... URL: From mbabinsk at redhat.com Fri Jan 8 12:25:03 2016 From: mbabinsk at redhat.com (Martin Babinsky) Date: Fri, 8 Jan 2016 13:25:03 +0100 Subject: [Freeipa-users] Setup of freeipa 4.2.3 failed In-Reply-To: <1452254762.30824.13.camel@die5roths.de> References: <2588793.PXhtNmgmCt@shdehenw2471> <1452254762.30824.13.camel@die5roths.de> Message-ID: <568FAA9F.7020505@redhat.com> On 01/08/2016 01:06 PM, Markus Roth wrote: > Hi all, > > I tried to install freeipa server (freeipa-server.armv7hl > 4.2.3-1.1.fc23), but the installation failed. > > ----------------------------------------------------- > Configuring NTP daemon (ntpd) > [1/4]: stopping ntpd > [2/4]: writing configuration > [3/4]: configuring ntpd to start on boot > [4/4]: starting ntpd > Done configuring NTP daemon (ntpd). > Configuring directory server (dirsrv). Estimated time: 1 minute > [1/43]: creating directory server user > [2/43]: creating directory server instance > [3/43]: adding default schema > [4/43]: enabling memberof plugin > [5/43]: enabling winsync plugin > [6/43]: configuring replication version plugin > [7/43]: enabling IPA enrollment plugin > [8/43]: enabling ldapi > [9/43]: configuring uniqueness plugin > [10/43]: configuring uuid plugin > [11/43]: configuring modrdn plugin > [12/43]: configuring DNS plugin > [13/43]: enabling entryUSN plugin > [14/43]: configuring lockout plugin > [15/43]: creating indices > [16/43]: enabling referential integrity plugin > [17/43]: configuring certmap.conf > [18/43]: configure autobind for root > [19/43]: configure new location for managed entries > [20/43]: configure dirsrv ccache > [21/43]: enable SASL mapping fallback > [22/43]: restarting directory server > [23/43]: adding default layout > [24/43]: adding delegation layout > [25/43]: creating container for managed entries > [26/43]: configuring user private groups > [27/43]: configuring netgroups from hostgroups > [28/43]: creating default Sudo bind user > [29/43]: creating default Auto Member layout > [30/43]: adding range check plugin > [31/43]: creating default HBAC rule allow_all > [32/43]: creating default CA ACL rule > [33/43]: adding entries for topology management > [34/43]: initializing group membership > [35/43]: adding master entry > [36/43]: initializing domain level > [37/43]: configuring Posix uid/gid generation > [38/43]: adding replication acis > [39/43]: enabling compatibility plugin > [40/43]: activating sidgen plugin > [41/43]: activating extdom plugin > [42/43]: tuning directory server > [43/43]: configuring directory to start on boot > Done configuring directory server (dirsrv). > Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes > 30 seconds > [1/25]: creating certificate server user > [2/25]: configuring certificate server instance > [3/25]: stopping certificate server instance to update CS.cfg > [4/25]: backing up CS.cfg > [5/25]: disabling nonces > [6/25]: set up CRL publishing > [7/25]: enable PKIX certificate path discovery and validation > [8/25]: starting certificate server instance > [9/25]: creating RA agent certificate database > [10/25]: importing CA chain to RA certificate database > [11/25]: fixing RA database permissions > [12/25]: setting up signing cert profile > [13/25]: setting audit signing renewal to 2 years > [14/25]: restarting certificate server > [15/25]: requesting RA certificate from CA > [16/25]: issuing RA agent certificate > [17/25]: adding RA agent as a trusted user > [18/25]: authorizing RA to modify profiles > [19/25]: configure certmonger for renewals > [20/25]: configure certificate renewals > [21/25]: configure RA certificate renewal > [22/25]: configure Server-Cert certificate renewal > [23/25]: Configure HTTP to proxy connections > [24/25]: restarting certificate server > [25/25]: Importing IPA certificate profiles > Done configuring certificate server (pki-tomcatd). > Configuring directory server (dirsrv). Estimated time: 10 seconds > [1/3]: configuring ssl for ds instance > [error] RuntimeError: Certificate issuance failed > ipa.ipapython.install.cli.install_tool(Server): ERROR Certificate > issuance failed > > ----------------------------------------------- > > The last messages in the log file (/var/log/ipaserver-install.log): > > File > "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line > 637, in __enable_ssl > self.nickname, self.fqdn, cadb) > File "/usr/lib/python2.7/site-packages/ipaserver/install/certs.py", > line 337, in create_server_cert > cdb.issue_server_cert(self.certreq_fname, self.certder_fname) > File "/usr/lib/python2.7/site-packages/ipaserver/install/certs.py", > line 419, in issue_server_cert > raise RuntimeError("Certificate issuance failed") > > 2016-01-08T09:33:47Z DEBUG The ipa-server-install command failed, > exception: RuntimeError: Certificate issuance failed > 2016-01-08T09:33:47Z ERROR Certificate issuance failed > > any ideas about this error? > > Markus > > Sounds similar to https://fedorahosted.org/freeipa/ticket/5376, but I can not be sure without seeing installation log (/var/log/ipaserver-install.log). As a workaround, you can try to re-run the installation in verbose mode using '-v' option and see if it succeeds. Be prepared for a lot of garbage spouted on the output, though. -- Martin^3 Babinsky From bahanw042014 at gmail.com Fri Jan 8 12:25:58 2016 From: bahanw042014 at gmail.com (bahan w) Date: Fri, 8 Jan 2016 13:25:58 +0100 Subject: [Freeipa-users] How to secure the access to ldap with IPA In-Reply-To: <568F9B57.5000808@redhat.com> References: <568F9B57.5000808@redhat.com> Message-ID: Re. I installed the server like this : ### ipa-server-install -r -n --hostname= -p '' -a '' --no-ntp --no-ssh --no-sshd -U ### And for the clients : ### ipa-client-install --domain= --realm= --fixed-primary --server= --principal=admin --password='' --mkhomedir --hostname= --no-ntp --no-ssh --no-sshd --unattended --force-join ### And when I check the /etc/openldap/ldap.conf, indeed : ### #File modified by ipa-client-install URI ldaps:// BASE dc= TLS_CACERT /etc/ipa/ca.crt ### So yes it is already enabled ^_^. Thank you for your answer. Best regards. Bahan -------------- next part -------------- An HTML attachment was scrubbed... URL: From markus at die5roths.de Fri Jan 8 12:33:59 2016 From: markus at die5roths.de (Markus Roth) Date: Fri, 08 Jan 2016 13:33:59 +0100 Subject: [Freeipa-users] Setup of freeipa 4.2.3 failed In-Reply-To: <568FAA9F.7020505@redhat.com> References: <2588793.PXhtNmgmCt@shdehenw2471> <1452254762.30824.13.camel@die5roths.de> <568FAA9F.7020505@redhat.com> Message-ID: <1452256439.30824.15.camel@die5roths.de> Am Freitag, den 08.01.2016, 13:25 +0100 schrieb Martin Babinsky: > On 01/08/2016 01:06 PM, Markus Roth wrote: > > Hi all, > > > > I tried to install freeipa server (freeipa-server.armv7hl > > ? 4.2.3-1.1.fc23), but the installation failed. > > > > ----------------------------------------------------- > > Configuring NTP daemon (ntpd) > > ???[1/4]: stopping ntpd > > ???[2/4]: writing configuration > > ???[3/4]: configuring ntpd to start on boot > > ???[4/4]: starting ntpd > > Done configuring NTP daemon (ntpd). > > Configuring directory server (dirsrv). Estimated time: 1 minute > > ???[1/43]: creating directory server user > > ???[2/43]: creating directory server instance > > ???[3/43]: adding default schema > > ???[4/43]: enabling memberof plugin > > ???[5/43]: enabling winsync plugin > > ???[6/43]: configuring replication version plugin > > ???[7/43]: enabling IPA enrollment plugin > > ???[8/43]: enabling ldapi > > ???[9/43]: configuring uniqueness plugin > > ???[10/43]: configuring uuid plugin > > ???[11/43]: configuring modrdn plugin > > ???[12/43]: configuring DNS plugin > > ???[13/43]: enabling entryUSN plugin > > ???[14/43]: configuring lockout plugin > > ???[15/43]: creating indices > > ???[16/43]: enabling referential integrity plugin > > ???[17/43]: configuring certmap.conf > > ???[18/43]: configure autobind for root > > ???[19/43]: configure new location for managed entries > > ???[20/43]: configure dirsrv ccache > > ???[21/43]: enable SASL mapping fallback > > ???[22/43]: restarting directory server > > ???[23/43]: adding default layout > > ???[24/43]: adding delegation layout > > ???[25/43]: creating container for managed entries > > ???[26/43]: configuring user private groups > > ???[27/43]: configuring netgroups from hostgroups > > ???[28/43]: creating default Sudo bind user > > ???[29/43]: creating default Auto Member layout > > ???[30/43]: adding range check plugin > > ???[31/43]: creating default HBAC rule allow_all > > ???[32/43]: creating default CA ACL rule > > ???[33/43]: adding entries for topology management > > ???[34/43]: initializing group membership > > ???[35/43]: adding master entry > > ???[36/43]: initializing domain level > > ???[37/43]: configuring Posix uid/gid generation > > ???[38/43]: adding replication acis > > ???[39/43]: enabling compatibility plugin > > ???[40/43]: activating sidgen plugin > > ???[41/43]: activating extdom plugin > > ???[42/43]: tuning directory server > > ???[43/43]: configuring directory to start on boot > > Done configuring directory server (dirsrv). > > Configuring certificate server (pki-tomcatd). Estimated time: 3 > > minutes > > 30 seconds > > ???[1/25]: creating certificate server user > > ???[2/25]: configuring certificate server instance > > ???[3/25]: stopping certificate server instance to update CS.cfg > > ???[4/25]: backing up CS.cfg > > ???[5/25]: disabling nonces > > ???[6/25]: set up CRL publishing > > ???[7/25]: enable PKIX certificate path discovery and validation > > ???[8/25]: starting certificate server instance > > ???[9/25]: creating RA agent certificate database > > ???[10/25]: importing CA chain to RA certificate database > > ???[11/25]: fixing RA database permissions > > ???[12/25]: setting up signing cert profile > > ???[13/25]: setting audit signing renewal to 2 years > > ???[14/25]: restarting certificate server > > ???[15/25]: requesting RA certificate from CA > > ???[16/25]: issuing RA agent certificate > > ???[17/25]: adding RA agent as a trusted user > > ???[18/25]: authorizing RA to modify profiles > > ???[19/25]: configure certmonger for renewals > > ???[20/25]: configure certificate renewals > > ???[21/25]: configure RA certificate renewal > > ???[22/25]: configure Server-Cert certificate renewal > > ???[23/25]: Configure HTTP to proxy connections > > ???[24/25]: restarting certificate server > > ???[25/25]: Importing IPA certificate profiles > > Done configuring certificate server (pki-tomcatd). > > Configuring directory server (dirsrv). Estimated time: 10 seconds > > ???[1/3]: configuring ssl for ds instance > > ???[error] RuntimeError: Certificate issuance failed > > ipa.ipapython.install.cli.install_tool(Server): > > ERROR????Certificate > > issuance failed > > > > ----------------------------------------------- > > > > The last messages in the log file (/var/log/ipaserver-install.log): > > > > ? File > > "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", > > line > > 637, in __enable_ssl > > ?????self.nickname, self.fqdn, cadb) > > ???File "/usr/lib/python2.7/site- > > packages/ipaserver/install/certs.py", > > line 337, in create_server_cert > > ?????cdb.issue_server_cert(self.certreq_fname, self.certder_fname) > > ???File "/usr/lib/python2.7/site- > > packages/ipaserver/install/certs.py", > > line 419, in issue_server_cert > > ?????raise RuntimeError("Certificate issuance failed") > > > > 2016-01-08T09:33:47Z DEBUG The ipa-server-install command failed, > > exception: RuntimeError: Certificate issuance failed > > 2016-01-08T09:33:47Z ERROR Certificate issuance failed > > > > any ideas about this error? > > > > Markus > > > > > > Sounds similar to https://fedorahosted.org/freeipa/ticket/5376, but I > ? > can not be sure without seeing installation log? > (/var/log/ipaserver-install.log). > > As a workaround, you can try to re-run the installation in verbose > mode? > using '-v' option and see if it succeeds. Be prepared for a lot of? > garbage spouted on the output, though. > log file is attached. I'll try the installation with the -v option. -------------- next part -------------- A non-text attachment was scrubbed... Name: ipaserver-install.log Type: text/x-log Size: 403439 bytes Desc: not available URL: From bahanw042014 at gmail.com Fri Jan 8 13:06:39 2016 From: bahanw042014 at gmail.com (bahan w) Date: Fri, 8 Jan 2016 14:06:39 +0100 Subject: [Freeipa-users] Problem with ipa-getkeytab, usage of ldappasswd Message-ID: Hello ! I send you this mail, because I have a problem with a user who needs keytab and password. I already sent a mail some time ago, and the answer was to use the option -P of the ipa-getkeytab command. I'm still running IPA 3.0.0-42 with RHEL 6.6 for specific reasons and I cannot move to earlier versions unfortunately. Here is what do : I create the user test001 ### ipa user-add --first=test --last=test test001 ### Initiate an OTP for user test001 ### ipa passwd test001 pwd001 ### Then I set a permanent password ### kinit test001 Password for test001 at MYREALM: Password expired. You must change it now. Enter new password: pwd002pwd002 Enter it again: pwd002pwd002 ### Then I perform an ldapsearch : ### ldapsearch -x -D "uid=test001,cn=users,cn=accounts,dc=myrealm" -h -p 389 -W uid=test001 Enter LDAP Password: ### It worked. Then I generated a keytab for this user with a password : ### ipa-getkeytab -s -p test001 -k /etc/security/keytabs/test001.headless.keytab -P New Principal Password: pwd003pwd003 Verify Principal Password: pwd003pwd003 Keytab successfully retrieved and stored in: /etc/security/keytabs/test001.headless.keytab ### Then I perform a new ldapsearch ### ldapsearch -x -D "uid=test001,cn=users,cn=accounts,dc=myrealm" -h -p 389 -W uid=test001 Enter LDAP Password: ### When I enter the password pwd003pwd003, it does not work with the following result : ### Enter LDAP Password:pwd003pwd003 ldap_bind: Invalid credentials (49) ### When i use the old password pwd002pwd002, it works. So my question : When I create the ipa-getkeytab, how can I also set the password in the ldap ? May I use ldappasswd ? Best regards. Bahan -------------- next part -------------- An HTML attachment was scrubbed... URL: From abokovoy at redhat.com Fri Jan 8 13:13:51 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Fri, 8 Jan 2016 15:13:51 +0200 Subject: [Freeipa-users] Problem with ipa-getkeytab, usage of ldappasswd In-Reply-To: References: Message-ID: <20160108131351.GJ4316@redhat.com> On Fri, 08 Jan 2016, bahan w wrote: >Hello ! > >I send you this mail, because I have a problem with a user who needs keytab >and password. >I already sent a mail some time ago, and the answer was to use the option >-P of the ipa-getkeytab command. > >I'm still running IPA 3.0.0-42 with RHEL 6.6 for specific reasons and I >cannot move to earlier versions unfortunately. > >Here is what do : > >I create the user test001 >### >ipa user-add --first=test --last=test test001 >### > >Initiate an OTP for user test001 >### >ipa passwd test001 pwd001 >### > >Then I set a permanent password >### >kinit test001 >Password for test001 at MYREALM: >Password expired. You must change it now. >Enter new password: pwd002pwd002 >Enter it again: pwd002pwd002 >### > >Then I perform an ldapsearch : >### >ldapsearch -x -D "uid=test001,cn=users,cn=accounts,dc=myrealm" -h server> -p 389 -W uid=test001 >Enter LDAP Password: >### > >It worked. > >Then I generated a keytab for this user with a password : >### >ipa-getkeytab -s -p test001 -k >/etc/security/keytabs/test001.headless.keytab -P >New Principal Password: pwd003pwd003 >Verify Principal Password: pwd003pwd003 >Keytab successfully retrieved and stored in: >/etc/security/keytabs/test001.headless.keytab >### > >Then I perform a new ldapsearch >### >ldapsearch -x -D "uid=test001,cn=users,cn=accounts,dc=myrealm" -h server> -p 389 -W uid=test001 >Enter LDAP Password: >### > >When I enter the password pwd003pwd003, it does not work with the following >result : >### >Enter LDAP Password:pwd003pwd003 >ldap_bind: Invalid credentials (49) >### > >When i use the old password pwd002pwd002, it works. > >So my question : >When I create the ipa-getkeytab, how can I also set the password in the >ldap ? >May I use ldappasswd ? When you are using ipa-getkeytab it only changes kerberos keys. It is a separate attribute from userPassword. When you run kpasswd or 'ipa passwd', those will cause updating all password attributes thanks to special IPA password plugin that synchronizes userPassword value with all other attributes. -- / Alexander Bokovoy From bahanw042014 at gmail.com Fri Jan 8 14:49:59 2016 From: bahanw042014 at gmail.com (bahan w) Date: Fri, 8 Jan 2016 15:49:59 +0100 Subject: [Freeipa-users] Problem with ipa-getkeytab, usage of ldappasswd In-Reply-To: <20160108133741.GN4316@redhat.com> References: <20160108131351.GJ4316@redhat.com> <20160108133741.GN4316@redhat.com> Message-ID: Re. Thank you for your answer, I forgot to re-add Freeipa-users mailing list. So I cannot modify the userPassword only and when I generate a keytab with ipa-getkeytab it doesn't update the userPassword. Do you know if it is normal behaviour for ipa-getkeytab ? If not, was it solved in a newer version of IPA ? Best regards. Bahan On Fri, Jan 8, 2016 at 2:37 PM, Alexander Bokovoy wrote: > On Fri, 08 Jan 2016, bahan w wrote: > >> Hello Alexander. >> >> Thank you for your answer. >> > Please don't ask in private, use freeipa-users@ mailing list. > > Is there a way to modify the field userPassword only ? >> Do you know if ldappasswd modify something else ? >> > There is no way to modify userPassword attribute only. When you are > modifying userPassword attribute in FreeIPA, IPA's password plugin will > update all other password attributes, if there are any. > > -- > / Alexander Bokovoy > -------------- next part -------------- An HTML attachment was scrubbed... URL: From karl.forner at gmail.com Fri Jan 8 15:52:45 2016 From: karl.forner at gmail.com (Karl Forner) Date: Fri, 8 Jan 2016 16:52:45 +0100 Subject: [Freeipa-users] unable to add user in freeIPA 4.2.3 using the web UI Message-ID: Hello, If I go to active users, click Add, fill in log, first and last name, then click "Add", I get the error message: Operations error: Allocation of a new value for range cn=posix ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed! Unable to proceed. I also tried to add a staged user. This works, but when I try to activate it, I get the same error: Operations error: Allocation of a new value for range cn=posix ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed! Unable to proceed. I looked in the IPA Server -> ID Ranges tab: first id: 134000000 nb of ids: 200000 type: local domain range The freeIPA server is a CA-replica, and the main server is currently down. What could be the problem ? Thanks. Karl -------------- next part -------------- An HTML attachment was scrubbed... URL: From abokovoy at redhat.com Fri Jan 8 16:00:28 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Fri, 8 Jan 2016 18:00:28 +0200 Subject: [Freeipa-users] unable to add user in freeIPA 4.2.3 using the web UI In-Reply-To: References: Message-ID: <20160108160028.GT4316@redhat.com> On Fri, 08 Jan 2016, Karl Forner wrote: >Hello, > >If I go to active users, click Add, fill in log, first and last name, then >click "Add", I get the error message: >Operations error: Allocation of a new value for range cn=posix >ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed! >Unable to proceed. > >I also tried to add a staged user. This works, but when I try to activate >it, I get the same error: >Operations error: Allocation of a new value for range cn=posix >ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed! >Unable to proceed. > > >I looked in the IPA Server -> ID Ranges tab: >first id: 134000000 >nb of ids: 200000 >type: local domain range > >The freeIPA server is a CA-replica, and the main server is currently down. > >What could be the problem ? If you never added users through this IPA server, it has no subset of ID range allocated to IDs issued on this server. To obtain this subset, it needs to talk back to the master on first allocation. Master is missing, thus it couldn't talk to it. -- / Alexander Bokovoy From simo at redhat.com Fri Jan 8 16:05:22 2016 From: simo at redhat.com (Simo Sorce) Date: Fri, 08 Jan 2016 11:05:22 -0500 Subject: [Freeipa-users] Problem with ipa-getkeytab, usage of ldappasswd In-Reply-To: References: <20160108131351.GJ4316@redhat.com> <20160108133741.GN4316@redhat.com> Message-ID: <1452269122.3830.94.camel@redhat.com> On Fri, 2016-01-08 at 15:49 +0100, bahan w wrote: > Re. > > Thank you for your answer, I forgot to re-add Freeipa-users mailing list. > > So I cannot modify the userPassword only and when I generate a keytab with > ipa-getkeytab it doesn't update the userPassword. > Do you know if it is normal behaviour for ipa-getkeytab ? If not, was it > solved in a newer version of IPA ? Hi Bahan, this is a behavior of the older getkeytab control, that is in used in RHEL6 (ipa 3.x versions). Due to the way this operation was built we do not get a clear text password on the server so we can't generate userPassword Hashes. In ipa4.x a better control has been introduced and userPassword is also updated (as well as password policies are enforced) when a user uses ipa-getkeytab. On older server what you can do to keep using a password as well as a keytab is to first set the password with kpasswd and the use ipa-getkeytab with the same password to store a keytab. This should leave things in sync IIRC. HTH, Simo. > Best regards. > > Bahan > > On Fri, Jan 8, 2016 at 2:37 PM, Alexander Bokovoy > wrote: > > > On Fri, 08 Jan 2016, bahan w wrote: > > > >> Hello Alexander. > >> > >> Thank you for your answer. > >> > > Please don't ask in private, use freeipa-users@ mailing list. > > > > Is there a way to modify the field userPassword only ? > >> Do you know if ldappasswd modify something else ? > >> > > There is no way to modify userPassword attribute only. When you are > > modifying userPassword attribute in FreeIPA, IPA's password plugin will > > update all other password attributes, if there are any. > > > > -- > > / Alexander Bokovoy > > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project -- Simo Sorce * Red Hat, Inc * New York From karl.forner at gmail.com Fri Jan 8 16:08:31 2016 From: karl.forner at gmail.com (Karl Forner) Date: Fri, 8 Jan 2016 17:08:31 +0100 Subject: [Freeipa-users] unable to add user in freeIPA 4.2.3 using the web UI In-Reply-To: <20160108160028.GT4316@redhat.com> References: <20160108160028.GT4316@redhat.com> Message-ID: > If you never added users through this IPA server, it has no subset of ID > range > allocated to IDs issued on this server. To obtain this subset, it needs > to talk back to the master on first allocation. Master is missing, thus > it couldn't talk to it. > thanks. But if I understand, I just can not add any users from my replica ? Does not it defeat the purpose of the replica as a failover server ? Or obtaining the subset of IDs should be part of the process of setting-up a replica ? Best, > > -- > / Alexander Bokovoy > -------------- next part -------------- An HTML attachment was scrubbed... URL: From abokovoy at redhat.com Fri Jan 8 16:17:21 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Fri, 8 Jan 2016 18:17:21 +0200 Subject: [Freeipa-users] unable to add user in freeIPA 4.2.3 using the web UI In-Reply-To: References: <20160108160028.GT4316@redhat.com> Message-ID: <20160108161721.GU4316@redhat.com> On Fri, 08 Jan 2016, Karl Forner wrote: >> If you never added users through this IPA server, it has no subset of ID >> range >> allocated to IDs issued on this server. To obtain this subset, it needs >> to talk back to the master on first allocation. Master is missing, thus >> it couldn't talk to it. >> > >thanks. > >But if I understand, I just can not add any users from my replica ? >Does not it defeat the purpose of the replica as a failover server ? >Or obtaining the subset of IDs should be part of the process of setting-up >a replica ? ID range is relatively scarce. We don't split it across multiple replicas automatically because most of them will not be used to create users and thus their sub-ranges will be wasted. Documentation for the DNA plugin: https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Configuration_Command_and_File_Reference/dna-attributes.html -- / Alexander Bokovoy From karl.forner at gmail.com Fri Jan 8 16:30:24 2016 From: karl.forner at gmail.com (Karl Forner) Date: Fri, 8 Jan 2016 17:30:24 +0100 Subject: [Freeipa-users] unable to add user in freeIPA 4.2.3 using the web UI In-Reply-To: <20160108161721.GU4316@redhat.com> References: <20160108160028.GT4316@redhat.com> <20160108161721.GU4316@redhat.com> Message-ID: Ok. I read a work-around on https://blog-rcritten.rhcloud.com/?p=50 It says that if one has figured out a safe new range for the replica, the range could be set using: ldapmodify -x -D 'cn=Directory Manager' -W Enter LDAP Password: dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config changetype: modify replace: dnaNextValue dnaNextValue: 1689700000 - replace: dnaMaxValue dnaMaxValue: 1689799999 ^D modifying entry "cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config" I suppose this can be dangerous, but would you consider it as a work-around, or should it be avoided at all means ? On Fri, Jan 8, 2016 at 5:17 PM, Alexander Bokovoy wrote: > On Fri, 08 Jan 2016, Karl Forner wrote: > >> If you never added users through this IPA server, it has no subset of ID >>> range >>> allocated to IDs issued on this server. To obtain this subset, it needs >>> to talk back to the master on first allocation. Master is missing, thus >>> it couldn't talk to it. >>> >>> >> thanks. >> >> But if I understand, I just can not add any users from my replica ? >> Does not it defeat the purpose of the replica as a failover server ? >> Or obtaining the subset of IDs should be part of the process of setting-up >> a replica ? >> > ID range is relatively scarce. We don't split it across multiple > replicas automatically because most of them will not be used to create > users and thus their sub-ranges will be wasted. > > Documentation for the DNA plugin: > > https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Configuration_Command_and_File_Reference/dna-attributes.html > > -- > / Alexander Bokovoy > -------------- next part -------------- An HTML attachment was scrubbed... URL: From abokovoy at redhat.com Fri Jan 8 16:49:07 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Fri, 8 Jan 2016 18:49:07 +0200 Subject: [Freeipa-users] unable to add user in freeIPA 4.2.3 using the web UI In-Reply-To: References: <20160108160028.GT4316@redhat.com> <20160108161721.GU4316@redhat.com> Message-ID: <20160108164906.GV4316@redhat.com> On Fri, 08 Jan 2016, Karl Forner wrote: >Ok. > >I read a work-around on https://blog-rcritten.rhcloud.com/?p=50 > >It says that if one has figured out a safe new range for the replica, the >range could be set using: > >ldapmodify -x -D 'cn=Directory Manager' -W >Enter LDAP Password: >dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config >changetype: modify >replace: dnaNextValue >dnaNextValue: 1689700000 >- >replace: dnaMaxValue >dnaMaxValue: 1689799999 >^D > >modifying entry "cn=Posix IDs,cn=Distributed Numeric Assignment >Plugin,cn=plugins,cn=config" > > >I suppose this can be dangerous, but would you consider it as a >work-around, or should it be avoided at all means ? Rob is one of FreeIPA project original developers and he wrote this code, so he knows it well. To derive dnaMaxValue/dnaNextValue you need to consult older server's data, if it is still available (in /etc/dirsrv/slapd-INSTANCE/dse.ldif). At worst you'd need to back out the change if things would work. -- / Alexander Bokovoy From rcritten at redhat.com Fri Jan 8 17:36:29 2016 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 8 Jan 2016 12:36:29 -0500 Subject: [Freeipa-users] unable to add user in freeIPA 4.2.3 using the web UI In-Reply-To: References: Message-ID: <568FF39D.3030505@redhat.com> Karl Forner wrote: > Hello, > > If I go to active users, click Add, fill in log, first and last name, > then click "Add", I get the error message: > Operations error: Allocation of a new value for range cn=posix > ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config > failed! Unable to proceed. > > I also tried to add a staged user. This works, but when I try to > activate it, I get the same error: > Operations error: Allocation of a new value for range cn=posix > ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config > failed! Unable to proceed. > > > I looked in the IPA Server -> ID Ranges tab: > first id: 134000000 > nb of ids: 200000 > type: local domain range > > The freeIPA server is a CA-replica, and the main server is currently down. > > What could be the problem ? http://blog-rcritten.rhcloud.com/?p=50 rob From rcritten at redhat.com Fri Jan 8 18:02:20 2016 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 8 Jan 2016 13:02:20 -0500 Subject: [Freeipa-users] unable to add user in freeIPA 4.2.3 using the web UI In-Reply-To: <20160108164906.GV4316@redhat.com> References: <20160108160028.GT4316@redhat.com> <20160108161721.GU4316@redhat.com> <20160108164906.GV4316@redhat.com> Message-ID: <568FF9AC.3040201@redhat.com> Alexander Bokovoy wrote: > On Fri, 08 Jan 2016, Karl Forner wrote: >> Ok. >> >> I read a work-around on https://blog-rcritten.rhcloud.com/?p=50 >> >> It says that if one has figured out a safe new range for the replica, the >> range could be set using: >> >> ldapmodify -x -D 'cn=Directory Manager' -W >> Enter LDAP Password: >> dn: cn=Posix IDs,cn=Distributed Numeric Assignment >> Plugin,cn=plugins,cn=config >> changetype: modify >> replace: dnaNextValue >> dnaNextValue: 1689700000 >> - >> replace: dnaMaxValue >> dnaMaxValue: 1689799999 >> ^D >> >> modifying entry "cn=Posix IDs,cn=Distributed Numeric Assignment >> Plugin,cn=plugins,cn=config" >> >> >> I suppose this can be dangerous, but would you consider it as a >> work-around, or should it be avoided at all means ? > > Rob is one of FreeIPA project original developers and he wrote this > code, so he knows it well. To derive dnaMaxValue/dnaNextValue you need to > consult older server's data, if it is still available (in > /etc/dirsrv/slapd-INSTANCE/dse.ldif). > > At worst you'd need to back out the change if things would work. I purposely used rather weak working in my blog to ensure that one thinks carefully about making this kind of change. If your original master can be brought back up that is definitely the best way to resolve it. If it was nuked from orbit then yeah the you'll need to manually set it. Note that you can use ipa-replica-manage to do this as well and it has a much less scary syntax: $ ipa-replica-manage dnarange-set yourhost.example.com 1689700000-1689799999 I guess the range 1689600000-1689699999 is the rest of the original range, presumably assigned to the original master? rob From karl.forner at gmail.com Fri Jan 8 18:09:19 2016 From: karl.forner at gmail.com (Karl Forner) Date: Fri, 8 Jan 2016 19:09:19 +0100 Subject: [Freeipa-users] unable to add user in freeIPA 4.2.3 using the web UI In-Reply-To: <568FF9AC.3040201@redhat.com> References: <20160108160028.GT4316@redhat.com> <20160108161721.GU4316@redhat.com> <20160108164906.GV4316@redhat.com> <568FF9AC.3040201@redhat.com> Message-ID: > > I purposely used rather weak working in my blog to ensure that one > thinks carefully about making this kind of change. If your original > master can be brought back up that is definitely the best way to resolve > it. > ok, I'll try this first. > > If it was nuked from orbit then yeah the you'll need to manually set it. > > Note that you can use ipa-replica-manage to do this as well and it has a > much less scary syntax: > > $ ipa-replica-manage dnarange-set yourhost.example.com > 1689700000-1689799999 > definitely less scary ! > > I guess the range 1689600000-1689699999 is the rest of the original > range, presumably assigned to the original master? > I am not sure to follow. The default used my master is 134000000-134200000 right ? So I could set 135000000-135200000 for instance. Or did I miss something ? -------------- next part -------------- An HTML attachment was scrubbed... URL: From rcritten at redhat.com Fri Jan 8 18:19:44 2016 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 8 Jan 2016 13:19:44 -0500 Subject: [Freeipa-users] unable to add user in freeIPA 4.2.3 using the web UI In-Reply-To: References: <20160108160028.GT4316@redhat.com> <20160108161721.GU4316@redhat.com> <20160108164906.GV4316@redhat.com> <568FF9AC.3040201@redhat.com> Message-ID: <568FFDC0.8050202@redhat.com> Karl Forner wrote: > > > I purposely used rather weak working in my blog to ensure that one > thinks carefully about making this kind of change. If your original > master can be brought back up that is definitely the best way to > resolve it. > > > ok, I'll try this first. > > > > If it was nuked from orbit then yeah the you'll need to manually set it. > > Note that you can use ipa-replica-manage to do this as well and it has a > much less scary syntax: > > $ ipa-replica-manage dnarange-set yourhost.example.com > 1689700000-1689799999 > > > definitely less scary ! > > > > I guess the range 1689600000-1689699999 is the rest of the original > range, presumably assigned to the original master? > > > I am not sure to follow. The default used my master is > 134000000-134200000 right ? > So I could set 135000000-135200000 for instance. Or did I miss something ? > > My example was based on the ldif you proposed. What the DNA plugin would have done is split the original range in two. If you want to stick with that it's fine but you'll never get back whatever was remaining of that original 100k, at least not automatically. It all depends on what your needs are. Using 134100000-134199999 is probably what you want. Otherwise you are just picking a new range out of the blue. There is no tie-in now between the idrange and the DNA range but there may be at some point. At that time things could go sideways if you pick a new DNA range that isn't reflected in the idrange. rob From karl.forner at gmail.com Fri Jan 8 18:23:44 2016 From: karl.forner at gmail.com (Karl Forner) Date: Fri, 8 Jan 2016 19:23:44 +0100 Subject: [Freeipa-users] unable to add user in freeIPA 4.2.3 using the web UI In-Reply-To: <568FFDC0.8050202@redhat.com> References: <20160108160028.GT4316@redhat.com> <20160108161721.GU4316@redhat.com> <20160108164906.GV4316@redhat.com> <568FF9AC.3040201@redhat.com> <568FFDC0.8050202@redhat.com> Message-ID: > > > > I am not sure to follow. The default used my master is > > 134000000-134200000 right ? > > So I could set 135000000-135200000 for instance. Or did I miss something > ? > > > > > > My example was based on the ldif you proposed. > > What the DNA plugin would have done is split the original range in two. > If you want to stick with that it's fine but you'll never get back > whatever was remaining of that original 100k, at least not > automatically. It all depends on what your needs are. > > Using 134100000-134199999 is probably what you want. > Ok, I get it. > Otherwise you are just picking a new range out of the blue. > > There is no tie-in now between the idrange and the DNA range but there > may be at some point. At that time things could go sideways if you pick > a new DNA range that isn't reflected in the idrange. > thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: From markus at die5roths.de Sat Jan 9 21:39:56 2016 From: markus at die5roths.de (Markus Roth) Date: Sat, 09 Jan 2016 22:39:56 +0100 Subject: [Freeipa-users] Setup of freeipa 4.2.3 failed In-Reply-To: <568FAA9F.7020505@redhat.com> References: <2588793.PXhtNmgmCt@shdehenw2471> <1452254762.30824.13.camel@die5roths.de> <568FAA9F.7020505@redhat.com> Message-ID: <1452375596.30824.28.camel@die5roths.de> Am Freitag, den 08.01.2016, 13:25 +0100 schrieb Martin Babinsky: > On 01/08/2016 01:06 PM, Markus Roth wrote: > > Hi all, > > > > I tried to install freeipa server (freeipa-server.armv7hl > > ? 4.2.3-1.1.fc23), but the installation failed. > > > > ----------------------------------------------------- > > Configuring NTP daemon (ntpd) > > ???[1/4]: stopping ntpd > > ???[2/4]: writing configuration > > ???[3/4]: configuring ntpd to start on boot > > ???[4/4]: starting ntpd > > Done configuring NTP daemon (ntpd). > > Configuring directory server (dirsrv). Estimated time: 1 minute > > ???[1/43]: creating directory server user > > ???[2/43]: creating directory server instance > > ???[3/43]: adding default schema > > ???[4/43]: enabling memberof plugin > > ???[5/43]: enabling winsync plugin > > ???[6/43]: configuring replication version plugin > > ???[7/43]: enabling IPA enrollment plugin > > ???[8/43]: enabling ldapi > > ???[9/43]: configuring uniqueness plugin > > ???[10/43]: configuring uuid plugin > > ???[11/43]: configuring modrdn plugin > > ???[12/43]: configuring DNS plugin > > ???[13/43]: enabling entryUSN plugin > > ???[14/43]: configuring lockout plugin > > ???[15/43]: creating indices > > ???[16/43]: enabling referential integrity plugin > > ???[17/43]: configuring certmap.conf > > ???[18/43]: configure autobind for root > > ???[19/43]: configure new location for managed entries > > ???[20/43]: configure dirsrv ccache > > ???[21/43]: enable SASL mapping fallback > > ???[22/43]: restarting directory server > > ???[23/43]: adding default layout > > ???[24/43]: adding delegation layout > > ???[25/43]: creating container for managed entries > > ???[26/43]: configuring user private groups > > ???[27/43]: configuring netgroups from hostgroups > > ???[28/43]: creating default Sudo bind user > > ???[29/43]: creating default Auto Member layout > > ???[30/43]: adding range check plugin > > ???[31/43]: creating default HBAC rule allow_all > > ???[32/43]: creating default CA ACL rule > > ???[33/43]: adding entries for topology management > > ???[34/43]: initializing group membership > > ???[35/43]: adding master entry > > ???[36/43]: initializing domain level > > ???[37/43]: configuring Posix uid/gid generation > > ???[38/43]: adding replication acis > > ???[39/43]: enabling compatibility plugin > > ???[40/43]: activating sidgen plugin > > ???[41/43]: activating extdom plugin > > ???[42/43]: tuning directory server > > ???[43/43]: configuring directory to start on boot > > Done configuring directory server (dirsrv). > > Configuring certificate server (pki-tomcatd). Estimated time: 3 > > minutes > > 30 seconds > > ???[1/25]: creating certificate server user > > ???[2/25]: configuring certificate server instance > > ???[3/25]: stopping certificate server instance to update CS.cfg > > ???[4/25]: backing up CS.cfg > > ???[5/25]: disabling nonces > > ???[6/25]: set up CRL publishing > > ???[7/25]: enable PKIX certificate path discovery and validation > > ???[8/25]: starting certificate server instance > > ???[9/25]: creating RA agent certificate database > > ???[10/25]: importing CA chain to RA certificate database > > ???[11/25]: fixing RA database permissions > > ???[12/25]: setting up signing cert profile > > ???[13/25]: setting audit signing renewal to 2 years > > ???[14/25]: restarting certificate server > > ???[15/25]: requesting RA certificate from CA > > ???[16/25]: issuing RA agent certificate > > ???[17/25]: adding RA agent as a trusted user > > ???[18/25]: authorizing RA to modify profiles > > ???[19/25]: configure certmonger for renewals > > ???[20/25]: configure certificate renewals > > ???[21/25]: configure RA certificate renewal > > ???[22/25]: configure Server-Cert certificate renewal > > ???[23/25]: Configure HTTP to proxy connections > > ???[24/25]: restarting certificate server > > ???[25/25]: Importing IPA certificate profiles > > Done configuring certificate server (pki-tomcatd). > > Configuring directory server (dirsrv). Estimated time: 10 seconds > > ???[1/3]: configuring ssl for ds instance > > ???[error] RuntimeError: Certificate issuance failed > > ipa.ipapython.install.cli.install_tool(Server): > > ERROR????Certificate > > issuance failed > > > > ----------------------------------------------- > > > > The last messages in the log file (/var/log/ipaserver-install.log): > > > > ? File > > "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", > > line > > 637, in __enable_ssl > > ?????self.nickname, self.fqdn, cadb) > > ???File "/usr/lib/python2.7/site- > > packages/ipaserver/install/certs.py", > > line 337, in create_server_cert > > ?????cdb.issue_server_cert(self.certreq_fname, self.certder_fname) > > ???File "/usr/lib/python2.7/site- > > packages/ipaserver/install/certs.py", > > line 419, in issue_server_cert > > ?????raise RuntimeError("Certificate issuance failed") > > > > 2016-01-08T09:33:47Z DEBUG The ipa-server-install command failed, > > exception: RuntimeError: Certificate issuance failed > > 2016-01-08T09:33:47Z ERROR Certificate issuance failed > > > > any ideas about this error? > > > > Markus > > > > > > Sounds similar to https://fedorahosted.org/freeipa/ticket/5376, but I > ? > can not be sure without seeing installation log? > (/var/log/ipaserver-install.log). > > As a workaround, you can try to re-run the installation in verbose > mode? > using '-v' option and see if it succeeds. Be prepared for a lot of? > garbage spouted on the output, though. > Hi Martin, did an setup with fedora 22 and?freeipa-server.armv7hl 4.1.4-4.fc22 The setup completed successfully. The only change I did was, change the startup_timeout variable to 900 in /usr/lib/python2.7/site- packages/ipalib/constants.py, because the hardware (banana pi) isn't fast enough for the certification generation process. So it must be an bug in?freeipa-server.armv7hl 4.2.3-1.1.fc23. Regards, Markus From rcritten at redhat.com Sat Jan 9 22:41:38 2016 From: rcritten at redhat.com (Rob Crittenden) Date: Sat, 9 Jan 2016 17:41:38 -0500 Subject: [Freeipa-users] Setup of freeipa 4.2.3 failed In-Reply-To: <1452375596.30824.28.camel@die5roths.de> References: <2588793.PXhtNmgmCt@shdehenw2471> <1452254762.30824.13.camel@die5roths.de> <568FAA9F.7020505@redhat.com> <1452375596.30824.28.camel@die5roths.de> Message-ID: <56918CA2.5060600@redhat.com> Markus Roth wrote: > Am Freitag, den 08.01.2016, 13:25 +0100 schrieb Martin Babinsky: >> On 01/08/2016 01:06 PM, Markus Roth wrote: >>> Hi all, >>> >>> I tried to install freeipa server (freeipa-server.armv7hl >>> 4.2.3-1.1.fc23), but the installation failed. >>> >>> ----------------------------------------------------- >>> Configuring NTP daemon (ntpd) >>> [1/4]: stopping ntpd >>> [2/4]: writing configuration >>> [3/4]: configuring ntpd to start on boot >>> [4/4]: starting ntpd >>> Done configuring NTP daemon (ntpd). >>> Configuring directory server (dirsrv). Estimated time: 1 minute >>> [1/43]: creating directory server user >>> [2/43]: creating directory server instance >>> [3/43]: adding default schema >>> [4/43]: enabling memberof plugin >>> [5/43]: enabling winsync plugin >>> [6/43]: configuring replication version plugin >>> [7/43]: enabling IPA enrollment plugin >>> [8/43]: enabling ldapi >>> [9/43]: configuring uniqueness plugin >>> [10/43]: configuring uuid plugin >>> [11/43]: configuring modrdn plugin >>> [12/43]: configuring DNS plugin >>> [13/43]: enabling entryUSN plugin >>> [14/43]: configuring lockout plugin >>> [15/43]: creating indices >>> [16/43]: enabling referential integrity plugin >>> [17/43]: configuring certmap.conf >>> [18/43]: configure autobind for root >>> [19/43]: configure new location for managed entries >>> [20/43]: configure dirsrv ccache >>> [21/43]: enable SASL mapping fallback >>> [22/43]: restarting directory server >>> [23/43]: adding default layout >>> [24/43]: adding delegation layout >>> [25/43]: creating container for managed entries >>> [26/43]: configuring user private groups >>> [27/43]: configuring netgroups from hostgroups >>> [28/43]: creating default Sudo bind user >>> [29/43]: creating default Auto Member layout >>> [30/43]: adding range check plugin >>> [31/43]: creating default HBAC rule allow_all >>> [32/43]: creating default CA ACL rule >>> [33/43]: adding entries for topology management >>> [34/43]: initializing group membership >>> [35/43]: adding master entry >>> [36/43]: initializing domain level >>> [37/43]: configuring Posix uid/gid generation >>> [38/43]: adding replication acis >>> [39/43]: enabling compatibility plugin >>> [40/43]: activating sidgen plugin >>> [41/43]: activating extdom plugin >>> [42/43]: tuning directory server >>> [43/43]: configuring directory to start on boot >>> Done configuring directory server (dirsrv). >>> Configuring certificate server (pki-tomcatd). Estimated time: 3 >>> minutes >>> 30 seconds >>> [1/25]: creating certificate server user >>> [2/25]: configuring certificate server instance >>> [3/25]: stopping certificate server instance to update CS.cfg >>> [4/25]: backing up CS.cfg >>> [5/25]: disabling nonces >>> [6/25]: set up CRL publishing >>> [7/25]: enable PKIX certificate path discovery and validation >>> [8/25]: starting certificate server instance >>> [9/25]: creating RA agent certificate database >>> [10/25]: importing CA chain to RA certificate database >>> [11/25]: fixing RA database permissions >>> [12/25]: setting up signing cert profile >>> [13/25]: setting audit signing renewal to 2 years >>> [14/25]: restarting certificate server >>> [15/25]: requesting RA certificate from CA >>> [16/25]: issuing RA agent certificate >>> [17/25]: adding RA agent as a trusted user >>> [18/25]: authorizing RA to modify profiles >>> [19/25]: configure certmonger for renewals >>> [20/25]: configure certificate renewals >>> [21/25]: configure RA certificate renewal >>> [22/25]: configure Server-Cert certificate renewal >>> [23/25]: Configure HTTP to proxy connections >>> [24/25]: restarting certificate server >>> [25/25]: Importing IPA certificate profiles >>> Done configuring certificate server (pki-tomcatd). >>> Configuring directory server (dirsrv). Estimated time: 10 seconds >>> [1/3]: configuring ssl for ds instance >>> [error] RuntimeError: Certificate issuance failed >>> ipa.ipapython.install.cli.install_tool(Server): >>> ERROR Certificate >>> issuance failed >>> >>> ----------------------------------------------- >>> >>> The last messages in the log file (/var/log/ipaserver-install.log): >>> >>> File >>> "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", >>> line >>> 637, in __enable_ssl >>> self.nickname, self.fqdn, cadb) >>> File "/usr/lib/python2.7/site- >>> packages/ipaserver/install/certs.py", >>> line 337, in create_server_cert >>> cdb.issue_server_cert(self.certreq_fname, self.certder_fname) >>> File "/usr/lib/python2.7/site- >>> packages/ipaserver/install/certs.py", >>> line 419, in issue_server_cert >>> raise RuntimeError("Certificate issuance failed") >>> >>> 2016-01-08T09:33:47Z DEBUG The ipa-server-install command failed, >>> exception: RuntimeError: Certificate issuance failed >>> 2016-01-08T09:33:47Z ERROR Certificate issuance failed >>> >>> any ideas about this error? >>> >>> Markus >>> >>> >> >> Sounds similar to https://fedorahosted.org/freeipa/ticket/5376, but I >> >> can not be sure without seeing installation log >> (/var/log/ipaserver-install.log). >> >> As a workaround, you can try to re-run the installation in verbose >> mode >> using '-v' option and see if it succeeds. Be prepared for a lot of >> garbage spouted on the output, though. >> > Hi Martin, > > did an setup with fedora 22 and freeipa-server.armv7hl 4.1.4-4.fc22 > > The setup completed successfully. The only change I did was, change the > startup_timeout variable to 900 in /usr/lib/python2.7/site- > packages/ipalib/constants.py, because the hardware (banana pi) isn't > fast enough for the certification generation process. > > So it must be an bug in freeipa-server.armv7hl 4.2.3-1.1.fc23. /var/log/ipaserver-install.log from the failed install would be helpful. rob From marc.boorshtein at tremolosecurity.com Sat Jan 9 23:41:53 2016 From: marc.boorshtein at tremolosecurity.com (Marc Boorshtein) Date: Sat, 9 Jan 2016 18:41:53 -0500 Subject: [Freeipa-users] FreeIPA and project Atomic Message-ID: I'm moving an environment from one that uses all separate VMs to one using project Atomic and Docker images. A couple of questions: 1. Are there any known issues joining an atomic host to a FreeIPA domain? (Or has anyone tried it?) 2. Is there any reason I couldn't run FreeIPA in a container in this setup? It seems odd to run FreeIPA on a container for a server in its own domain. My first thought is to have the FreeIPA servers running on their own VMs. Any insight would be appreciated. Thanks Marc -- Marc Boorshtein CTO Tremolo Security marc.boorshtein at tremolosecurity.com ( 703) 828-4902 -------------- next part -------------- An HTML attachment was scrubbed... URL: From markus at die5roths.de Sun Jan 10 08:40:07 2016 From: markus at die5roths.de (Markus Roth) Date: Sun, 10 Jan 2016 09:40:07 +0100 Subject: [Freeipa-users] Setup of freeipa 4.2.3 failed In-Reply-To: <56918CA2.5060600@redhat.com> References: <2588793.PXhtNmgmCt@shdehenw2471> <1452254762.30824.13.camel@die5roths.de> <568FAA9F.7020505@redhat.com> <1452375596.30824.28.camel@die5roths.de> <56918CA2.5060600@redhat.com> Message-ID: <1452415207.30824.31.camel@die5roths.de> Am Samstag, den 09.01.2016, 17:41 -0500 schrieb Rob Crittenden: > Markus Roth wrote: > > Am Freitag, den 08.01.2016, 13:25 +0100 schrieb Martin Babinsky: > > > On 01/08/2016 01:06 PM, Markus Roth wrote: > > > > Hi all, > > > > > > > > I tried to install freeipa server (freeipa-server.armv7hl > > > > ? 4.2.3-1.1.fc23), but the installation failed. > > > > > > > > ----------------------------------------------------- > > > > Configuring NTP daemon (ntpd) > > > > ???[1/4]: stopping ntpd > > > > ???[2/4]: writing configuration > > > > ???[3/4]: configuring ntpd to start on boot > > > > ???[4/4]: starting ntpd > > > > Done configuring NTP daemon (ntpd). > > > > Configuring directory server (dirsrv). Estimated time: 1 minute > > > > ???[1/43]: creating directory server user > > > > ???[2/43]: creating directory server instance > > > > ???[3/43]: adding default schema > > > > ???[4/43]: enabling memberof plugin > > > > ???[5/43]: enabling winsync plugin > > > > ???[6/43]: configuring replication version plugin > > > > ???[7/43]: enabling IPA enrollment plugin > > > > ???[8/43]: enabling ldapi > > > > ???[9/43]: configuring uniqueness plugin > > > > ???[10/43]: configuring uuid plugin > > > > ???[11/43]: configuring modrdn plugin > > > > ???[12/43]: configuring DNS plugin > > > > ???[13/43]: enabling entryUSN plugin > > > > ???[14/43]: configuring lockout plugin > > > > ???[15/43]: creating indices > > > > ???[16/43]: enabling referential integrity plugin > > > > ???[17/43]: configuring certmap.conf > > > > ???[18/43]: configure autobind for root > > > > ???[19/43]: configure new location for managed entries > > > > ???[20/43]: configure dirsrv ccache > > > > ???[21/43]: enable SASL mapping fallback > > > > ???[22/43]: restarting directory server > > > > ???[23/43]: adding default layout > > > > ???[24/43]: adding delegation layout > > > > ???[25/43]: creating container for managed entries > > > > ???[26/43]: configuring user private groups > > > > ???[27/43]: configuring netgroups from hostgroups > > > > ???[28/43]: creating default Sudo bind user > > > > ???[29/43]: creating default Auto Member layout > > > > ???[30/43]: adding range check plugin > > > > ???[31/43]: creating default HBAC rule allow_all > > > > ???[32/43]: creating default CA ACL rule > > > > ???[33/43]: adding entries for topology management > > > > ???[34/43]: initializing group membership > > > > ???[35/43]: adding master entry > > > > ???[36/43]: initializing domain level > > > > ???[37/43]: configuring Posix uid/gid generation > > > > ???[38/43]: adding replication acis > > > > ???[39/43]: enabling compatibility plugin > > > > ???[40/43]: activating sidgen plugin > > > > ???[41/43]: activating extdom plugin > > > > ???[42/43]: tuning directory server > > > > ???[43/43]: configuring directory to start on boot > > > > Done configuring directory server (dirsrv). > > > > Configuring certificate server (pki-tomcatd). Estimated time: 3 > > > > minutes > > > > 30 seconds > > > > ???[1/25]: creating certificate server user > > > > ???[2/25]: configuring certificate server instance > > > > ???[3/25]: stopping certificate server instance to update > > > > CS.cfg > > > > ???[4/25]: backing up CS.cfg > > > > ???[5/25]: disabling nonces > > > > ???[6/25]: set up CRL publishing > > > > ???[7/25]: enable PKIX certificate path discovery and > > > > validation > > > > ???[8/25]: starting certificate server instance > > > > ???[9/25]: creating RA agent certificate database > > > > ???[10/25]: importing CA chain to RA certificate database > > > > ???[11/25]: fixing RA database permissions > > > > ???[12/25]: setting up signing cert profile > > > > ???[13/25]: setting audit signing renewal to 2 years > > > > ???[14/25]: restarting certificate server > > > > ???[15/25]: requesting RA certificate from CA > > > > ???[16/25]: issuing RA agent certificate > > > > ???[17/25]: adding RA agent as a trusted user > > > > ???[18/25]: authorizing RA to modify profiles > > > > ???[19/25]: configure certmonger for renewals > > > > ???[20/25]: configure certificate renewals > > > > ???[21/25]: configure RA certificate renewal > > > > ???[22/25]: configure Server-Cert certificate renewal > > > > ???[23/25]: Configure HTTP to proxy connections > > > > ???[24/25]: restarting certificate server > > > > ???[25/25]: Importing IPA certificate profiles > > > > Done configuring certificate server (pki-tomcatd). > > > > Configuring directory server (dirsrv). Estimated time: 10 > > > > seconds > > > > ???[1/3]: configuring ssl for ds instance > > > > ???[error] RuntimeError: Certificate issuance failed > > > > ipa.ipapython.install.cli.install_tool(Server): > > > > ERROR????Certificate > > > > issuance failed > > > > > > > > ----------------------------------------------- > > > > > > > > The last messages in the log file (/var/log/ipaserver- > > > > install.log): > > > > > > > > ? File > > > > "/usr/lib/python2.7/site- > > > > packages/ipaserver/install/dsinstance.py",? > > > > line > > > > 637, in __enable_ssl > > > > ?????self.nickname, self.fqdn, cadb) > > > > ???File "/usr/lib/python2.7/site- > > > > packages/ipaserver/install/certs.py", > > > > line 337, in create_server_cert > > > > ?????cdb.issue_server_cert(self.certreq_fname, > > > > self.certder_fname) > > > > ???File "/usr/lib/python2.7/site- > > > > packages/ipaserver/install/certs.py", > > > > line 419, in issue_server_cert > > > > ?????raise RuntimeError("Certificate issuance failed") > > > > > > > > 2016-01-08T09:33:47Z DEBUG The ipa-server-install command > > > > failed, > > > > exception: RuntimeError: Certificate issuance failed > > > > 2016-01-08T09:33:47Z ERROR Certificate issuance failed > > > > > > > > any ideas about this error? > > > > > > > > Markus > > > > > > > > > > > > > > Sounds similar to https://fedorahosted.org/freeipa/ticket/5376, b > > > ut I > > > ? > > > can not be sure without seeing installation log? > > > (/var/log/ipaserver-install.log). > > > > > > As a workaround, you can try to re-run the installation in > > > verbose > > > mode? > > > using '-v' option and see if it succeeds. Be prepared for a lot > > > of? > > > garbage spouted on the output, though. > > > > > Hi Martin, > > > > did an setup with fedora 22 and freeipa-server.armv7hl 4.1.4-4.fc22 > > > > The setup completed successfully. The only change I did was, change > > the > > startup_timeout variable to 900 in /usr/lib/python2.7/site- > > packages/ipalib/constants.py, because the hardware (banana pi) > > isn't > > fast enough for the certification generation process. > > > > So it must be an bug in freeipa-server.armv7hl 4.2.3-1.1.fc23. > > /var/log/ipaserver-install.log from the failed install would be > helpful. > > rob > > attached is the log file and the output of ipa-server-install -v (ipa- install.txt) -------------- next part -------------- The log file for this installation can be found in /var/log/ipaserver-install.log ============================================================================== This program will set up the FreeIPA Server. This includes: * Configure a stand-alone CA (dogtag) for certificate management * Configure the Network Time Daemon (ntpd) * Create and configure an instance of Directory Server * Create and configure a Kerberos Key Distribution Center (KDC) * Configure Apache (httpd) To accept the default shown in brackets, press the Enter key. WARNING: conflicting time&date synchronization service 'chronyd' will be disabled in favor of ntpd Do you want to configure integrated DNS (BIND)? [no]: yes Enter the fully qualified domain name of the computer on which you're setting up server software. Using the form . Example: master.example.com. Server host name [obelix.roth.lan]: Warning: skipping DNS resolution of host obelix.roth.lan The domain name has been determined based on the host name. Please confirm the domain name [roth.lan]: The kerberos protocol requires a Realm name to be defined. This is typically the domain name converted to uppercase. Please provide a realm name [ROTH.LAN]: Certain directory server operations require an administrative user. This user is referred to as the Directory Manager and has full access to the Directory for system management tasks and will be added to the instance of directory server created for IPA. The password must be at least 8 characters long. Directory Manager password: Password (confirm): The IPA server requires an administrative user, named 'admin'. This user is a regular system account used for IPA server administration. IPA admin password: Password (confirm): Do you want to configure DNS forwarders? [yes]: Enter an IP address for a DNS forwarder, or press Enter to skip: 192.168.178.254 DNS forwarder 192.168.178.254 added. You may add another. Enter an IP address for a DNS forwarder, or press Enter to skip: Checking DNS forwarders, please wait ... Do you want to configure the reverse zone? [yes]: Please specify the reverse zone name [178.168.192.in-addr.arpa.]: Using reverse zone(s) 178.168.192.in-addr.arpa. The IPA Master Server will be configured with: Hostname: obelix.roth.lan IP address(es): 192.168.178.10 Domain name: roth.lan Realm name: ROTH.LAN BIND DNS server will be configured to serve IPA domain with: Forwarders: 192.168.178.254 Reverse zone(s): 178.168.192.in-addr.arpa. Continue to configure the system with these values? [no]: yes The following operations may take some minutes to complete. Please wait until the prompt is returned. Configuring NTP daemon (ntpd) [1/4]: stopping ntpd [2/4]: writing configuration [3/4]: configuring ntpd to start on boot [4/4]: starting ntpd Done configuring NTP daemon (ntpd). Configuring directory server (dirsrv). Estimated time: 1 minute [1/43]: creating directory server user [2/43]: creating directory server instance [3/43]: adding default schema [4/43]: enabling memberof plugin [5/43]: enabling winsync plugin [6/43]: configuring replication version plugin [7/43]: enabling IPA enrollment plugin [8/43]: enabling ldapi [9/43]: configuring uniqueness plugin [10/43]: configuring uuid plugin [11/43]: configuring modrdn plugin [12/43]: configuring DNS plugin [13/43]: enabling entryUSN plugin [14/43]: configuring lockout plugin [15/43]: creating indices [16/43]: enabling referential integrity plugin [17/43]: configuring certmap.conf [18/43]: configure autobind for root [19/43]: configure new location for managed entries [20/43]: configure dirsrv ccache [21/43]: enable SASL mapping fallback [22/43]: restarting directory server [23/43]: adding default layout [24/43]: adding delegation layout [25/43]: creating container for managed entries [26/43]: configuring user private groups [27/43]: configuring netgroups from hostgroups [28/43]: creating default Sudo bind user [29/43]: creating default Auto Member layout [30/43]: adding range check plugin [31/43]: creating default HBAC rule allow_all [32/43]: creating default CA ACL rule [33/43]: adding entries for topology management [34/43]: initializing group membership [35/43]: adding master entry [36/43]: initializing domain level [37/43]: configuring Posix uid/gid generation [38/43]: adding replication acis [39/43]: enabling compatibility plugin [40/43]: activating sidgen plugin [41/43]: activating extdom plugin [42/43]: tuning directory server [43/43]: configuring directory to start on boot Done configuring directory server (dirsrv). Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes 30 seconds [1/25]: creating certificate server user [2/25]: configuring certificate server instance [3/25]: stopping certificate server instance to update CS.cfg [4/25]: backing up CS.cfg [5/25]: disabling nonces [6/25]: set up CRL publishing [7/25]: enable PKIX certificate path discovery and validation [8/25]: starting certificate server instance [9/25]: creating RA agent certificate database [10/25]: importing CA chain to RA certificate database [11/25]: fixing RA database permissions [12/25]: setting up signing cert profile [13/25]: setting audit signing renewal to 2 years [14/25]: restarting certificate server [15/25]: requesting RA certificate from CA [16/25]: issuing RA agent certificate [17/25]: adding RA agent as a trusted user [18/25]: authorizing RA to modify profiles [19/25]: configure certmonger for renewals [20/25]: configure certificate renewals [21/25]: configure RA certificate renewal [22/25]: configure Server-Cert certificate renewal [23/25]: Configure HTTP to proxy connections [24/25]: restarting certificate server [25/25]: Importing IPA certificate profiles Done configuring certificate server (pki-tomcatd). Configuring directory server (dirsrv). Estimated time: 10 seconds [1/3]: configuring ssl for ds instance [error] RuntimeError: Certificate issuance failed ipa.ipapython.install.cli.install_tool(Server): ERROR Certificate issuance failed [root at obelix ~]# ^C [root at obelix ~]# less /var/log/ipa ipaserver-install.log ipaupgrade.log [root at obelix ~]# less /var/log/ipaserver-install.log [root at obelix ~]# vi /usr/lib/python2.7/site-packages/ipaserver/install/certs.py [root at obelix ~]# less /var/log/ipaserver-install.log [root at obelix ~]# ipa-server-install -v ipa.ipapython.install.cli.install_tool(Server): DEBUG Logging to /var/log/ipaserver-install.log ipa.ipapython.install.cli.install_tool(Server): DEBUG ipa-server-install was invoked with arguments [] and options: {'no_dns_sshfp': None, 'verbose': True, 'ip_addresses': None, 'domainlevel': None, 'mkhomedir': None, 'no_pkinit': None, 'http_cert_files': None, 'no_ntp': None, 'subject': None, 'no_forwarders': None, 'external_ca': None, 'external_ca_type': None, 'ssh_trust_dns': None, 'domain_name': None, 'idmax': None, 'http_cert_name': None, 'dirsrv_cert_files': None, 'no_dnssec_validation': None, 'ca_signing_algorithm': None, 'no_reverse': None, 'pkinit_cert_files': None, 'unattended': False, 'no_host_dns': None, 'no_sshd': None, 'no_ui_redirect': None, 'forwarders': None, 'idstart': None, 'realm_name': None, 'pkinit_cert_name': None, 'no_ssh': None, 'external_cert_files': None, 'no_hbac_allow': None, 'dirsrv_cert_name': None, 'ca_cert_files': None, 'zonemgr': None, 'quiet': False, 'setup_dns': None, 'host_name': None, 'log_file': None, 'reverse_zones': None, 'uninstall': False} ipa.ipapython.install.cli.install_tool(Server): DEBUG IPA version 4.2.3-1.1.fc23 ipa : DEBUG Starting external process ipa : DEBUG args='/usr/sbin/selinuxenabled' ipa : DEBUG Process finished, return code=1 ipa : DEBUG stdout= ipa : DEBUG stderr= The log file for this installation can be found in /var/log/ipaserver-install.log ipa : DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' ipa : DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' ipa : DEBUG httpd is not configured ipa : DEBUG kadmin is not configured ipa : DEBUG dirsrv is configured ipa : DEBUG pki-cad is not configured ipa : DEBUG pki-tomcatd is configured ipa : DEBUG install is not configured ipa : DEBUG krb5kdc is not configured ipa : DEBUG ntpd is configured ipa : DEBUG named is not configured ipa : DEBUG ipa_memcached is not configured ipa : DEBUG filestore has files ipa.ipapython.install.cli.install_tool(Server): DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in execute return_value = self.run() File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 307, in run cfgr.run() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 292, in run self.validate() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 301, in validate for nothing in self._validator(): File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 356, in __runner self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 378, in _handle_exception util.raise_exc_info(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 346, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 87, in run_generator_with_yield_from raise_exc_info(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 65, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 535, in _configure validator.next() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 356, in __runner self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 435, in _handle_exception self.__parent._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 378, in _handle_exception util.raise_exc_info(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 432, in _handle_exception super(ComponentBase, self)._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 378, in _handle_exception util.raise_exc_info(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 346, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 87, in run_generator_with_yield_from raise_exc_info(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 65, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 63, in _install for nothing in self._installer(self.parent): File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", line 1283, in main install_check(self) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", line 257, in decorated func(installer) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", line 316, in install_check sys.exit("IPA server is already configured on this system.\n" ipa.ipapython.install.cli.install_tool(Server): DEBUG The ipa-server-install command failed, exception: SystemExit: IPA server is already configured on this system. If you want to reinstall the IPA server, please uninstall it first using 'ipa-server-install --uninstall'. ipa.ipapython.install.cli.install_tool(Server): ERROR IPA server is already configured on this system. If you want to reinstall the IPA server, please uninstall it first using 'ipa-server-install --uninstall'. [root at obelix ~]# ipa-server-install --uninstall This is a NON REVERSIBLE operation and will delete all data and configuration! Are you sure you want to continue with the uninstall procedure? [no]: yes Shutting down all IPA services Removing IPA client configuration Unconfiguring ntpd Configuring certmonger to stop tracking system certificates for KRA Configuring certmonger to stop tracking system certificates for CA Unconfiguring CA Unconfiguring directory server [root at obelix ~]# ipa-server-install -v ipa.ipapython.install.cli.install_tool(Server): DEBUG Logging to /var/log/ipaserver-install.log ipa.ipapython.install.cli.install_tool(Server): DEBUG ipa-server-install was invoked with arguments [] and options: {'no_dns_sshfp': None, 'verbose': True, 'ip_addresses': None, 'domainlevel': None, 'mkhomedir': None, 'no_pkinit': None, 'http_cert_files': None, 'no_ntp': None, 'subject': None, 'no_forwarders': None, 'external_ca': None, 'external_ca_type': None, 'ssh_trust_dns': None, 'domain_name': None, 'idmax': None, 'http_cert_name': None, 'dirsrv_cert_files': None, 'no_dnssec_validation': None, 'ca_signing_algorithm': None, 'no_reverse': None, 'pkinit_cert_files': None, 'unattended': False, 'no_host_dns': None, 'no_sshd': None, 'no_ui_redirect': None, 'forwarders': None, 'idstart': None, 'realm_name': None, 'pkinit_cert_name': None, 'no_ssh': None, 'external_cert_files': None, 'no_hbac_allow': None, 'dirsrv_cert_name': None, 'ca_cert_files': None, 'zonemgr': None, 'quiet': False, 'setup_dns': None, 'host_name': None, 'log_file': None, 'reverse_zones': None, 'uninstall': False} ipa.ipapython.install.cli.install_tool(Server): DEBUG IPA version 4.2.3-1.1.fc23 ipa : DEBUG Starting external process ipa : DEBUG args='/usr/sbin/selinuxenabled' ipa : DEBUG Process finished, return code=1 ipa : DEBUG stdout= ipa : DEBUG stderr= The log file for this installation can be found in /var/log/ipaserver-install.log ipa : DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' ipa : DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' ipa : DEBUG httpd is not configured ipa : DEBUG kadmin is not configured ipa : DEBUG dirsrv is not configured ipa : DEBUG pki-cad is not configured ipa : DEBUG pki-tomcatd is not configured ipa : DEBUG install is not configured ipa : DEBUG krb5kdc is not configured ipa : DEBUG ntpd is not configured ipa : DEBUG named is not configured ipa : DEBUG ipa_memcached is not configured ipa : DEBUG filestore is tracking no files ipa : DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' ipa : DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' ipa : DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' ============================================================================== This program will set up the FreeIPA Server. This includes: * Configure a stand-alone CA (dogtag) for certificate management * Configure the Network Time Daemon (ntpd) * Create and configure an instance of Directory Server * Create and configure a Kerberos Key Distribution Center (KDC) * Configure Apache (httpd) To accept the default shown in brackets, press the Enter key. ipa : DEBUG Starting external process ipa : DEBUG args='/bin/systemctl' 'is-enabled' 'chronyd.service' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=enabled ipa : DEBUG stderr= WARNING: conflicting time&date synchronization service 'chronyd' will be disabled in favor of ntpd ipa : DEBUG Starting external process ipa : DEBUG args='/usr/sbin/httpd' '-t' '-D' 'DUMP_VHOSTS' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=VirtualHost configuration: *:8443 obelix.roth.lan (/etc/httpd/conf.d/nss.conf:83) ipa : DEBUG stderr= Do you want to configure integrated DNS (BIND)? [no]: yes Enter the fully qualified domain name of the computer on which you're setting up server software. Using the form . Example: master.example.com. Server host name [obelix.roth.lan]: ipa : DEBUG Check if obelix.roth.lan is a primary hostname for localhost ipa : DEBUG Primary hostname for localhost: obelix.roth.lan Warning: skipping DNS resolution of host obelix.roth.lan ipa : DEBUG will use host_name: obelix.roth.lan The domain name has been determined based on the host name. Please confirm the domain name [roth.lan]: ipa : DEBUG read domain_name: roth.lan The kerberos protocol requires a Realm name to be defined. This is typically the domain name converted to uppercase. Please provide a realm name [ROTH.LAN]: ipa : DEBUG read realm_name: ROTH.LAN Certain directory server operations require an administrative user. This user is referred to as the Directory Manager and has full access to the Directory for system management tasks and will be added to the instance of directory server created for IPA. The password must be at least 8 characters long. Directory Manager password: Password (confirm): The IPA server requires an administrative user, named 'admin'. This user is a regular system account used for IPA server administration. IPA admin password: Password (confirm): ipa : DEBUG importing all plugin modules in ipalib.plugins... ipa : DEBUG importing plugin module ipalib.plugins.aci ipa : DEBUG importing plugin module ipalib.plugins.automember ipa : DEBUG importing plugin module ipalib.plugins.automount ipa : DEBUG importing plugin module ipalib.plugins.baseldap ipa : DEBUG importing plugin module ipalib.plugins.baseuser ipa : DEBUG importing plugin module ipalib.plugins.batch ipa : DEBUG importing plugin module ipalib.plugins.caacl ipa : DEBUG importing plugin module ipalib.plugins.cert ipa : DEBUG importing plugin module ipalib.plugins.certprofile ipa : DEBUG importing plugin module ipalib.plugins.config ipa : DEBUG importing plugin module ipalib.plugins.delegation ipa : DEBUG importing plugin module ipalib.plugins.dns ipa : DEBUG importing plugin module ipalib.plugins.domainlevel ipa : DEBUG importing plugin module ipalib.plugins.group ipa : DEBUG importing plugin module ipalib.plugins.hbacrule ipa : DEBUG importing plugin module ipalib.plugins.hbacsvc ipa : DEBUG importing plugin module ipalib.plugins.hbacsvcgroup ipa : DEBUG importing plugin module ipalib.plugins.hbactest ipa : DEBUG importing plugin module ipalib.plugins.host ipa : DEBUG importing plugin module ipalib.plugins.hostgroup ipa : DEBUG importing plugin module ipalib.plugins.idrange ipa : DEBUG importing plugin module ipalib.plugins.idviews ipa : DEBUG importing plugin module ipalib.plugins.internal ipa : DEBUG importing plugin module ipalib.plugins.kerberos ipa : DEBUG importing plugin module ipalib.plugins.krbtpolicy ipa : DEBUG importing plugin module ipalib.plugins.migration ipa : DEBUG importing plugin module ipalib.plugins.misc ipa : DEBUG importing plugin module ipalib.plugins.netgroup ipa : DEBUG importing plugin module ipalib.plugins.otpconfig ipa : DEBUG importing plugin module ipalib.plugins.otptoken ipa : DEBUG importing plugin module ipalib.plugins.otptoken_yubikey ipa : DEBUG importing plugin module ipalib.plugins.passwd ipa : DEBUG importing plugin module ipalib.plugins.permission ipa : DEBUG importing plugin module ipalib.plugins.ping ipa : DEBUG importing plugin module ipalib.plugins.pkinit ipa : DEBUG importing plugin module ipalib.plugins.privilege ipa : DEBUG importing plugin module ipalib.plugins.pwpolicy ipa : DEBUG Starting external process ipa : DEBUG args='klist' '-V' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=Kerberos 5 version 1.14 ipa : DEBUG stderr= ipa : DEBUG importing plugin module ipalib.plugins.radiusproxy ipa : DEBUG importing plugin module ipalib.plugins.realmdomains ipa : DEBUG importing plugin module ipalib.plugins.role ipa : DEBUG importing plugin module ipalib.plugins.rpcclient ipa : DEBUG importing plugin module ipalib.plugins.selfservice ipa : DEBUG importing plugin module ipalib.plugins.selinuxusermap ipa : DEBUG importing plugin module ipalib.plugins.server ipa : DEBUG importing plugin module ipalib.plugins.service ipa : DEBUG importing plugin module ipalib.plugins.servicedelegation ipa : DEBUG importing plugin module ipalib.plugins.session ipa.ipalib.session.MemcacheSessionManager: WARNING session memcached servers not running ipa : DEBUG importing plugin module ipalib.plugins.stageuser ipa : DEBUG importing plugin module ipalib.plugins.sudocmd ipa : DEBUG importing plugin module ipalib.plugins.sudocmdgroup ipa : DEBUG importing plugin module ipalib.plugins.sudorule ipa : DEBUG importing plugin module ipalib.plugins.topology ipa : DEBUG importing plugin module ipalib.plugins.trust ipa : DEBUG importing plugin module ipalib.plugins.user ipa : DEBUG importing plugin module ipalib.plugins.vault ipa : DEBUG importing plugin module ipalib.plugins.virtual ipa : DEBUG importing all plugin modules in ipaserver.plugins... ipa : DEBUG importing plugin module ipaserver.plugins.dogtag ipa : DEBUG importing plugin module ipaserver.plugins.join ipa : DEBUG importing plugin module ipaserver.plugins.ldap2 ipa : DEBUG importing plugin module ipaserver.plugins.rabase ipa : DEBUG importing plugin module ipaserver.plugins.xmlserver ipa : DEBUG importing all plugin modules in ipaserver.install.plugins... ipa : DEBUG importing plugin module ipaserver.install.plugins.adtrust ipa : DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master ipa : DEBUG importing plugin module ipaserver.install.plugins.dns ipa : DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements ipa : DEBUG importing plugin module ipaserver.install.plugins.rename_managed ipa : DEBUG importing plugin module ipaserver.install.plugins.update_idranges ipa : DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions ipa : DEBUG importing plugin module ipaserver.install.plugins.update_pacs ipa : DEBUG importing plugin module ipaserver.install.plugins.update_passsync ipa : DEBUG importing plugin module ipaserver.install.plugins.update_referint ipa : DEBUG importing plugin module ipaserver.install.plugins.update_services ipa : DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness ipa : DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt ipa.ipalib.session.SessionAuthManager: DEBUG SessionAuthManager.register: name=jsonserver_session_3021715280 ipa.ipalib.session.SessionAuthManager: DEBUG SessionAuthManager.register: name=xmlserver_session_3021716144 ipa.ipaserver.rpcserver.wsgi_dispatch: DEBUG Mounting ipaserver.rpcserver.xmlserver_session() at '/session/xml' ipa.ipaserver.rpcserver.xmlserver_session: DEBUG session_auth_duration: 0:20:00 ipa.ipaserver.rpcserver.xmlserver_session: DEBUG session_auth_duration: 0:20:00 ipa.ipaserver.rpcserver.wsgi_dispatch: DEBUG Mounting ipaserver.rpcserver.sync_token() at '/session/sync_token' ipa.ipaserver.rpcserver.wsgi_dispatch: DEBUG Mounting ipaserver.rpcserver.login_password() at '/session/login_password' ipa.ipaserver.rpcserver.login_password: DEBUG session_auth_duration: 0:20:00 ipa.ipaserver.rpcserver.wsgi_dispatch: DEBUG Mounting ipaserver.rpcserver.jsonserver_kerb() at '/json' ipa.ipaserver.rpcserver.jsonserver_kerb: DEBUG session_auth_duration: 0:20:00 ipa.ipaserver.rpcserver.wsgi_dispatch: DEBUG Mounting ipaserver.rpcserver.xmlserver() at '/xml' ipa.ipaserver.rpcserver.xmlserver: DEBUG session_auth_duration: 0:20:00 ipa.ipaserver.rpcserver.wsgi_dispatch: DEBUG Mounting ipaserver.rpcserver.jsonserver_session() at '/session/json' ipa.ipaserver.rpcserver.jsonserver_session: DEBUG session_auth_duration: 0:20:00 ipa.ipaserver.rpcserver.wsgi_dispatch: DEBUG Mounting ipaserver.rpcserver.change_password() at '/session/change_password' ipa.ipaserver.rpcserver.wsgi_dispatch: DEBUG Mounting ipaserver.rpcserver.login_kerberos() at '/session/login_kerberos' ipa.ipaserver.rpcserver.login_kerberos: DEBUG session_auth_duration: 0:20:00 ipa : DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' ipa : DEBUG Starting external process ipa : DEBUG args='/sbin/ip' '-family' 'inet' '-oneline' 'address' 'show' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=1: lo inet 127.0.0.1/8 scope host lo\ valid_lft forever preferred_lft forever 2: eth0 inet 192.168.178.10/24 brd 192.168.178.255 scope global eth0\ valid_lft forever preferred_lft forever ipa : DEBUG stderr= Do you want to configure DNS forwarders? [yes]: Enter an IP address for a DNS forwarder, or press Enter to skip: 192.168.178.254 DNS forwarder 192.168.178.254 added. You may add another. Enter an IP address for a DNS forwarder, or press Enter to skip: Checking DNS forwarders, please wait ... ipa : DEBUG Checking DNS server: 192.168.178.254 ipa : DEBUG will use dns_forwarders: ['192.168.178.254'] Do you want to configure the reverse zone? [yes]: Please specify the reverse zone name [178.168.192.in-addr.arpa.]: Using reverse zone(s) 178.168.192.in-addr.arpa. The IPA Master Server will be configured with: Hostname: obelix.roth.lan IP address(es): 192.168.178.10 Domain name: roth.lan Realm name: ROTH.LAN BIND DNS server will be configured to serve IPA domain with: Forwarders: 192.168.178.254 Reverse zone(s): 178.168.192.in-addr.arpa. Continue to configure the system with these values? [no]: yes The following operations may take some minutes to complete. Please wait until the prompt is returned. ipa : DEBUG Backing up system configuration file '/etc/hosts' ipa : DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' ipa.ipaplatform.base.tasks: DEBUG group dirsrv exists ipa.ipaplatform.base.tasks: DEBUG user dirsrv exists ipa : DEBUG Starting external process ipa : DEBUG args='/bin/systemctl' 'is-enabled' 'chronyd.service' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=enabled ipa : DEBUG stderr= ipa : DEBUG Starting external process ipa : DEBUG args='/bin/systemctl' 'is-active' 'chronyd.service' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=active ipa : DEBUG stderr= ipa : DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' ipa : DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' ipa : DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' ipa : DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' ipa : DEBUG Starting external process ipa : DEBUG args='/bin/systemctl' 'stop' 'chronyd.service' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout= ipa : DEBUG stderr= ipa : DEBUG Starting external process ipa : DEBUG args='/bin/systemctl' 'disable' 'chronyd.service' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout= ipa : DEBUG stderr=Removed symlink /etc/systemd/system/multi-user.target.wants/chronyd.service. ipa : DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' ipa : DEBUG Configuring NTP daemon (ntpd) Configuring NTP daemon (ntpd) ipa : DEBUG [1/4]: stopping ntpd [1/4]: stopping ntpd ipa : DEBUG Starting external process ipa : DEBUG args='/bin/systemctl' 'is-active' 'ntpd.service' ipa : DEBUG Process finished, return code=3 ipa : DEBUG stdout=unknown ipa : DEBUG stderr= ipa : DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' ipa : DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' ipa : DEBUG Starting external process ipa : DEBUG args='/bin/systemctl' 'stop' 'ntpd.service' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout= ipa : DEBUG stderr= ipa : DEBUG duration: 0 seconds ipa : DEBUG [2/4]: writing configuration [2/4]: writing configuration ipa : DEBUG Backing up system configuration file '/etc/ntp.conf' ipa : DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' ipa : DEBUG Backing up system configuration file '/etc/sysconfig/ntpd' ipa : DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' ipa : DEBUG duration: 0 seconds ipa : DEBUG [3/4]: configuring ntpd to start on boot [3/4]: configuring ntpd to start on boot ipa : DEBUG Starting external process ipa : DEBUG args='/bin/systemctl' 'is-enabled' 'ntpd.service' ipa : DEBUG Process finished, return code=1 ipa : DEBUG stdout=disabled ipa : DEBUG stderr= ipa : DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' ipa : DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' ipa : DEBUG Starting external process ipa : DEBUG args='/bin/systemctl' 'enable' 'ntpd.service' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout= ipa : DEBUG stderr=Created symlink from /etc/systemd/system/multi-user.target.wants/ntpd.service to /usr/lib/systemd/system/ntpd.service. ipa : DEBUG duration: 0 seconds ipa : DEBUG [4/4]: starting ntpd [4/4]: starting ntpd ipa : DEBUG Starting external process ipa : DEBUG args='/bin/systemctl' 'start' 'ntpd.service' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout= ipa : DEBUG stderr= ipa : DEBUG Starting external process ipa : DEBUG args='/bin/systemctl' 'is-active' 'ntpd.service' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=active ipa : DEBUG stderr= ipa : DEBUG duration: 0 seconds ipa : DEBUG Done configuring NTP daemon (ntpd). Done configuring NTP daemon (ntpd). ipa : DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' ipa : DEBUG Configuring directory server (dirsrv). Estimated time: 1 minute Configuring directory server (dirsrv). Estimated time: 1 minute ipa : DEBUG [1/43]: creating directory server user [1/43]: creating directory server user ipa.ipaplatform.base.tasks: DEBUG group dirsrv exists ipa.ipaplatform.base.tasks: DEBUG user dirsrv exists ipa : DEBUG duration: 0 seconds ipa : DEBUG [2/43]: creating directory server instance [2/43]: creating directory server instance ipa : DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' ipa : DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' ipa : DEBUG Backing up system configuration file '/etc/sysconfig/dirsrv' ipa : DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' ipa : DEBUG dn: dc=roth,dc=lan objectClass: top objectClass: domain objectClass: pilotObject dc: roth info: IPA V2.0 ipa : DEBUG writing inf template ipa : DEBUG [General] FullMachineName= obelix.roth.lan SuiteSpotUserID= dirsrv SuiteSpotGroup= dirsrv ServerRoot= /usr/lib/dirsrv [slapd] ServerPort= 389 ServerIdentifier= ROTH-LAN Suffix= dc=roth,dc=lan RootDN= cn=Directory Manager InstallLdifFile= /var/lib/dirsrv/boot.ldif inst_dir= /var/lib/dirsrv/scripts-ROTH-LAN ipa : DEBUG calling setup-ds.pl ipa : DEBUG Starting external process ipa : DEBUG args='/usr/sbin/setup-ds.pl' '--silent' '--logfile' '-' '-f' '/tmp/tmpUdvFsg' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=[16/01/08:20:41:50] - [Setup] Info Your new DS instance 'ROTH-LAN' was successfully created. Your new DS instance 'ROTH-LAN' was successfully created. [16/01/08:20:41:50] - [Setup] Success Exiting . . . Log file is '-' Exiting . . . Log file is '-' ipa : DEBUG stderr= ipa : DEBUG completed creating ds instance ipa : DEBUG restarting ds instance ipa : DEBUG Starting external process ipa : DEBUG args='/bin/systemctl' '--system' 'daemon-reload' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout= ipa : DEBUG stderr= ipa : DEBUG Starting external process ipa : DEBUG args='/bin/systemctl' 'restart' 'dirsrv at ROTH-LAN.service' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout= ipa : DEBUG stderr= ipa : DEBUG Starting external process ipa : DEBUG args='/bin/systemctl' 'is-active' 'dirsrv at ROTH-LAN.service' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=active ipa : DEBUG stderr= ipa : DEBUG wait_for_open_ports: localhost [389] timeout 1200 ipa : DEBUG Starting external process ipa : DEBUG args='/bin/systemctl' 'is-active' 'dirsrv at ROTH-LAN.service' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=active ipa : DEBUG stderr= ipa : DEBUG done restarting ds instance ipa : DEBUG duration: 12 seconds ipa : DEBUG [3/43]: adding default schema [3/43]: adding default schema ipa : DEBUG duration: 0 seconds ipa : DEBUG [4/43]: enabling memberof plugin [4/43]: enabling memberof plugin ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/usr/share/ipa/memberof-conf.ldif' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmp6Mocom' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=replace nsslapd-pluginenabled: on add memberofgroupattr: memberUser add memberofgroupattr: memberHost modifying entry "cn=MemberOf Plugin,cn=plugins,cn=config" modify complete ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base ) ipa : DEBUG duration: 0 seconds ipa : DEBUG [5/43]: enabling winsync plugin [5/43]: enabling winsync plugin ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/usr/share/ipa/ipa-winsync-conf.ldif' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpUEyIUy' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: ipa-winsync add nsslapd-pluginpath: libipa_winsync add nsslapd-plugininitfunc: ipa_winsync_plugin_init add nsslapd-pluginDescription: Allows IPA to work with the DS windows sync feature add nsslapd-pluginid: ipa-winsync add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: Red Hat add nsslapd-plugintype: preoperation add nsslapd-pluginenabled: on add nsslapd-plugin-depends-on-type: database add ipaWinSyncRealmFilter: (objectclass=krbRealmContainer) add ipaWinSyncRealmAttr: cn add ipaWinSyncNewEntryFilter: (cn=ipaConfig) add ipaWinSyncNewUserOCAttr: ipauserobjectclasses add ipaWinSyncUserFlatten: true add ipaWinsyncHomeDirAttr: ipaHomesRootDir add ipaWinsyncLoginShellAttr: ipaDefaultLoginShell add ipaWinSyncDefaultGroupAttr: ipaDefaultPrimaryGroup add ipaWinSyncDefaultGroupFilter: (gidNumber=*)(objectclass=posixGroup)(objectclass=groupOfNames) add ipaWinSyncAcctDisable: both add ipaWinSyncForceSync: true add ipaWinSyncUserAttr: uidNumber -1 gidNumber -1 adding new entry "cn=ipa-winsync,cn=plugins,cn=config" modify complete ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base ) ipa : DEBUG duration: 0 seconds ipa : DEBUG [6/43]: configuring replication version plugin [6/43]: configuring replication version plugin ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/usr/share/ipa/version-conf.ldif' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpWpBh8z' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: IPA Version Replication add nsslapd-pluginpath: libipa_repl_version add nsslapd-plugininitfunc: repl_version_plugin_init add nsslapd-plugintype: preoperation add nsslapd-pluginenabled: off add nsslapd-pluginid: ipa_repl_version add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: Red Hat, Inc. add nsslapd-plugindescription: IPA Replication version plugin add nsslapd-plugin-depends-on-type: database add nsslapd-plugin-depends-on-named: Multimaster Replication Plugin adding new entry "cn=IPA Version Replication,cn=plugins,cn=config" modify complete ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base ) ipa : DEBUG duration: 0 seconds ipa : DEBUG [7/43]: enabling IPA enrollment plugin [7/43]: enabling IPA enrollment plugin ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmp3HP1bx' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpq4Y1dy' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: ipa_enrollment_extop add nsslapd-pluginpath: libipa_enrollment_extop add nsslapd-plugininitfunc: ipaenrollment_init add nsslapd-plugintype: extendedop add nsslapd-pluginenabled: on add nsslapd-pluginid: ipa_enrollment_extop add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: RedHat add nsslapd-plugindescription: Enroll hosts into the IPA domain add nsslapd-plugin-depends-on-type: database add nsslapd-realmTree: dc=roth,dc=lan adding new entry "cn=ipa_enrollment_extop,cn=plugins,cn=config" modify complete ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base ) ipa : DEBUG duration: 0 seconds ipa : DEBUG [8/43]: enabling ldapi [8/43]: enabling ldapi ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmpKsoCNx' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpdhDdDJ' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=replace nsslapd-ldapilisten: on modifying entry "cn=config" modify complete ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base ) ipa : DEBUG duration: 0 seconds ipa : DEBUG [9/43]: configuring uniqueness plugin [9/43]: configuring uniqueness plugin ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmpuXuZuI' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpA2mgzm' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=add objectClass: top nsSlapdPlugin extensibleObject add cn: krbPrincipalName uniqueness add nsslapd-pluginPath: libattr-unique-plugin add nsslapd-pluginInitfunc: NSUniqueAttr_Init add nsslapd-pluginType: preoperation add nsslapd-pluginEnabled: on add uniqueness-attribute-name: krbPrincipalName add nsslapd-plugin-depends-on-type: database add nsslapd-pluginId: NSUniqueAttr add nsslapd-pluginVersion: 1.1.0 add nsslapd-pluginVendor: Fedora Project add nsslapd-pluginDescription: Enforce unique attribute values add uniqueness-subtrees: dc=roth,dc=lan add uniqueness-exclude-subtrees: cn=staged users,cn=accounts,cn=provisioning,dc=roth,dc=lan add uniqueness-across-all-subtrees: on adding new entry "cn=krbPrincipalName uniqueness,cn=plugins,cn=config" modify complete add objectClass: top nsSlapdPlugin extensibleObject add cn: krbCanonicalName uniqueness add nsslapd-pluginPath: libattr-unique-plugin add nsslapd-pluginInitfunc: NSUniqueAttr_Init add nsslapd-pluginType: preoperation add nsslapd-pluginEnabled: on add uniqueness-attribute-name: krbCanonicalName add nsslapd-plugin-depends-on-type: database add nsslapd-pluginId: NSUniqueAttr add nsslapd-pluginVersion: 1.1.0 add nsslapd-pluginVendor: Fedora Project add nsslapd-pluginDescription: Enforce unique attribute values add uniqueness-subtrees: dc=roth,dc=lan add uniqueness-exclude-subtrees: cn=staged users,cn=accounts,cn=provisioning,dc=roth,dc=lan add uniqueness-across-all-subtrees: on adding new entry "cn=krbCanonicalName uniqueness,cn=plugins,cn=config" modify complete add objectClass: top nsSlapdPlugin extensibleObject add cn: netgroup uniqueness add nsslapd-pluginPath: libattr-unique-plugin add nsslapd-pluginInitfunc: NSUniqueAttr_Init add nsslapd-pluginType: preoperation add nsslapd-pluginEnabled: on add uniqueness-attribute-name: cn add uniqueness-subtrees: cn=ng,cn=alt,dc=roth,dc=lan add nsslapd-plugin-depends-on-type: database add nsslapd-pluginId: NSUniqueAttr add nsslapd-pluginVersion: 1.1.0 add nsslapd-pluginVendor: Fedora Project add nsslapd-pluginDescription: Enforce unique attribute values adding new entry "cn=netgroup uniqueness,cn=plugins,cn=config" modify complete add objectClass: top nsSlapdPlugin extensibleObject add cn: ipaUniqueID uniqueness add nsslapd-pluginPath: libattr-unique-plugin add nsslapd-pluginInitfunc: NSUniqueAttr_Init add nsslapd-pluginType: preoperation add nsslapd-pluginEnabled: on add uniqueness-attribute-name: ipaUniqueID add nsslapd-plugin-depends-on-type: database add nsslapd-pluginId: NSUniqueAttr add nsslapd-pluginVersion: 1.1.0 add nsslapd-pluginVendor: Fedora Project add nsslapd-pluginDescription: Enforce unique attribute values add uniqueness-subtrees: dc=roth,dc=lan add uniqueness-exclude-subtrees: cn=staged users,cn=accounts,cn=provisioning,dc=roth,dc=lan add uniqueness-across-all-subtrees: on adding new entry "cn=ipaUniqueID uniqueness,cn=plugins,cn=config" modify complete add objectClass: top nsSlapdPlugin extensibleObject add cn: sudorule name uniqueness add nsslapd-pluginDescription: Enforce unique attribute values add nsslapd-pluginPath: libattr-unique-plugin add nsslapd-pluginInitfunc: NSUniqueAttr_Init add nsslapd-pluginType: preoperation add nsslapd-pluginEnabled: on add uniqueness-attribute-name: cn add uniqueness-subtrees: cn=sudorules,cn=sudo,dc=roth,dc=lan add nsslapd-plugin-depends-on-type: database add nsslapd-pluginId: NSUniqueAttr add nsslapd-pluginVersion: 1.1.0 add nsslapd-pluginVendor: Fedora Project adding new entry "cn=sudorule name uniqueness,cn=plugins,cn=config" modify complete ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base ) ipa : DEBUG duration: 0 seconds ipa : DEBUG [10/43]: configuring uuid plugin [10/43]: configuring uuid plugin ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/usr/share/ipa/uuid-conf.ldif' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpvVIf09' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: IPA UUID add nsslapd-pluginpath: libipa_uuid add nsslapd-plugininitfunc: ipauuid_init add nsslapd-plugintype: preoperation add nsslapd-pluginenabled: on add nsslapd-pluginid: ipauuid_version add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: Red Hat, Inc. add nsslapd-plugindescription: IPA UUID plugin add nsslapd-plugin-depends-on-type: database adding new entry "cn=IPA UUID,cn=plugins,cn=config" modify complete ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base ) ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmpyrgfiL' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpuAP0El' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=add objectclass: top extensibleObject add cn: IPA Unique IDs add ipaUuidAttr: ipaUniqueID add ipaUuidMagicRegen: autogenerate add ipaUuidFilter: (|(objectclass=ipaObject)(objectclass=ipaAssociation)) add ipaUuidScope: dc=roth,dc=lan add ipaUuidEnforce: TRUE adding new entry "cn=IPA Unique IDs,cn=IPA UUID,cn=plugins,cn=config" modify complete add objectclass: top extensibleObject add cn: IPK11 Unique IDs add ipaUuidAttr: ipk11UniqueID add ipaUuidMagicRegen: autogenerate add ipaUuidFilter: (objectclass=ipk11Object) add ipaUuidScope: dc=roth,dc=lan add ipaUuidEnforce: FALSE adding new entry "cn=IPK11 Unique IDs,cn=IPA UUID,cn=plugins,cn=config" modify complete ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base ) ipa : DEBUG duration: 0 seconds ipa : DEBUG [11/43]: configuring modrdn plugin [11/43]: configuring modrdn plugin ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/usr/share/ipa/modrdn-conf.ldif' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpX5ZqnO' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: IPA MODRDN add nsslapd-pluginpath: libipa_modrdn add nsslapd-plugininitfunc: ipamodrdn_init add nsslapd-plugintype: betxnpostoperation add nsslapd-pluginenabled: on add nsslapd-pluginid: ipamodrdn_version add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: Red Hat, Inc. add nsslapd-plugindescription: IPA MODRDN plugin add nsslapd-plugin-depends-on-type: database add nsslapd-pluginPrecedence: 60 adding new entry "cn=IPA MODRDN,cn=plugins,cn=config" modify complete ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base ) ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmp01xZ9m' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmp_MoMSW' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=add objectclass: top extensibleObject add cn: Kerberos Principal Name add ipaModRDNsourceAttr: uid add ipaModRDNtargetAttr: krbPrincipalName add ipaModRDNsuffix: @ROTH.LAN add ipaModRDNfilter: (&(objectclass=posixaccount)(objectclass=krbPrincipalAux)) add ipaModRDNscope: dc=roth,dc=lan adding new entry "cn=Kerberos Principal Name,cn=IPA MODRDN,cn=plugins,cn=config" modify complete ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base ) ipa : DEBUG duration: 0 seconds ipa : DEBUG [12/43]: configuring DNS plugin [12/43]: configuring DNS plugin ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/usr/share/ipa/ipa-dns-conf.ldif' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpgUxX1U' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=add objectclass: top nsslapdPlugin extensibleObject add cn: IPA DNS add nsslapd-plugindescription: IPA DNS support plugin add nsslapd-pluginenabled: on add nsslapd-pluginid: ipa_dns add nsslapd-plugininitfunc: ipadns_init add nsslapd-pluginpath: libipa_dns.so add nsslapd-plugintype: preoperation add nsslapd-pluginvendor: Red Hat, Inc. add nsslapd-pluginversion: 1.0 add nsslapd-plugin-depends-on-type: database adding new entry "cn=IPA DNS,cn=plugins,cn=config" modify complete ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base ) ipa : DEBUG duration: 0 seconds ipa : DEBUG [13/43]: enabling entryUSN plugin [13/43]: enabling entryUSN plugin ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/usr/share/ipa/entryusn.ldif' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpLTJ62j' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=replace nsslapd-entryusn-global: on modifying entry "cn=config" modify complete replace nsslapd-entryusn-import-initval: next modifying entry "cn=config" modify complete replace nsslapd-pluginenabled: on modifying entry "cn=USN,cn=plugins,cn=config" modify complete ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base ) ipa : DEBUG duration: 0 seconds ipa : DEBUG [14/43]: configuring lockout plugin [14/43]: configuring lockout plugin ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/usr/share/ipa/lockout-conf.ldif' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpfYjXtE' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: IPA Lockout add nsslapd-pluginpath: libipa_lockout add nsslapd-plugininitfunc: ipalockout_init add nsslapd-plugintype: object add nsslapd-pluginenabled: on add nsslapd-pluginid: ipalockout_version add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: Red Hat, Inc. add nsslapd-plugindescription: IPA Lockout plugin add nsslapd-plugin-depends-on-type: database adding new entry "cn=IPA Lockout,cn=plugins,cn=config" modify complete ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base ) ipa : DEBUG duration: 0 seconds ipa : DEBUG [15/43]: creating indices [15/43]: creating indices ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/usr/share/ipa/indices.ldif' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmp34o4Wg' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=add objectClass: top nsIndex add cn: krbPrincipalName add nsSystemIndex: false add nsIndexType: eq sub adding new entry "cn=krbPrincipalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add objectClass: top nsIndex add cn: ou add nsSystemIndex: false add nsIndexType: eq sub adding new entry "cn=ou,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add objectClass: top nsIndex add cn: carLicense add nsSystemIndex: false add nsIndexType: eq sub adding new entry "cn=carLicense,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add objectClass: top nsIndex add cn: title add nsSystemIndex: false add nsIndexType: eq sub adding new entry "cn=title,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add objectClass: top nsIndex add cn: manager add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=manager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add objectClass: top nsIndex add cn: secretary add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=secretary,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add objectClass: top nsIndex add cn: displayname add nsSystemIndex: false add nsIndexType: eq sub adding new entry "cn=displayname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add nsIndexType: sub modifying entry "cn=uid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add objectClass: top nsIndex add cn: uidnumber add nsSystemIndex: false add nsIndexType: eq add nsMatchingRule: integerOrderingMatch adding new entry "cn=uidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add objectClass: top nsIndex add cn: gidnumber add nsSystemIndex: false add nsIndexType: eq add nsMatchingRule: integerOrderingMatch adding new entry "cn=gidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete replace nsIndexType: eq pres modifying entry "cn=ntUniqueId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete replace nsIndexType: eq pres modifying entry "cn=ntUserDomainId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add ObjectClass: top nsIndex add cn: fqdn add nsSystemIndex: false add nsIndexType: eq pres adding new entry "cn=fqdn,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add ObjectClass: top nsIndex add cn: macAddress add nsSystemIndex: false add nsIndexType: eq pres adding new entry "cn=macAddress,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: memberHost add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=memberHost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: memberUser add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=memberUser,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: sourcehost add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=sourcehost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: memberservice add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=memberservice,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: managedby add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=managedby,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: memberallowcmd add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=memberallowcmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: memberdenycmd add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=memberdenycmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: ipasudorunas add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=ipasudorunas,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: ipasudorunasgroup add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=ipasudorunasgroup,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: automountkey add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq adding new entry "cn=automountkey,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: ipakrbprincipalalias add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq adding new entry "cn=ipakrbprincipalalias,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: ipauniqueid add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq adding new entry "cn=ipauniqueid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: ipaMemberCa add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=ipaMemberCa,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: ipaMemberCertProfile add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=ipaMemberCertProfile,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: userCertificate add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres adding new entry "cn=userCertificate,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base ) ipa : DEBUG duration: 1 seconds ipa : DEBUG [16/43]: enabling referential integrity plugin [16/43]: enabling referential integrity plugin ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/usr/share/ipa/referint-conf.ldif' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpJ20WdM' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=replace nsslapd-pluginenabled: on modifying entry "cn=referential integrity postoperation,cn=plugins,cn=config" modify complete ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base ) ipa : DEBUG duration: 0 seconds ipa : DEBUG [17/43]: configuring certmap.conf [17/43]: configuring certmap.conf ipa : DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' ipa : DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' ipa : DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' ipa : DEBUG duration: 0 seconds ipa : DEBUG [18/43]: configure autobind for root [18/43]: configure autobind for root ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/usr/share/ipa/root-autobind.ldif' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpVMe_iO' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=add objectClass: extensibleObject top add cn: root-autobind add uidNumber: 0 add gidNumber: 0 adding new entry "cn=root-autobind,cn=config" modify complete replace nsslapd-ldapiautobind: on modifying entry "cn=config" modify complete replace nsslapd-ldapimaptoentries: on modifying entry "cn=config" modify complete ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base ) ipa : DEBUG duration: 0 seconds ipa : DEBUG [19/43]: configure new location for managed entries [19/43]: configure new location for managed entries ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmpOGLw55' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpnal0k3' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=add nsslapd-pluginConfigArea: cn=Definitions,cn=Managed Entries,cn=etc,dc=roth,dc=lan modifying entry "cn=Managed Entries,cn=plugins,cn=config" modify complete ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base ) ipa : DEBUG duration: 0 seconds ipa : DEBUG [20/43]: configure dirsrv ccache [20/43]: configure dirsrv ccache ipa : DEBUG Backing up system configuration file '/etc/sysconfig/dirsrv' ipa : DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' ipa : DEBUG Starting external process ipa : DEBUG args='/usr/sbin/selinuxenabled' ipa : DEBUG Process finished, return code=1 ipa : DEBUG stdout= ipa : DEBUG stderr= ipa : DEBUG duration: 0 seconds ipa : DEBUG [21/43]: enable SASL mapping fallback [21/43]: enable SASL mapping fallback ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmpbDUt23' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpZSrgYZ' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=replace nsslapd-sasl-mapping-fallback: on modifying entry "cn=config" modify complete ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base ) ipa : DEBUG duration: 0 seconds ipa : DEBUG [22/43]: restarting directory server [22/43]: restarting directory server ipa : DEBUG Starting external process ipa : DEBUG args='/bin/systemctl' '--system' 'daemon-reload' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout= ipa : DEBUG stderr= ipa : DEBUG Starting external process ipa : DEBUG args='/bin/systemctl' 'restart' 'dirsrv at ROTH-LAN.service' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout= ipa : DEBUG stderr= ipa : DEBUG Starting external process ipa : DEBUG args='/bin/systemctl' 'is-active' 'dirsrv at ROTH-LAN.service' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=active ipa : DEBUG stderr= ipa : DEBUG wait_for_open_ports: localhost [389] timeout 1200 ipa : DEBUG Starting external process ipa : DEBUG args='/bin/systemctl' 'is-active' 'dirsrv at ROTH-LAN.service' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=active ipa : DEBUG stderr= ipa : DEBUG duration: 5 seconds ipa : DEBUG [23/43]: adding default layout [23/43]: adding default layout ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmp_ccxo4' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpDkQVxq' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=add objectClass: top nsContainer add cn: accounts adding new entry "cn=accounts,dc=roth,dc=lan" modify complete add objectClass: top nsContainer add cn: users adding new entry "cn=users,cn=accounts,dc=roth,dc=lan" modify complete add objectClass: top nsContainer add cn: groups adding new entry "cn=groups,cn=accounts,dc=roth,dc=lan" modify complete add objectClass: top nsContainer add cn: services adding new entry "cn=services,cn=accounts,dc=roth,dc=lan" modify complete add objectClass: top nsContainer add cn: computers adding new entry "cn=computers,cn=accounts,dc=roth,dc=lan" modify complete add objectClass: top nsContainer add cn: hostgroups adding new entry "cn=hostgroups,cn=accounts,dc=roth,dc=lan" modify complete add objectClass: nsContainer add cn: alt adding new entry "cn=alt,dc=roth,dc=lan" modify complete add objectClass: nsContainer add cn: ng adding new entry "cn=ng,cn=alt,dc=roth,dc=lan" modify complete add objectClass: nsContainer add cn: automount adding new entry "cn=automount,dc=roth,dc=lan" modify complete add objectClass: nsContainer add cn: default adding new entry "cn=default,cn=automount,dc=roth,dc=lan" modify complete add objectClass: automountMap add automountMapName: auto.master adding new entry "automountmapname=auto.master,cn=default,cn=automount,dc=roth,dc=lan" modify complete add objectClass: automountMap add automountMapName: auto.direct adding new entry "automountmapname=auto.direct,cn=default,cn=automount,dc=roth,dc=lan" modify complete add objectClass: automount add automountKey: /- add automountInformation: auto.direct add description: /- auto.direct adding new entry "description=/- auto.direct,automountmapname=auto.master,cn=default,cn=automount,dc=roth,dc=lan" modify complete add objectClass: top nsContainer add cn: hbac adding new entry "cn=hbac,dc=roth,dc=lan" modify complete add objectClass: top nsContainer add cn: hbacservices adding new entry "cn=hbacservices,cn=hbac,dc=roth,dc=lan" modify complete add objectClass: top nsContainer add cn: hbacservicegroups adding new entry "cn=hbacservicegroups,cn=hbac,dc=roth,dc=lan" modify complete add objectClass: top nsContainer add cn: sudo adding new entry "cn=sudo,dc=roth,dc=lan" modify complete add objectClass: top nsContainer add cn: sudocmds adding new entry "cn=sudocmds,cn=sudo,dc=roth,dc=lan" modify complete add objectClass: top nsContainer add cn: sudocmdgroups adding new entry "cn=sudocmdgroups,cn=sudo,dc=roth,dc=lan" modify complete add objectClass: top nsContainer add cn: sudorules adding new entry "cn=sudorules,cn=sudo,dc=roth,dc=lan" modify complete add objectClass: nsContainer top add cn: etc adding new entry "cn=etc,dc=roth,dc=lan" modify complete add objectClass: nsContainer top add cn: sysaccounts adding new entry "cn=sysaccounts,cn=etc,dc=roth,dc=lan" modify complete add objectClass: nsContainer top add cn: ipa adding new entry "cn=ipa,cn=etc,dc=roth,dc=lan" modify complete add objectClass: nsContainer top add cn: masters adding new entry "cn=masters,cn=ipa,cn=etc,dc=roth,dc=lan" modify complete add objectClass: nsContainer top add cn: replicas adding new entry "cn=replicas,cn=ipa,cn=etc,dc=roth,dc=lan" modify complete add objectClass: nsContainer top add cn: dna adding new entry "cn=dna,cn=ipa,cn=etc,dc=roth,dc=lan" modify complete add objectClass: nsContainer top add cn: posix-ids adding new entry "cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=roth,dc=lan" modify complete add objectClass: nsContainer top add cn: ca_renewal adding new entry "cn=ca_renewal,cn=ipa,cn=etc,dc=roth,dc=lan" modify complete add objectClass: nsContainer top add cn: certificates adding new entry "cn=certificates,cn=ipa,cn=etc,dc=roth,dc=lan" modify complete add objectClass: nsContainer top add cn: s4u2proxy adding new entry "cn=s4u2proxy,cn=etc,dc=roth,dc=lan" modify complete add objectClass: ipaKrb5DelegationACL groupOfPrincipals top add cn: ipa-http-delegation add memberPrincipal: HTTP/obelix.roth.lan at ROTH.LAN add ipaAllowedTarget: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=roth,dc=lan cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=roth,dc=lan adding new entry "cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=roth,dc=lan" modify complete add objectClass: groupOfPrincipals top add cn: ipa-ldap-delegation-targets add memberPrincipal: ldap/obelix.roth.lan at ROTH.LAN adding new entry "cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=roth,dc=lan" modify complete add objectClass: groupOfPrincipals top add cn: ipa-cifs-delegation-targets adding new entry "cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=roth,dc=lan" modify complete add objectClass: top person posixaccount krbprincipalaux krbticketpolicyaux inetuser ipaobject ipasshuser add uid: admin add krbPrincipalName: admin at ROTH.LAN add cn: Administrator add sn: Administrator add uidNumber: 231200000 add gidNumber: 231200000 add homeDirectory: /home/admin add loginShell: /bin/bash add gecos: Administrator add nsAccountLock: FALSE add ipaUniqueID: autogenerate adding new entry "uid=admin,cn=users,cn=accounts,dc=roth,dc=lan" modify complete add objectClass: top groupofnames posixgroup ipausergroup ipaobject add cn: admins add description: Account administrators group add gidNumber: 231200000 add member: uid=admin,cn=users,cn=accounts,dc=roth,dc=lan add nsAccountLock: FALSE add ipaUniqueID: autogenerate adding new entry "cn=admins,cn=groups,cn=accounts,dc=roth,dc=lan" modify complete add objectClass: top groupofnames nestedgroup ipausergroup ipaobject add description: Default group for all users add cn: ipausers add ipaUniqueID: autogenerate adding new entry "cn=ipausers,cn=groups,cn=accounts,dc=roth,dc=lan" modify complete add objectClass: top groupofnames posixgroup ipausergroup ipaobject add gidNumber: 231200002 add description: Limited admins who can edit other users add cn: editors add ipaUniqueID: autogenerate adding new entry "cn=editors,cn=groups,cn=accounts,dc=roth,dc=lan" modify complete add objectclass: ipahbacservice ipaobject add cn: sshd add description: sshd add ipauniqueid: autogenerate adding new entry "cn=sshd,cn=hbacservices,cn=hbac,dc=roth,dc=lan" modify complete add objectclass: ipahbacservice ipaobject add cn: ftp add description: ftp add ipauniqueid: autogenerate adding new entry "cn=ftp,cn=hbacservices,cn=hbac,dc=roth,dc=lan" modify complete add objectclass: ipahbacservice ipaobject add cn: su add description: su add ipauniqueid: autogenerate adding new entry "cn=su,cn=hbacservices,cn=hbac,dc=roth,dc=lan" modify complete add objectclass: ipahbacservice ipaobject add cn: login add description: login add ipauniqueid: autogenerate adding new entry "cn=login,cn=hbacservices,cn=hbac,dc=roth,dc=lan" modify complete add objectclass: ipahbacservice ipaobject add cn: su-l add description: su with login shell add ipauniqueid: autogenerate adding new entry "cn=su-l,cn=hbacservices,cn=hbac,dc=roth,dc=lan" modify complete add objectclass: ipahbacservice ipaobject add cn: sudo add description: sudo add ipauniqueid: autogenerate adding new entry "cn=sudo,cn=hbacservices,cn=hbac,dc=roth,dc=lan" modify complete add objectclass: ipahbacservice ipaobject add cn: sudo-i add description: sudo-i add ipauniqueid: autogenerate adding new entry "cn=sudo-i,cn=hbacservices,cn=hbac,dc=roth,dc=lan" modify complete add objectclass: ipahbacservice ipaobject add cn: gdm add description: gdm add ipauniqueid: autogenerate adding new entry "cn=gdm,cn=hbacservices,cn=hbac,dc=roth,dc=lan" modify complete add objectclass: ipahbacservice ipaobject add cn: gdm-password add description: gdm-password add ipauniqueid: autogenerate adding new entry "cn=gdm-password,cn=hbacservices,cn=hbac,dc=roth,dc=lan" modify complete add objectclass: ipahbacservice ipaobject add cn: kdm add description: kdm add ipauniqueid: autogenerate adding new entry "cn=kdm,cn=hbacservices,cn=hbac,dc=roth,dc=lan" modify complete add objectClass: ipaobject ipahbacservicegroup nestedGroup groupOfNames top add cn: Sudo add ipauniqueid: autogenerate add description: Default group of Sudo related services add member: cn=sudo,cn=hbacservices,cn=hbac,dc=roth,dc=lan cn=sudo-i,cn=hbacservices,cn=hbac,dc=roth,dc=lan adding new entry "cn=Sudo,cn=hbacservicegroups,cn=hbac,dc=roth,dc=lan" modify complete add objectClass: nsContainer top ipaGuiConfig ipaConfigObject add ipaUserSearchFields: uid,givenname,sn,telephonenumber,ou,title add ipaGroupSearchFields: cn,description add ipaSearchTimeLimit: 2 add ipaSearchRecordsLimit: 100 add ipaHomesRootDir: /home add ipaDefaultLoginShell: /bin/sh add ipaDefaultPrimaryGroup: ipausers add ipaMaxUsernameLength: 32 add ipaPwdExpAdvNotify: 4 add ipaGroupObjectClasses: top groupofnames nestedgroup ipausergroup ipaobject add ipaUserObjectClasses: top person organizationalperson inetorgperson inetuser posixaccount krbprincipalaux krbticketpolicyaux ipaobject ipasshuser add ipaDefaultEmailDomain: roth.lan add ipaMigrationEnabled: FALSE add ipaConfigString: AllowNThash add ipaSELinuxUserMapOrder: guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023 add ipaSELinuxUserMapDefault: unconfined_u:s0-s0:c0.c1023 adding new entry "cn=ipaConfig,cn=etc,dc=roth,dc=lan" modify complete add objectclass: top nsContainer add cn: cosTemplates adding new entry "cn=cosTemplates,cn=accounts,dc=roth,dc=lan" modify complete add description: Password Policy based on group membership add objectClass: top ldapsubentry cosSuperDefinition cosClassicDefinition add cosTemplateDn: cn=cosTemplates,cn=accounts,dc=roth,dc=lan add cosAttribute: krbPwdPolicyReference override add cosSpecifier: memberOf adding new entry "cn=Password Policy,cn=accounts,dc=roth,dc=lan" modify complete add objectClass: top nsContainer add cn: selinux adding new entry "cn=selinux,dc=roth,dc=lan" modify complete add objectClass: top nsContainer add cn: usermap adding new entry "cn=usermap,cn=selinux,dc=roth,dc=lan" modify complete add objectClass: top nsContainer add cn: ranges adding new entry "cn=ranges,cn=etc,dc=roth,dc=lan" modify complete add objectClass: top ipaIDrange ipaDomainIDRange add cn: ROTH.LAN_id_range add ipaBaseID: 231200000 add ipaIDRangeSize: 200000 add ipaRangeType: ipa-local adding new entry "cn=ROTH.LAN_id_range,cn=ranges,cn=etc,dc=roth,dc=lan" modify complete add objectClass: nsContainer top add cn: ca adding new entry "cn=ca,dc=roth,dc=lan" modify complete add objectClass: nsContainer top add cn: certprofiles adding new entry "cn=certprofiles,cn=ca,dc=roth,dc=lan" modify complete add objectClass: nsContainer top add cn: caacls adding new entry "cn=caacls,cn=ca,dc=roth,dc=lan" modify complete ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base ) ipa : DEBUG duration: 1 seconds ipa : DEBUG [24/43]: adding delegation layout [24/43]: adding delegation layout ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmpEicz6z' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpkZQCLa' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=add objectClass: top nsContainer add cn: roles adding new entry "cn=roles,cn=accounts,dc=roth,dc=lan" modify complete add objectClass: top nsContainer add cn: pbac adding new entry "cn=pbac,dc=roth,dc=lan" modify complete add objectClass: top nsContainer add cn: privileges adding new entry "cn=privileges,cn=pbac,dc=roth,dc=lan" modify complete add objectClass: top nsContainer add cn: permissions adding new entry "cn=permissions,cn=pbac,dc=roth,dc=lan" modify complete add objectClass: top groupofnames nestedgroup add cn: helpdesk add description: Helpdesk adding new entry "cn=helpdesk,cn=roles,cn=accounts,dc=roth,dc=lan" modify complete add objectClass: top groupofnames nestedgroup add cn: User Administrators add description: User Administrators adding new entry "cn=User Administrators,cn=privileges,cn=pbac,dc=roth,dc=lan" modify complete add objectClass: top groupofnames nestedgroup add cn: Group Administrators add description: Group Administrators adding new entry "cn=Group Administrators,cn=privileges,cn=pbac,dc=roth,dc=lan" modify complete add objectClass: top groupofnames nestedgroup add cn: Host Administrators add description: Host Administrators adding new entry "cn=Host Administrators,cn=privileges,cn=pbac,dc=roth,dc=lan" modify complete add objectClass: top groupofnames nestedgroup add cn: Host Group Administrators add description: Host Group Administrators adding new entry "cn=Host Group Administrators,cn=privileges,cn=pbac,dc=roth,dc=lan" modify complete add objectClass: top groupofnames nestedgroup add cn: Delegation Administrator add description: Role administration adding new entry "cn=Delegation Administrator,cn=privileges,cn=pbac,dc=roth,dc=lan" modify complete add objectClass: top groupofnames nestedgroup add cn: Service Administrators add description: Service Administrators adding new entry "cn=Service Administrators,cn=privileges,cn=pbac,dc=roth,dc=lan" modify complete add objectClass: top groupofnames nestedgroup add cn: Automount Administrators add description: Automount Administrators adding new entry "cn=Automount Administrators,cn=privileges,cn=pbac,dc=roth,dc=lan" modify complete add objectClass: top groupofnames nestedgroup add cn: Netgroups Administrators add description: Netgroups Administrators adding new entry "cn=Netgroups Administrators,cn=privileges,cn=pbac,dc=roth,dc=lan" modify complete add objectClass: top groupofnames nestedgroup add cn: Certificate Administrators add description: Certificate Administrators adding new entry "cn=Certificate Administrators,cn=privileges,cn=pbac,dc=roth,dc=lan" modify complete add objectClass: top groupofnames nestedgroup add cn: Replication Administrators add description: Replication Administrators add member: cn=admins,cn=groups,cn=accounts,dc=roth,dc=lan adding new entry "cn=Replication Administrators,cn=privileges,cn=pbac,dc=roth,dc=lan" modify complete add objectClass: top groupofnames nestedgroup add cn: Host Enrollment add description: Host Enrollment adding new entry "cn=Host Enrollment,cn=privileges,cn=pbac,dc=roth,dc=lan" modify complete add objectClass: top groupofnames nestedgroup add cn: Stage User Administrators add description: Stage User Administrators adding new entry "cn=Stage User Administrators,cn=privileges,cn=pbac,dc=roth,dc=lan" modify complete add objectClass: top groupofnames nestedgroup add cn: Stage User Provisioning add description: Stage User Provisioning adding new entry "cn=Stage User Provisioning,cn=privileges,cn=pbac,dc=roth,dc=lan" modify complete add objectClass: top groupofnames ipapermission add cn: Add Replication Agreements add ipapermissiontype: SYSTEM add member: cn=Replication Administrators,cn=privileges,cn=pbac,dc=roth,dc=lan adding new entry "cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=roth,dc=lan" modify complete add objectClass: top groupofnames ipapermission add cn: Modify Replication Agreements add ipapermissiontype: SYSTEM add member: cn=Replication Administrators,cn=privileges,cn=pbac,dc=roth,dc=lan adding new entry "cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=roth,dc=lan" modify complete add objectClass: top groupofnames ipapermission add cn: Remove Replication Agreements add ipapermissiontype: SYSTEM add member: cn=Replication Administrators,cn=privileges,cn=pbac,dc=roth,dc=lan adding new entry "cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=roth,dc=lan" modify complete add objectClass: top groupofnames ipapermission add cn: Modify DNA Range add ipapermissiontype: SYSTEM add member: cn=Replication Administrators,cn=privileges,cn=pbac,dc=roth,dc=lan adding new entry "cn=Modify DNA Range,cn=permissions,cn=pbac,dc=roth,dc=lan" modify complete add objectClass: top nsContainer add cn: virtual operations adding new entry "cn=virtual operations,cn=etc,dc=roth,dc=lan" modify complete add objectClass: top groupofnames ipapermission add cn: Retrieve Certificates from the CA add member: cn=Certificate Administrators,cn=privileges,cn=pbac,dc=roth,dc=lan adding new entry "cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=roth,dc=lan" modify complete add aci: (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=roth,dc=lan" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=roth,dc=lan";) modifying entry "dc=roth,dc=lan" modify complete add objectClass: top groupofnames ipapermission add cn: Request Certificate add member: cn=Certificate Administrators,cn=privileges,cn=pbac,dc=roth,dc=lan adding new entry "cn=Request Certificate,cn=permissions,cn=pbac,dc=roth,dc=lan" modify complete add aci: (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=roth,dc=lan" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=roth,dc=lan";) modifying entry "dc=roth,dc=lan" modify complete add objectClass: top groupofnames ipapermission add cn: Request Certificates from a different host add member: cn=Certificate Administrators,cn=privileges,cn=pbac,dc=roth,dc=lan adding new entry "cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=roth,dc=lan" modify complete add aci: (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=roth,dc=lan" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=roth,dc=lan";) modifying entry "dc=roth,dc=lan" modify complete add objectClass: top groupofnames ipapermission add cn: Get Certificates status from the CA add member: cn=Certificate Administrators,cn=privileges,cn=pbac,dc=roth,dc=lan adding new entry "cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=roth,dc=lan" modify complete add aci: (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=roth,dc=lan" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=roth,dc=lan";) modifying entry "dc=roth,dc=lan" modify complete add objectClass: top groupofnames ipapermission add cn: Revoke Certificate add member: cn=Certificate Administrators,cn=privileges,cn=pbac,dc=roth,dc=lan adding new entry "cn=Revoke Certificate,cn=permissions,cn=pbac,dc=roth,dc=lan" modify complete add aci: (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=roth,dc=lan" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=roth,dc=lan";) modifying entry "dc=roth,dc=lan" modify complete add objectClass: top groupofnames ipapermission add cn: Certificate Remove Hold add member: cn=Certificate Administrators,cn=privileges,cn=pbac,dc=roth,dc=lan adding new entry "cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=roth,dc=lan" modify complete add aci: (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=roth,dc=lan" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=roth,dc=lan";) modifying entry "dc=roth,dc=lan" modify complete ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base ) ipa : DEBUG duration: 0 seconds ipa : DEBUG [25/43]: creating container for managed entries [25/43]: creating container for managed entries ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmpsxyOok' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmphI9lIm' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=add objectClass: nsContainer top add cn: Managed Entries adding new entry "cn=Managed Entries,cn=etc,dc=roth,dc=lan" modify complete add objectClass: nsContainer top add cn: Templates adding new entry "cn=Templates,cn=Managed Entries,cn=etc,dc=roth,dc=lan" modify complete add objectClass: nsContainer top add cn: Definitions adding new entry "cn=Definitions,cn=Managed Entries,cn=etc,dc=roth,dc=lan" modify complete ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base ) ipa : DEBUG duration: 0 seconds ipa : DEBUG [26/43]: configuring user private groups [26/43]: configuring user private groups ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmpMjSDe2' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmp4R7gQ0' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=add objectclass: mepTemplateEntry add cn: UPG Template add mepRDNAttr: cn add mepStaticAttr: objectclass: posixgroup objectclass: ipaobject ipaUniqueId: autogenerate add mepMappedAttr: cn: $uid gidNumber: $uidNumber description: User private group for $uid adding new entry "cn=UPG Template,cn=Templates,cn=Managed Entries,cn=etc,dc=roth,dc=lan" modify complete add objectclass: extensibleObject add cn: UPG Definition add originScope: cn=users,cn=accounts,dc=roth,dc=lan add originFilter: (&(objectclass=posixAccount)(!(description=__no_upg__))) add managedBase: cn=groups,cn=accounts,dc=roth,dc=lan add managedTemplate: cn=UPG Template,cn=Templates,cn=Managed Entries,cn=etc,dc=roth,dc=lan adding new entry "cn=UPG Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=roth,dc=lan" modify complete ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base ) ipa : DEBUG duration: 0 seconds ipa : DEBUG [27/43]: configuring netgroups from hostgroups [27/43]: configuring netgroups from hostgroups ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmpELw32p' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpnnTSNw' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=add objectclass: mepTemplateEntry add cn: NGP HGP Template add mepRDNAttr: cn add mepStaticAttr: ipaUniqueId: autogenerate objectclass: ipanisnetgroup objectclass: ipaobject nisDomainName: roth.lan add mepMappedAttr: cn: $cn memberHost: $dn description: ipaNetgroup $cn adding new entry "cn=NGP HGP Template,cn=Templates,cn=Managed Entries,cn=etc,dc=roth,dc=lan" modify complete add objectclass: extensibleObject add cn: NGP Definition add originScope: cn=hostgroups,cn=accounts,dc=roth,dc=lan add originFilter: objectclass=ipahostgroup add managedBase: cn=ng,cn=alt,dc=roth,dc=lan add managedTemplate: cn=NGP HGP Template,cn=Templates,cn=Managed Entries,cn=etc,dc=roth,dc=lan adding new entry "cn=NGP Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=roth,dc=lan" modify complete ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base ) ipa : DEBUG duration: 0 seconds ipa : DEBUG [28/43]: creating default Sudo bind user [28/43]: creating default Sudo bind user ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmpTSXbhn' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpgS1_DY' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=add objectclass: account simplesecurityobject add uid: sudo add userPassword: XXXXXXXX add passwordExpirationTime: 20380119031407Z add nsIdleTimeout: 0 adding new entry "uid=sudo,cn=sysaccounts,cn=etc,dc=roth,dc=lan" modify complete ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base ) ipa : DEBUG duration: 0 seconds ipa : DEBUG [29/43]: creating default Auto Member layout [29/43]: creating default Auto Member layout ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmpSjcPpT' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpqRJAa7' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=add nsslapd-pluginConfigArea: cn=automember,cn=etc,dc=roth,dc=lan modifying entry "cn=Auto Membership Plugin,cn=plugins,cn=config" modify complete add objectClass: top nsContainer add cn: automember adding new entry "cn=automember,cn=etc,dc=roth,dc=lan" modify complete add objectclass: autoMemberDefinition add cn: Hostgroup add autoMemberScope: cn=computers,cn=accounts,dc=roth,dc=lan add autoMemberFilter: objectclass=ipaHost add autoMemberGroupingAttr: member:dn adding new entry "cn=Hostgroup,cn=automember,cn=etc,dc=roth,dc=lan" modify complete add objectclass: autoMemberDefinition add cn: Group add autoMemberScope: cn=users,cn=accounts,dc=roth,dc=lan add autoMemberFilter: objectclass=posixAccount add autoMemberGroupingAttr: member:dn adding new entry "cn=Group,cn=automember,cn=etc,dc=roth,dc=lan" modify complete ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base ) ipa : DEBUG duration: 0 seconds ipa : DEBUG [30/43]: adding range check plugin [30/43]: adding range check plugin ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmpPnp75Q' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmptZHS0y' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: IPA Range-Check add nsslapd-pluginpath: libipa_range_check add nsslapd-plugininitfunc: ipa_range_check_init add nsslapd-plugintype: preoperation add nsslapd-pluginenabled: on add nsslapd-pluginid: ipa_range_check_version add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: Red Hat, Inc. add nsslapd-plugindescription: IPA Range-Check plugin add nsslapd-plugin-depends-on-type: database add nsslapd-basedn: dc=roth,dc=lan adding new entry "cn=IPA Range-Check,cn=plugins,cn=config" modify complete ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base ) ipa : DEBUG duration: 0 seconds ipa : DEBUG [31/43]: creating default HBAC rule allow_all [31/43]: creating default HBAC rule allow_all ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmpv0pqUO' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpHZ6m67' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=add objectclass: ipaassociation ipahbacrule add cn: allow_all add accessruletype: allow add usercategory: all add hostcategory: all add servicecategory: all add ipaenabledflag: TRUE add description: Allow all users to access any host from any host add ipauniqueid: autogenerate adding new entry "ipauniqueid=autogenerate,cn=hbac,dc=roth,dc=lan" modify complete ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base ) ipa : DEBUG duration: 0 seconds ipa : DEBUG [32/43]: creating default CA ACL rule [32/43]: creating default CA ACL rule ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmpvt7h08' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpRZPOSx' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=add objectclass: ipaassociation ipacaacl add ipauniqueid: autogenerate add cn: hosts_services_caIPAserviceCert add ipaenabledflag: TRUE add ipamembercertprofile: cn=caIPAserviceCert,cn=certprofiles,cn=ca,dc=roth,dc=lan add hostcategory: all add servicecategory: all adding new entry "ipauniqueid=autogenerate,cn=caacls,cn=ca,dc=roth,dc=lan" modify complete ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base ) ipa : DEBUG duration: 0 seconds ipa : DEBUG [33/43]: adding entries for topology management [33/43]: adding entries for topology management ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmp_F7JSI' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmp6GjPz0' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=add objectclass: top nsContainer add cn: topology adding new entry "cn=topology,cn=ipa,cn=etc,dc=roth,dc=lan" modify complete add objectclass: top iparepltopoconf add ipaReplTopoConfRoot: dc=roth,dc=lan add cn: realm adding new entry "cn=realm,cn=topology,cn=ipa,cn=etc,dc=roth,dc=lan" modify complete ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base ) ipa : DEBUG duration: 0 seconds ipa : DEBUG [34/43]: initializing group membership [34/43]: initializing group membership ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmpXv7qNg' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmp67fnju' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=add objectClass: top extensibleObject add cn: IPA install add basedn: dc=roth,dc=lan add filter: (objectclass=*) add ttl: 10 adding new entry "cn=IPA install 1452256902, cn=memberof task, cn=tasks, cn=config" modify complete ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base ) ipa : DEBUG Waiting for memberof task to complete. ipa.ipapython.ipaldap.SchemaCache: DEBUG flushing ldap://obelix.roth.lan:389 from SchemaCache ipa.ipapython.ipaldap.SchemaCache: DEBUG retrieving schema for SchemaCache url=ldap://obelix.roth.lan:389 conn= ipa : DEBUG duration: 3 seconds ipa : DEBUG [35/43]: adding master entry [35/43]: adding master entry ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmpUOmJCt' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmp0tbChz' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=add objectclass: top nsContainer ipaReplTopoManagedServer ipaConfigObject ipaSupportedDomainLevelConfig add cn: obelix.roth.lan add ipaReplTopoManagedSuffix: dc=roth,dc=lan add ipaMinDomainLevel: 0 add ipaMaxDomainLevel: 0 adding new entry "cn=obelix.roth.lan,cn=masters,cn=ipa,cn=etc,dc=roth,dc=lan" modify complete ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base ) ipa : DEBUG duration: 0 seconds ipa : DEBUG [36/43]: initializing domain level [36/43]: initializing domain level ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmp40LGsl' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmp0_FPa9' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=add objectClass: top nsContainer ipaDomainLevelConfig add ipaDomainLevel: 0 adding new entry "cn=Domain Level,cn=ipa,cn=etc,dc=roth,dc=lan" modify complete ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base ) ipa : DEBUG duration: 0 seconds ipa : DEBUG [37/43]: configuring Posix uid/gid generation [37/43]: configuring Posix uid/gid generation ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmpt2Wh3_' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmp0JrCca' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=add objectclass: top extensibleObject add cn: Posix IDs add dnaType: uidNumber gidNumber add dnaNextValue: 231200000 add dnaMaxValue: 231399999 add dnaMagicRegen: -1 add dnaFilter: (|(objectClass=posixAccount)(objectClass=posixGroup)(objectClass=ipaIDobject)) add dnaScope: dc=roth,dc=lan add dnaThreshold: 500 add dnaSharedCfgDN: cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=roth,dc=lan adding new entry "cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config" modify complete ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base ) ipa : DEBUG duration: 0 seconds ipa : DEBUG [38/43]: adding replication acis [38/43]: adding replication acis ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmpDIgpeD' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpZdFxtU' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=add aci: (targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=roth,dc=lan";) modifying entry "cn="dc=roth,dc=lan",cn=mapping tree,cn=config" modify complete add aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=roth,dc=lan";) modifying entry "cn="dc=roth,dc=lan",cn=mapping tree,cn=config" modify complete add aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=roth,dc=lan";) modifying entry "cn="dc=roth,dc=lan",cn=mapping tree,cn=config" modify complete add aci: (targetattr=dnaNextRange || dnaNextValue || dnaMaxValue)(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=roth,dc=lan";) modifying entry "cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config" modify complete add aci: (targetattr=nsslapd-readonly)(version 3.0; acl "Allow marking the database readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=roth,dc=lan";) modifying entry "cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add aci: (targetattr=*)(version 3.0; acl "Run tasks after replica re-initialization"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=roth,dc=lan";) modifying entry "cn=tasks,cn=config" modify complete ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base ) ipa : DEBUG duration: 0 seconds ipa : DEBUG [39/43]: enabling compatibility plugin [39/43]: enabling compatibility plugin ipa : DEBUG importing all plugin modules in ipalib.plugins... ipa : DEBUG importing plugin module ipalib.plugins.aci ipa : DEBUG importing plugin module ipalib.plugins.automember ipa : DEBUG importing plugin module ipalib.plugins.automount ipa : DEBUG importing plugin module ipalib.plugins.baseldap ipa : DEBUG importing plugin module ipalib.plugins.baseuser ipa : DEBUG importing plugin module ipalib.plugins.batch ipa : DEBUG importing plugin module ipalib.plugins.caacl ipa : DEBUG importing plugin module ipalib.plugins.cert ipa : DEBUG importing plugin module ipalib.plugins.certprofile ipa : DEBUG importing plugin module ipalib.plugins.config ipa : DEBUG importing plugin module ipalib.plugins.delegation ipa : DEBUG importing plugin module ipalib.plugins.dns ipa : DEBUG importing plugin module ipalib.plugins.domainlevel ipa : DEBUG importing plugin module ipalib.plugins.group ipa : DEBUG importing plugin module ipalib.plugins.hbacrule ipa : DEBUG importing plugin module ipalib.plugins.hbacsvc ipa : DEBUG importing plugin module ipalib.plugins.hbacsvcgroup ipa : DEBUG importing plugin module ipalib.plugins.hbactest ipa : DEBUG importing plugin module ipalib.plugins.host ipa : DEBUG importing plugin module ipalib.plugins.hostgroup ipa : DEBUG importing plugin module ipalib.plugins.idrange ipa : DEBUG importing plugin module ipalib.plugins.idviews ipa : DEBUG importing plugin module ipalib.plugins.internal ipa : DEBUG importing plugin module ipalib.plugins.kerberos ipa : DEBUG importing plugin module ipalib.plugins.krbtpolicy ipa : DEBUG importing plugin module ipalib.plugins.migration ipa : DEBUG importing plugin module ipalib.plugins.misc ipa : DEBUG importing plugin module ipalib.plugins.netgroup ipa : DEBUG importing plugin module ipalib.plugins.otpconfig ipa : DEBUG importing plugin module ipalib.plugins.otptoken ipa : DEBUG importing plugin module ipalib.plugins.otptoken_yubikey ipa : DEBUG importing plugin module ipalib.plugins.passwd ipa : DEBUG importing plugin module ipalib.plugins.permission ipa : DEBUG importing plugin module ipalib.plugins.ping ipa : DEBUG importing plugin module ipalib.plugins.pkinit ipa : DEBUG importing plugin module ipalib.plugins.privilege ipa : DEBUG importing plugin module ipalib.plugins.pwpolicy ipa : DEBUG importing plugin module ipalib.plugins.radiusproxy ipa : DEBUG importing plugin module ipalib.plugins.realmdomains ipa : DEBUG importing plugin module ipalib.plugins.role ipa : DEBUG importing plugin module ipalib.plugins.rpcclient ipa : DEBUG importing plugin module ipalib.plugins.selfservice ipa : DEBUG importing plugin module ipalib.plugins.selinuxusermap ipa : DEBUG importing plugin module ipalib.plugins.server ipa : DEBUG importing plugin module ipalib.plugins.service ipa : DEBUG importing plugin module ipalib.plugins.servicedelegation ipa : DEBUG importing plugin module ipalib.plugins.session ipa : DEBUG importing plugin module ipalib.plugins.stageuser ipa : DEBUG importing plugin module ipalib.plugins.sudocmd ipa : DEBUG importing plugin module ipalib.plugins.sudocmdgroup ipa : DEBUG importing plugin module ipalib.plugins.sudorule ipa : DEBUG importing plugin module ipalib.plugins.topology ipa : DEBUG importing plugin module ipalib.plugins.trust ipa : DEBUG importing plugin module ipalib.plugins.user ipa : DEBUG importing plugin module ipalib.plugins.vault ipa : DEBUG importing plugin module ipalib.plugins.virtual ipa : DEBUG importing all plugin modules in ipaserver.plugins... ipa : DEBUG importing plugin module ipaserver.plugins.dogtag ipa : DEBUG importing plugin module ipaserver.plugins.join ipa : DEBUG importing plugin module ipaserver.plugins.ldap2 ipa : DEBUG importing plugin module ipaserver.plugins.rabase ipa : DEBUG importing plugin module ipaserver.plugins.xmlserver ipa : DEBUG importing all plugin modules in ipaserver.install.plugins... ipa : DEBUG importing plugin module ipaserver.install.plugins.adtrust ipa : DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master ipa : DEBUG importing plugin module ipaserver.install.plugins.dns ipa : DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements ipa : DEBUG importing plugin module ipaserver.install.plugins.rename_managed ipa : DEBUG importing plugin module ipaserver.install.plugins.update_idranges ipa : DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions ipa : DEBUG importing plugin module ipaserver.install.plugins.update_pacs ipa : DEBUG importing plugin module ipaserver.install.plugins.update_passsync ipa : DEBUG importing plugin module ipaserver.install.plugins.update_referint ipa : DEBUG importing plugin module ipaserver.install.plugins.update_services ipa : DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness ipa : DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt ipa.ipalib.session.SessionAuthManager: DEBUG SessionAuthManager.register: name=jsonserver_session_3014367152 ipa.ipalib.session.SessionAuthManager: DEBUG SessionAuthManager.register: name=xmlserver_session_3014367760 ipa.ipaserver.rpcserver.wsgi_dispatch: DEBUG Mounting ipaserver.rpcserver.xmlserver_session() at '/session/xml' ipa.ipaserver.rpcserver.xmlserver_session: DEBUG session_auth_duration: 0:20:00 ipa.ipaserver.rpcserver.xmlserver_session: DEBUG session_auth_duration: 0:20:00 ipa.ipaserver.rpcserver.wsgi_dispatch: DEBUG Mounting ipaserver.rpcserver.sync_token() at '/session/sync_token' ipa.ipaserver.rpcserver.wsgi_dispatch: DEBUG Mounting ipaserver.rpcserver.login_password() at '/session/login_password' ipa.ipaserver.rpcserver.login_password: DEBUG session_auth_duration: 0:20:00 ipa.ipaserver.rpcserver.wsgi_dispatch: DEBUG Mounting ipaserver.rpcserver.jsonserver_kerb() at '/json' ipa.ipaserver.rpcserver.jsonserver_kerb: DEBUG session_auth_duration: 0:20:00 ipa.ipaserver.rpcserver.wsgi_dispatch: DEBUG Mounting ipaserver.rpcserver.xmlserver() at '/xml' ipa.ipaserver.rpcserver.xmlserver: DEBUG session_auth_duration: 0:20:00 ipa.ipaserver.rpcserver.wsgi_dispatch: DEBUG Mounting ipaserver.rpcserver.jsonserver_session() at '/session/json' ipa.ipaserver.rpcserver.jsonserver_session: DEBUG session_auth_duration: 0:20:00 ipa.ipaserver.rpcserver.wsgi_dispatch: DEBUG Mounting ipaserver.rpcserver.change_password() at '/session/change_password' ipa.ipaserver.rpcserver.wsgi_dispatch: DEBUG Mounting ipaserver.rpcserver.login_kerberos() at '/session/login_kerberos' ipa.ipaserver.rpcserver.login_kerberos: DEBUG session_auth_duration: 0:20:00 ipa.ipaserver.plugins.ldap2.ldap2: DEBUG Created connection context.ldap2_3014366960 ipa.ipaserver.plugins.ldap2.ldap2: DEBUG Destroyed connection context.ldap2_3014366960 ipa.ipaserver.plugins.ldap2.ldap2: DEBUG Created connection context.ldap2_3014366960 ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG Parsing update file '/usr/share/ipa/schema_compat.uldif' ipa.ipapython.ipaldap.SchemaCache: DEBUG flushing ldapi://%2fvar%2frun%2fslapd-ROTH-LAN.socket from SchemaCache ipa.ipapython.ipaldap.SchemaCache: DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-ROTH-LAN.socket conn= ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG New entry: cn=Schema Compatibility,cn=plugins,cn=config ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG --------------------------------------------- ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG Initial value ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG dn: cn=Schema Compatibility,cn=plugins,cn=config ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG nsslapd-pluginid: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-plugin ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG Schema Compatibility ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG nsslapd-pluginbetxn: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG on ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG objectclass: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG top ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG nsSlapdPlugin ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG extensibleObject ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG nsslapd-plugindescription: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG Schema Compatibility Plugin ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG nsslapd-pluginenabled: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG on ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG nsslapd-pluginpath: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG /usr/lib/dirsrv/plugins/schemacompat-plugin.so ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG nsslapd-pluginversion: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG 0.8 ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG nsslapd-pluginvendor: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG redhat.com ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG nsslapd-pluginprecedence: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG 49 ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG nsslapd-plugintype: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG object ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG nsslapd-plugininitfunc: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema_compat_plugin_init ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG --------------------------------------------- ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG Final value after applying updates ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG dn: cn=Schema Compatibility,cn=plugins,cn=config ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG nsslapd-pluginid: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-plugin ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG Schema Compatibility ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG nsslapd-pluginbetxn: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG on ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG objectclass: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG top ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG nsSlapdPlugin ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG extensibleObject ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG nsslapd-plugindescription: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG Schema Compatibility Plugin ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG nsslapd-pluginenabled: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG on ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG nsslapd-pluginpath: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG /usr/lib/dirsrv/plugins/schemacompat-plugin.so ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG nsslapd-pluginversion: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG 0.8 ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG nsslapd-pluginvendor: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG redhat.com ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG nsslapd-pluginprecedence: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG 49 ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG nsslapd-plugintype: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG object ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG nsslapd-plugininitfunc: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema_compat_plugin_init ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG New entry: cn=users,cn=Schema Compatibility,cn=plugins,cn=config ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG --------------------------------------------- ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG Initial value ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-entry-attribute: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","") ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=%{cn} ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG objectclass=posixAccount ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:roth.lan:%{ipauniqueid}","") ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG gidNumber=%{gidNumber} ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG gecos=%{cn} ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG ipaanchoruuid=%{ipaanchoruuid} ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG uidNumber=%{uidNumber} ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","") ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG loginShell=%{loginShell} ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG homeDirectory=%{homeDirectory} ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG users ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG objectClass: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG top ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG extensibleObject ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-search-filter: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG objectclass=posixAccount ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-container-rdn: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=users ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-entry-rdn: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG uid=%{uid} ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-search-base: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=users, cn=accounts, dc=roth,dc=lan ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-container-group: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=compat, dc=roth,dc=lan ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG --------------------------------------------- ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG Final value after applying updates ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-entry-attribute: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","") ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=%{cn} ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG objectclass=posixAccount ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:roth.lan:%{ipauniqueid}","") ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG gidNumber=%{gidNumber} ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG gecos=%{cn} ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG ipaanchoruuid=%{ipaanchoruuid} ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG uidNumber=%{uidNumber} ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","") ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG loginShell=%{loginShell} ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG homeDirectory=%{homeDirectory} ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG users ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG objectClass: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG top ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG extensibleObject ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-search-filter: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG objectclass=posixAccount ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-container-rdn: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=users ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-entry-rdn: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG uid=%{uid} ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-search-base: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=users, cn=accounts, dc=roth,dc=lan ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-container-group: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=compat, dc=roth,dc=lan ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG New entry: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG --------------------------------------------- ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG Initial value ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-entry-attribute: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","") ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:roth.lan:%{ipauniqueid}","") ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG gidNumber=%{gidNumber} ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG memberUid=%deref_r("member","uid") ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG objectclass=posixGroup ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG memberUid=%{memberUid} ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG ipaanchoruuid=%{ipaanchoruuid} ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","") ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG groups ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG objectClass: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG top ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG extensibleObject ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-search-filter: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG objectclass=posixGroup ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-container-rdn: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=groups ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-entry-rdn: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=%{cn} ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-search-base: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=groups, cn=accounts, dc=roth,dc=lan ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-container-group: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=compat, dc=roth,dc=lan ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG --------------------------------------------- ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG Final value after applying updates ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-entry-attribute: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","") ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:roth.lan:%{ipauniqueid}","") ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG gidNumber=%{gidNumber} ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG memberUid=%deref_r("member","uid") ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG objectclass=posixGroup ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG memberUid=%{memberUid} ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG ipaanchoruuid=%{ipaanchoruuid} ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","") ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG groups ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG objectClass: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG top ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG extensibleObject ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-search-filter: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG objectclass=posixGroup ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-container-rdn: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=groups ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-entry-rdn: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=%{cn} ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-search-base: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=groups, cn=accounts, dc=roth,dc=lan ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-container-group: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=compat, dc=roth,dc=lan ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG New entry: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG --------------------------------------------- ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG Initial value ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG dn: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'top' to objectClass, current value [] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['top'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'extensibleObject' to objectClass, current value ['top'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['top', 'extensibleObject'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'ng' to cn, current value [] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['ng'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'cn=compat, dc=roth,dc=lan' to schema-compat-container-group, current value [] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['cn=compat, dc=roth,dc=lan'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'cn=ng' to schema-compat-container-rdn, current value [] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['cn=ng'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'yes' to schema-compat-check-access, current value [] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['yes'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'cn=ng, cn=alt, dc=roth,dc=lan' to schema-compat-search-base, current value [] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['cn=ng, cn=alt, dc=roth,dc=lan'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: '(objectclass=ipaNisNetgroup)' to schema-compat-search-filter, current value [] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['(objectclass=ipaNisNetgroup)'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'cn=%{cn}' to schema-compat-entry-rdn, current value [] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['cn=%{cn}'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'objectclass=nisNetgroup' to schema-compat-entry-attribute, current value [] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['objectclass=nisNetgroup'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'memberNisNetgroup=%deref_r("member","cn")' to schema-compat-entry-attribute, current value ['objectclass=nisNetgroup'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['objectclass=nisNetgroup', 'memberNisNetgroup=%deref_r("member","cn")'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'nisNetgroupTriple=(%link("%ifeq(\"hostCategory\",\"all\",\"\",\"%collect(\\\"%{externalHost}\\\",\\\"%deref(\\\\\\\"memberHost\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberHost\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\")\")","-",",","%ifeq(\"userCategory\",\"all\",\"\",\"%collect(\\\"%deref(\\\\\\\"memberUser\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberUser\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\")\")","-"),%{nisDomainName:-})' to schema-compat-entry-attribute, current value ['memberNisNetgroup=%deref_r("member","cn")', 'objectclass=nisNetgroup'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['memberNisNetgroup=%deref_r("member","cn")', 'objectclass=nisNetgroup', 'nisNetgroupTriple=(%link("%ifeq(\\"hostCategory\\",\\"all\\",\\"\\",\\"%collect(\\\\\\"%{externalHost}\\\\\\",\\\\\\"%deref(\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\")\\\\\\")\\")","-",",","%ifeq(\\"userCategory\\",\\"all\\",\\"\\",\\"%collect(\\\\\\"%deref(\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\")\\\\\\")\\")","-"),%{nisDomainName:-})'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG --------------------------------------------- ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG Final value after applying updates ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG dn: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-entry-attribute: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG memberNisNetgroup=%deref_r("member","cn") ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG objectclass=nisNetgroup ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG nisNetgroupTriple=(%link("%ifeq(\"hostCategory\",\"all\",\"\",\"%collect(\\\"%{externalHost}\\\",\\\"%deref(\\\\\\\"memberHost\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberHost\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\")\")","-",",","%ifeq(\"userCategory\",\"all\",\"\",\"%collect(\\\"%deref(\\\\\\\"memberUser\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberUser\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\")\")","-"),%{nisDomainName:-}) ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-check-access: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG yes ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG ng ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG objectClass: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG top ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG extensibleObject ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-search-filter: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG (objectclass=ipaNisNetgroup) ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-container-rdn: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=ng ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-entry-rdn: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=%{cn} ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-search-base: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=ng, cn=alt, dc=roth,dc=lan ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-container-group: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=compat, dc=roth,dc=lan ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG New entry: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG --------------------------------------------- ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG Initial value ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'top' to objectClass, current value [] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['top'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'extensibleObject' to objectClass, current value ['top'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['top', 'extensibleObject'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'sudoers' to cn, current value [] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['sudoers'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'ou=SUDOers, dc=roth,dc=lan' to schema-compat-container-group, current value [] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['ou=SUDOers, dc=roth,dc=lan'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'cn=sudorules, cn=sudo, dc=roth,dc=lan' to schema-compat-search-base, current value [] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['cn=sudorules, cn=sudo, dc=roth,dc=lan'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: '(&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE)))' to schema-compat-search-filter, current value [] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['(&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE)))'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: '%ifeq("ipaEnabledFlag", "FALSE", "DISABLED", "cn=%{cn}")' to schema-compat-entry-rdn, current value [] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['%ifeq("ipaEnabledFlag", "FALSE", "DISABLED", "cn=%{cn}")'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'objectclass=sudoRole' to schema-compat-entry-attribute, current value [] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['objectclass=sudoRole'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\"memberUser\",\"(objectclass=posixAccount)\",\"uid\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\"memberUser\",\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\",\"member\",\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\",\"uid\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\"memberUser\",\"(objectclass=posixGroup)\",\"cn\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\"memberUser\",\"(objectclass=ipaNisNetgroup)\",\"cn\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\"memberHost\",\"(objectclass=ipaHost)\",\"fqdn\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\"memberHost\",\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\",\"member\",\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\",\"fqdn\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\",\"cn\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(objectclass=ipaNisNetgroup)\",\"cn\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\"memberAllowCmd\",\"sudoCmd\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\"memberAllowCmd\",\"member\",\"sudoCmd\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixAccount)\",\"uid\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixGroup)\",\"cn\")")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\"ipaSudoRunAsGroup\",\"(objectclass=posixGroup)\",\"cn\")")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: 'sudoOption=%{ipaSudoOpt}' to schema-compat-entry-attribute, current value ['sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG add: updated value ['sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoOption=%{ipaSudoOpt}'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG --------------------------------------------- ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG Final value after applying updates ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-entry-attribute: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}") ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}") ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\"memberHost\",\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\",\"member\",\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\",\"fqdn\")") ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\"memberUser\",\"(objectclass=posixGroup)\",\"cn\")") ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\",\"cn\")") ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}") ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\"memberUser\",\"(objectclass=posixAccount)\",\"uid\")") ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\"ipaSudoRunAsGroup\",\"(objectclass=posixGroup)\",\"cn\")") ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\"memberHost\",\"(objectclass=ipaHost)\",\"fqdn\")") ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG objectclass=sudoRole ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG sudoOption=%{ipaSudoOpt} ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\"memberUser\",\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\",\"member\",\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\",\"uid\")") ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\"memberAllowCmd\",\"sudoCmd\")") ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}") ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixAccount)\",\"uid\")") ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\"memberUser\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixGroup)\",\"cn\")") ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}") ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG sudoCommand=!%deref("memberDenyCmd","sudoCmd") ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd") ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\"memberAllowCmd\",\"member\",\"sudoCmd\")") ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}") ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG sudoers ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG objectClass: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG top ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG extensibleObject ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-search-filter: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG (&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE))) ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-entry-rdn: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG %ifeq("ipaEnabledFlag", "FALSE", "DISABLED", "cn=%{cn}") ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-search-base: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=sudorules, cn=sudo, dc=roth,dc=lan ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-container-group: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG ou=SUDOers, dc=roth,dc=lan ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG New entry: cn=computers,cn=Schema Compatibility,cn=plugins,cn=config ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG --------------------------------------------- ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG Initial value ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG dn: cn=computers,cn=Schema Compatibility,cn=plugins,cn=config ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-entry-attribute: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG objectclass=device ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=%{fqdn} ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG macAddress=%{macAddress} ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG objectclass=ieee802Device ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG computers ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG objectClass: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG top ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG extensibleObject ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-search-filter: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG (&(macAddress=*)(fqdn=*)(objectClass=ipaHost)) ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-container-rdn: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=computers ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-entry-rdn: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=%first("%{fqdn}") ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-search-base: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=computers, cn=accounts, dc=roth,dc=lan ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-container-group: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=compat, dc=roth,dc=lan ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG --------------------------------------------- ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG Final value after applying updates ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG dn: cn=computers,cn=Schema Compatibility,cn=plugins,cn=config ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-entry-attribute: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG objectclass=device ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=%{fqdn} ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG macAddress=%{macAddress} ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG objectclass=ieee802Device ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG computers ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG objectClass: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG top ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG extensibleObject ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-search-filter: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG (&(macAddress=*)(fqdn=*)(objectClass=ipaHost)) ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-container-rdn: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=computers ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-entry-rdn: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=%first("%{fqdn}") ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-search-base: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=computers, cn=accounts, dc=roth,dc=lan ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG schema-compat-container-group: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn=compat, dc=roth,dc=lan ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG Updating existing entry: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG --------------------------------------------- ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG Initial value ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG objectClass: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG top ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG directoryServerFeature ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG aci: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG (targetattr != "aci")(version 3.0; acl "VLV Request Control"; allow( read, search, compare, proxy ) userdn = "ldap:///all";) ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG oid: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG 2.16.840.1.113730.3.4.9 ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG VLV Request Control ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG only: set aci to '(targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; )', current value ['(targetattr != "aci")(version 3.0; acl "VLV Request Control"; allow( read, search, compare, proxy ) userdn = "ldap:///all";)'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG only: updated value ['(targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; )'] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG --------------------------------------------- ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG Final value after applying updates ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG objectClass: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG top ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG directoryServerFeature ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG aci: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG (targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; ) ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG oid: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG 2.16.840.1.113730.3.4.9 ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG cn: ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG VLV Request Control ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG [(0, u'aci', ['(targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; )']), (1, u'aci', ['(targetattr != "aci")(version 3.0; acl "VLV Request Control"; allow( read, search, compare, proxy ) userdn = "ldap:///all";)'])] ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG Updated 1 ipa.ipaserver.install.ldapupdate.LDAPUpdate: DEBUG Done ipa.ipaserver.plugins.ldap2.ldap2: DEBUG Destroyed connection context.ldap2_3014366960 ipa : DEBUG duration: 13 seconds ipa : DEBUG [40/43]: activating sidgen plugin [40/43]: activating sidgen plugin ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmpD6qUgN' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpWQITIl' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: IPA SIDGEN add nsslapd-pluginpath: libipa_sidgen add nsslapd-plugininitfunc: ipa_sidgen_init add nsslapd-plugintype: postoperation add nsslapd-pluginenabled: on add nsslapd-pluginid: ipa_sidgen_postop add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: Red Hat, Inc. add nsslapd-plugindescription: IPA SIDGEN post operation add nsslapd-plugin-depends-on-type: database add nsslapd-basedn: dc=roth,dc=lan adding new entry "cn=IPA SIDGEN,cn=plugins,cn=config" modify complete ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base ) ipa : DEBUG duration: 0 seconds ipa : DEBUG [41/43]: activating extdom plugin [41/43]: activating extdom plugin ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmpHk9AP8' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpAXLq4i' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: ipa_extdom_extop add nsslapd-pluginpath: libipa_extdom_extop add nsslapd-plugininitfunc: ipa_extdom_init add nsslapd-plugintype: extendedop add nsslapd-pluginenabled: on add nsslapd-pluginid: ipa_extdom_extop add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: RedHat add nsslapd-plugindescription: Support resolving IDs in trusted domains to names and back add nsslapd-plugin-depends-on-type: database add nsslapd-basedn: dc=roth,dc=lan adding new entry "cn=ipa_extdom_extop,cn=plugins,cn=config" modify complete ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base ) ipa : DEBUG duration: 0 seconds ipa : DEBUG [42/43]: tuning directory server [42/43]: tuning directory server ipa : DEBUG Starting external process ipa : DEBUG args='/usr/sbin/selinuxenabled' ipa : DEBUG Process finished, return code=1 ipa : DEBUG stdout= ipa : DEBUG stderr= ipa : DEBUG Starting external process ipa : DEBUG args='/bin/systemctl' '--system' 'daemon-reload' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout= ipa : DEBUG stderr= ipa : DEBUG Starting external process ipa : DEBUG args='/bin/systemctl' '--system' 'daemon-reload' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout= ipa : DEBUG stderr= ipa : DEBUG Starting external process ipa : DEBUG args='/bin/systemctl' 'restart' 'dirsrv at ROTH-LAN.service' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout= ipa : DEBUG stderr= ipa : DEBUG Starting external process ipa : DEBUG args='/bin/systemctl' 'is-active' 'dirsrv at ROTH-LAN.service' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=active ipa : DEBUG stderr= ipa : DEBUG wait_for_open_ports: localhost [389] timeout 1200 ipa : DEBUG Starting external process ipa : DEBUG args='/bin/systemctl' 'is-active' 'dirsrv at ROTH-LAN.service' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=active ipa : DEBUG stderr= ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmp7IszmS' '-H' 'ldap://obelix.roth.lan:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpUoUv86' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=replace nsslapd-maxdescriptors: 8192 replace nsslapd-reservedescriptors: 64 modifying entry "cn=config" modify complete ipa : DEBUG stderr=ldap_initialize( ldap://obelix.roth.lan:389/??base ) ipa : DEBUG duration: 6 seconds ipa : DEBUG [43/43]: configuring directory to start on boot [43/43]: configuring directory to start on boot ipa : DEBUG Starting external process ipa : DEBUG args='/bin/systemctl' 'is-enabled' 'dirsrv at ROTH-LAN.service' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=enabled ipa : DEBUG stderr= ipa : DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' ipa : DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' ipa : DEBUG Starting external process ipa : DEBUG args='/bin/systemctl' 'disable' 'dirsrv at ROTH-LAN.service' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout= ipa : DEBUG stderr=Removed symlink /etc/systemd/system/dirsrv.target.wants/dirsrv at ROTH-LAN.service. ipa : DEBUG duration: 0 seconds ipa : DEBUG Done configuring directory server (dirsrv). Done configuring directory server (dirsrv). ipa : DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' ipa : DEBUG Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes 30 seconds Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes 30 seconds ipa : DEBUG [1/25]: creating certificate server user [1/25]: creating certificate server user ipa.ipaplatform.base.tasks: DEBUG group pkiuser exists ipa.ipaplatform.base.tasks: DEBUG user pkiuser exists ipa : DEBUG duration: 0 seconds ipa : DEBUG [2/25]: configuring certificate server instance [2/25]: configuring certificate server instance ipa : DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' ipa : DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' ipa.ipaserver.install.cainstance.CAInstance: DEBUG Contents of pkispawn configuration file (/tmp/tmpL1bltg): [CA] pki_security_domain_name = IPA pki_enable_proxy = True pki_restart_configured_instance = False pki_backup_keys = True pki_backup_password = XXXXXXXX pki_profiles_in_ldap = True pki_client_database_dir = /tmp/tmp-Marzji pki_client_database_password = XXXXXXXX pki_client_database_purge = False pki_client_pkcs12_password = XXXXXXXX pki_admin_name = admin pki_admin_uid = admin pki_admin_email = root at localhost pki_admin_password = XXXXXXXX pki_admin_nickname = ipa-ca-agent pki_admin_subject_dn = cn=ipa-ca-agent,O=ROTH.LAN pki_client_admin_cert_p12 = /root/ca-agent.p12 pki_ds_ldap_port = 389 pki_ds_password = XXXXXXXX pki_ds_base_dn = o=ipaca pki_ds_database = ipaca pki_subsystem_subject_dn = cn=CA Subsystem,O=ROTH.LAN pki_ocsp_signing_subject_dn = cn=OCSP Subsystem,O=ROTH.LAN pki_ssl_server_subject_dn = cn=obelix.roth.lan,O=ROTH.LAN pki_audit_signing_subject_dn = cn=CA Audit,O=ROTH.LAN pki_ca_signing_subject_dn = cn=Certificate Authority,O=ROTH.LAN pki_subsystem_nickname = subsystemCert cert-pki-ca pki_ocsp_signing_nickname = ocspSigningCert cert-pki-ca pki_ssl_server_nickname = Server-Cert cert-pki-ca pki_audit_signing_nickname = auditSigningCert cert-pki-ca pki_ca_signing_nickname = caSigningCert cert-pki-ca pki_ca_signing_key_algorithm = SHA256withRSA ipa : DEBUG Starting external process ipa : DEBUG args='/usr/sbin/pkispawn' '-s' 'CA' '-f' '/tmp/tmpL1bltg' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=Log file: /var/log/pki/pki-ca-spawn.20160108204231.log Loading deployment configuration from /tmp/tmpL1bltg. Installing CA into /var/lib/pki/pki-tomcat. Storing deployment configuration into /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg. ========================================================================== INSTALLATION SUMMARY ========================================================================== Administrator's username: admin Administrator's PKCS #12 file: /root/ca-agent.p12 Administrator's certificate nickname: ipa-ca-agent Administrator's certificate database: /tmp/tmp-Marzji To check the status of the subsystem: systemctl status pki-tomcatd at pki-tomcat.service To restart the subsystem: systemctl restart pki-tomcatd at pki-tomcat.service The URL for the subsystem is: https://obelix.roth.lan:8443/ca PKI instances will be enabled upon system boot ========================================================================== ipa : DEBUG stderr=Notice: Trust flag u is set automatically if the private key is present. Created symlink from /etc/systemd/system/multi-user.target.wants/pki-tomcatd.target to /usr/lib/systemd/system/pki-tomcatd.target. ipa.ipaserver.install.cainstance.CAInstance: DEBUG completed creating ca instance ipa : DEBUG duration: 1011 seconds ipa : DEBUG [3/25]: stopping certificate server instance to update CS.cfg [3/25]: stopping certificate server instance to update CS.cfg ipa : DEBUG Starting external process ipa : DEBUG args='/bin/systemctl' 'stop' 'pki-tomcatd at pki-tomcat.service' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout= ipa : DEBUG stderr= ipa : DEBUG duration: 4 seconds ipa : DEBUG [4/25]: backing up CS.cfg [4/25]: backing up CS.cfg ipa : DEBUG Starting external process ipa : DEBUG args='/bin/systemctl' 'is-active' 'pki-tomcatd at pki-tomcat.service' ipa : DEBUG Process finished, return code=3 ipa : DEBUG stdout=inactive ipa : DEBUG stderr= ipa : DEBUG duration: 0 seconds ipa : DEBUG [5/25]: disabling nonces [5/25]: disabling nonces ipa : DEBUG duration: 0 seconds ipa : DEBUG [6/25]: set up CRL publishing [6/25]: set up CRL publishing ipa : DEBUG Starting external process ipa : DEBUG args='/usr/sbin/selinuxenabled' ipa : DEBUG Process finished, return code=1 ipa : DEBUG stdout= ipa : DEBUG stderr= ipa : DEBUG duration: 0 seconds ipa : DEBUG [7/25]: enable PKIX certificate path discovery and validation [7/25]: enable PKIX certificate path discovery and validation ipa : DEBUG duration: 0 seconds ipa : DEBUG [8/25]: starting certificate server instance [8/25]: starting certificate server instance ipa : DEBUG Starting external process ipa : DEBUG args='/bin/systemctl' 'start' 'pki-tomcatd at pki-tomcat.service' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout= ipa : DEBUG stderr= ipa : DEBUG Starting external process ipa : DEBUG args='/bin/systemctl' 'is-active' 'pki-tomcatd at pki-tomcat.service' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=active ipa : DEBUG stderr= ipa : DEBUG wait_for_open_ports: localhost [8080, 8443] timeout 1200 ipa : DEBUG Waiting until the CA is running ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus' ipa : DEBUG Process finished, return code=4 ipa : DEBUG stdout= ipa : DEBUG stderr=--2016-01-08 20:59:48-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus Aufl?sen des Hostnamens ?obelix.roth.lan (obelix.roth.lan)? ? 192.168.178.10 Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 ? verbunden. Es ist nicht m?glich, eine SSL-Verbindung herzustellen. ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4 ipa : DEBUG Waiting for CA to start... ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus' ipa : DEBUG Process finished, return code=4 ipa : DEBUG stdout= ipa : DEBUG stderr=--2016-01-08 21:00:19-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus Aufl?sen des Hostnamens ?obelix.roth.lan (obelix.roth.lan)? ? 192.168.178.10 Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 ? verbunden. Es ist nicht m?glich, eine SSL-Verbindung herzustellen. ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4 ipa : DEBUG Waiting for CA to start... ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus' ipa : DEBUG Process finished, return code=4 ipa : DEBUG stdout= ipa : DEBUG stderr=--2016-01-08 21:00:50-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus Aufl?sen des Hostnamens ?obelix.roth.lan (obelix.roth.lan)? ? 192.168.178.10 Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 ? verbunden. Es ist nicht m?glich, eine SSL-Verbindung herzustellen. ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4 ipa : DEBUG Waiting for CA to start... ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus' ipa : DEBUG Process finished, return code=4 ipa : DEBUG stdout= ipa : DEBUG stderr=--2016-01-08 21:01:21-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus Aufl?sen des Hostnamens ?obelix.roth.lan (obelix.roth.lan)? ? 192.168.178.10 Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 ? verbunden. Es ist nicht m?glich, eine SSL-Verbindung herzustellen. ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4 ipa : DEBUG Waiting for CA to start... ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus' ipa : DEBUG Process finished, return code=4 ipa : DEBUG stdout= ipa : DEBUG stderr=--2016-01-08 21:01:52-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus Aufl?sen des Hostnamens ?obelix.roth.lan (obelix.roth.lan)? ? 192.168.178.10 Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 ? verbunden. Es ist nicht m?glich, eine SSL-Verbindung herzustellen. ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4 ipa : DEBUG Waiting for CA to start... ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus' ipa : DEBUG Process finished, return code=4 ipa : DEBUG stdout= ipa : DEBUG stderr=--2016-01-08 21:02:23-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus Aufl?sen des Hostnamens ?obelix.roth.lan (obelix.roth.lan)? ? 192.168.178.10 Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 ? verbunden. Es ist nicht m?glich, eine SSL-Verbindung herzustellen. ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4 ipa : DEBUG Waiting for CA to start... ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus' ipa : DEBUG Process finished, return code=4 ipa : DEBUG stdout= ipa : DEBUG stderr=--2016-01-08 21:02:54-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus Aufl?sen des Hostnamens ?obelix.roth.lan (obelix.roth.lan)? ? 192.168.178.10 Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 ? verbunden. Es ist nicht m?glich, eine SSL-Verbindung herzustellen. ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4 ipa : DEBUG Waiting for CA to start... ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus' ipa : DEBUG Process finished, return code=4 ipa : DEBUG stdout= ipa : DEBUG stderr=--2016-01-08 21:03:26-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus Aufl?sen des Hostnamens ?obelix.roth.lan (obelix.roth.lan)? ? 192.168.178.10 Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 ? verbunden. Es ist nicht m?glich, eine SSL-Verbindung herzustellen. ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4 ipa : DEBUG Waiting for CA to start... ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus' ipa : DEBUG Process finished, return code=4 ipa : DEBUG stdout= ipa : DEBUG stderr=--2016-01-08 21:03:57-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus Aufl?sen des Hostnamens ?obelix.roth.lan (obelix.roth.lan)? ? 192.168.178.10 Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 ? verbunden. Es ist nicht m?glich, eine SSL-Verbindung herzustellen. ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4 ipa : DEBUG Waiting for CA to start... ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus' ipa : DEBUG Process finished, return code=4 ipa : DEBUG stdout= ipa : DEBUG stderr=--2016-01-08 21:04:28-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus Aufl?sen des Hostnamens ?obelix.roth.lan (obelix.roth.lan)? ? 192.168.178.10 Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 ? verbunden. Es ist nicht m?glich, eine SSL-Verbindung herzustellen. ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4 ipa : DEBUG Waiting for CA to start... ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus' ipa : DEBUG Process finished, return code=4 ipa : DEBUG stdout= ipa : DEBUG stderr=--2016-01-08 21:04:59-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus Aufl?sen des Hostnamens ?obelix.roth.lan (obelix.roth.lan)? ? 192.168.178.10 Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 ? verbunden. Es ist nicht m?glich, eine SSL-Verbindung herzustellen. ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4 ipa : DEBUG Waiting for CA to start... ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus' ipa : DEBUG Process finished, return code=4 ipa : DEBUG stdout= ipa : DEBUG stderr=--2016-01-08 21:05:30-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus Aufl?sen des Hostnamens ?obelix.roth.lan (obelix.roth.lan)? ? 192.168.178.10 Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 ? verbunden. Es ist nicht m?glich, eine SSL-Verbindung herzustellen. ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4 ipa : DEBUG Waiting for CA to start... ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus' ipa : DEBUG Process finished, return code=4 ipa : DEBUG stdout= ipa : DEBUG stderr=--2016-01-08 21:06:01-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus Aufl?sen des Hostnamens ?obelix.roth.lan (obelix.roth.lan)? ? 192.168.178.10 Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 ? verbunden. Es ist nicht m?glich, eine SSL-Verbindung herzustellen. ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4 ipa : DEBUG Waiting for CA to start... ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus' ipa : DEBUG Process finished, return code=4 ipa : DEBUG stdout= ipa : DEBUG stderr=--2016-01-08 21:06:32-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus Aufl?sen des Hostnamens ?obelix.roth.lan (obelix.roth.lan)? ? 192.168.178.10 Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 ? verbunden. Es ist nicht m?glich, eine SSL-Verbindung herzustellen. ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4 ipa : DEBUG Waiting for CA to start... ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=1CArunning10.2.6-13.fc23 ipa : DEBUG stderr=--2016-01-08 21:07:04-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus Aufl?sen des Hostnamens ?obelix.roth.lan (obelix.roth.lan)? ? 192.168.178.10 Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 ? verbunden. WARNUNG: Das Zertifikat von ?obelix.roth.lan? kann nicht gepr?ft werden, ausgestellt von ??CN=Certificate Authority,O=ROTH.LAN??:. Ein selbst-signiertes Zertifikat wurde gefunden. HTTP-Anforderung gesendet, auf Antwort wird gewartet ? HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Content-Type: application/xml Content-Length: 169 Date: Fri, 08 Jan 2016 13:07:16 GMT L?nge: 169 [application/xml] Wird in ??STDOUT?? gespeichert. 0K 100% 9,14M=0s 2016-01-08 21:07:16 (9,14 MB/s) - auf die Standardausgabe geschrieben [169/169] ipa : DEBUG The CA status is: running ipa : DEBUG duration: 469 seconds ipa : DEBUG [9/25]: creating RA agent certificate database [9/25]: creating RA agent certificate database ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/certutil' '-d' '/etc/httpd/alias' '-f' XXXXXXXX '-N' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout= ipa : DEBUG stderr= ipa : DEBUG duration: 0 seconds ipa : DEBUG [10/25]: importing CA chain to RA certificate database [10/25]: importing CA chain to RA certificate database ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/openssl' 'pkcs7' '-inform' 'DER' '-print_certs' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=subject=/O=ROTH.LAN/CN=Certificate Authority issuer=/O=ROTH.LAN/CN=Certificate Authority -----BEGIN CERTIFICATE----- MIIDhTCCAm2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAzMREwDwYDVQQKDAhST1RI LkxBTjEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE2MDEwODEy NTgwMFoXDTM2MDEwODEyNTgwMFowMzERMA8GA1UECgwIUk9USC5MQU4xHjAcBgNV BAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBALoOsokQgg7fIEuk/mW77hl1B3ONcjLy/DU68JIB3iLK0BPl8aSs +6c65gfZKfK1Fm3K4trmbp+18rlaJDX2+5eVu7dB+Grk4YARulozYu6lT9IloCFW FV6UULQCYLjbrCc5xkrwSsQd5dvckAp01p8KcHpL+vL4E2xD2k4O8jDfXaJWPe16 9OTam/4ukuXPqrQ2P9y8IkIrDMuJhDmgJVQq6bU4114gXWv6RJkgLMFrWlqI42QS Nnt5l3vh+aewNMiJ2umbWDAg+BwedRsVoctG6PxiywFpNjdpzmMRLWhNuf7NzHVG 1Oh8D2r7GGz2sPMB2m6yttQlokAO29fIY3UCAwEAAaOBozCBoDAfBgNVHSMEGDAW gBT2babfIoJv74qHNNmBJD/ZtH3VbDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB /wQEAwIBxjAdBgNVHQ4EFgQU9m2m3yKCb++KhzTZgSQ/2bR91WwwPQYIKwYBBQUH AQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vb2JlbGl4LnJvdGgubGFuOjgwL2Nh L29jc3AwDQYJKoZIhvcNAQELBQADggEBAEBmWRBjR/OHu5HayB645zS8zodPlbF8 vvlqfjVhoCPt83Eoz2tNtfIGUMS22ZoEIVuq0GdfdJpAdmBgkIEkYHha1GmsTxLm q9uPaUbvmowpJgV6692IGeojduYifVUdl0bmHwz1B2vo0MD2XopaCBS+EVzOSsMD ri/4gWGZYVsCYCjfGbWvywjD/uhRPHCbdX6Vv+fiMkZRTUZYV0iXsIUSmbl8cnEb H3tZZ6o/TceO/QDHkTam9LAJKehxgMfLRCcs/5IrI8f7yvfqSU0cX96TvbWhs9n+ vaDd/7Vf74z+riTCFI03WslbSPtCilsnZa3z8++Ti91YFzc7RQdy/TA= -----END CERTIFICATE----- ipa : DEBUG stderr= ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/certutil' '-d' '/etc/httpd/alias' '-f' XXXXXXXX '-A' '-t' 'CT,C,C' '-n' 'ROTH.LAN IPA CA' '-a' '-i' '/tmp/tmpt9wS4r' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout= ipa : DEBUG stderr= ipa : DEBUG duration: 0 seconds ipa : DEBUG [11/25]: fixing RA database permissions [11/25]: fixing RA database permissions ipa : DEBUG duration: 0 seconds ipa : DEBUG [12/25]: setting up signing cert profile [12/25]: setting up signing cert profile ipa : DEBUG duration: 0 seconds ipa : DEBUG [13/25]: setting audit signing renewal to 2 years [13/25]: setting audit signing renewal to 2 years ipa.ipaserver.install.cainstance.CAInstance: DEBUG caSignedLogCert.cfg profile validity range is 720 ipa : DEBUG duration: 0 seconds ipa : DEBUG [14/25]: restarting certificate server [14/25]: restarting certificate server ipa : DEBUG Starting external process ipa : DEBUG args='/bin/systemctl' 'restart' 'pki-tomcatd at pki-tomcat.service' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout= ipa : DEBUG stderr= ipa : DEBUG Starting external process ipa : DEBUG args='/bin/systemctl' 'is-active' 'pki-tomcatd at pki-tomcat.service' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=active ipa : DEBUG stderr= ipa : DEBUG wait_for_open_ports: localhost [8080, 8443] timeout 1200 ipa : DEBUG Waiting until the CA is running ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus' ipa : DEBUG Process finished, return code=4 ipa : DEBUG stdout= ipa : DEBUG stderr=--2016-01-08 21:07:42-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus Aufl?sen des Hostnamens ?obelix.roth.lan (obelix.roth.lan)? ? 192.168.178.10 Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 ? verbunden. Es ist nicht m?glich, eine SSL-Verbindung herzustellen. ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4 ipa : DEBUG Waiting for CA to start... ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus' ipa : DEBUG Process finished, return code=4 ipa : DEBUG stdout= ipa : DEBUG stderr=--2016-01-08 21:08:14-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus Aufl?sen des Hostnamens ?obelix.roth.lan (obelix.roth.lan)? ? 192.168.178.10 Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 ? verbunden. Es ist nicht m?glich, eine SSL-Verbindung herzustellen. ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4 ipa : DEBUG Waiting for CA to start... ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus' ipa : DEBUG Process finished, return code=4 ipa : DEBUG stdout= ipa : DEBUG stderr=--2016-01-08 21:08:45-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus Aufl?sen des Hostnamens ?obelix.roth.lan (obelix.roth.lan)? ? 192.168.178.10 Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 ? verbunden. Es ist nicht m?glich, eine SSL-Verbindung herzustellen. ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4 ipa : DEBUG Waiting for CA to start... ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus' ipa : DEBUG Process finished, return code=4 ipa : DEBUG stdout= ipa : DEBUG stderr=--2016-01-08 21:09:16-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus Aufl?sen des Hostnamens ?obelix.roth.lan (obelix.roth.lan)? ? 192.168.178.10 Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 ? verbunden. Es ist nicht m?glich, eine SSL-Verbindung herzustellen. ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4 ipa : DEBUG Waiting for CA to start... ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus' ipa : DEBUG Process finished, return code=4 ipa : DEBUG stdout= ipa : DEBUG stderr=--2016-01-08 21:09:47-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus Aufl?sen des Hostnamens ?obelix.roth.lan (obelix.roth.lan)? ? 192.168.178.10 Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 ? verbunden. Es ist nicht m?glich, eine SSL-Verbindung herzustellen. ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4 ipa : DEBUG Waiting for CA to start... ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus' ipa : DEBUG Process finished, return code=4 ipa : DEBUG stdout= ipa : DEBUG stderr=--2016-01-08 21:10:18-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus Aufl?sen des Hostnamens ?obelix.roth.lan (obelix.roth.lan)? ? 192.168.178.10 Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 ? verbunden. Es ist nicht m?glich, eine SSL-Verbindung herzustellen. ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4 ipa : DEBUG Waiting for CA to start... ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus' ipa : DEBUG Process finished, return code=4 ipa : DEBUG stdout= ipa : DEBUG stderr=--2016-01-08 21:10:49-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus Aufl?sen des Hostnamens ?obelix.roth.lan (obelix.roth.lan)? ? 192.168.178.10 Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 ? verbunden. Es ist nicht m?glich, eine SSL-Verbindung herzustellen. ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4 ipa : DEBUG Waiting for CA to start... ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus' ipa : DEBUG Process finished, return code=4 ipa : DEBUG stdout= ipa : DEBUG stderr=--2016-01-08 21:11:20-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus Aufl?sen des Hostnamens ?obelix.roth.lan (obelix.roth.lan)? ? 192.168.178.10 Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 ? verbunden. Es ist nicht m?glich, eine SSL-Verbindung herzustellen. ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4 ipa : DEBUG Waiting for CA to start... ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus' ipa : DEBUG Process finished, return code=4 ipa : DEBUG stdout= ipa : DEBUG stderr=--2016-01-08 21:11:52-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus Aufl?sen des Hostnamens ?obelix.roth.lan (obelix.roth.lan)? ? 192.168.178.10 Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 ? verbunden. Es ist nicht m?glich, eine SSL-Verbindung herzustellen. ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4 ipa : DEBUG Waiting for CA to start... ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus' ipa : DEBUG Process finished, return code=4 ipa : DEBUG stdout= ipa : DEBUG stderr=--2016-01-08 21:12:23-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus Aufl?sen des Hostnamens ?obelix.roth.lan (obelix.roth.lan)? ? 192.168.178.10 Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 ? verbunden. Es ist nicht m?glich, eine SSL-Verbindung herzustellen. ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4 ipa : DEBUG Waiting for CA to start... ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus' ipa : DEBUG Process finished, return code=4 ipa : DEBUG stdout= ipa : DEBUG stderr=--2016-01-08 21:12:54-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus Aufl?sen des Hostnamens ?obelix.roth.lan (obelix.roth.lan)? ? 192.168.178.10 Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 ? verbunden. Es ist nicht m?glich, eine SSL-Verbindung herzustellen. ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4 ipa : DEBUG Waiting for CA to start... ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus' ipa : DEBUG Process finished, return code=4 ipa : DEBUG stdout= ipa : DEBUG stderr=--2016-01-08 21:13:25-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus Aufl?sen des Hostnamens ?obelix.roth.lan (obelix.roth.lan)? ? 192.168.178.10 Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 ? verbunden. Es ist nicht m?glich, eine SSL-Verbindung herzustellen. ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4 ipa : DEBUG Waiting for CA to start... ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus' ipa : DEBUG Process finished, return code=4 ipa : DEBUG stdout= ipa : DEBUG stderr=--2016-01-08 21:13:56-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus Aufl?sen des Hostnamens ?obelix.roth.lan (obelix.roth.lan)? ? 192.168.178.10 Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 ? verbunden. Es ist nicht m?glich, eine SSL-Verbindung herzustellen. ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4 ipa : DEBUG Waiting for CA to start... ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus' ipa : DEBUG Process finished, return code=4 ipa : DEBUG stdout= ipa : DEBUG stderr=--2016-01-08 21:14:27-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus Aufl?sen des Hostnamens ?obelix.roth.lan (obelix.roth.lan)? ? 192.168.178.10 Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 ? verbunden. Es ist nicht m?glich, eine SSL-Verbindung herzustellen. ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4 ipa : DEBUG Waiting for CA to start... ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=1CArunning10.2.6-13.fc23 ipa : DEBUG stderr=--2016-01-08 21:14:58-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus Aufl?sen des Hostnamens ?obelix.roth.lan (obelix.roth.lan)? ? 192.168.178.10 Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 ? verbunden. WARNUNG: Das Zertifikat von ?obelix.roth.lan? kann nicht gepr?ft werden, ausgestellt von ??CN=Certificate Authority,O=ROTH.LAN??:. Ein selbst-signiertes Zertifikat wurde gefunden. HTTP-Anforderung gesendet, auf Antwort wird gewartet ? HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Content-Type: application/xml Content-Length: 169 Date: Fri, 08 Jan 2016 13:15:09 GMT L?nge: 169 [application/xml] Wird in ??STDOUT?? gespeichert. 0K 100% 9,17M=0s 2016-01-08 21:15:09 (9,17 MB/s) - auf die Standardausgabe geschrieben [169/169] ipa : DEBUG The CA status is: running ipa : DEBUG duration: 471 seconds ipa : DEBUG [15/25]: requesting RA certificate from CA [15/25]: requesting RA certificate from CA ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/certutil' '-d' '/etc/httpd/alias' '-f' XXXXXXXX '-R' '-k' 'rsa' '-g' '2048' '-s' 'CN=IPA RA,O=ROTH.LAN' '-z' '/tmp/tmprqNm5r' '-a' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout= Certificate request generated by Netscape certutil Phone: (not specified) Common Name: IPA RA Email: (not specified) Organization: ROTH.LAN State: (not specified) Country: (not specified) -----BEGIN NEW CERTIFICATE REQUEST----- MIICaTCCAVECAQAwJDERMA8GA1UEChMIUk9USC5MQU4xDzANBgNVBAMTBklQQSBS QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMud4fb3bksiq524hjUY lc+KlLAv2aWAlUYePTbgkc1/jfbDekt+/DeT0/CEhQjADJBJzbQeEUfXRnRBOH6A 8+mgJIW9zDvd0V+bNsNsSMZPwQRKOFVwQuPra33hD0677GGQcNyhHJcVmIkHR//z izwRULAC8YauNBasUk8fAdhg3eXUWq4ksZ0uy9aMPXi64YdTxdMNU9ZlOoT5qRnc yw+ZfUF6iMLIlRqZqn63EAVpm4g30D2xYH46E8Zc1NH0o2ANCRlPP2fUk86++RYk HC24khHMj8iXKlPUWfiP+Hn4D9KV2QAL8srbezAeO9eO6zMu97C8B3Afh+CpmzDN s+MCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQCYecmO0rSXoYA/lus9WNkd9zti OtJm6oN/ciF2qWbRs+dFUW8meATjoS1EeXd2+nFQZQsJtlAnmXW8jotesLS1UZd9 HpNwKQV6d05lrXh9RZ8fXxaxetfE/+sB7Y17vPjwho7VdLQAT9vl0PICo+1UFy4p zYtQSdDMiDyuGXUgOkUkccCYJ3LASOBmh0WZ1kPF9RFRkAQAFAYVLNaXKmaJpKzT YM2wnIHCtMpEwLrMkLrwI4tjb7NzL2l3OimtHTlKk9U8BkygT+3ohu1QBAijlh1D uJ2Q9Ot1mB3Z3gNu8UFyRG4TGhAIqF8cefh4i8z+2NjVw/y9xKemQ8r2SNM7 -----END NEW CERTIFICATE REQUEST----- ipa : DEBUG stderr= Generating key. This may take a few moments... ipa : DEBUG duration: 15 seconds ipa : DEBUG [16/25]: issuing RA agent certificate [16/25]: issuing RA agent certificate ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/sslget' '-v' '-n' 'ipa-ca-agent' '-p' XXXXXXXX '-d' '/tmp/tmp-Marzji' '-r' '/ca/agent/ca/profileReview?requestId=7' 'obelix.roth.lan:8443' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Content-Type: text/html;charset=UTF-8 Date: Fri, 08 Jan 2016 13:15:25 GMT Connection: close
 

Subject: CN=obelix.roth.lan,O=ROTH.LAN Issuer : CN=Certificate Authority,O=ROTH.LAN bulk cipher AES-128, 128 secret key bits, 128 key bits, status: 1 ipa : DEBUG stderr=GET /ca/agent/ca/profileReview?requestId=7 HTTP/1.0 Host: obelix.roth.lan:8443 port: 8443 addr='obelix.roth.lan' family='2' IP='192.168.178.10' Called mygetclientauthdata - nickname = ipa-ca-agent mygetclientauthdata - cert = b75003c8 mygetclientauthdata - privkey = b75410d8 PR_Write wrote 83 bytes from bigBuf bytes: [GET /ca/agent/ca/profileReview?requestId=7 HTTP/1.0 Host: obelix.roth.lan:8443 ] do_writes shutting down send socket do_writes exiting with (result = 0) connection 1 read 9000 bytes (9000 total). these bytes read: connection 1 read 9000 bytes (18000 total). these bytes read: connection 1 read 9000 bytes (27000 total). these bytes read: connection 1 read 2676 bytes (29676 total). these bytes read: connection 1 read 29676 bytes total. ----------------------------- Done with possible addresses - exiting. ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/sslget' '-v' '-n' 'ipa-ca-agent' '-p' XXXXXXXX '-d' '/tmp/tmp-Marzji' '-e' 'exKeyUsageCritical=false&keyUsageEncipherOnly=false&keyUsageNonRepudiation=true&keyUsageDataEncipherment=true¬Before=2016-01-08+21%3A15%3A23&keyUsageCritical=true&submit=submit¬After=2017-12-28+21%3A15%3A23&requestId=7&signingAlg=SHA256withRSA&keyUsageDigitalSignature=true&authInfoAccessGeneralNames=Record+%230%0D%0AMethod%3A1.3.6.1.5.5.7.48.1%0D%0ALocation+Type%3AURIName%0D%0ALocation%3Ahttp%3A%2F%2Fobelix.roth.lan%3A80%2Fca%2Focsp%0D%0AEnable%3Atrue%0D%0A%0D%0A&keyUsageKeyEncipherment=true&authInfoAccessCritical=false&name=CN%3DIPA+RA%2CO%3DROTH.LAN&requestNotes=&keyUsageCrlSign=false&exKeyUsageOIDs=1.3.6.1.5.5.7.3.1%2C1.3.6.1.5.5.7.3.2&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageDecipherOnly=false&op=approve' '-r' '/ca/agent/ca/profileProcess' 'obelix.roth.lan:8443' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Content-Type: text/html;charset=UTF-8 Date: Fri, 08 Jan 2016 13:15:31 GMT Connection: close
 

Subject: CN=obelix.roth.lan,O=ROTH.LAN Issuer : CN=Certificate Authority,O=ROTH.LAN bulk cipher AES-128, 128 secret key bits, 128 key bits, status: 1 ipa : DEBUG stderr=POST /ca/agent/ca/profileProcess HTTP/1.0 Host: obelix.roth.lan:8443 Content-Length: 743 Content-Type: application/x-www-form-urlencoded exKeyUsageCritical=false&keyUsageEncipherOnly=false&keyUsageNonRepudiation=true&keyUsageDataEncipherment=true¬Before=2016-01-08+21%3A15%3A23&keyUsageCritical=true&submit=submit¬After=2017-12-28+21%3A15%3A23&requestId=7&signingAlg=SHA256withRSA&keyUsageDigitalSignature=true&authInfoAccessGeneralNames=Record+%230%0D%0AMethod%3A1.3.6.1.5.5.7.48.1%0D%0ALocation+Type%3AURIName%0D%0ALocation%3Ahttp%3A%2F%2Fobelix.roth.lan%3A80%2Fca%2Focsp%0D%0AEnable%3Atrue%0D%0A%0D%0A&keyUsageKeyEncipherment=true&authInfoAccessCritical=false&name=CN%3DIPA+RA%2CO%3DROTH.LAN&requestNotes=&keyUsageCrlSign=false&exKeyUsageOIDs=1.3.6.1.5.5.7.3.1%2C1.3.6.1.5.5.7.3.2&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageDecipherOnly=false&op=approveport: 8443 addr='obelix.roth.lan' family='2' IP='192.168.178.10' Called mygetclientauthdata - nickname = ipa-ca-agent mygetclientauthdata - cert = b89356f0 mygetclientauthdata - privkey = b8976400 PR_Write wrote 886 bytes from bigBuf bytes: [POST /ca/agent/ca/profileProcess HTTP/1.0 Host: obelix.roth.lan:8443 Content-Length: 743 Content-Type: application/x-www-form-urlencoded exKeyUsageCritical=false&keyUsageEncipherOnly=false&keyUsageNonRepudiation=true&keyUsageDataEncipherment=true¬Before=2016-01-08+21%3A15%3A23&keyUsageCritical=true&submit=submit¬After=2017-12-28+21%3A15%3A23&requestId=7&signingAlg=SHA256withRSA&keyUsageDigitalSignature=true&authInfoAccessGeneralNames=Record+%230%0D%0AMethod%3A1.3.6.1.5.5.7.48.1%0D%0ALocation+Type%3AURIName%0D%0ALocation%3Ahttp%3A%2F%2Fobelix.roth.lan%3A80%2Fca%2Focsp%0D%0AEnable%3Atrue%0D%0A%0D%0A&keyUsageKeyEncipherment=true&authInfoAccessCritical=false&name=CN%3DIPA+RA%2CO%3DROTH.LAN&requestNotes=&keyUsageCrlSign=false&exKeyUsageOIDs=1.3.6.1.5.5.7.3.1%2C1.3.6.1.5.5.7.3.2&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageDecipherOnly=false&op=approve] do_writes shutting down send socket do_writes exiting with (result = 0) connection 1 read 9000 bytes (9000 total). these bytes read: connection 1 read 4334 bytes (13334 total). these bytes read: connection 1 read 13334 bytes total. ----------------------------- Done with possible addresses - exiting. ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/certutil' '-d' '/etc/httpd/alias' '-f' XXXXXXXX '-A' '-t' 'u,u,u' '-n' 'ipaCert' '-a' '-i' '/tmp/tmpbNpAwC' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout= ipa : DEBUG stderr=Notice: Trust flag u is set automatically if the private key is present. ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/pki' '-d' '/etc/httpd/alias' '-C' '/etc/httpd/alias/pwdfile.txt' 'client-cert-show' 'ipaCert' '--client-cert' '/etc/httpd/alias/tmpMEts02' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout= ipa : DEBUG stderr= ipa : DEBUG duration: 11 seconds ipa : DEBUG [17/25]: adding RA agent as a trusted user [17/25]: adding RA agent as a trusted user ipa.ipaserver.plugins.ldap2.ldap2: DEBUG Created connection context.ldap2_3011163248 ipa.ipapython.ipaldap.SchemaCache: DEBUG flushing ldapi://%2fvar%2frun%2fslapd-ROTH-LAN.socket from SchemaCache ipa.ipapython.ipaldap.SchemaCache: DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-ROTH-LAN.socket conn= ipa.ipaserver.plugins.ldap2.ldap2: DEBUG add_entry_to_group: dn=uid=ipara,ou=People,o=ipaca group_dn=cn=Certificate Manager Agents,ou=groups,o=ipaca member_attr=uniqueMember ipa.ipaserver.plugins.ldap2.ldap2: DEBUG add_entry_to_group: dn=uid=ipara,ou=People,o=ipaca group_dn=cn=Registration Manager Agents,ou=groups,o=ipaca member_attr=uniqueMember ipa.ipaserver.plugins.ldap2.ldap2: DEBUG Destroyed connection context.ldap2_3011163248 ipa : DEBUG duration: 2 seconds ipa : DEBUG [18/25]: authorizing RA to modify profiles [18/25]: authorizing RA to modify profiles ipa.ipaserver.plugins.ldap2.ldap2: DEBUG Created connection context.ldap2_3010213776 ipa.ipapython.ipaldap.SchemaCache: DEBUG flushing ldapi://%2fvar%2frun%2fslapd-ROTH-LAN.socket from SchemaCache ipa.ipapython.ipaldap.SchemaCache: DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-ROTH-LAN.socket conn= ipa.ipaserver.plugins.ldap2.ldap2: DEBUG Destroyed connection context.ldap2_3010213776 ipa : DEBUG duration: 2 seconds ipa : DEBUG [19/25]: configure certmonger for renewals [19/25]: configure certmonger for renewals ipa : DEBUG Starting external process ipa : DEBUG args='/bin/systemctl' 'enable' 'certmonger.service' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout= ipa : DEBUG stderr=Created symlink from /etc/systemd/system/multi-user.target.wants/certmonger.service to /usr/lib/systemd/system/certmonger.service. ipa : DEBUG Starting external process ipa : DEBUG args='/bin/systemctl' 'start' 'messagebus.service' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout= ipa : DEBUG stderr= ipa : DEBUG Starting external process ipa : DEBUG args='/bin/systemctl' 'is-active' 'messagebus.service' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=active ipa : DEBUG stderr= ipa : DEBUG Starting external process ipa : DEBUG args='/bin/systemctl' 'start' 'certmonger.service' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout= ipa : DEBUG stderr= ipa : DEBUG Starting external process ipa : DEBUG args='/bin/systemctl' 'is-active' 'certmonger.service' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=active ipa : DEBUG stderr= ipa : DEBUG duration: 0 seconds ipa : DEBUG [20/25]: configure certificate renewals [20/25]: configure certificate renewals ipa : DEBUG duration: 2 seconds ipa : DEBUG [21/25]: configure RA certificate renewal [21/25]: configure RA certificate renewal ipa : DEBUG duration: 1 seconds ipa : DEBUG [22/25]: configure Server-Cert certificate renewal [22/25]: configure Server-Cert certificate renewal ipa : DEBUG duration: 0 seconds ipa : DEBUG [23/25]: Configure HTTP to proxy connections [23/25]: Configure HTTP to proxy connections ipa : DEBUG duration: 0 seconds ipa : DEBUG [24/25]: restarting certificate server [24/25]: restarting certificate server ipa : DEBUG Starting external process ipa : DEBUG args='/bin/systemctl' 'restart' 'pki-tomcatd at pki-tomcat.service' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout= ipa : DEBUG stderr= ipa : DEBUG Starting external process ipa : DEBUG args='/bin/systemctl' 'is-active' 'pki-tomcatd at pki-tomcat.service' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=active ipa : DEBUG stderr= ipa : DEBUG wait_for_open_ports: localhost [8080, 8443] timeout 1200 ipa : DEBUG Waiting until the CA is running ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus' ipa : DEBUG Process finished, return code=4 ipa : DEBUG stdout= ipa : DEBUG stderr=--2016-01-08 21:16:16-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus Aufl?sen des Hostnamens ?obelix.roth.lan (obelix.roth.lan)? ? 192.168.178.10 Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 ? verbunden. Es ist nicht m?glich, eine SSL-Verbindung herzustellen. ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4 ipa : DEBUG Waiting for CA to start... ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus' ipa : DEBUG Process finished, return code=4 ipa : DEBUG stdout= ipa : DEBUG stderr=--2016-01-08 21:16:47-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus Aufl?sen des Hostnamens ?obelix.roth.lan (obelix.roth.lan)? ? 192.168.178.10 Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 ? verbunden. Es ist nicht m?glich, eine SSL-Verbindung herzustellen. ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4 ipa : DEBUG Waiting for CA to start... ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus' ipa : DEBUG Process finished, return code=4 ipa : DEBUG stdout= ipa : DEBUG stderr=--2016-01-08 21:17:18-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus Aufl?sen des Hostnamens ?obelix.roth.lan (obelix.roth.lan)? ? 192.168.178.10 Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 ? verbunden. Es ist nicht m?glich, eine SSL-Verbindung herzustellen. ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4 ipa : DEBUG Waiting for CA to start... ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus' ipa : DEBUG Process finished, return code=4 ipa : DEBUG stdout= ipa : DEBUG stderr=--2016-01-08 21:17:49-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus Aufl?sen des Hostnamens ?obelix.roth.lan (obelix.roth.lan)? ? 192.168.178.10 Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 ? verbunden. Es ist nicht m?glich, eine SSL-Verbindung herzustellen. ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4 ipa : DEBUG Waiting for CA to start... ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus' ipa : DEBUG Process finished, return code=4 ipa : DEBUG stdout= ipa : DEBUG stderr=--2016-01-08 21:18:20-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus Aufl?sen des Hostnamens ?obelix.roth.lan (obelix.roth.lan)? ? 192.168.178.10 Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 ? verbunden. Es ist nicht m?glich, eine SSL-Verbindung herzustellen. ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4 ipa : DEBUG Waiting for CA to start... ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus' ipa : DEBUG Process finished, return code=4 ipa : DEBUG stdout= ipa : DEBUG stderr=--2016-01-08 21:18:52-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus Aufl?sen des Hostnamens ?obelix.roth.lan (obelix.roth.lan)? ? 192.168.178.10 Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 ? verbunden. Es ist nicht m?glich, eine SSL-Verbindung herzustellen. ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4 ipa : DEBUG Waiting for CA to start... ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus' ipa : DEBUG Process finished, return code=4 ipa : DEBUG stdout= ipa : DEBUG stderr=--2016-01-08 21:19:23-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus Aufl?sen des Hostnamens ?obelix.roth.lan (obelix.roth.lan)? ? 192.168.178.10 Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 ? verbunden. Es ist nicht m?glich, eine SSL-Verbindung herzustellen. ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4 ipa : DEBUG Waiting for CA to start... ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus' ipa : DEBUG Process finished, return code=4 ipa : DEBUG stdout= ipa : DEBUG stderr=--2016-01-08 21:19:54-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus Aufl?sen des Hostnamens ?obelix.roth.lan (obelix.roth.lan)? ? 192.168.178.10 Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 ? verbunden. Es ist nicht m?glich, eine SSL-Verbindung herzustellen. ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4 ipa : DEBUG Waiting for CA to start... ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus' ipa : DEBUG Process finished, return code=4 ipa : DEBUG stdout= ipa : DEBUG stderr=--2016-01-08 21:20:25-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus Aufl?sen des Hostnamens ?obelix.roth.lan (obelix.roth.lan)? ? 192.168.178.10 Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 ? verbunden. Es ist nicht m?glich, eine SSL-Verbindung herzustellen. ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4 ipa : DEBUG Waiting for CA to start... ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus' ipa : DEBUG Process finished, return code=4 ipa : DEBUG stdout= ipa : DEBUG stderr=--2016-01-08 21:20:56-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus Aufl?sen des Hostnamens ?obelix.roth.lan (obelix.roth.lan)? ? 192.168.178.10 Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 ? verbunden. Es ist nicht m?glich, eine SSL-Verbindung herzustellen. ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4 ipa : DEBUG Waiting for CA to start... ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus' ipa : DEBUG Process finished, return code=4 ipa : DEBUG stdout= ipa : DEBUG stderr=--2016-01-08 21:21:27-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus Aufl?sen des Hostnamens ?obelix.roth.lan (obelix.roth.lan)? ? 192.168.178.10 Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 ? verbunden. Es ist nicht m?glich, eine SSL-Verbindung herzustellen. ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4 ipa : DEBUG Waiting for CA to start... ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus' ipa : DEBUG Process finished, return code=4 ipa : DEBUG stdout= ipa : DEBUG stderr=--2016-01-08 21:21:58-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus Aufl?sen des Hostnamens ?obelix.roth.lan (obelix.roth.lan)? ? 192.168.178.10 Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 ? verbunden. Es ist nicht m?glich, eine SSL-Verbindung herzustellen. ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4 ipa : DEBUG Waiting for CA to start... ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus' ipa : DEBUG Process finished, return code=4 ipa : DEBUG stdout= ipa : DEBUG stderr=--2016-01-08 21:22:30-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus Aufl?sen des Hostnamens ?obelix.roth.lan (obelix.roth.lan)? ? 192.168.178.10 Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 ? verbunden. Es ist nicht m?glich, eine SSL-Verbindung herzustellen. ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4 ipa : DEBUG Waiting for CA to start... ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus' ipa : DEBUG Process finished, return code=4 ipa : DEBUG stdout= ipa : DEBUG stderr=--2016-01-08 21:23:01-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus Aufl?sen des Hostnamens ?obelix.roth.lan (obelix.roth.lan)? ? 192.168.178.10 Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 ? verbunden. Es ist nicht m?glich, eine SSL-Verbindung herzustellen. ipa : DEBUG The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus'' returned non-zero exit status 4 ipa : DEBUG Waiting for CA to start... ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://obelix.roth.lan:8443/ca/admin/ca/getStatus' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=1CArunning10.2.6-13.fc23 ipa : DEBUG stderr=--2016-01-08 21:23:32-- https://obelix.roth.lan:8443/ca/admin/ca/getStatus Aufl?sen des Hostnamens ?obelix.roth.lan (obelix.roth.lan)? ? 192.168.178.10 Verbindungsaufbau zu obelix.roth.lan (obelix.roth.lan)|192.168.178.10|:8443 ? verbunden. WARNUNG: Das Zertifikat von ?obelix.roth.lan? kann nicht gepr?ft werden, ausgestellt von ??CN=Certificate Authority,O=ROTH.LAN??:. Ein selbst-signiertes Zertifikat wurde gefunden. HTTP-Anforderung gesendet, auf Antwort wird gewartet ? HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Content-Type: application/xml Content-Length: 169 Date: Fri, 08 Jan 2016 13:23:43 GMT L?nge: 169 [application/xml] Wird in ??STDOUT?? gespeichert. 0K 100% 9,06M=0s 2016-01-08 21:23:43 (9,06 MB/s) - auf die Standardausgabe geschrieben [169/169] ipa : DEBUG The CA status is: running ipa : DEBUG duration: 477 seconds ipa : DEBUG [25/25]: Importing IPA certificate profiles [25/25]: Importing IPA certificate profiles ipa : DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' ipa : DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' ipa : DEBUG Trying to find certificate subject base in sysupgrade ipa : DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' ipa : DEBUG Found certificate subject base in sysupgrade: O=ROTH.LAN ipa.ipaserver.plugins.ldap2.ldap2: DEBUG Created connection context.ldap2_3010212976 ipa.ipapython.ipaldap.SchemaCache: DEBUG flushing ldapi://%2fvar%2frun%2fslapd-ROTH-LAN.socket from SchemaCache ipa.ipapython.ipaldap.SchemaCache: DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-ROTH-LAN.socket conn= ipa : DEBUG request 'https://obelix.roth.lan:8443/ca/rest/account/login' ipa : DEBUG request body '' ipa : DEBUG NSSConnection init obelix.roth.lan ipa : DEBUG Connecting: 192.168.178.10:0 ipa : DEBUG auth_certificate_callback: check_sig=True is_server=False Data: Version: 3 (0x2) Serial Number: 3 (0x3) Signature Algorithm: Algorithm: PKCS #1 SHA-256 With RSA Encryption Issuer: CN=Certificate Authority,O=ROTH.LAN Validity: Not Before: Fri Jan 08 12:58:35 2016 UTC Not After: Thu Dec 28 12:58:35 2017 UTC Subject: CN=obelix.roth.lan,O=ROTH.LAN Subject Public Key Info: Public Key Algorithm: Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e4:fc:cc:42:ad:12:77:c3:18:82:44:de:fb:71:e4:e1: 7b:94:46:29:52:00:a9:8f:47:3b:b1:5e:be:6b:90:be: 25:cb:f1:44:82:b2:53:0b:c5:fa:bc:86:62:d8:cd:1d: 50:46:fc:eb:20:66:f0:ac:34:6c:08:b6:f9:52:e2:e4: fa:c2:84:b6:d4:59:77:96:63:21:cb:5d:f9:88:a2:4c: 68:bd:71:24:1d:5c:8a:f5:e6:e0:15:9a:f5:e4:12:db: de:ba:64:28:b6:ff:b2:d3:95:0e:e9:b1:01:be:3b:0e: 11:ae:23:42:08:2b:50:ea:42:a7:96:bc:c5:18:9a:63: 55:e8:6b:1c:08:91:c2:37:c0:dd:38:88:a6:79:9b:56: 60:d0:0b:3f:3a:d7:3f:c6:fc:2e:54:3e:4d:46:06:0c: 0a:5c:cc:cf:61:09:84:46:a0:e3:aa:de:3d:ee:67:fc: d7:cf:0d:74:50:16:ec:44:8d:4a:2a:95:e1:e7:90:a7: c4:1d:0e:df:35:b0:bf:ff:64:97:ee:6c:92:a3:e1:cf: 98:d0:39:79:d9:5b:12:21:32:0a:20:b9:b2:d1:d6:9b: 5a:86:3b:e5:49:a2:ff:5b:2a:74:93:99:e5:97:d3:8d: 67:35:f3:ef:1b:81:dd:2d:35:d9:49:f9:35:ae:64:ad Exponent: 65537 (0x10001) Signed Extensions: (4 total) Name: Certificate Authority Key Identifier Critical: False Key ID: f6:6d:a6:df:22:82:6f:ef:8a:87:34:d9:81:24:3f:d9: b4:7d:d5:6c Serial Number: None General Names: [0 total] Name: Authority Information Access Critical: False Authority Information Access: [1 total] Info [1]: Method: PKIX Online Certificate Status Protocol Location: URI: http://obelix.roth.lan:80/ca/ocsp Name: Certificate Key Usage Critical: True Usages: Digital Signature Non-Repudiation Key Encipherment Data Encipherment Name: Extended Key Usage Critical: False Usages: TLS Web Server Authentication Certificate Signature: Signature Algorithm: Algorithm: PKCS #1 SHA-256 With RSA Encryption Signature: 2b:e8:c0:e1:e3:cc:7d:99:f1:14:19:24:09:77:70:72: bc:e7:a0:b9:2c:a6:e9:ed:cb:84:fd:39:79:87:61:31: d9:27:d8:ba:83:68:98:20:30:c2:8a:87:81:11:96:a9: d7:14:ee:79:62:1d:64:ec:67:1e:24:ba:b6:7f:6e:41: 4d:8a:5f:17:38:d3:fd:58:96:d7:03:89:06:f9:5d:2d: b3:0f:ed:89:74:01:f3:2d:4b:7f:b3:89:a6:83:b2:c7: 50:95:06:9d:ee:ff:02:f5:05:70:d1:d5:e3:7c:5e:f7: c6:99:58:3d:fe:4b:91:a7:d7:25:03:d5:a8:7b:e2:88: 12:bd:6d:64:90:d3:65:96:00:f3:3b:49:3d:4d:4d:d4: 90:5e:f9:66:06:91:81:d0:0b:c7:39:93:0f:0b:0d:18: 55:67:68:e2:9a:90:aa:47:ef:a2:f7:4f:01:a7:88:53: 66:2a:16:cf:c3:ca:b8:10:6a:54:fe:8e:6b:ee:99:50: 35:1a:47:df:3d:a7:46:b4:26:44:19:07:30:a8:ee:d9: 7e:58:69:df:89:3e:c5:82:ed:00:2f:72:c9:61:6c:a1: c3:1e:94:62:94:9b:37:70:3e:80:04:30:6f:dd:55:22: 13:cb:05:4a:64:26:11:12:ae:67:a5:77:6b:14:36:11 Fingerprint (MD5): 21:a4:90:1a:ee:81:41:7a:dd:5c:ba:7c:c2:93:08:17 Fingerprint (SHA1): 13:1e:7f:99:7c:61:1b:bb:a5:37:d6:6a:f4:8b:ae:9c: ad:7a:01:52 ipa : DEBUG approved_usage = SSL Server intended_usage = SSL Server ipa : DEBUG cert valid True for "CN=obelix.roth.lan,O=ROTH.LAN" ipa : DEBUG handshake complete, peer = 192.168.178.10:8443 ipa : DEBUG Protocol: TLS1.2 ipa : DEBUG Cipher: TLS_RSA_WITH_AES_128_CBC_SHA ipa : DEBUG request status 200 ipa : DEBUG request reason_phrase u'OK' ipa : DEBUG request headers {'content-length': '205', 'set-cookie': 'JSESSIONID=33A69CE55B4BD687FA96DDCA67C314B3; Path=/ca/; Secure; HttpOnly', 'expires': 'Thu, 01 Jan 1970 08:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Fri, 08 Jan 2016 13:23:57 GMT', 'content-type': 'application/xml'} ipa : DEBUG request body 'iparaCertificate Manager AgentsRegistration Manager Agents' ipa : DEBUG request 'https://obelix.roth.lan:8443/ca/rest/profiles/raw' ipa : DEBUG request body 'profileId=IECUserRoles\nclassId=caEnrollImpl\ndesc=Enroll user certificates with IECUserRoles extension via IPA-RA agent authentication.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=IPA-RA Agent-Authenticated Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8,9,10,11,12\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, O=ROTH.LAN\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=740\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=731\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=http://ipa-ca.roth.lan/ca/ocsp\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default\npolicyset.serverCertSet.9.default.params.crlDistPointsCritical=false\npolicyset.serverCertSet.9.default.params.crlDistPointsNum=1\npolicyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=CN=Certificate Authority,o=ipaca\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=DirectoryName\npolicyset.serverCertSet.9.default.params.crlDistPointsPointName_0=http://ipa-ca.roth.lan/ipa/crl/MasterCRL.bin\npolicyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName\npolicyset.serverCertSet.9.default.params.crlDistPointsReasons_0=\npolicyset.serverCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.10.constraint.name=No Constraint\npolicyset.serverCertSet.10.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.10.default.name=Subject Key Identifier Extension Default\npolicyset.serverCertSet.10.default.params.critical=false\npolicyset.serverCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.11.constraint.name=No Constraint\npolicyset.serverCertSet.11.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.11.default.name=User Supplied Extension Default\npolicyset.serverCertSet.11.default.params.userExtOID=2.5.29.17\npolicyset.serverCertSet.12.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.12.constraint.name=No Constraint\npolicyset.serverCertSet.12.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.12.default.name=IECUserRoles Extension Default\npolicyset.serverCertSet.12.default.params.userExtOID=1.2.840.10070.8.1\n' ipa : DEBUG NSSConnection init obelix.roth.lan ipa : DEBUG Connecting: 192.168.178.10:0 ipa : DEBUG auth_certificate_callback: check_sig=True is_server=False Data: Version: 3 (0x2) Serial Number: 3 (0x3) Signature Algorithm: Algorithm: PKCS #1 SHA-256 With RSA Encryption Issuer: CN=Certificate Authority,O=ROTH.LAN Validity: Not Before: Fri Jan 08 12:58:35 2016 UTC Not After: Thu Dec 28 12:58:35 2017 UTC Subject: CN=obelix.roth.lan,O=ROTH.LAN Subject Public Key Info: Public Key Algorithm: Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e4:fc:cc:42:ad:12:77:c3:18:82:44:de:fb:71:e4:e1: 7b:94:46:29:52:00:a9:8f:47:3b:b1:5e:be:6b:90:be: 25:cb:f1:44:82:b2:53:0b:c5:fa:bc:86:62:d8:cd:1d: 50:46:fc:eb:20:66:f0:ac:34:6c:08:b6:f9:52:e2:e4: fa:c2:84:b6:d4:59:77:96:63:21:cb:5d:f9:88:a2:4c: 68:bd:71:24:1d:5c:8a:f5:e6:e0:15:9a:f5:e4:12:db: de:ba:64:28:b6:ff:b2:d3:95:0e:e9:b1:01:be:3b:0e: 11:ae:23:42:08:2b:50:ea:42:a7:96:bc:c5:18:9a:63: 55:e8:6b:1c:08:91:c2:37:c0:dd:38:88:a6:79:9b:56: 60:d0:0b:3f:3a:d7:3f:c6:fc:2e:54:3e:4d:46:06:0c: 0a:5c:cc:cf:61:09:84:46:a0:e3:aa:de:3d:ee:67:fc: d7:cf:0d:74:50:16:ec:44:8d:4a:2a:95:e1:e7:90:a7: c4:1d:0e:df:35:b0:bf:ff:64:97:ee:6c:92:a3:e1:cf: 98:d0:39:79:d9:5b:12:21:32:0a:20:b9:b2:d1:d6:9b: 5a:86:3b:e5:49:a2:ff:5b:2a:74:93:99:e5:97:d3:8d: 67:35:f3:ef:1b:81:dd:2d:35:d9:49:f9:35:ae:64:ad Exponent: 65537 (0x10001) Signed Extensions: (4 total) Name: Certificate Authority Key Identifier Critical: False Key ID: f6:6d:a6:df:22:82:6f:ef:8a:87:34:d9:81:24:3f:d9: b4:7d:d5:6c Serial Number: None General Names: [0 total] Name: Authority Information Access Critical: False Authority Information Access: [1 total] Info [1]: Method: PKIX Online Certificate Status Protocol Location: URI: http://obelix.roth.lan:80/ca/ocsp Name: Certificate Key Usage Critical: True Usages: Digital Signature Non-Repudiation Key Encipherment Data Encipherment Name: Extended Key Usage Critical: False Usages: TLS Web Server Authentication Certificate Signature: Signature Algorithm: Algorithm: PKCS #1 SHA-256 With RSA Encryption Signature: 2b:e8:c0:e1:e3:cc:7d:99:f1:14:19:24:09:77:70:72: bc:e7:a0:b9:2c:a6:e9:ed:cb:84:fd:39:79:87:61:31: d9:27:d8:ba:83:68:98:20:30:c2:8a:87:81:11:96:a9: d7:14:ee:79:62:1d:64:ec:67:1e:24:ba:b6:7f:6e:41: 4d:8a:5f:17:38:d3:fd:58:96:d7:03:89:06:f9:5d:2d: b3:0f:ed:89:74:01:f3:2d:4b:7f:b3:89:a6:83:b2:c7: 50:95:06:9d:ee:ff:02:f5:05:70:d1:d5:e3:7c:5e:f7: c6:99:58:3d:fe:4b:91:a7:d7:25:03:d5:a8:7b:e2:88: 12:bd:6d:64:90:d3:65:96:00:f3:3b:49:3d:4d:4d:d4: 90:5e:f9:66:06:91:81:d0:0b:c7:39:93:0f:0b:0d:18: 55:67:68:e2:9a:90:aa:47:ef:a2:f7:4f:01:a7:88:53: 66:2a:16:cf:c3:ca:b8:10:6a:54:fe:8e:6b:ee:99:50: 35:1a:47:df:3d:a7:46:b4:26:44:19:07:30:a8:ee:d9: 7e:58:69:df:89:3e:c5:82:ed:00:2f:72:c9:61:6c:a1: c3:1e:94:62:94:9b:37:70:3e:80:04:30:6f:dd:55:22: 13:cb:05:4a:64:26:11:12:ae:67:a5:77:6b:14:36:11 Fingerprint (MD5): 21:a4:90:1a:ee:81:41:7a:dd:5c:ba:7c:c2:93:08:17 Fingerprint (SHA1): 13:1e:7f:99:7c:61:1b:bb:a5:37:d6:6a:f4:8b:ae:9c: ad:7a:01:52 ipa : DEBUG approved_usage = SSL Server intended_usage = SSL Server ipa : DEBUG cert valid True for "CN=obelix.roth.lan,O=ROTH.LAN" ipa : DEBUG handshake complete, peer = 192.168.178.10:8443 ipa : DEBUG Protocol: TLS1.2 ipa : DEBUG Cipher: TLS_RSA_WITH_AES_128_CBC_SHA ipa : DEBUG request status 201 ipa : DEBUG request reason_phrase u'Created' ipa : DEBUG request headers {'date': 'Fri, 08 Jan 2016 13:23:58 GMT', 'content-length': '7318', 'content-type': 'application/json', 'location': 'https://obelix.roth.lan:8443/ca/rest/profiles/raw', 'server': 'Apache-Coyote/1.1'} ipa : DEBUG request body '#Fri Jan 08 21:23:57 CST 2016\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.2.default.params.range=731\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\ninput.i2.class_id=submitterInfoInputImpl\nauth.instance_id=raCertAuth\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\noutput.o1.class_id=certOutputImpl\npolicyset.serverCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.9.default.params.crlDistPointsCritical=false\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.2.constraint.params.range=740\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\noutput.list=o1\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.9.default.params.crlDistPointsNum=1\npolicyset.serverCertSet.11.default.name=User Supplied Extension Default\ninput.list=i1,i2\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\nvisible=false\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.10.default.name=Subject Key Identifier Extension Default\ndesc=Enroll user certificates with IECUserRoles extension via IPA-RA agent authentication.\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.11.default.params.userExtOID=2.5.29.17\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.9.default.params.crlDistPointsPointName_0=http://ipa-ca.roth.lan/ipa/crl/MasterCRL.bin\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\nenable=true\npolicyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+\npolicyset.serverCertSet.10.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=CN=Certificate Authority,o=ipaca\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true\ninput.i1.class_id=certReqInputImpl\nenableBy=admin\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.10.default.params.critical=false\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8,9,10,11,12\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\nname=IPA-RA Agent-Authenticated Server Certificate Enrollment\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.11.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.9.default.params.crlDistPointsReasons_0=\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.12.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, O=ROTH.LAN\npolicyset.serverCertSet.12.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.12.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.12.default.params.userExtOID=1.2.840.10070.8.1\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.11.constraint.name=No Constraint\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.12.default.name=IECUserRoles Extension Default\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=DirectoryName\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.10.constraint.name=No Constraint\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=http://ipa-ca.roth.lan/ca/ocsp\n' ipa : DEBUG request u'https://obelix.roth.lan:8443/ca/rest/profiles/IECUserRoles?action=enable' ipa : DEBUG request body '' ipa : DEBUG NSSConnection init obelix.roth.lan ipa : DEBUG Connecting: 192.168.178.10:0 ipa : DEBUG auth_certificate_callback: check_sig=True is_server=False Data: Version: 3 (0x2) Serial Number: 3 (0x3) Signature Algorithm: Algorithm: PKCS #1 SHA-256 With RSA Encryption Issuer: CN=Certificate Authority,O=ROTH.LAN Validity: Not Before: Fri Jan 08 12:58:35 2016 UTC Not After: Thu Dec 28 12:58:35 2017 UTC Subject: CN=obelix.roth.lan,O=ROTH.LAN Subject Public Key Info: Public Key Algorithm: Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e4:fc:cc:42:ad:12:77:c3:18:82:44:de:fb:71:e4:e1: 7b:94:46:29:52:00:a9:8f:47:3b:b1:5e:be:6b:90:be: 25:cb:f1:44:82:b2:53:0b:c5:fa:bc:86:62:d8:cd:1d: 50:46:fc:eb:20:66:f0:ac:34:6c:08:b6:f9:52:e2:e4: fa:c2:84:b6:d4:59:77:96:63:21:cb:5d:f9:88:a2:4c: 68:bd:71:24:1d:5c:8a:f5:e6:e0:15:9a:f5:e4:12:db: de:ba:64:28:b6:ff:b2:d3:95:0e:e9:b1:01:be:3b:0e: 11:ae:23:42:08:2b:50:ea:42:a7:96:bc:c5:18:9a:63: 55:e8:6b:1c:08:91:c2:37:c0:dd:38:88:a6:79:9b:56: 60:d0:0b:3f:3a:d7:3f:c6:fc:2e:54:3e:4d:46:06:0c: 0a:5c:cc:cf:61:09:84:46:a0:e3:aa:de:3d:ee:67:fc: d7:cf:0d:74:50:16:ec:44:8d:4a:2a:95:e1:e7:90:a7: c4:1d:0e:df:35:b0:bf:ff:64:97:ee:6c:92:a3:e1:cf: 98:d0:39:79:d9:5b:12:21:32:0a:20:b9:b2:d1:d6:9b: 5a:86:3b:e5:49:a2:ff:5b:2a:74:93:99:e5:97:d3:8d: 67:35:f3:ef:1b:81:dd:2d:35:d9:49:f9:35:ae:64:ad Exponent: 65537 (0x10001) Signed Extensions: (4 total) Name: Certificate Authority Key Identifier Critical: False Key ID: f6:6d:a6:df:22:82:6f:ef:8a:87:34:d9:81:24:3f:d9: b4:7d:d5:6c Serial Number: None General Names: [0 total] Name: Authority Information Access Critical: False Authority Information Access: [1 total] Info [1]: Method: PKIX Online Certificate Status Protocol Location: URI: http://obelix.roth.lan:80/ca/ocsp Name: Certificate Key Usage Critical: True Usages: Digital Signature Non-Repudiation Key Encipherment Data Encipherment Name: Extended Key Usage Critical: False Usages: TLS Web Server Authentication Certificate Signature: Signature Algorithm: Algorithm: PKCS #1 SHA-256 With RSA Encryption Signature: 2b:e8:c0:e1:e3:cc:7d:99:f1:14:19:24:09:77:70:72: bc:e7:a0:b9:2c:a6:e9:ed:cb:84:fd:39:79:87:61:31: d9:27:d8:ba:83:68:98:20:30:c2:8a:87:81:11:96:a9: d7:14:ee:79:62:1d:64:ec:67:1e:24:ba:b6:7f:6e:41: 4d:8a:5f:17:38:d3:fd:58:96:d7:03:89:06:f9:5d:2d: b3:0f:ed:89:74:01:f3:2d:4b:7f:b3:89:a6:83:b2:c7: 50:95:06:9d:ee:ff:02:f5:05:70:d1:d5:e3:7c:5e:f7: c6:99:58:3d:fe:4b:91:a7:d7:25:03:d5:a8:7b:e2:88: 12:bd:6d:64:90:d3:65:96:00:f3:3b:49:3d:4d:4d:d4: 90:5e:f9:66:06:91:81:d0:0b:c7:39:93:0f:0b:0d:18: 55:67:68:e2:9a:90:aa:47:ef:a2:f7:4f:01:a7:88:53: 66:2a:16:cf:c3:ca:b8:10:6a:54:fe:8e:6b:ee:99:50: 35:1a:47:df:3d:a7:46:b4:26:44:19:07:30:a8:ee:d9: 7e:58:69:df:89:3e:c5:82:ed:00:2f:72:c9:61:6c:a1: c3:1e:94:62:94:9b:37:70:3e:80:04:30:6f:dd:55:22: 13:cb:05:4a:64:26:11:12:ae:67:a5:77:6b:14:36:11 Fingerprint (MD5): 21:a4:90:1a:ee:81:41:7a:dd:5c:ba:7c:c2:93:08:17 Fingerprint (SHA1): 13:1e:7f:99:7c:61:1b:bb:a5:37:d6:6a:f4:8b:ae:9c: ad:7a:01:52 ipa : DEBUG approved_usage = SSL Server intended_usage = SSL Server ipa : DEBUG cert valid True for "CN=obelix.roth.lan,O=ROTH.LAN" ipa : DEBUG handshake complete, peer = 192.168.178.10:8443 ipa : DEBUG Protocol: TLS1.2 ipa : DEBUG Cipher: TLS_RSA_WITH_AES_128_CBC_SHA ipa : DEBUG request status 204 ipa : DEBUG request reason_phrase u'No Content' ipa : DEBUG request headers {'date': 'Fri, 08 Jan 2016 13:23:59 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'} ipa : DEBUG request body '' ipa : DEBUG request 'https://obelix.roth.lan:8443/ca/rest/account/logout' ipa : DEBUG request body '' ipa : DEBUG NSSConnection init obelix.roth.lan ipa : DEBUG Connecting: 192.168.178.10:0 ipa : DEBUG auth_certificate_callback: check_sig=True is_server=False Data: Version: 3 (0x2) Serial Number: 3 (0x3) Signature Algorithm: Algorithm: PKCS #1 SHA-256 With RSA Encryption Issuer: CN=Certificate Authority,O=ROTH.LAN Validity: Not Before: Fri Jan 08 12:58:35 2016 UTC Not After: Thu Dec 28 12:58:35 2017 UTC Subject: CN=obelix.roth.lan,O=ROTH.LAN Subject Public Key Info: Public Key Algorithm: Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e4:fc:cc:42:ad:12:77:c3:18:82:44:de:fb:71:e4:e1: 7b:94:46:29:52:00:a9:8f:47:3b:b1:5e:be:6b:90:be: 25:cb:f1:44:82:b2:53:0b:c5:fa:bc:86:62:d8:cd:1d: 50:46:fc:eb:20:66:f0:ac:34:6c:08:b6:f9:52:e2:e4: fa:c2:84:b6:d4:59:77:96:63:21:cb:5d:f9:88:a2:4c: 68:bd:71:24:1d:5c:8a:f5:e6:e0:15:9a:f5:e4:12:db: de:ba:64:28:b6:ff:b2:d3:95:0e:e9:b1:01:be:3b:0e: 11:ae:23:42:08:2b:50:ea:42:a7:96:bc:c5:18:9a:63: 55:e8:6b:1c:08:91:c2:37:c0:dd:38:88:a6:79:9b:56: 60:d0:0b:3f:3a:d7:3f:c6:fc:2e:54:3e:4d:46:06:0c: 0a:5c:cc:cf:61:09:84:46:a0:e3:aa:de:3d:ee:67:fc: d7:cf:0d:74:50:16:ec:44:8d:4a:2a:95:e1:e7:90:a7: c4:1d:0e:df:35:b0:bf:ff:64:97:ee:6c:92:a3:e1:cf: 98:d0:39:79:d9:5b:12:21:32:0a:20:b9:b2:d1:d6:9b: 5a:86:3b:e5:49:a2:ff:5b:2a:74:93:99:e5:97:d3:8d: 67:35:f3:ef:1b:81:dd:2d:35:d9:49:f9:35:ae:64:ad Exponent: 65537 (0x10001) Signed Extensions: (4 total) Name: Certificate Authority Key Identifier Critical: False Key ID: f6:6d:a6:df:22:82:6f:ef:8a:87:34:d9:81:24:3f:d9: b4:7d:d5:6c Serial Number: None General Names: [0 total] Name: Authority Information Access Critical: False Authority Information Access: [1 total] Info [1]: Method: PKIX Online Certificate Status Protocol Location: URI: http://obelix.roth.lan:80/ca/ocsp Name: Certificate Key Usage Critical: True Usages: Digital Signature Non-Repudiation Key Encipherment Data Encipherment Name: Extended Key Usage Critical: False Usages: TLS Web Server Authentication Certificate Signature: Signature Algorithm: Algorithm: PKCS #1 SHA-256 With RSA Encryption Signature: 2b:e8:c0:e1:e3:cc:7d:99:f1:14:19:24:09:77:70:72: bc:e7:a0:b9:2c:a6:e9:ed:cb:84:fd:39:79:87:61:31: d9:27:d8:ba:83:68:98:20:30:c2:8a:87:81:11:96:a9: d7:14:ee:79:62:1d:64:ec:67:1e:24:ba:b6:7f:6e:41: 4d:8a:5f:17:38:d3:fd:58:96:d7:03:89:06:f9:5d:2d: b3:0f:ed:89:74:01:f3:2d:4b:7f:b3:89:a6:83:b2:c7: 50:95:06:9d:ee:ff:02:f5:05:70:d1:d5:e3:7c:5e:f7: c6:99:58:3d:fe:4b:91:a7:d7:25:03:d5:a8:7b:e2:88: 12:bd:6d:64:90:d3:65:96:00:f3:3b:49:3d:4d:4d:d4: 90:5e:f9:66:06:91:81:d0:0b:c7:39:93:0f:0b:0d:18: 55:67:68:e2:9a:90:aa:47:ef:a2:f7:4f:01:a7:88:53: 66:2a:16:cf:c3:ca:b8:10:6a:54:fe:8e:6b:ee:99:50: 35:1a:47:df:3d:a7:46:b4:26:44:19:07:30:a8:ee:d9: 7e:58:69:df:89:3e:c5:82:ed:00:2f:72:c9:61:6c:a1: c3:1e:94:62:94:9b:37:70:3e:80:04:30:6f:dd:55:22: 13:cb:05:4a:64:26:11:12:ae:67:a5:77:6b:14:36:11 Fingerprint (MD5): 21:a4:90:1a:ee:81:41:7a:dd:5c:ba:7c:c2:93:08:17 Fingerprint (SHA1): 13:1e:7f:99:7c:61:1b:bb:a5:37:d6:6a:f4:8b:ae:9c: ad:7a:01:52 ipa : DEBUG approved_usage = SSL Server intended_usage = SSL Server ipa : DEBUG cert valid True for "CN=obelix.roth.lan,O=ROTH.LAN" ipa : DEBUG handshake complete, peer = 192.168.178.10:8443 ipa : DEBUG Protocol: TLS1.2 ipa : DEBUG Cipher: TLS_RSA_WITH_AES_128_CBC_SHA ipa : DEBUG request status 204 ipa : DEBUG request reason_phrase u'No Content' ipa : DEBUG request headers {'set-cookie': 'JSESSIONID=C41E786BBE2688A66F5FC34B96EFCC24; Path=/ca/; Secure; HttpOnly', 'expires': 'Thu, 01 Jan 1970 08:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Fri, 08 Jan 2016 13:23:59 GMT', 'content-type': 'application/xml'} ipa : DEBUG request body '' ipa : INFO Imported profile 'IECUserRoles' ipa : DEBUG request 'https://obelix.roth.lan:8443/ca/rest/account/login' ipa : DEBUG request body '' ipa : DEBUG NSSConnection init obelix.roth.lan ipa : DEBUG Connecting: 192.168.178.10:0 ipa : DEBUG auth_certificate_callback: check_sig=True is_server=False Data: Version: 3 (0x2) Serial Number: 3 (0x3) Signature Algorithm: Algorithm: PKCS #1 SHA-256 With RSA Encryption Issuer: CN=Certificate Authority,O=ROTH.LAN Validity: Not Before: Fri Jan 08 12:58:35 2016 UTC Not After: Thu Dec 28 12:58:35 2017 UTC Subject: CN=obelix.roth.lan,O=ROTH.LAN Subject Public Key Info: Public Key Algorithm: Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e4:fc:cc:42:ad:12:77:c3:18:82:44:de:fb:71:e4:e1: 7b:94:46:29:52:00:a9:8f:47:3b:b1:5e:be:6b:90:be: 25:cb:f1:44:82:b2:53:0b:c5:fa:bc:86:62:d8:cd:1d: 50:46:fc:eb:20:66:f0:ac:34:6c:08:b6:f9:52:e2:e4: fa:c2:84:b6:d4:59:77:96:63:21:cb:5d:f9:88:a2:4c: 68:bd:71:24:1d:5c:8a:f5:e6:e0:15:9a:f5:e4:12:db: de:ba:64:28:b6:ff:b2:d3:95:0e:e9:b1:01:be:3b:0e: 11:ae:23:42:08:2b:50:ea:42:a7:96:bc:c5:18:9a:63: 55:e8:6b:1c:08:91:c2:37:c0:dd:38:88:a6:79:9b:56: 60:d0:0b:3f:3a:d7:3f:c6:fc:2e:54:3e:4d:46:06:0c: 0a:5c:cc:cf:61:09:84:46:a0:e3:aa:de:3d:ee:67:fc: d7:cf:0d:74:50:16:ec:44:8d:4a:2a:95:e1:e7:90:a7: c4:1d:0e:df:35:b0:bf:ff:64:97:ee:6c:92:a3:e1:cf: 98:d0:39:79:d9:5b:12:21:32:0a:20:b9:b2:d1:d6:9b: 5a:86:3b:e5:49:a2:ff:5b:2a:74:93:99:e5:97:d3:8d: 67:35:f3:ef:1b:81:dd:2d:35:d9:49:f9:35:ae:64:ad Exponent: 65537 (0x10001) Signed Extensions: (4 total) Name: Certificate Authority Key Identifier Critical: False Key ID: f6:6d:a6:df:22:82:6f:ef:8a:87:34:d9:81:24:3f:d9: b4:7d:d5:6c Serial Number: None General Names: [0 total] Name: Authority Information Access Critical: False Authority Information Access: [1 total] Info [1]: Method: PKIX Online Certificate Status Protocol Location: URI: http://obelix.roth.lan:80/ca/ocsp Name: Certificate Key Usage Critical: True Usages: Digital Signature Non-Repudiation Key Encipherment Data Encipherment Name: Extended Key Usage Critical: False Usages: TLS Web Server Authentication Certificate Signature: Signature Algorithm: Algorithm: PKCS #1 SHA-256 With RSA Encryption Signature: 2b:e8:c0:e1:e3:cc:7d:99:f1:14:19:24:09:77:70:72: bc:e7:a0:b9:2c:a6:e9:ed:cb:84:fd:39:79:87:61:31: d9:27:d8:ba:83:68:98:20:30:c2:8a:87:81:11:96:a9: d7:14:ee:79:62:1d:64:ec:67:1e:24:ba:b6:7f:6e:41: 4d:8a:5f:17:38:d3:fd:58:96:d7:03:89:06:f9:5d:2d: b3:0f:ed:89:74:01:f3:2d:4b:7f:b3:89:a6:83:b2:c7: 50:95:06:9d:ee:ff:02:f5:05:70:d1:d5:e3:7c:5e:f7: c6:99:58:3d:fe:4b:91:a7:d7:25:03:d5:a8:7b:e2:88: 12:bd:6d:64:90:d3:65:96:00:f3:3b:49:3d:4d:4d:d4: 90:5e:f9:66:06:91:81:d0:0b:c7:39:93:0f:0b:0d:18: 55:67:68:e2:9a:90:aa:47:ef:a2:f7:4f:01:a7:88:53: 66:2a:16:cf:c3:ca:b8:10:6a:54:fe:8e:6b:ee:99:50: 35:1a:47:df:3d:a7:46:b4:26:44:19:07:30:a8:ee:d9: 7e:58:69:df:89:3e:c5:82:ed:00:2f:72:c9:61:6c:a1: c3:1e:94:62:94:9b:37:70:3e:80:04:30:6f:dd:55:22: 13:cb:05:4a:64:26:11:12:ae:67:a5:77:6b:14:36:11 Fingerprint (MD5): 21:a4:90:1a:ee:81:41:7a:dd:5c:ba:7c:c2:93:08:17 Fingerprint (SHA1): 13:1e:7f:99:7c:61:1b:bb:a5:37:d6:6a:f4:8b:ae:9c: ad:7a:01:52 ipa : DEBUG approved_usage = SSL Server intended_usage = SSL Server ipa : DEBUG cert valid True for "CN=obelix.roth.lan,O=ROTH.LAN" ipa : DEBUG handshake complete, peer = 192.168.178.10:8443 ipa : DEBUG Protocol: TLS1.2 ipa : DEBUG Cipher: TLS_RSA_WITH_AES_128_CBC_SHA ipa : DEBUG request status 200 ipa : DEBUG request reason_phrase u'OK' ipa : DEBUG request headers {'content-length': '205', 'set-cookie': 'JSESSIONID=4805A98E045803A8E148C25E0A411251; Path=/ca/; Secure; HttpOnly', 'expires': 'Thu, 01 Jan 1970 08:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Fri, 08 Jan 2016 13:24:01 GMT', 'content-type': 'application/xml'} ipa : DEBUG request body 'iparaCertificate Manager AgentsRegistration Manager Agents' ipa : DEBUG request 'https://obelix.roth.lan:8443/ca/rest/profiles/raw' ipa : DEBUG request body 'profileId=caIPAserviceCert\nclassId=caEnrollImpl\ndesc=This certificate profile is for enrolling server certificates with IPA-RA agent authentication.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=IPA-RA Agent-Authenticated Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8,9,10,11\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, O=ROTH.LAN\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=740\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=731\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=http://ipa-ca.roth.lan/ca/ocsp\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default\npolicyset.serverCertSet.9.default.params.crlDistPointsCritical=false\npolicyset.serverCertSet.9.default.params.crlDistPointsNum=1\npolicyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=CN=Certificate Authority,o=ipaca\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=DirectoryName\npolicyset.serverCertSet.9.default.params.crlDistPointsPointName_0=http://ipa-ca.roth.lan/ipa/crl/MasterCRL.bin\npolicyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName\npolicyset.serverCertSet.9.default.params.crlDistPointsReasons_0=\npolicyset.serverCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.10.constraint.name=No Constraint\npolicyset.serverCertSet.10.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.10.default.name=Subject Key Identifier Extension Default\npolicyset.serverCertSet.10.default.params.critical=false\npolicyset.serverCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.11.constraint.name=No Constraint\npolicyset.serverCertSet.11.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.11.default.name=User Supplied Extension Default\npolicyset.serverCertSet.11.default.params.userExtOID=2.5.29.17\n' ipa : DEBUG NSSConnection init obelix.roth.lan ipa : DEBUG Connecting: 192.168.178.10:0 ipa : DEBUG auth_certificate_callback: check_sig=True is_server=False Data: Version: 3 (0x2) Serial Number: 3 (0x3) Signature Algorithm: Algorithm: PKCS #1 SHA-256 With RSA Encryption Issuer: CN=Certificate Authority,O=ROTH.LAN Validity: Not Before: Fri Jan 08 12:58:35 2016 UTC Not After: Thu Dec 28 12:58:35 2017 UTC Subject: CN=obelix.roth.lan,O=ROTH.LAN Subject Public Key Info: Public Key Algorithm: Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e4:fc:cc:42:ad:12:77:c3:18:82:44:de:fb:71:e4:e1: 7b:94:46:29:52:00:a9:8f:47:3b:b1:5e:be:6b:90:be: 25:cb:f1:44:82:b2:53:0b:c5:fa:bc:86:62:d8:cd:1d: 50:46:fc:eb:20:66:f0:ac:34:6c:08:b6:f9:52:e2:e4: fa:c2:84:b6:d4:59:77:96:63:21:cb:5d:f9:88:a2:4c: 68:bd:71:24:1d:5c:8a:f5:e6:e0:15:9a:f5:e4:12:db: de:ba:64:28:b6:ff:b2:d3:95:0e:e9:b1:01:be:3b:0e: 11:ae:23:42:08:2b:50:ea:42:a7:96:bc:c5:18:9a:63: 55:e8:6b:1c:08:91:c2:37:c0:dd:38:88:a6:79:9b:56: 60:d0:0b:3f:3a:d7:3f:c6:fc:2e:54:3e:4d:46:06:0c: 0a:5c:cc:cf:61:09:84:46:a0:e3:aa:de:3d:ee:67:fc: d7:cf:0d:74:50:16:ec:44:8d:4a:2a:95:e1:e7:90:a7: c4:1d:0e:df:35:b0:bf:ff:64:97:ee:6c:92:a3:e1:cf: 98:d0:39:79:d9:5b:12:21:32:0a:20:b9:b2:d1:d6:9b: 5a:86:3b:e5:49:a2:ff:5b:2a:74:93:99:e5:97:d3:8d: 67:35:f3:ef:1b:81:dd:2d:35:d9:49:f9:35:ae:64:ad Exponent: 65537 (0x10001) Signed Extensions: (4 total) Name: Certificate Authority Key Identifier Critical: False Key ID: f6:6d:a6:df:22:82:6f:ef:8a:87:34:d9:81:24:3f:d9: b4:7d:d5:6c Serial Number: None General Names: [0 total] Name: Authority Information Access Critical: False Authority Information Access: [1 total] Info [1]: Method: PKIX Online Certificate Status Protocol Location: URI: http://obelix.roth.lan:80/ca/ocsp Name: Certificate Key Usage Critical: True Usages: Digital Signature Non-Repudiation Key Encipherment Data Encipherment Name: Extended Key Usage Critical: False Usages: TLS Web Server Authentication Certificate Signature: Signature Algorithm: Algorithm: PKCS #1 SHA-256 With RSA Encryption Signature: 2b:e8:c0:e1:e3:cc:7d:99:f1:14:19:24:09:77:70:72: bc:e7:a0:b9:2c:a6:e9:ed:cb:84:fd:39:79:87:61:31: d9:27:d8:ba:83:68:98:20:30:c2:8a:87:81:11:96:a9: d7:14:ee:79:62:1d:64:ec:67:1e:24:ba:b6:7f:6e:41: 4d:8a:5f:17:38:d3:fd:58:96:d7:03:89:06:f9:5d:2d: b3:0f:ed:89:74:01:f3:2d:4b:7f:b3:89:a6:83:b2:c7: 50:95:06:9d:ee:ff:02:f5:05:70:d1:d5:e3:7c:5e:f7: c6:99:58:3d:fe:4b:91:a7:d7:25:03:d5:a8:7b:e2:88: 12:bd:6d:64:90:d3:65:96:00:f3:3b:49:3d:4d:4d:d4: 90:5e:f9:66:06:91:81:d0:0b:c7:39:93:0f:0b:0d:18: 55:67:68:e2:9a:90:aa:47:ef:a2:f7:4f:01:a7:88:53: 66:2a:16:cf:c3:ca:b8:10:6a:54:fe:8e:6b:ee:99:50: 35:1a:47:df:3d:a7:46:b4:26:44:19:07:30:a8:ee:d9: 7e:58:69:df:89:3e:c5:82:ed:00:2f:72:c9:61:6c:a1: c3:1e:94:62:94:9b:37:70:3e:80:04:30:6f:dd:55:22: 13:cb:05:4a:64:26:11:12:ae:67:a5:77:6b:14:36:11 Fingerprint (MD5): 21:a4:90:1a:ee:81:41:7a:dd:5c:ba:7c:c2:93:08:17 Fingerprint (SHA1): 13:1e:7f:99:7c:61:1b:bb:a5:37:d6:6a:f4:8b:ae:9c: ad:7a:01:52 ipa : DEBUG approved_usage = SSL Server intended_usage = SSL Server ipa : DEBUG cert valid True for "CN=obelix.roth.lan,O=ROTH.LAN" ipa : DEBUG handshake complete, peer = 192.168.178.10:8443 ipa : DEBUG Protocol: TLS1.2 ipa : DEBUG Cipher: TLS_RSA_WITH_AES_128_CBC_SHA ipa : DEBUG request status 400 ipa : DEBUG request reason_phrase u'Bad Request' ipa : DEBUG request headers {'transfer-encoding': 'chunked', 'date': 'Fri, 08 Jan 2016 13:24:08 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'} ipa : DEBUG request body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}' ipa : DEBUG request u'https://obelix.roth.lan:8443/ca/rest/profiles/caIPAserviceCert?action=disable' ipa : DEBUG request body '' ipa : DEBUG NSSConnection init obelix.roth.lan ipa : DEBUG Connecting: 192.168.178.10:0 ipa : DEBUG auth_certificate_callback: check_sig=True is_server=False Data: Version: 3 (0x2) Serial Number: 3 (0x3) Signature Algorithm: Algorithm: PKCS #1 SHA-256 With RSA Encryption Issuer: CN=Certificate Authority,O=ROTH.LAN Validity: Not Before: Fri Jan 08 12:58:35 2016 UTC Not After: Thu Dec 28 12:58:35 2017 UTC Subject: CN=obelix.roth.lan,O=ROTH.LAN Subject Public Key Info: Public Key Algorithm: Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e4:fc:cc:42:ad:12:77:c3:18:82:44:de:fb:71:e4:e1: 7b:94:46:29:52:00:a9:8f:47:3b:b1:5e:be:6b:90:be: 25:cb:f1:44:82:b2:53:0b:c5:fa:bc:86:62:d8:cd:1d: 50:46:fc:eb:20:66:f0:ac:34:6c:08:b6:f9:52:e2:e4: fa:c2:84:b6:d4:59:77:96:63:21:cb:5d:f9:88:a2:4c: 68:bd:71:24:1d:5c:8a:f5:e6:e0:15:9a:f5:e4:12:db: de:ba:64:28:b6:ff:b2:d3:95:0e:e9:b1:01:be:3b:0e: 11:ae:23:42:08:2b:50:ea:42:a7:96:bc:c5:18:9a:63: 55:e8:6b:1c:08:91:c2:37:c0:dd:38:88:a6:79:9b:56: 60:d0:0b:3f:3a:d7:3f:c6:fc:2e:54:3e:4d:46:06:0c: 0a:5c:cc:cf:61:09:84:46:a0:e3:aa:de:3d:ee:67:fc: d7:cf:0d:74:50:16:ec:44:8d:4a:2a:95:e1:e7:90:a7: c4:1d:0e:df:35:b0:bf:ff:64:97:ee:6c:92:a3:e1:cf: 98:d0:39:79:d9:5b:12:21:32:0a:20:b9:b2:d1:d6:9b: 5a:86:3b:e5:49:a2:ff:5b:2a:74:93:99:e5:97:d3:8d: 67:35:f3:ef:1b:81:dd:2d:35:d9:49:f9:35:ae:64:ad Exponent: 65537 (0x10001) Signed Extensions: (4 total) Name: Certificate Authority Key Identifier Critical: False Key ID: f6:6d:a6:df:22:82:6f:ef:8a:87:34:d9:81:24:3f:d9: b4:7d:d5:6c Serial Number: None General Names: [0 total] Name: Authority Information Access Critical: False Authority Information Access: [1 total] Info [1]: Method: PKIX Online Certificate Status Protocol Location: URI: http://obelix.roth.lan:80/ca/ocsp Name: Certificate Key Usage Critical: True Usages: Digital Signature Non-Repudiation Key Encipherment Data Encipherment Name: Extended Key Usage Critical: False Usages: TLS Web Server Authentication Certificate Signature: Signature Algorithm: Algorithm: PKCS #1 SHA-256 With RSA Encryption Signature: 2b:e8:c0:e1:e3:cc:7d:99:f1:14:19:24:09:77:70:72: bc:e7:a0:b9:2c:a6:e9:ed:cb:84:fd:39:79:87:61:31: d9:27:d8:ba:83:68:98:20:30:c2:8a:87:81:11:96:a9: d7:14:ee:79:62:1d:64:ec:67:1e:24:ba:b6:7f:6e:41: 4d:8a:5f:17:38:d3:fd:58:96:d7:03:89:06:f9:5d:2d: b3:0f:ed:89:74:01:f3:2d:4b:7f:b3:89:a6:83:b2:c7: 50:95:06:9d:ee:ff:02:f5:05:70:d1:d5:e3:7c:5e:f7: c6:99:58:3d:fe:4b:91:a7:d7:25:03:d5:a8:7b:e2:88: 12:bd:6d:64:90:d3:65:96:00:f3:3b:49:3d:4d:4d:d4: 90:5e:f9:66:06:91:81:d0:0b:c7:39:93:0f:0b:0d:18: 55:67:68:e2:9a:90:aa:47:ef:a2:f7:4f:01:a7:88:53: 66:2a:16:cf:c3:ca:b8:10:6a:54:fe:8e:6b:ee:99:50: 35:1a:47:df:3d:a7:46:b4:26:44:19:07:30:a8:ee:d9: 7e:58:69:df:89:3e:c5:82:ed:00:2f:72:c9:61:6c:a1: c3:1e:94:62:94:9b:37:70:3e:80:04:30:6f:dd:55:22: 13:cb:05:4a:64:26:11:12:ae:67:a5:77:6b:14:36:11 Fingerprint (MD5): 21:a4:90:1a:ee:81:41:7a:dd:5c:ba:7c:c2:93:08:17 Fingerprint (SHA1): 13:1e:7f:99:7c:61:1b:bb:a5:37:d6:6a:f4:8b:ae:9c: ad:7a:01:52 ipa : DEBUG approved_usage = SSL Server intended_usage = SSL Server ipa : DEBUG cert valid True for "CN=obelix.roth.lan,O=ROTH.LAN" ipa : DEBUG handshake complete, peer = 192.168.178.10:8443 ipa : DEBUG Protocol: TLS1.2 ipa : DEBUG Cipher: TLS_RSA_WITH_AES_128_CBC_SHA ipa : DEBUG request status 204 ipa : DEBUG request reason_phrase u'No Content' ipa : DEBUG request headers {'date': 'Fri, 08 Jan 2016 13:24:08 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'} ipa : DEBUG request body '' ipa : DEBUG request u'https://obelix.roth.lan:8443/ca/rest/profiles/caIPAserviceCert' ipa : DEBUG request body '' ipa : DEBUG NSSConnection init obelix.roth.lan ipa : DEBUG Connecting: 192.168.178.10:0 ipa : DEBUG auth_certificate_callback: check_sig=True is_server=False Data: Version: 3 (0x2) Serial Number: 3 (0x3) Signature Algorithm: Algorithm: PKCS #1 SHA-256 With RSA Encryption Issuer: CN=Certificate Authority,O=ROTH.LAN Validity: Not Before: Fri Jan 08 12:58:35 2016 UTC Not After: Thu Dec 28 12:58:35 2017 UTC Subject: CN=obelix.roth.lan,O=ROTH.LAN Subject Public Key Info: Public Key Algorithm: Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e4:fc:cc:42:ad:12:77:c3:18:82:44:de:fb:71:e4:e1: 7b:94:46:29:52:00:a9:8f:47:3b:b1:5e:be:6b:90:be: 25:cb:f1:44:82:b2:53:0b:c5:fa:bc:86:62:d8:cd:1d: 50:46:fc:eb:20:66:f0:ac:34:6c:08:b6:f9:52:e2:e4: fa:c2:84:b6:d4:59:77:96:63:21:cb:5d:f9:88:a2:4c: 68:bd:71:24:1d:5c:8a:f5:e6:e0:15:9a:f5:e4:12:db: de:ba:64:28:b6:ff:b2:d3:95:0e:e9:b1:01:be:3b:0e: 11:ae:23:42:08:2b:50:ea:42:a7:96:bc:c5:18:9a:63: 55:e8:6b:1c:08:91:c2:37:c0:dd:38:88:a6:79:9b:56: 60:d0:0b:3f:3a:d7:3f:c6:fc:2e:54:3e:4d:46:06:0c: 0a:5c:cc:cf:61:09:84:46:a0:e3:aa:de:3d:ee:67:fc: d7:cf:0d:74:50:16:ec:44:8d:4a:2a:95:e1:e7:90:a7: c4:1d:0e:df:35:b0:bf:ff:64:97:ee:6c:92:a3:e1:cf: 98:d0:39:79:d9:5b:12:21:32:0a:20:b9:b2:d1:d6:9b: 5a:86:3b:e5:49:a2:ff:5b:2a:74:93:99:e5:97:d3:8d: 67:35:f3:ef:1b:81:dd:2d:35:d9:49:f9:35:ae:64:ad Exponent: 65537 (0x10001) Signed Extensions: (4 total) Name: Certificate Authority Key Identifier Critical: False Key ID: f6:6d:a6:df:22:82:6f:ef:8a:87:34:d9:81:24:3f:d9: b4:7d:d5:6c Serial Number: None General Names: [0 total] Name: Authority Information Access Critical: False Authority Information Access: [1 total] Info [1]: Method: PKIX Online Certificate Status Protocol Location: URI: http://obelix.roth.lan:80/ca/ocsp Name: Certificate Key Usage Critical: True Usages: Digital Signature Non-Repudiation Key Encipherment Data Encipherment Name: Extended Key Usage Critical: False Usages: TLS Web Server Authentication Certificate Signature: Signature Algorithm: Algorithm: PKCS #1 SHA-256 With RSA Encryption Signature: 2b:e8:c0:e1:e3:cc:7d:99:f1:14:19:24:09:77:70:72: bc:e7:a0:b9:2c:a6:e9:ed:cb:84:fd:39:79:87:61:31: d9:27:d8:ba:83:68:98:20:30:c2:8a:87:81:11:96:a9: d7:14:ee:79:62:1d:64:ec:67:1e:24:ba:b6:7f:6e:41: 4d:8a:5f:17:38:d3:fd:58:96:d7:03:89:06:f9:5d:2d: b3:0f:ed:89:74:01:f3:2d:4b:7f:b3:89:a6:83:b2:c7: 50:95:06:9d:ee:ff:02:f5:05:70:d1:d5:e3:7c:5e:f7: c6:99:58:3d:fe:4b:91:a7:d7:25:03:d5:a8:7b:e2:88: 12:bd:6d:64:90:d3:65:96:00:f3:3b:49:3d:4d:4d:d4: 90:5e:f9:66:06:91:81:d0:0b:c7:39:93:0f:0b:0d:18: 55:67:68:e2:9a:90:aa:47:ef:a2:f7:4f:01:a7:88:53: 66:2a:16:cf:c3:ca:b8:10:6a:54:fe:8e:6b:ee:99:50: 35:1a:47:df:3d:a7:46:b4:26:44:19:07:30:a8:ee:d9: 7e:58:69:df:89:3e:c5:82:ed:00:2f:72:c9:61:6c:a1: c3:1e:94:62:94:9b:37:70:3e:80:04:30:6f:dd:55:22: 13:cb:05:4a:64:26:11:12:ae:67:a5:77:6b:14:36:11 Fingerprint (MD5): 21:a4:90:1a:ee:81:41:7a:dd:5c:ba:7c:c2:93:08:17 Fingerprint (SHA1): 13:1e:7f:99:7c:61:1b:bb:a5:37:d6:6a:f4:8b:ae:9c: ad:7a:01:52 ipa : DEBUG approved_usage = SSL Server intended_usage = SSL Server ipa : DEBUG cert valid True for "CN=obelix.roth.lan,O=ROTH.LAN" ipa : DEBUG handshake complete, peer = 192.168.178.10:8443 ipa : DEBUG Protocol: TLS1.2 ipa : DEBUG Cipher: TLS_RSA_WITH_AES_128_CBC_SHA ipa : DEBUG request status 204 ipa : DEBUG request reason_phrase u'No Content' ipa : DEBUG request headers {'date': 'Fri, 08 Jan 2016 13:24:08 GMT', 'cache-control': 'private', 'content-type': 'application/json', 'expires': 'Thu, 01 Jan 1970 08:00:00 CST', 'server': 'Apache-Coyote/1.1'} ipa : DEBUG request body '' ipa : DEBUG request 'https://obelix.roth.lan:8443/ca/rest/profiles/raw' ipa : DEBUG request body 'profileId=caIPAserviceCert\nclassId=caEnrollImpl\ndesc=This certificate profile is for enrolling server certificates with IPA-RA agent authentication.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=IPA-RA Agent-Authenticated Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8,9,10,11\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, O=ROTH.LAN\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=740\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=731\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=http://ipa-ca.roth.lan/ca/ocsp\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default\npolicyset.serverCertSet.9.default.params.crlDistPointsCritical=false\npolicyset.serverCertSet.9.default.params.crlDistPointsNum=1\npolicyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=CN=Certificate Authority,o=ipaca\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=DirectoryName\npolicyset.serverCertSet.9.default.params.crlDistPointsPointName_0=http://ipa-ca.roth.lan/ipa/crl/MasterCRL.bin\npolicyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName\npolicyset.serverCertSet.9.default.params.crlDistPointsReasons_0=\npolicyset.serverCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.10.constraint.name=No Constraint\npolicyset.serverCertSet.10.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.10.default.name=Subject Key Identifier Extension Default\npolicyset.serverCertSet.10.default.params.critical=false\npolicyset.serverCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.11.constraint.name=No Constraint\npolicyset.serverCertSet.11.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.11.default.name=User Supplied Extension Default\npolicyset.serverCertSet.11.default.params.userExtOID=2.5.29.17\n' ipa : DEBUG NSSConnection init obelix.roth.lan ipa : DEBUG Connecting: 192.168.178.10:0 ipa : DEBUG auth_certificate_callback: check_sig=True is_server=False Data: Version: 3 (0x2) Serial Number: 3 (0x3) Signature Algorithm: Algorithm: PKCS #1 SHA-256 With RSA Encryption Issuer: CN=Certificate Authority,O=ROTH.LAN Validity: Not Before: Fri Jan 08 12:58:35 2016 UTC Not After: Thu Dec 28 12:58:35 2017 UTC Subject: CN=obelix.roth.lan,O=ROTH.LAN Subject Public Key Info: Public Key Algorithm: Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e4:fc:cc:42:ad:12:77:c3:18:82:44:de:fb:71:e4:e1: 7b:94:46:29:52:00:a9:8f:47:3b:b1:5e:be:6b:90:be: 25:cb:f1:44:82:b2:53:0b:c5:fa:bc:86:62:d8:cd:1d: 50:46:fc:eb:20:66:f0:ac:34:6c:08:b6:f9:52:e2:e4: fa:c2:84:b6:d4:59:77:96:63:21:cb:5d:f9:88:a2:4c: 68:bd:71:24:1d:5c:8a:f5:e6:e0:15:9a:f5:e4:12:db: de:ba:64:28:b6:ff:b2:d3:95:0e:e9:b1:01:be:3b:0e: 11:ae:23:42:08:2b:50:ea:42:a7:96:bc:c5:18:9a:63: 55:e8:6b:1c:08:91:c2:37:c0:dd:38:88:a6:79:9b:56: 60:d0:0b:3f:3a:d7:3f:c6:fc:2e:54:3e:4d:46:06:0c: 0a:5c:cc:cf:61:09:84:46:a0:e3:aa:de:3d:ee:67:fc: d7:cf:0d:74:50:16:ec:44:8d:4a:2a:95:e1:e7:90:a7: c4:1d:0e:df:35:b0:bf:ff:64:97:ee:6c:92:a3:e1:cf: 98:d0:39:79:d9:5b:12:21:32:0a:20:b9:b2:d1:d6:9b: 5a:86:3b:e5:49:a2:ff:5b:2a:74:93:99:e5:97:d3:8d: 67:35:f3:ef:1b:81:dd:2d:35:d9:49:f9:35:ae:64:ad Exponent: 65537 (0x10001) Signed Extensions: (4 total) Name: Certificate Authority Key Identifier Critical: False Key ID: f6:6d:a6:df:22:82:6f:ef:8a:87:34:d9:81:24:3f:d9: b4:7d:d5:6c Serial Number: None General Names: [0 total] Name: Authority Information Access Critical: False Authority Information Access: [1 total] Info [1]: Method: PKIX Online Certificate Status Protocol Location: URI: http://obelix.roth.lan:80/ca/ocsp Name: Certificate Key Usage Critical: True Usages: Digital Signature Non-Repudiation Key Encipherment Data Encipherment Name: Extended Key Usage Critical: False Usages: TLS Web Server Authentication Certificate Signature: Signature Algorithm: Algorithm: PKCS #1 SHA-256 With RSA Encryption Signature: 2b:e8:c0:e1:e3:cc:7d:99:f1:14:19:24:09:77:70:72: bc:e7:a0:b9:2c:a6:e9:ed:cb:84:fd:39:79:87:61:31: d9:27:d8:ba:83:68:98:20:30:c2:8a:87:81:11:96:a9: d7:14:ee:79:62:1d:64:ec:67:1e:24:ba:b6:7f:6e:41: 4d:8a:5f:17:38:d3:fd:58:96:d7:03:89:06:f9:5d:2d: b3:0f:ed:89:74:01:f3:2d:4b:7f:b3:89:a6:83:b2:c7: 50:95:06:9d:ee:ff:02:f5:05:70:d1:d5:e3:7c:5e:f7: c6:99:58:3d:fe:4b:91:a7:d7:25:03:d5:a8:7b:e2:88: 12:bd:6d:64:90:d3:65:96:00:f3:3b:49:3d:4d:4d:d4: 90:5e:f9:66:06:91:81:d0:0b:c7:39:93:0f:0b:0d:18: 55:67:68:e2:9a:90:aa:47:ef:a2:f7:4f:01:a7:88:53: 66:2a:16:cf:c3:ca:b8:10:6a:54:fe:8e:6b:ee:99:50: 35:1a:47:df:3d:a7:46:b4:26:44:19:07:30:a8:ee:d9: 7e:58:69:df:89:3e:c5:82:ed:00:2f:72:c9:61:6c:a1: c3:1e:94:62:94:9b:37:70:3e:80:04:30:6f:dd:55:22: 13:cb:05:4a:64:26:11:12:ae:67:a5:77:6b:14:36:11 Fingerprint (MD5): 21:a4:90:1a:ee:81:41:7a:dd:5c:ba:7c:c2:93:08:17 Fingerprint (SHA1): 13:1e:7f:99:7c:61:1b:bb:a5:37:d6:6a:f4:8b:ae:9c: ad:7a:01:52 ipa : DEBUG approved_usage = SSL Server intended_usage = SSL Server ipa : DEBUG cert valid True for "CN=obelix.roth.lan,O=ROTH.LAN" ipa : DEBUG handshake complete, peer = 192.168.178.10:8443 ipa : DEBUG Protocol: TLS1.2 ipa : DEBUG Cipher: TLS_RSA_WITH_AES_128_CBC_SHA ipa : DEBUG request status 201 ipa : DEBUG request reason_phrase u'Created' ipa : DEBUG request headers {'date': 'Fri, 08 Jan 2016 13:24:09 GMT', 'content-length': '6993', 'content-type': 'application/json', 'location': 'https://obelix.roth.lan:8443/ca/rest/profiles/raw', 'server': 'Apache-Coyote/1.1'} ipa : DEBUG request body '#Fri Jan 08 21:24:09 CST 2016\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.2.default.params.range=731\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\ninput.i2.class_id=submitterInfoInputImpl\nauth.instance_id=raCertAuth\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\noutput.o1.class_id=certOutputImpl\npolicyset.serverCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.9.default.params.crlDistPointsCritical=false\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.2.constraint.params.range=740\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\noutput.list=o1\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.9.default.params.crlDistPointsNum=1\npolicyset.serverCertSet.11.default.name=User Supplied Extension Default\ninput.list=i1,i2\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\nvisible=false\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.10.default.name=Subject Key Identifier Extension Default\ndesc=This certificate profile is for enrolling server certificates with IPA-RA agent authentication.\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.11.default.params.userExtOID=2.5.29.17\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.9.default.params.crlDistPointsPointName_0=http://ipa-ca.roth.lan/ipa/crl/MasterCRL.bin\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\nenable=true\npolicyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+\npolicyset.serverCertSet.10.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=CN=Certificate Authority,o=ipaca\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true\ninput.i1.class_id=certReqInputImpl\nenableBy=admin\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.10.default.params.critical=false\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8,9,10,11\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\nname=IPA-RA Agent-Authenticated Server Certificate Enrollment\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.11.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.9.default.params.crlDistPointsReasons_0=\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, O=ROTH.LAN\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.11.constraint.name=No Constraint\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=DirectoryName\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.10.constraint.name=No Constraint\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=http://ipa-ca.roth.lan/ca/ocsp\n' ipa : DEBUG request u'https://obelix.roth.lan:8443/ca/rest/profiles/caIPAserviceCert?action=enable' ipa : DEBUG request body '' ipa : DEBUG NSSConnection init obelix.roth.lan ipa : DEBUG Connecting: 192.168.178.10:0 ipa : DEBUG auth_certificate_callback: check_sig=True is_server=False Data: Version: 3 (0x2) Serial Number: 3 (0x3) Signature Algorithm: Algorithm: PKCS #1 SHA-256 With RSA Encryption Issuer: CN=Certificate Authority,O=ROTH.LAN Validity: Not Before: Fri Jan 08 12:58:35 2016 UTC Not After: Thu Dec 28 12:58:35 2017 UTC Subject: CN=obelix.roth.lan,O=ROTH.LAN Subject Public Key Info: Public Key Algorithm: Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e4:fc:cc:42:ad:12:77:c3:18:82:44:de:fb:71:e4:e1: 7b:94:46:29:52:00:a9:8f:47:3b:b1:5e:be:6b:90:be: 25:cb:f1:44:82:b2:53:0b:c5:fa:bc:86:62:d8:cd:1d: 50:46:fc:eb:20:66:f0:ac:34:6c:08:b6:f9:52:e2:e4: fa:c2:84:b6:d4:59:77:96:63:21:cb:5d:f9:88:a2:4c: 68:bd:71:24:1d:5c:8a:f5:e6:e0:15:9a:f5:e4:12:db: de:ba:64:28:b6:ff:b2:d3:95:0e:e9:b1:01:be:3b:0e: 11:ae:23:42:08:2b:50:ea:42:a7:96:bc:c5:18:9a:63: 55:e8:6b:1c:08:91:c2:37:c0:dd:38:88:a6:79:9b:56: 60:d0:0b:3f:3a:d7:3f:c6:fc:2e:54:3e:4d:46:06:0c: 0a:5c:cc:cf:61:09:84:46:a0:e3:aa:de:3d:ee:67:fc: d7:cf:0d:74:50:16:ec:44:8d:4a:2a:95:e1:e7:90:a7: c4:1d:0e:df:35:b0:bf:ff:64:97:ee:6c:92:a3:e1:cf: 98:d0:39:79:d9:5b:12:21:32:0a:20:b9:b2:d1:d6:9b: 5a:86:3b:e5:49:a2:ff:5b:2a:74:93:99:e5:97:d3:8d: 67:35:f3:ef:1b:81:dd:2d:35:d9:49:f9:35:ae:64:ad Exponent: 65537 (0x10001) Signed Extensions: (4 total) Name: Certificate Authority Key Identifier Critical: False Key ID: f6:6d:a6:df:22:82:6f:ef:8a:87:34:d9:81:24:3f:d9: b4:7d:d5:6c Serial Number: None General Names: [0 total] Name: Authority Information Access Critical: False Authority Information Access: [1 total] Info [1]: Method: PKIX Online Certificate Status Protocol Location: URI: http://obelix.roth.lan:80/ca/ocsp Name: Certificate Key Usage Critical: True Usages: Digital Signature Non-Repudiation Key Encipherment Data Encipherment Name: Extended Key Usage Critical: False Usages: TLS Web Server Authentication Certificate Signature: Signature Algorithm: Algorithm: PKCS #1 SHA-256 With RSA Encryption Signature: 2b:e8:c0:e1:e3:cc:7d:99:f1:14:19:24:09:77:70:72: bc:e7:a0:b9:2c:a6:e9:ed:cb:84:fd:39:79:87:61:31: d9:27:d8:ba:83:68:98:20:30:c2:8a:87:81:11:96:a9: d7:14:ee:79:62:1d:64:ec:67:1e:24:ba:b6:7f:6e:41: 4d:8a:5f:17:38:d3:fd:58:96:d7:03:89:06:f9:5d:2d: b3:0f:ed:89:74:01:f3:2d:4b:7f:b3:89:a6:83:b2:c7: 50:95:06:9d:ee:ff:02:f5:05:70:d1:d5:e3:7c:5e:f7: c6:99:58:3d:fe:4b:91:a7:d7:25:03:d5:a8:7b:e2:88: 12:bd:6d:64:90:d3:65:96:00:f3:3b:49:3d:4d:4d:d4: 90:5e:f9:66:06:91:81:d0:0b:c7:39:93:0f:0b:0d:18: 55:67:68:e2:9a:90:aa:47:ef:a2:f7:4f:01:a7:88:53: 66:2a:16:cf:c3:ca:b8:10:6a:54:fe:8e:6b:ee:99:50: 35:1a:47:df:3d:a7:46:b4:26:44:19:07:30:a8:ee:d9: 7e:58:69:df:89:3e:c5:82:ed:00:2f:72:c9:61:6c:a1: c3:1e:94:62:94:9b:37:70:3e:80:04:30:6f:dd:55:22: 13:cb:05:4a:64:26:11:12:ae:67:a5:77:6b:14:36:11 Fingerprint (MD5): 21:a4:90:1a:ee:81:41:7a:dd:5c:ba:7c:c2:93:08:17 Fingerprint (SHA1): 13:1e:7f:99:7c:61:1b:bb:a5:37:d6:6a:f4:8b:ae:9c: ad:7a:01:52 ipa : DEBUG approved_usage = SSL Server intended_usage = SSL Server ipa : DEBUG cert valid True for "CN=obelix.roth.lan,O=ROTH.LAN" ipa : DEBUG handshake complete, peer = 192.168.178.10:8443 ipa : DEBUG Protocol: TLS1.2 ipa : DEBUG Cipher: TLS_RSA_WITH_AES_128_CBC_SHA ipa : DEBUG request status 204 ipa : DEBUG request reason_phrase u'No Content' ipa : DEBUG request headers {'date': 'Fri, 08 Jan 2016 13:24:09 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'} ipa : DEBUG request body '' ipa : DEBUG request 'https://obelix.roth.lan:8443/ca/rest/account/logout' ipa : DEBUG request body '' ipa : DEBUG NSSConnection init obelix.roth.lan ipa : DEBUG Connecting: 192.168.178.10:0 ipa : DEBUG auth_certificate_callback: check_sig=True is_server=False Data: Version: 3 (0x2) Serial Number: 3 (0x3) Signature Algorithm: Algorithm: PKCS #1 SHA-256 With RSA Encryption Issuer: CN=Certificate Authority,O=ROTH.LAN Validity: Not Before: Fri Jan 08 12:58:35 2016 UTC Not After: Thu Dec 28 12:58:35 2017 UTC Subject: CN=obelix.roth.lan,O=ROTH.LAN Subject Public Key Info: Public Key Algorithm: Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e4:fc:cc:42:ad:12:77:c3:18:82:44:de:fb:71:e4:e1: 7b:94:46:29:52:00:a9:8f:47:3b:b1:5e:be:6b:90:be: 25:cb:f1:44:82:b2:53:0b:c5:fa:bc:86:62:d8:cd:1d: 50:46:fc:eb:20:66:f0:ac:34:6c:08:b6:f9:52:e2:e4: fa:c2:84:b6:d4:59:77:96:63:21:cb:5d:f9:88:a2:4c: 68:bd:71:24:1d:5c:8a:f5:e6:e0:15:9a:f5:e4:12:db: de:ba:64:28:b6:ff:b2:d3:95:0e:e9:b1:01:be:3b:0e: 11:ae:23:42:08:2b:50:ea:42:a7:96:bc:c5:18:9a:63: 55:e8:6b:1c:08:91:c2:37:c0:dd:38:88:a6:79:9b:56: 60:d0:0b:3f:3a:d7:3f:c6:fc:2e:54:3e:4d:46:06:0c: 0a:5c:cc:cf:61:09:84:46:a0:e3:aa:de:3d:ee:67:fc: d7:cf:0d:74:50:16:ec:44:8d:4a:2a:95:e1:e7:90:a7: c4:1d:0e:df:35:b0:bf:ff:64:97:ee:6c:92:a3:e1:cf: 98:d0:39:79:d9:5b:12:21:32:0a:20:b9:b2:d1:d6:9b: 5a:86:3b:e5:49:a2:ff:5b:2a:74:93:99:e5:97:d3:8d: 67:35:f3:ef:1b:81:dd:2d:35:d9:49:f9:35:ae:64:ad Exponent: 65537 (0x10001) Signed Extensions: (4 total) Name: Certificate Authority Key Identifier Critical: False Key ID: f6:6d:a6:df:22:82:6f:ef:8a:87:34:d9:81:24:3f:d9: b4:7d:d5:6c Serial Number: None General Names: [0 total] Name: Authority Information Access Critical: False Authority Information Access: [1 total] Info [1]: Method: PKIX Online Certificate Status Protocol Location: URI: http://obelix.roth.lan:80/ca/ocsp Name: Certificate Key Usage Critical: True Usages: Digital Signature Non-Repudiation Key Encipherment Data Encipherment Name: Extended Key Usage Critical: False Usages: TLS Web Server Authentication Certificate Signature: Signature Algorithm: Algorithm: PKCS #1 SHA-256 With RSA Encryption Signature: 2b:e8:c0:e1:e3:cc:7d:99:f1:14:19:24:09:77:70:72: bc:e7:a0:b9:2c:a6:e9:ed:cb:84:fd:39:79:87:61:31: d9:27:d8:ba:83:68:98:20:30:c2:8a:87:81:11:96:a9: d7:14:ee:79:62:1d:64:ec:67:1e:24:ba:b6:7f:6e:41: 4d:8a:5f:17:38:d3:fd:58:96:d7:03:89:06:f9:5d:2d: b3:0f:ed:89:74:01:f3:2d:4b:7f:b3:89:a6:83:b2:c7: 50:95:06:9d:ee:ff:02:f5:05:70:d1:d5:e3:7c:5e:f7: c6:99:58:3d:fe:4b:91:a7:d7:25:03:d5:a8:7b:e2:88: 12:bd:6d:64:90:d3:65:96:00:f3:3b:49:3d:4d:4d:d4: 90:5e:f9:66:06:91:81:d0:0b:c7:39:93:0f:0b:0d:18: 55:67:68:e2:9a:90:aa:47:ef:a2:f7:4f:01:a7:88:53: 66:2a:16:cf:c3:ca:b8:10:6a:54:fe:8e:6b:ee:99:50: 35:1a:47:df:3d:a7:46:b4:26:44:19:07:30:a8:ee:d9: 7e:58:69:df:89:3e:c5:82:ed:00:2f:72:c9:61:6c:a1: c3:1e:94:62:94:9b:37:70:3e:80:04:30:6f:dd:55:22: 13:cb:05:4a:64:26:11:12:ae:67:a5:77:6b:14:36:11 Fingerprint (MD5): 21:a4:90:1a:ee:81:41:7a:dd:5c:ba:7c:c2:93:08:17 Fingerprint (SHA1): 13:1e:7f:99:7c:61:1b:bb:a5:37:d6:6a:f4:8b:ae:9c: ad:7a:01:52 ipa : DEBUG approved_usage = SSL Server intended_usage = SSL Server ipa : DEBUG cert valid True for "CN=obelix.roth.lan,O=ROTH.LAN" ipa : DEBUG handshake complete, peer = 192.168.178.10:8443 ipa : DEBUG Protocol: TLS1.2 ipa : DEBUG Cipher: TLS_RSA_WITH_AES_128_CBC_SHA ipa : DEBUG request status 204 ipa : DEBUG request reason_phrase u'No Content' ipa : DEBUG request headers {'set-cookie': 'JSESSIONID=6F2D7A36C3C6B9766CF000B4D83CCC6E; Path=/ca/; Secure; HttpOnly', 'expires': 'Thu, 01 Jan 1970 08:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Fri, 08 Jan 2016 13:24:09 GMT', 'content-type': 'application/xml'} ipa : DEBUG request body '' ipa : INFO Imported profile 'caIPAserviceCert' ipa.ipaserver.plugins.ldap2.ldap2: DEBUG Destroyed connection context.ldap2_3010212976 ipa : DEBUG duration: 27 seconds ipa : DEBUG Done configuring certificate server (pki-tomcatd). Done configuring certificate server (pki-tomcatd). ipa : DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/certutil' '-d' '/etc/httpd/alias' '-f' XXXXXXXX '-L' '-n' 'ROTH.LAN IPA CA' '-a' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=-----BEGIN CERTIFICATE----- MIIDhTCCAm2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAzMREwDwYDVQQKDAhST1RI LkxBTjEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE2MDEwODEy NTgwMFoXDTM2MDEwODEyNTgwMFowMzERMA8GA1UECgwIUk9USC5MQU4xHjAcBgNV BAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBALoOsokQgg7fIEuk/mW77hl1B3ONcjLy/DU68JIB3iLK0BPl8aSs +6c65gfZKfK1Fm3K4trmbp+18rlaJDX2+5eVu7dB+Grk4YARulozYu6lT9IloCFW FV6UULQCYLjbrCc5xkrwSsQd5dvckAp01p8KcHpL+vL4E2xD2k4O8jDfXaJWPe16 9OTam/4ukuXPqrQ2P9y8IkIrDMuJhDmgJVQq6bU4114gXWv6RJkgLMFrWlqI42QS Nnt5l3vh+aewNMiJ2umbWDAg+BwedRsVoctG6PxiywFpNjdpzmMRLWhNuf7NzHVG 1Oh8D2r7GGz2sPMB2m6yttQlokAO29fIY3UCAwEAAaOBozCBoDAfBgNVHSMEGDAW gBT2babfIoJv74qHNNmBJD/ZtH3VbDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB /wQEAwIBxjAdBgNVHQ4EFgQU9m2m3yKCb++KhzTZgSQ/2bR91WwwPQYIKwYBBQUH AQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vb2JlbGl4LnJvdGgubGFuOjgwL2Nh L29jc3AwDQYJKoZIhvcNAQELBQADggEBAEBmWRBjR/OHu5HayB645zS8zodPlbF8 vvlqfjVhoCPt83Eoz2tNtfIGUMS22ZoEIVuq0GdfdJpAdmBgkIEkYHha1GmsTxLm q9uPaUbvmowpJgV6692IGeojduYifVUdl0bmHwz1B2vo0MD2XopaCBS+EVzOSsMD ri/4gWGZYVsCYCjfGbWvywjD/uhRPHCbdX6Vv+fiMkZRTUZYV0iXsIUSmbl8cnEb H3tZZ6o/TceO/QDHkTam9LAJKehxgMfLRCcs/5IrI8f7yvfqSU0cX96TvbWhs9n+ vaDd/7Vf74z+riTCFI03WslbSPtCilsnZa3z8++Ti91YFzc7RQdy/TA= -----END CERTIFICATE----- ipa : DEBUG stderr= ipa : DEBUG Configuring directory server (dirsrv). Estimated time: 10 seconds Configuring directory server (dirsrv). Estimated time: 10 seconds ipa : DEBUG [1/3]: configuring ssl for ds instance [1/3]: configuring ssl for ds instance ipa : DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' ipa : DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/certutil' '-d' '/etc/httpd/alias' '-O' '-n' 'ipaCert' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout="ROTH.LAN IPA CA" [CN=Certificate Authority,O=ROTH.LAN] "ipaCert" [CN=IPA RA,O=ROTH.LAN] ipa : DEBUG stderr= ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/certutil' '-d' '/etc/httpd/alias' '-L' '-n' 'ROTH.LAN IPA CA' '-a' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout=-----BEGIN CERTIFICATE----- MIIDhTCCAm2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAzMREwDwYDVQQKDAhST1RI LkxBTjEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE2MDEwODEy NTgwMFoXDTM2MDEwODEyNTgwMFowMzERMA8GA1UECgwIUk9USC5MQU4xHjAcBgNV BAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBALoOsokQgg7fIEuk/mW77hl1B3ONcjLy/DU68JIB3iLK0BPl8aSs +6c65gfZKfK1Fm3K4trmbp+18rlaJDX2+5eVu7dB+Grk4YARulozYu6lT9IloCFW FV6UULQCYLjbrCc5xkrwSsQd5dvckAp01p8KcHpL+vL4E2xD2k4O8jDfXaJWPe16 9OTam/4ukuXPqrQ2P9y8IkIrDMuJhDmgJVQq6bU4114gXWv6RJkgLMFrWlqI42QS Nnt5l3vh+aewNMiJ2umbWDAg+BwedRsVoctG6PxiywFpNjdpzmMRLWhNuf7NzHVG 1Oh8D2r7GGz2sPMB2m6yttQlokAO29fIY3UCAwEAAaOBozCBoDAfBgNVHSMEGDAW gBT2babfIoJv74qHNNmBJD/ZtH3VbDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB /wQEAwIBxjAdBgNVHQ4EFgQU9m2m3yKCb++KhzTZgSQ/2bR91WwwPQYIKwYBBQUH AQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vb2JlbGl4LnJvdGgubGFuOjgwL2Nh L29jc3AwDQYJKoZIhvcNAQELBQADggEBAEBmWRBjR/OHu5HayB645zS8zodPlbF8 vvlqfjVhoCPt83Eoz2tNtfIGUMS22ZoEIVuq0GdfdJpAdmBgkIEkYHha1GmsTxLm q9uPaUbvmowpJgV6692IGeojduYifVUdl0bmHwz1B2vo0MD2XopaCBS+EVzOSsMD ri/4gWGZYVsCYCjfGbWvywjD/uhRPHCbdX6Vv+fiMkZRTUZYV0iXsIUSmbl8cnEb H3tZZ6o/TceO/QDHkTam9LAJKehxgMfLRCcs/5IrI8f7yvfqSU0cX96TvbWhs9n+ vaDd/7Vf74z+riTCFI03WslbSPtCilsnZa3z8++Ti91YFzc7RQdy/TA= -----END CERTIFICATE----- ipa : DEBUG stderr= ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/certutil' '-d' '/etc/dirsrv/slapd-ROTH-LAN/' '-L' '-n' 'ROTH.LAN IPA CA' '-a' ipa : DEBUG Process finished, return code=255 ipa : DEBUG stdout= ipa : DEBUG stderr=certutil: Could not find cert: ROTH.LAN IPA CA : PR_FILE_NOT_FOUND_ERROR: File not found ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/certutil' '-d' '/etc/dirsrv/slapd-ROTH-LAN/' '-N' '-f' '/etc/dirsrv/slapd-ROTH-LAN//pwdfile.txt' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout= ipa : DEBUG stderr= ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/certutil' '-d' '/etc/dirsrv/slapd-ROTH-LAN/' '-A' '-n' 'ROTH.LAN IPA CA' '-t' 'CT,C,C' '-a' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout= ipa : DEBUG stderr= ipa : DEBUG Starting external process ipa : DEBUG args='/usr/bin/certutil' '-d' '/etc/dirsrv/slapd-ROTH-LAN/' '-R' '-s' 'CN=obelix.roth.lan,O=ROTH.LAN' '-o' '/var/lib/ipa/ipa-Hd3Epn/tmpcertreq' '-k' 'rsa' '-g' '2048' '-z' '/etc/dirsrv/slapd-ROTH-LAN//noise.txt' '-f' '/etc/dirsrv/slapd-ROTH-LAN//pwdfile.txt' '-a' ipa : DEBUG Process finished, return code=0 ipa : DEBUG stdout= ipa : DEBUG stderr= Generating key. This may take a few moments... ipa : DEBUG request 'https://obelix.roth.lan:8443/ca/ee/ca/profileSubmitSSLClient' ipa : DEBUG request body 'profileId=caIPAserviceCert&requestor_name=IPA+Installer&cert_request=MIICcjCCAVoCAQAwLTERMA8GA1UEChMIUk9USC5MQU4xGDAWBgNVBAMTD29iZWxp%0D%0AeC5yb3RoLmxhbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAP9ArEyE%0D%0AtOOxtZ7YZKs%2Bf85ddv9RP4ayHURNgFfpFxxlTwprzKp%2BCrKaN1erdrKlrYXojt%2Bp%0D%0Aa2U1d%2FgQkHrsAeUv8DpwGtj0bPFcklNoFiJRUHwCD52B1f3u1X%2FHxqE%2BxnOL50ju%0D%0Ah33j58XC6oyVjIIUm0M%2BXG%2BoRiIpZMz4Ol0%2BrCiCs%2BEzLzMvvogVDK4%2BxGbM%2BNaw%0D%0AnDCfhdgtpYpM703SVxs52I4rbllmi68Y3ZTmVVC8qx8IepVTDG8GbugjJhJB7C0W%0D%0ATCyuAdAILpOFTuaCFoXSp5HC1Lc1fCowp3d0q1CerxgzwwObgV0nXVg3XRbRuLE0%0D%0AscBovrVkfo65BjkCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQBfZUdg8ASNljbZ%0D%0ARnCcFaMdkoFsd3hsdXF4e%2BadJ%2FFft4wtK4aUre6STE21TrDXOLjYKMn6dseYWuOk%0D%0Ajqw27wMb%2BTHjpqDcHH76oF0ochOOyIMVhawENSP86kAG5bc69wPB2KJkbpZHigbc%0D%0AtQX9orkzpuWM5mZca7XEuAWekf%2FP2AK4hXeCw0E6szKXxHadFu2PQaxBtfYJBxSF%0D%0AdkNh3wvffaXqN0hOkTnEdZEWj3XHQpnV3Xd%2Fn0DqXoYXFcR2qNcXy3gCI4hRoOBv%0D%0ALGgiz%2F%2F24NkA5m4sfSQ6LpYX%2B0xP5BNfkXtrhk4unGmhitTgENSRyLxvbl4gk8HX%0D%0AqRPArP3f%0A&cert_request_type=pkcs10&xmlOutput=true' ipa : DEBUG NSSConnection init obelix.roth.lan ipa : DEBUG Connecting: 192.168.178.10:0 ipa : DEBUG auth_certificate_callback: check_sig=True is_server=False Data: Version: 3 (0x2) Serial Number: 3 (0x3) Signature Algorithm: Algorithm: PKCS #1 SHA-256 With RSA Encryption Issuer: CN=Certificate Authority,O=ROTH.LAN Validity: Not Before: Fri Jan 08 12:58:35 2016 UTC Not After: Thu Dec 28 12:58:35 2017 UTC Subject: CN=obelix.roth.lan,O=ROTH.LAN Subject Public Key Info: Public Key Algorithm: Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e4:fc:cc:42:ad:12:77:c3:18:82:44:de:fb:71:e4:e1: 7b:94:46:29:52:00:a9:8f:47:3b:b1:5e:be:6b:90:be: 25:cb:f1:44:82:b2:53:0b:c5:fa:bc:86:62:d8:cd:1d: 50:46:fc:eb:20:66:f0:ac:34:6c:08:b6:f9:52:e2:e4: fa:c2:84:b6:d4:59:77:96:63:21:cb:5d:f9:88:a2:4c: 68:bd:71:24:1d:5c:8a:f5:e6:e0:15:9a:f5:e4:12:db: de:ba:64:28:b6:ff:b2:d3:95:0e:e9:b1:01:be:3b:0e: 11:ae:23:42:08:2b:50:ea:42:a7:96:bc:c5:18:9a:63: 55:e8:6b:1c:08:91:c2:37:c0:dd:38:88:a6:79:9b:56: 60:d0:0b:3f:3a:d7:3f:c6:fc:2e:54:3e:4d:46:06:0c: 0a:5c:cc:cf:61:09:84:46:a0:e3:aa:de:3d:ee:67:fc: d7:cf:0d:74:50:16:ec:44:8d:4a:2a:95:e1:e7:90:a7: c4:1d:0e:df:35:b0:bf:ff:64:97:ee:6c:92:a3:e1:cf: 98:d0:39:79:d9:5b:12:21:32:0a:20:b9:b2:d1:d6:9b: 5a:86:3b:e5:49:a2:ff:5b:2a:74:93:99:e5:97:d3:8d: 67:35:f3:ef:1b:81:dd:2d:35:d9:49:f9:35:ae:64:ad Exponent: 65537 (0x10001) Signed Extensions: (4 total) Name: Certificate Authority Key Identifier Critical: False Key ID: f6:6d:a6:df:22:82:6f:ef:8a:87:34:d9:81:24:3f:d9: b4:7d:d5:6c Serial Number: None General Names: [0 total] Name: Authority Information Access Critical: False Authority Information Access: [1 total] Info [1]: Method: PKIX Online Certificate Status Protocol Location: URI: http://obelix.roth.lan:80/ca/ocsp Name: Certificate Key Usage Critical: True Usages: Digital Signature Non-Repudiation Key Encipherment Data Encipherment Name: Extended Key Usage Critical: False Usages: TLS Web Server Authentication Certificate Signature: Signature Algorithm: Algorithm: PKCS #1 SHA-256 With RSA Encryption Signature: 2b:e8:c0:e1:e3:cc:7d:99:f1:14:19:24:09:77:70:72: bc:e7:a0:b9:2c:a6:e9:ed:cb:84:fd:39:79:87:61:31: d9:27:d8:ba:83:68:98:20:30:c2:8a:87:81:11:96:a9: d7:14:ee:79:62:1d:64:ec:67:1e:24:ba:b6:7f:6e:41: 4d:8a:5f:17:38:d3:fd:58:96:d7:03:89:06:f9:5d:2d: b3:0f:ed:89:74:01:f3:2d:4b:7f:b3:89:a6:83:b2:c7: 50:95:06:9d:ee:ff:02:f5:05:70:d1:d5:e3:7c:5e:f7: c6:99:58:3d:fe:4b:91:a7:d7:25:03:d5:a8:7b:e2:88: 12:bd:6d:64:90:d3:65:96:00:f3:3b:49:3d:4d:4d:d4: 90:5e:f9:66:06:91:81:d0:0b:c7:39:93:0f:0b:0d:18: 55:67:68:e2:9a:90:aa:47:ef:a2:f7:4f:01:a7:88:53: 66:2a:16:cf:c3:ca:b8:10:6a:54:fe:8e:6b:ee:99:50: 35:1a:47:df:3d:a7:46:b4:26:44:19:07:30:a8:ee:d9: 7e:58:69:df:89:3e:c5:82:ed:00:2f:72:c9:61:6c:a1: c3:1e:94:62:94:9b:37:70:3e:80:04:30:6f:dd:55:22: 13:cb:05:4a:64:26:11:12:ae:67:a5:77:6b:14:36:11 Fingerprint (MD5): 21:a4:90:1a:ee:81:41:7a:dd:5c:ba:7c:c2:93:08:17 Fingerprint (SHA1): 13:1e:7f:99:7c:61:1b:bb:a5:37:d6:6a:f4:8b:ae:9c: ad:7a:01:52 ipa : DEBUG approved_usage = SSL Server intended_usage = SSL Server ipa : DEBUG cert valid True for "CN=obelix.roth.lan,O=ROTH.LAN" ipa : DEBUG handshake complete, peer = 192.168.178.10:8443 ipa : DEBUG Protocol: TLS1.2 ipa : DEBUG Cipher: TLS_RSA_WITH_AES_128_CBC_SHA ipa : DEBUG request status 200 ipa : DEBUG request reason_phrase u'OK' ipa : DEBUG request headers {'date': 'Fri, 08 Jan 2016 13:24:17 GMT', 'content-length': '134', 'content-type': 'application/xml', 'server': 'Apache-Coyote/1.1'} ipa : DEBUG request body '1Policy Set Not Found' ipa : DEBUG Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 416, in start_creation run_step(full_msg, method) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 406, in run_step method() File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 637, in __enable_ssl self.nickname, self.fqdn, cadb) File "/usr/lib/python2.7/site-packages/ipaserver/install/certs.py", line 337, in create_server_cert cdb.issue_server_cert(self.certreq_fname, self.certder_fname) File "/usr/lib/python2.7/site-packages/ipaserver/install/certs.py", line 419, in issue_server_cert raise RuntimeError("Certificate issuance failed") RuntimeError: Certificate issuance failed ipa : DEBUG [error] RuntimeError: Certificate issuance failed [error] RuntimeError: Certificate issuance failed ipa.ipapython.install.cli.install_tool(Server): DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in execute return_value = self.run() File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 307, in run cfgr.run() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 294, in run self.execute() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 316, in execute for nothing in self._executor(): File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 356, in __runner self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 378, in _handle_exception util.raise_exc_info(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 346, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 87, in run_generator_with_yield_from raise_exc_info(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 65, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 557, in _configure executor.next() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 356, in __runner self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 435, in _handle_exception self.__parent._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 378, in _handle_exception util.raise_exc_info(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 432, in _handle_exception super(ComponentBase, self)._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 378, in _handle_exception util.raise_exc_info(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 346, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 87, in run_generator_with_yield_from raise_exc_info(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 65, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 63, in _install for nothing in self._installer(self.parent): File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", line 1285, in main install(self) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", line 257, in decorated func(installer) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", line 779, in install ds.enable_ssl() File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 327, in enable_ssl self.start_creation(runtime=10) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 416, in start_creation run_step(full_msg, method) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 406, in run_step method() File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 637, in __enable_ssl self.nickname, self.fqdn, cadb) File "/usr/lib/python2.7/site-packages/ipaserver/install/certs.py", line 337, in create_server_cert cdb.issue_server_cert(self.certreq_fname, self.certder_fname) File "/usr/lib/python2.7/site-packages/ipaserver/install/certs.py", line 419, in issue_server_cert raise RuntimeError("Certificate issuance failed") ipa.ipapython.install.cli.install_tool(Server): DEBUG The ipa-server-install command failed, exception: RuntimeError: Certificate issuance failed ipa.ipapython.install.cli.install_tool(Server): ERROR Certificate issuance failed [root at obelix ~]# -------------- next part -------------- A non-text attachment was scrubbed... Name: ipaserver-install.log Type: text/x-log Size: 403439 bytes Desc: not available URL: From peter at pakos.pl Sun Jan 10 21:21:22 2016 From: peter at pakos.pl (Peter Pakos) Date: Sun, 10 Jan 2016 21:21:22 +0000 Subject: [Freeipa-users] Using 3rd party certificates for HTTP/LDAP In-Reply-To: <568A6921.6000708@redhat.com> References: <56782C27.3000102@pakos.pl> <568A6921.6000708@redhat.com> Message-ID: <5692CB52.4080507@pakos.pl> On 04/01/2016 12:44, Jan Cholasta wrote: >> My question is, what is the correct way of installing a 3rd party >> certificate for HTTP/LDAP that will actually work? > > 1. Install the CA certificate chain of the issuer of the 3rd party > certificate to IPA using "ipa-cacert-manage install" > > 2. Run "ipa-certupdate" to update CA certificate related IPA configuration. > > 3. Manually import the server certificate into the > /etc/dirsrv/slapd-REALM NSS database, configure the correct nickname in > LDAP in the nsSSLPersonalitySSL attribute of > cn=RSA,cn=encryption,cn=config and restart DS. > > 4. Manually import the server certificate into the /etc/httpd/alias NSS > database, configure the correct nickname in /etc/httpd/conf.d/nss.conf > using the NSSNickname directive and restart httpd. Is there any chance you can confirm the exact commands I need to run to accomplish the above steps? I don't want to risk breaking our production servers. BTW, do we have an up-to-date documentation about this process in FreeIPA 4.2? I failed to find one. Many thanks in advance. -- Kind regards, Peter Pakos From pspacek at redhat.com Mon Jan 11 07:34:54 2016 From: pspacek at redhat.com (Petr Spacek) Date: Mon, 11 Jan 2016 08:34:54 +0100 Subject: [Freeipa-users] Using 3rd party certificates for HTTP/LDAP In-Reply-To: <5692CB52.4080507@pakos.pl> References: <56782C27.3000102@pakos.pl> <568A6921.6000708@redhat.com> <5692CB52.4080507@pakos.pl> Message-ID: <56935B1E.7030108@redhat.com> On 10.1.2016 22:21, Peter Pakos wrote: > On 04/01/2016 12:44, Jan Cholasta wrote: >>> My question is, what is the correct way of installing a 3rd party >>> certificate for HTTP/LDAP that will actually work? >> >> 1. Install the CA certificate chain of the issuer of the 3rd party >> certificate to IPA using "ipa-cacert-manage install" >> >> 2. Run "ipa-certupdate" to update CA certificate related IPA configuration. >> >> 3. Manually import the server certificate into the >> /etc/dirsrv/slapd-REALM NSS database, configure the correct nickname in >> LDAP in the nsSSLPersonalitySSL attribute of >> cn=RSA,cn=encryption,cn=config and restart DS. >> >> 4. Manually import the server certificate into the /etc/httpd/alias NSS >> database, configure the correct nickname in /etc/httpd/conf.d/nss.conf >> using the NSSNickname directive and restart httpd. > > Is there any chance you can confirm the exact commands I need to run to > accomplish the above steps? I don't want to risk breaking our production servers. > > BTW, do we have an up-to-date documentation about this process in FreeIPA 4.2? > I failed to find one. > > Many thanks in advance. Hello, I'm attaching two bash script I used to use Let's Encrypt certificate for IPA HTTPd. You can take some inspiration out of it, just ignore calls to "letsencrypt" tool which are there for periodic certificate re-generation. -- Petr^2 Spacek -------------- next part -------------- A non-text attachment was scrubbed... Name: initial-le-config.sh Type: application/x-shellscript Size: 368 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: renew.sh Type: application/x-shellscript Size: 977 bytes Desc: not available URL: From yks0000 at gmail.com Mon Jan 11 08:36:01 2016 From: yks0000 at gmail.com (Yogesh Sharma) Date: Mon, 11 Jan 2016 14:06:01 +0530 Subject: [Freeipa-users] IPA Users enable to run Cron Message-ID: Team, None of the ipa-users are able to execute crons on any servers. If we create local user then we are able to do. There is no cron.allow and we do not have any user listed in cron.deny. Is there something from FreeIPA end which is blocking. Just a confirmation, as we continue to troubleshoot it further at our end. *Best Regards,* *__________________________________________* *Yogesh Sharma* *Email: yks0000 at gmail.com | Web: www.initd.in * *RHCE, VCE-CIA, RACKSPACE CLOUD U Certified* -------------- next part -------------- An HTML attachment was scrubbed... URL: From jhrozek at redhat.com Mon Jan 11 08:44:48 2016 From: jhrozek at redhat.com (Jakub Hrozek) Date: Mon, 11 Jan 2016 09:44:48 +0100 Subject: [Freeipa-users] IPA Users enable to run Cron In-Reply-To: References: Message-ID: <20160111084448.GB3583@hendrix.arn.redhat.com> On Mon, Jan 11, 2016 at 02:06:01PM +0530, Yogesh Sharma wrote: > Team, > > None of the ipa-users are able to execute crons on any servers. If we > create local user then we are able to do. > > There is no cron.allow and we do not have any user listed in cron.deny. > > Is there something from FreeIPA end which is blocking. Just a confirmation, > as we continue to troubleshoot it further at our end. Does HBAC allow the cron services? From lslebodn at redhat.com Mon Jan 11 08:44:38 2016 From: lslebodn at redhat.com (Lukas Slebodnik) Date: Mon, 11 Jan 2016 09:44:38 +0100 Subject: [Freeipa-users] FreeIPA and project Atomic In-Reply-To: References: Message-ID: <20160111084435.GA32709@mail.corp.redhat.com> On (09/01/16 18:41), Marc Boorshtein wrote: >I'm moving an environment from one that uses all separate VMs to one using >project Atomic and Docker images. A couple of questions: > >1. Are there any known issues joining an atomic host to a FreeIPA domain? > (Or has anyone tried it?) I think the best source of information is http://www.projectatomic.io/blog/2015/12/fedora-atomic-sssd-container/ or longer verison http://www.adelton.com/docs/docker/fedora-atomic-sssd-container LS From jpazdziora at redhat.com Mon Jan 11 10:35:05 2016 From: jpazdziora at redhat.com (Jan Pazdziora) Date: Mon, 11 Jan 2016 11:35:05 +0100 Subject: [Freeipa-users] FreeIPA and project Atomic In-Reply-To: References: Message-ID: <20160111103505.GB8334@redhat.com> On Sat, Jan 09, 2016 at 06:41:53PM -0500, Marc Boorshtein wrote: > I'm moving an environment from one that uses all separate VMs to one using > project Atomic and Docker images. A couple of questions: > > 1. Are there any known issues joining an atomic host to a FreeIPA domain? > (Or has anyone tried it?) As Luk?? has noted, the fedora/sssd container exists which allows you to execute ipa-client-install (or realm join) and then run sssd: http://www.adelton.com/docs/docker/fedora-atomic-sssd-container The only outstanding issue is that sudo rules currently do not work on Fedora Atomic (but work on RHEL Atomic). > 2. Is there any reason I couldn't run FreeIPA in a container in this > setup? It seems odd to run FreeIPA on a container for a server in its own > domain. My first thought is to have the FreeIPA servers running on their > own VMs. The main reason against the FreeIPA server in a container, provided you use https://github.com/adelton/docker-freeipa https://hub.docker.com/r/adelton/freeipa-server/ would be the lack of SELinux isolation of the individual components, plus expectation that we sometimes see that containers are like virtual machines (and people treat them like those especially from security point of view) when they are not. -- Jan Pazdziora Senior Principal Software Engineer, Identity Management Engineering, Red Hat From arthur at deus.pro Mon Jan 11 11:01:37 2016 From: arthur at deus.pro (Arthur Fayzullin) Date: Mon, 11 Jan 2016 16:01:37 +0500 Subject: [Freeipa-users] error while installin ipa-replica with ca Message-ID: <56938B91.7090603@deus.pro> Good day, Colleagues! And Happy New Year! I have tried to install test stend with ipa v4.2 and 2 master-master servers. files /etc/hosts on both servers contain: 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 10.254.1.114 radipa00.test.ckt radipa00 10.254.1.154 radipa01.test.ckt radipa01 prepare key for replica server: [root at radipa00 ipa]# ipa-replica-prepare --ip-address=10.254.1.154 radipa01.test.ckt copy it to replica: [root at radipa00 ipa]# scp /var/lib/ipa/replica-info-radipa01.test.ckt.gpg root at radipa01.test.ckt:/var/lib/ipa/ then on replica start installation: [root at radipa01 ~]# ipa-replica-install --setup-ca --setup-kra --mkhomedir --ssh-trust-dns --ip-address=10.254.1.154 --setup-dns --forwarder=77.88.8.7 --forwarder=77.88.8.3 /var/lib/ipa/replica-info-radipa01.test.ckt.gpg and!!! I have got such error: [2/23]: configuring certificate server instance ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to configure CA instance: Command ''/usr/sbin/pkispawn' '-s' 'CA' '-f' '/tmp/tmpvgc4S6'' returned non-zero exit status 1 ipa.ipaserver.install.cainstance.CAInstance: CRITICAL See the installation logs and the following files/directories for more information: ipa.ipaserver.install.cainstance.CAInstance: CRITICAL /var/log/pki-ca-install.log ipa.ipaserver.install.cainstance.CAInstance: CRITICAL /var/log/pki/pki-tomcat [error] RuntimeError: CA configuration failed. Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. log file contains this error: [root at radipa01 ~]# less /var/log/pki/pki-ca-spawn.20160111150634.log 'application_version': '[APPLICATION_VERSION]'} 2016-01-11 15:06:34 pkispawn : ERROR ....... Deployment file could not be parsed correctly. This might be because of unescaped '%%' characters. You must escape '%%' characters in deployment files (example - 'setting=foo%%%%bar'). 2016-01-11 15:06:34 pkispawn : ERROR ....... Interpolation error ('%' must be followed by '%' or '(', found: '%') I have reproduced that error several times with cenos7 and fedora23 installations. I am really confused if I am doing something wrong or may it is something else... what it can be? ____________ Best wishes! From yks0000 at gmail.com Mon Jan 11 11:39:38 2016 From: yks0000 at gmail.com (Yogesh Sharma) Date: Mon, 11 Jan 2016 17:09:38 +0530 Subject: [Freeipa-users] IPA Users enable to run Cron In-Reply-To: <20160111084448.GB3583@hendrix.arn.redhat.com> References: <20160111084448.GB3583@hendrix.arn.redhat.com> Message-ID: HBAC has "Any Service" enabled, However, while doing HBAC Test, I am getting Access Denied. Checking it. Thanks for the suggestion. Any further suggestion would be helpful. *Best Regards,* *__________________________________________* *Yogesh Sharma* *Email: yks0000 at gmail.com | Web: www.initd.in * *RHCE, VCE-CIA, RACKSPACE CLOUD U Certified* On Mon, Jan 11, 2016 at 2:14 PM, Jakub Hrozek wrote: > On Mon, Jan 11, 2016 at 02:06:01PM +0530, Yogesh Sharma wrote: > > Team, > > > > None of the ipa-users are able to execute crons on any servers. If we > > create local user then we are able to do. > > > > There is no cron.allow and we do not have any user listed in cron.deny. > > > > Is there something from FreeIPA end which is blocking. Just a > confirmation, > > as we continue to troubleshoot it further at our end. > > Does HBAC allow the cron services? > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mkosek at redhat.com Mon Jan 11 11:48:07 2016 From: mkosek at redhat.com (Martin Kosek) Date: Mon, 11 Jan 2016 12:48:07 +0100 Subject: [Freeipa-users] error while installin ipa-replica with ca In-Reply-To: <56938B91.7090603@deus.pro> References: <56938B91.7090603@deus.pro> Message-ID: <56939677.9080103@redhat.com> On 01/11/2016 12:01 PM, Arthur Fayzullin wrote: > Good day, Colleagues! > > And Happy New Year! > > I have tried to install test stend with ipa v4.2 and 2 master-master > servers. > > files /etc/hosts on both servers contain: > 127.0.0.1 localhost localhost.localdomain localhost4 > localhost4.localdomain4 > ::1 localhost localhost.localdomain localhost6 > localhost6.localdomain6 > > 10.254.1.114 radipa00.test.ckt radipa00 > 10.254.1.154 radipa01.test.ckt radipa01 > > prepare key for replica server: > [root at radipa00 ipa]# ipa-replica-prepare --ip-address=10.254.1.154 > radipa01.test.ckt > > copy it to replica: > [root at radipa00 ipa]# scp /var/lib/ipa/replica-info-radipa01.test.ckt.gpg > root at radipa01.test.ckt:/var/lib/ipa/ > > then on replica start installation: > [root at radipa01 ~]# ipa-replica-install --setup-ca --setup-kra > --mkhomedir --ssh-trust-dns --ip-address=10.254.1.154 --setup-dns > --forwarder=77.88.8.7 --forwarder=77.88.8.3 > /var/lib/ipa/replica-info-radipa01.test.ckt.gpg > > and!!! I have got such error: > [2/23]: configuring certificate server instance > ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to > configure CA instance: Command ''/usr/sbin/pkispawn' '-s' 'CA' '-f' > '/tmp/tmpvgc4S6'' returned non-zero exit status 1 > ipa.ipaserver.install.cainstance.CAInstance: CRITICAL See the > installation logs and the following files/directories for more information: > ipa.ipaserver.install.cainstance.CAInstance: CRITICAL > /var/log/pki-ca-install.log > ipa.ipaserver.install.cainstance.CAInstance: CRITICAL > /var/log/pki/pki-tomcat > [error] RuntimeError: CA configuration failed. > Your system may be partly configured. > Run /usr/sbin/ipa-server-install --uninstall to clean up. > > log file contains this error: > [root at radipa01 ~]# less /var/log/pki/pki-ca-spawn.20160111150634.log > 'application_version': '[APPLICATION_VERSION]'} > 2016-01-11 15:06:34 pkispawn : ERROR ....... Deployment file could > not be parsed correctly. This might be because of unescaped '%%' > characters. You must escape '%%' characters in deployment files > (example - 'setting=foo%%%%bar'). > 2016-01-11 15:06:34 pkispawn : ERROR ....... Interpolation error > ('%' must be followed by '%' or '(', found: '%') > > I have reproduced that error several times with cenos7 and fedora23 > installations. > > I am really confused if I am doing something wrong or may it is > something else... > what it can be? > ____________ > Best wishes! CCing Endi. There used to be an error, when DM password (used also for Dogtag) contained special characters, PKI installer choked on it. I could not find the bug number right now. From arthur at deus.pro Mon Jan 11 11:51:49 2016 From: arthur at deus.pro (Arthur Fayzullin) Date: Mon, 11 Jan 2016 16:51:49 +0500 Subject: [Freeipa-users] error while installin ipa-replica with ca In-Reply-To: <56939677.9080103@redhat.com> References: <56938B91.7090603@deus.pro> <56939677.9080103@redhat.com> Message-ID: <56939755.1050808@deus.pro> Bingo!!! that it is!!! dm password contains % - symbol! I am not sure but with previous versions that have not caused any problem. Thanks a lot! 11.01.2016 16:48, Martin Kosek ?????: > On 01/11/2016 12:01 PM, Arthur Fayzullin wrote: >> Good day, Colleagues! >> >> And Happy New Year! >> >> I have tried to install test stend with ipa v4.2 and 2 master-master >> servers. >> >> files /etc/hosts on both servers contain: >> 127.0.0.1 localhost localhost.localdomain localhost4 >> localhost4.localdomain4 >> ::1 localhost localhost.localdomain localhost6 >> localhost6.localdomain6 >> >> 10.254.1.114 radipa00.test.ckt radipa00 >> 10.254.1.154 radipa01.test.ckt radipa01 >> >> prepare key for replica server: >> [root at radipa00 ipa]# ipa-replica-prepare --ip-address=10.254.1.154 >> radipa01.test.ckt >> >> copy it to replica: >> [root at radipa00 ipa]# scp /var/lib/ipa/replica-info-radipa01.test.ckt.gpg >> root at radipa01.test.ckt:/var/lib/ipa/ >> >> then on replica start installation: >> [root at radipa01 ~]# ipa-replica-install --setup-ca --setup-kra >> --mkhomedir --ssh-trust-dns --ip-address=10.254.1.154 --setup-dns >> --forwarder=77.88.8.7 --forwarder=77.88.8.3 >> /var/lib/ipa/replica-info-radipa01.test.ckt.gpg >> >> and!!! I have got such error: >> [2/23]: configuring certificate server instance >> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to >> configure CA instance: Command ''/usr/sbin/pkispawn' '-s' 'CA' '-f' >> '/tmp/tmpvgc4S6'' returned non-zero exit status 1 >> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL See the >> installation logs and the following files/directories for more information: >> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL >> /var/log/pki-ca-install.log >> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL >> /var/log/pki/pki-tomcat >> [error] RuntimeError: CA configuration failed. >> Your system may be partly configured. >> Run /usr/sbin/ipa-server-install --uninstall to clean up. >> >> log file contains this error: >> [root at radipa01 ~]# less /var/log/pki/pki-ca-spawn.20160111150634.log >> 'application_version': '[APPLICATION_VERSION]'} >> 2016-01-11 15:06:34 pkispawn : ERROR ....... Deployment file could >> not be parsed correctly. This might be because of unescaped '%%' >> characters. You must escape '%%' characters in deployment files >> (example - 'setting=foo%%%%bar'). >> 2016-01-11 15:06:34 pkispawn : ERROR ....... Interpolation error >> ('%' must be followed by '%' or '(', found: '%') >> >> I have reproduced that error several times with cenos7 and fedora23 >> installations. >> >> I am really confused if I am doing something wrong or may it is >> something else... >> what it can be? >> ____________ >> Best wishes! > CCing Endi. There used to be an error, when DM password (used also for Dogtag) > contained special characters, PKI installer choked on it. I could not find the > bug number right now. From mkosek at redhat.com Mon Jan 11 11:55:52 2016 From: mkosek at redhat.com (Martin Kosek) Date: Mon, 11 Jan 2016 12:55:52 +0100 Subject: [Freeipa-users] error while installin ipa-replica with ca In-Reply-To: <56939755.1050808@deus.pro> References: <56938B91.7090603@deus.pro> <56939677.9080103@redhat.com> <56939755.1050808@deus.pro> Message-ID: <56939848.7000609@redhat.com> On 01/11/2016 12:51 PM, Arthur Fayzullin wrote: > Bingo!!! > that it is!!! > dm password contains % - symbol! > > I am not sure but with previous versions that have not caused any problem. Good :-) Still, it would be nice to fix Dogtag installation procedures to not parse passwords that way. Endi, please just make sure there is a Dogtag Bugzilla filed and in some realistic milestone as this bug's root cause is not so obvious. > > Thanks a lot! > > 11.01.2016 16:48, Martin Kosek ?????: >> On 01/11/2016 12:01 PM, Arthur Fayzullin wrote: >>> Good day, Colleagues! >>> >>> And Happy New Year! >>> >>> I have tried to install test stend with ipa v4.2 and 2 master-master >>> servers. >>> >>> files /etc/hosts on both servers contain: >>> 127.0.0.1 localhost localhost.localdomain localhost4 >>> localhost4.localdomain4 >>> ::1 localhost localhost.localdomain localhost6 >>> localhost6.localdomain6 >>> >>> 10.254.1.114 radipa00.test.ckt radipa00 >>> 10.254.1.154 radipa01.test.ckt radipa01 >>> >>> prepare key for replica server: >>> [root at radipa00 ipa]# ipa-replica-prepare --ip-address=10.254.1.154 >>> radipa01.test.ckt >>> >>> copy it to replica: >>> [root at radipa00 ipa]# scp /var/lib/ipa/replica-info-radipa01.test.ckt.gpg >>> root at radipa01.test.ckt:/var/lib/ipa/ >>> >>> then on replica start installation: >>> [root at radipa01 ~]# ipa-replica-install --setup-ca --setup-kra >>> --mkhomedir --ssh-trust-dns --ip-address=10.254.1.154 --setup-dns >>> --forwarder=77.88.8.7 --forwarder=77.88.8.3 >>> /var/lib/ipa/replica-info-radipa01.test.ckt.gpg >>> >>> and!!! I have got such error: >>> [2/23]: configuring certificate server instance >>> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to >>> configure CA instance: Command ''/usr/sbin/pkispawn' '-s' 'CA' '-f' >>> '/tmp/tmpvgc4S6'' returned non-zero exit status 1 >>> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL See the >>> installation logs and the following files/directories for more information: >>> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL >>> /var/log/pki-ca-install.log >>> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL >>> /var/log/pki/pki-tomcat >>> [error] RuntimeError: CA configuration failed. >>> Your system may be partly configured. >>> Run /usr/sbin/ipa-server-install --uninstall to clean up. >>> >>> log file contains this error: >>> [root at radipa01 ~]# less /var/log/pki/pki-ca-spawn.20160111150634.log >>> 'application_version': '[APPLICATION_VERSION]'} >>> 2016-01-11 15:06:34 pkispawn : ERROR ....... Deployment file could >>> not be parsed correctly. This might be because of unescaped '%%' >>> characters. You must escape '%%' characters in deployment files >>> (example - 'setting=foo%%%%bar'). >>> 2016-01-11 15:06:34 pkispawn : ERROR ....... Interpolation error >>> ('%' must be followed by '%' or '(', found: '%') >>> >>> I have reproduced that error several times with cenos7 and fedora23 >>> installations. >>> >>> I am really confused if I am doing something wrong or may it is >>> something else... >>> what it can be? >>> ____________ >>> Best wishes! >> CCing Endi. There used to be an error, when DM password (used also for Dogtag) >> contained special characters, PKI installer choked on it. I could not find the >> bug number right now. > From f.zoske at euroimmun.de Mon Jan 11 14:56:01 2016 From: f.zoske at euroimmun.de (Zoske, Fabian) Date: Mon, 11 Jan 2016 14:56:01 +0000 Subject: [Freeipa-users] Cross Domain Trust In-Reply-To: <20151215123822.GB24928@p.redhat.com> References: <20151215123822.GB24928@p.redhat.com> Message-ID: I looked deeper into the problem and tested it with ubuntu 16.04 Alpha which includes SSSD 1-13-3. Now I have the same problem on Ubuntu. On Ubuntu 14.04 I have installed the shipped SSSD-1.11.5 and everything works. Best regards, Fabian -----Urspr?ngliche Nachricht----- Von: Sumit Bose [mailto:sbose at redhat.com] Gesendet: Dienstag, 15. Dezember 2015 13:38 An: Zoske, Fabian Cc: freeipa-users at redhat.com Betreff: Re: [Freeipa-users] Cross Domain Trust On Tue, Dec 15, 2015 at 10:58:09AM +0000, Zoske, Fabian wrote: > I?ve setup an IPA-Server with a handful of clients and AD-Trust. > The server is a CentOS7.1 with IPA4.1 and the clients are mostly Ubuntu Server 14.04 LTS. > Our IPA-Domain is like ipa-domain.com and our AD-Domain is like ad-domain.local, but our user principals in AD are user at old-domain.com for backward compatibility. > > On the Ubuntu clients I can login with my AD-Credentials, but when trying to do the same on a joined CentOS Server I can?t login. > In the logs I can see, that there is no KDC for OLD-DOMAIN.COM is found. > > Why does this scenario works on Ubuntu but not on CentOS? > Can I do something about this? Are there any differences in /etc/krb5.conf on the Ubuntu client and on the CentOS servers? What name servers are configured? Typically the clients should use the IPA server as a name server. bye, Sumit > > Best regards, > Fabian > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project From jpazdziora at redhat.com Mon Jan 11 15:57:46 2016 From: jpazdziora at redhat.com (Jan Pazdziora) Date: Mon, 11 Jan 2016 16:57:46 +0100 Subject: [Freeipa-users] The -e skip_version_check=1 with 4.2 client against 6.4-based server Message-ID: <20160111155746.GG8334@redhat.com> Hello, we have IPA client on [root at centos72-20160110 ~]# cat /etc/redhat-release CentOS Linux release 7.2.1511 (Core) with the following packages: [root at centos72-20160110 ~]# rpm -qf /usr/lib/python2.7/site-packages/ipapython/version.py ipa-python-4.2.0-15.el7.centos.3.x86_64 [root at centos72-20160110 ~]# rpm -qf /usr/bin/ipa ipa-admintools-4.2.0-15.el7.centos.3.x86_64 We try to call the ipa commands against old FreeIPA server version, taking advantage of the -e skip_version_check=1 option added by https://fedorahosted.org/freeipa/ticket/4768 [root at centos72-20160110 ~]# /usr/bin/ipa user-find ipa: ERROR: 2.156 client incompatible with 2.49 server at u'https://aab-ipaserver.example.com/ipa/xml' [root at centos72-20160110 ~]# /usr/bin/ipa -e skip_version_check=1 user-find ipa: ERROR: 2.51 client incompatible with 2.49 server at u'https://aab-ipaserver.example.com/ipa/xml' Alas, it seems that skip_version_check=1 sets the version to 2.51 which is still too new to the 2.49 version of the 6.4 based-server with ipa-server-3.0.0-42.el6.x86_64. Is this behaviour expected? Why does it force a particular value (2.51) rather than ignoring the difference altogether? I have verified that the option works on Fedora client against older Fedora server (but I did not try ipa-server-3.0.0 there). -- Jan Pazdziora Senior Principal Software Engineer, Identity Management Engineering, Red Hat From fvende.ext at orange.com Mon Jan 11 15:42:54 2016 From: fvende.ext at orange.com (fvende.ext at orange.com) Date: Mon, 11 Jan 2016 15:42:54 +0000 Subject: [Freeipa-users] FreeIPA 4.x + CentOS 6.4 In-Reply-To: <568BD502.6020207@redhat.com> References: <29287_1450890213_567AD3E5_29287_3990_1_1D24A0A1407AA6499AADBA43C8A73ED505A5C2@OPEXCNORM63.corporate.adroot.infra.ftgroup> <20160103123213.GB4316@redhat.com> <568A6257.7030205@redhat.com> <20160105143154.GH6431@mail.corp.redhat.com> <568BD502.6020207@redhat.com> Message-ID: <30083_1452526974_5693CD7E_30083_465_1_1D24A0A1407AA6499AADBA43C8A73ED506789B@OPEXCNORM63.corporate.adroot.infra.ftgroup> Hi, Ok, it's enough clear for me. Thanks a lot for all your responses ! Best regards, Fx -----Message d'origine----- De?: Rob Crittenden [mailto:rcritten at redhat.com] Envoy??: mardi 5 janvier 2016 15:37 ??: freeipa-users at redhat.com; bahan w Cc?: VENDE Francois Xavier Ext DTSI/DSI Objet?: Re: [Freeipa-users] FreeIPA 4.x + CentOS 6.4 Lukas Slebodnik wrote: > On (05/01/16 15:11), bahan w wrote: >> Hello. >> >> I have some questions related to this point : >> 1. On a RHEL6.6, may I install the package ipa-client 4.x and enroll >> to an ipa server 4.x located on a RHEL7 ? May you remind me the >> version of sssd embedded with ipa-client 4.x ? > rhel6.6 has ipa-client-3.0.0-47.el6 and sssd-1.11.x > rhel6.7 has ipa-client-3.0.0-47.el6 and sssd-1.12.x > > and sssd-1.11+ works well with ipa-server 4.x Strictly speaking, sssd isn't "embedded" with ipa-client. There is some correlation based on distro release, as Lukas has listed, but that's about it. There is no IPA 4.x for RHEL 6.x. >> 2. The ipa-server 4.x can only be installed on RHEL7+, true/false ? >> > true ( +fedora :-) > > LS > _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you. From lslebodn at redhat.com Mon Jan 11 16:02:43 2016 From: lslebodn at redhat.com (Lukas Slebodnik) Date: Mon, 11 Jan 2016 17:02:43 +0100 Subject: [Freeipa-users] FreeIPA and project Atomic In-Reply-To: <20160111103505.GB8334@redhat.com> References: <20160111103505.GB8334@redhat.com> Message-ID: <20160111160243.GA19701@mail.corp.redhat.com> On (11/01/16 11:35), Jan Pazdziora wrote: >On Sat, Jan 09, 2016 at 06:41:53PM -0500, Marc Boorshtein wrote: >> I'm moving an environment from one that uses all separate VMs to one using >> project Atomic and Docker images. A couple of questions: >> >> 1. Are there any known issues joining an atomic host to a FreeIPA domain? >> (Or has anyone tried it?) > >As Luk?? has noted, the fedora/sssd container exists which allows >you to execute ipa-client-install (or realm join) and then run sssd: > > http://www.adelton.com/docs/docker/fedora-atomic-sssd-container > >The only outstanding issue is that sudo rules currently do not >work on Fedora Atomic (but work on RHEL Atomic). > Related sssd change for sudo might be in fedora in couple of days. The change is awaiting a review atm. So next release of Fedora Atomic might contain the change. LS From mbasti at redhat.com Mon Jan 11 18:05:16 2016 From: mbasti at redhat.com (Martin Basti) Date: Mon, 11 Jan 2016 19:05:16 +0100 Subject: [Freeipa-users] The -e skip_version_check=1 with 4.2 client against 6.4-based server In-Reply-To: <20160111155746.GG8334@redhat.com> References: <20160111155746.GG8334@redhat.com> Message-ID: <5693EEDC.8080102@redhat.com> On 11.01.2016 16:57, Jan Pazdziora wrote: > Hello, > > we have IPA client on > > [root at centos72-20160110 ~]# cat /etc/redhat-release > CentOS Linux release 7.2.1511 (Core) > > with the following packages: > > [root at centos72-20160110 ~]# rpm -qf > /usr/lib/python2.7/site-packages/ipapython/version.py > ipa-python-4.2.0-15.el7.centos.3.x86_64 > [root at centos72-20160110 ~]# rpm -qf /usr/bin/ipa > ipa-admintools-4.2.0-15.el7.centos.3.x86_64 > > We try to call the ipa commands against old FreeIPA server version, > taking advantage of the > > -e skip_version_check=1 > > option added by > > https://fedorahosted.org/freeipa/ticket/4768 > > > [root at centos72-20160110 ~]# /usr/bin/ipa user-find > ipa: ERROR: 2.156 client incompatible with 2.49 server at u'https://aab-ipaserver.example.com/ipa/xml' > > [root at centos72-20160110 ~]# /usr/bin/ipa -e skip_version_check=1 user-find > ipa: ERROR: 2.51 client incompatible with 2.49 server at u'https://aab-ipaserver.example.com/ipa/xml' > > Alas, it seems that skip_version_check=1 sets the version to 2.51 > which is still too new to the 2.49 version of the 6.4 based-server > with ipa-server-3.0.0-42.el6.x86_64. > > Is this behaviour expected? Why does it force a particular value (2.51) > rather than ignoring the difference altogether? > > I have verified that the option works on Fedora client against older > Fedora server (but I did not try ipa-server-3.0.0 there). > With API version 2.52 IPA started to use capabilities, which allows us to handle changes in API in compatible way. So only with version 2.51 (last version without capabilities) we can guarantee that it will work. Server may not work with older API version than 2.51, because changes in API may be incompatible. From lslebodn at redhat.com Mon Jan 11 18:37:22 2016 From: lslebodn at redhat.com (Lukas Slebodnik) Date: Mon, 11 Jan 2016 19:37:22 +0100 Subject: [Freeipa-users] Cross Domain Trust In-Reply-To: References: <20151215123822.GB24928@p.redhat.com> Message-ID: <20160111183721.GA19957@mail.corp.redhat.com> On (11/01/16 14:56), Zoske, Fabian wrote: >I looked deeper into the problem and tested it with ubuntu 16.04 Alpha which includes SSSD 1-13-3. >Now I have the same problem on Ubuntu. >On Ubuntu 14.04 I have installed the shipped SSSD-1.11.5 and everything works. > It might be issue on ipa server. sssd-1.11 fetch trusted users from ipa server in different way than sssd-1.12+ Could you try to upgrade FreeIPA from CentOS 7.1 to CentOS 7.2 LS From jpazdziora at redhat.com Mon Jan 11 19:03:00 2016 From: jpazdziora at redhat.com (Jan Pazdziora) Date: Mon, 11 Jan 2016 20:03:00 +0100 Subject: [Freeipa-users] The -e skip_version_check=1 with 4.2 client against 6.4-based server In-Reply-To: <5693EEDC.8080102@redhat.com> References: <20160111155746.GG8334@redhat.com> <5693EEDC.8080102@redhat.com> Message-ID: <20160111190300.GD18817@redhat.com> On Mon, Jan 11, 2016 at 07:05:16PM +0100, Martin Basti wrote: > On 11.01.2016 16:57, Jan Pazdziora wrote: > > > >We try to call the ipa commands against old FreeIPA server version, > >taking advantage of the > > > > -e skip_version_check=1 > > > >option added by > > > > https://fedorahosted.org/freeipa/ticket/4768 > > > >[root at centos72-20160110 ~]# /usr/bin/ipa user-find > >ipa: ERROR: 2.156 client incompatible with 2.49 server at u'https://aab-ipaserver.example.com/ipa/xml' > > > >[root at centos72-20160110 ~]# /usr/bin/ipa -e skip_version_check=1 user-find > >ipa: ERROR: 2.51 client incompatible with 2.49 server at u'https://aab-ipaserver.example.com/ipa/xml' > > > >Alas, it seems that skip_version_check=1 sets the version to 2.51 > >which is still too new to the 2.49 version of the 6.4 based-server > >with ipa-server-3.0.0-42.el6.x86_64. > > > >Is this behaviour expected? Why does it force a particular value (2.51) > >rather than ignoring the difference altogether? > > > >I have verified that the option works on Fedora client against older > >Fedora server (but I did not try ipa-server-3.0.0 there). > > With API version 2.52 IPA started to use capabilities, which allows us to > handle changes in API in compatible way. So for API version 2.52+, why is that option needed there at all? > So only with version 2.51 (last > version without capabilities) we can guarantee that it will work. Server may > not work with older API version than 2.51, because changes in API may be > incompatible. The fact that the calls might not work was an expected part of that ticket -- that "proceed at own risk". So it looks like something else was implemented that what we thought would be the result. That makes it rather unfortunate because we cannot use this option / approach when talking from newer clients to RHEL 6 / CentOS 6 servers. Do we plan to have some option for these setups? -- Jan Pazdziora Senior Principal Software Engineer, Identity Management Engineering, Red Hat From prasun.gera at gmail.com Mon Jan 11 21:11:53 2016 From: prasun.gera at gmail.com (Prasun Gera) Date: Mon, 11 Jan 2016 16:11:53 -0500 Subject: [Freeipa-users] IPA users not visible in NIS passwd map Message-ID: I upgraded ipa to 4.2 on my rhel 7.2 servers a few weeks ago. One of the users reported that he is not able to log in to certain systems any more. It turns out that there is some change in behaviour w.r.t NIS clients after this upgrade. I see that his username is not visible in "ypcat passwd" on the old clients that are using NIS. This user was added natively through ipa. The old users that were migrated from NIS still work as expected on the NIS clients. I can also confirm that if I add a new user now in ipa, it is not visible in NIS maps. Until we phase out the NIS clients completely, I would like all users to be able to log into them. This used to be the case, but a recent update seems to have changed that. I don't know if this is intentional. How do i revert to the old behaviour ? -------------- next part -------------- An HTML attachment was scrubbed... URL: From abokovoy at redhat.com Mon Jan 11 21:21:25 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Mon, 11 Jan 2016 23:21:25 +0200 Subject: [Freeipa-users] IPA users not visible in NIS passwd map In-Reply-To: References: Message-ID: <20160111212125.GC4316@redhat.com> On Mon, 11 Jan 2016, Prasun Gera wrote: >I upgraded ipa to 4.2 on my rhel 7.2 servers a few weeks ago. One of the >users reported that he is not able to log in to certain systems any more. >It turns out that there is some change in behaviour w.r.t NIS clients after >this upgrade. I see that his username is not visible in "ypcat passwd" on >the old clients that are using NIS. This user was added natively through >ipa. The old users that were migrated from NIS still work as expected on >the NIS clients. I can also confirm that if I add a new user now in ipa, it >is not visible in NIS maps. Until we phase out the NIS clients completely, >I would like all users to be able to log into them. This used to be the >case, but a recent update seems to have changed that. I don't know if this >is intentional. How do i revert to the old behaviour ? Do you see all the maps configured? # ldapsearch -LLL -H $(cat /etc/ipa/default.conf | grep ldap_uri|cut -d= -f2) -b cn=config '(nis-domain=*)' dn CreateTimestamp ModifyTimestamp We have a bug in the upgrade script that was fixed this morning https://www.redhat.com/archives/freeipa-devel/2016-January/msg00154.html -- / Alexander Bokovoy From janellenicole80 at gmail.com Mon Jan 11 21:21:29 2016 From: janellenicole80 at gmail.com (Janelle) Date: Mon, 11 Jan 2016 13:21:29 -0800 Subject: [Freeipa-users] 4.2 (or 4.3) clients on 4.1.4 server? Message-ID: <56941CD9.3020500@gmail.com> Good day, Just wondering if anyone knows of any reason a 4.2 client running on RHEL 7.2 would have any issues talking to 4.1.4 server on RHEL 7.1? The reason I ask is the process of upgrading. In this case we have to do clients first. Thank you ~Janelle From nathan at nathanpeters.com Mon Jan 11 23:01:40 2016 From: nathan at nathanpeters.com (nathan at nathanpeters.com) Date: Mon, 11 Jan 2016 15:01:40 -0800 Subject: [Freeipa-users] Upgrade to FreeIPA 4.2.0 broke Katello/Foreman realm proxy Message-ID: I'm not sure which mailing list is the best for this because it involves 2 products, but I think the fault here is with FreeIPA. Basically I have a Katello server running as a realm proxy. It is joined as a client to the FreeIPA domain. I have provisioned 20 hosts last week using its Foreman realm proxy feature and they all worked fine. This weekend I updated to Katello 2.4/FreeIPA 4.2.0. Now, when I create a new host, it is not properly provisioned. A post to the foreman users mailing list seems to indicate that foreman is working because it got an OTP from FreeIP : https://groups.google.com/forum/#!topic/foreman-users/GlGSM6EAyUs However, even through an OTP is retrieved, the host record is not created in FreeIPA. When I login to the webui and search for the host by name, nothing is found. Here are the dirsrv logs from the IPA server that Katello is contacting. I see what appears to be an attempt to create a host, and no error messages indicating a failure, but the host is not actually created. [11/Jan/2016:22:45:03 +0000] conn=36483 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="namingContexts" [11/Jan/2016:22:45:03 +0000] conn=36483 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:04 +0000] conn=36483 op=1 UNBIND [11/Jan/2016:22:45:04 +0000] conn=36483 op=1 fd=112 closed - U1 [11/Jan/2016:22:45:06 +0000] conn=36484 fd=112 slot=112 connection from 10.21.2.100 to 10.178.0.99 [11/Jan/2016:22:45:06 +0000] conn=36484 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS" [11/Jan/2016:22:45:06 +0000] conn=36484 op=0 RESULT err=0 tag=120 nentries=0 etime=0 [11/Jan/2016:22:45:06 +0000] conn=36484 op=-1 fd=112 closed - Peer reports failure of signature verification or key exchange. [11/Jan/2016:22:45:07 +0000] conn=36237 op=5 UNBIND [11/Jan/2016:22:45:07 +0000] conn=36237 op=5 fd=150 closed - U1 [11/Jan/2016:22:45:10 +0000] conn=36485 fd=112 slot=112 connection from 10.21.0.150 to 10.178.0.99 [11/Jan/2016:22:45:10 +0000] conn=36485 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [11/Jan/2016:22:45:10 +0000] conn=36485 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:10 +0000] conn=6 op=236763 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/fe1.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/fe1.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:10 +0000] conn=6 op=236763 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:10 +0000] conn=6 op=236764 SRCH base="cn=ipaConfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaConfigString ipaKrbAuthzData ipaUserAuthType" [11/Jan/2016:22:45:10 +0000] conn=6 op=236764 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:10 +0000] conn=6 op=236765 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [11/Jan/2016:22:45:10 +0000] conn=6 op=236765 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:10 +0000] conn=6 op=236766 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:10 +0000] conn=6 op=236766 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:10 +0000] conn=6 op=236767 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [11/Jan/2016:22:45:10 +0000] conn=6 op=236767 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:10 +0000] conn=5 op=159875 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/fe1.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/fe1.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:10 +0000] conn=5 op=159875 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:10 +0000] conn=5 op=159876 SRCH base="cn=ipaConfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaConfigString ipaKrbAuthzData ipaUserAuthType" [11/Jan/2016:22:45:10 +0000] conn=5 op=159876 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:10 +0000] conn=5 op=159877 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [11/Jan/2016:22:45:10 +0000] conn=5 op=159877 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:10 +0000] conn=5 op=159878 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:10 +0000] conn=5 op=159878 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:10 +0000] conn=5 op=159879 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [11/Jan/2016:22:45:10 +0000] conn=5 op=159879 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:10 +0000] conn=5 op=159880 SRCH base="fqdn=fe1.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [11/Jan/2016:22:45:10 +0000] conn=5 op=159880 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:10 +0000] conn=5 op=159881 SRCH base="cn=fe1.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [11/Jan/2016:22:45:10 +0000] conn=5 op=159881 RESULT err=32 tag=101 nentries=0 etime=0 [11/Jan/2016:22:45:10 +0000] conn=5 op=159882 MOD dn="fqdn=fe1.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [11/Jan/2016:22:45:10 +0000] conn=5 op=159882 RESULT err=0 tag=103 nentries=0 etime=0 csn=56943163000900030000 [11/Jan/2016:22:45:10 +0000] conn=6 op=236768 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:10 +0000] conn=6 op=236768 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:10 +0000] conn=6 op=236769 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc1.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc1.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:10 +0000] conn=6 op=236769 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:10 +0000] conn=6 op=236770 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [11/Jan/2016:22:45:10 +0000] conn=6 op=236770 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:10 +0000] conn=6 op=236771 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/fe1.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:10 +0000] conn=6 op=236771 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:10 +0000] conn=6 op=236772 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [11/Jan/2016:22:45:10 +0000] conn=6 op=236772 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:10 +0000] conn=36485 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [11/Jan/2016:22:45:10 +0000] conn=36485 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [11/Jan/2016:22:45:10 +0000] conn=36485 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [11/Jan/2016:22:45:10 +0000] conn=36485 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [11/Jan/2016:22:45:10 +0000] conn=36485 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI [11/Jan/2016:22:45:10 +0000] conn=36485 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=fe1.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [11/Jan/2016:22:45:10 +0000] conn=36485 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=1780198)(!(entryusn=1780198)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=fe1.mydomain.net)(sudoHost=fe1)(sudoHost=10.21.0.150)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:66cd)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" [11/Jan/2016:22:45:10 +0000] conn=36485 op=4 RESULT err=0 tag=101 nentries=1 etime=0 notes=P pr_idx=0 [11/Jan/2016:22:45:13 +0000] conn=17878 op=43113 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [11/Jan/2016:22:45:13 +0000] conn=17878 op=43113 RESULT err=0 tag=120 nentries=0 etime=0 [11/Jan/2016:22:45:13 +0000] conn=17878 op=43114 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [11/Jan/2016:22:45:13 +0000] conn=17878 op=43114 RESULT err=0 tag=120 nentries=0 etime=0 [11/Jan/2016:22:45:13 +0000] conn=17878 op=43115 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [11/Jan/2016:22:45:13 +0000] conn=17878 op=43115 RESULT err=0 tag=120 nentries=0 etime=0 [11/Jan/2016:22:45:13 +0000] conn=17878 op=43116 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [11/Jan/2016:22:45:13 +0000] conn=17878 op=43116 RESULT err=0 tag=120 nentries=0 etime=0 [11/Jan/2016:22:45:14 +0000] conn=36486 fd=150 slot=150 connection from 10.21.100.248 to 10.178.0.99 [11/Jan/2016:22:45:14 +0000] conn=36486 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [11/Jan/2016:22:45:14 +0000] conn=36486 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:14 +0000] conn=6 op=236773 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/centos6.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/centos6.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:14 +0000] conn=6 op=236773 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:14 +0000] conn=6 op=236774 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [11/Jan/2016:22:45:14 +0000] conn=6 op=236774 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:14 +0000] conn=6 op=236775 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:14 +0000] conn=6 op=236775 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:14 +0000] conn=6 op=236776 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [11/Jan/2016:22:45:14 +0000] conn=6 op=236776 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:14 +0000] conn=5 op=159883 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/centos6.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/centos6.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:14 +0000] conn=5 op=159883 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:14 +0000] conn=5 op=159884 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [11/Jan/2016:22:45:14 +0000] conn=5 op=159884 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:14 +0000] conn=5 op=159885 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:14 +0000] conn=5 op=159885 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:14 +0000] conn=5 op=159886 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [11/Jan/2016:22:45:14 +0000] conn=5 op=159886 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:14 +0000] conn=5 op=159887 SRCH base="fqdn=centos6.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [11/Jan/2016:22:45:14 +0000] conn=5 op=159887 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:14 +0000] conn=5 op=159888 SRCH base="cn=centos6.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [11/Jan/2016:22:45:14 +0000] conn=5 op=159888 RESULT err=32 tag=101 nentries=0 etime=0 [11/Jan/2016:22:45:14 +0000] conn=5 op=159889 MOD dn="fqdn=centos6.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [11/Jan/2016:22:45:14 +0000] conn=5 op=159889 RESULT err=0 tag=103 nentries=0 etime=0 csn=56943170000700030000 [11/Jan/2016:22:45:14 +0000] conn=6 op=236777 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:14 +0000] conn=6 op=236777 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:14 +0000] conn=6 op=236778 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc1.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc1.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:14 +0000] conn=6 op=236778 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:14 +0000] conn=6 op=236779 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [11/Jan/2016:22:45:14 +0000] conn=6 op=236779 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:14 +0000] conn=6 op=236780 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/centos6.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:14 +0000] conn=6 op=236780 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:14 +0000] conn=6 op=236781 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [11/Jan/2016:22:45:14 +0000] conn=6 op=236781 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:14 +0000] conn=36486 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [11/Jan/2016:22:45:14 +0000] conn=36486 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [11/Jan/2016:22:45:14 +0000] conn=36486 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [11/Jan/2016:22:45:14 +0000] conn=36486 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [11/Jan/2016:22:45:14 +0000] conn=36486 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI [11/Jan/2016:22:45:14 +0000] conn=36486 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=centos6.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [11/Jan/2016:22:45:14 +0000] conn=36486 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=11794370)(!(entryusn=11794370)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=centos6.mydomain.net)(sudoHost=centos6)(sudoHost=10.21.100.248)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:5e89)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" [11/Jan/2016:22:45:14 +0000] conn=36486 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 [11/Jan/2016:22:45:14 +0000] conn=36238 op=5 UNBIND [11/Jan/2016:22:45:14 +0000] conn=36238 op=5 fd=163 closed - U1 [11/Jan/2016:22:45:15 +0000] conn=36239 op=5 UNBIND [11/Jan/2016:22:45:15 +0000] conn=36239 op=5 fd=166 closed - U1 [11/Jan/2016:22:45:18 +0000] conn=36240 op=5 UNBIND [11/Jan/2016:22:45:18 +0000] conn=36240 op=5 fd=167 closed - U1 [11/Jan/2016:22:45:20 +0000] conn=36241 op=5 UNBIND [11/Jan/2016:22:45:20 +0000] conn=36241 op=5 fd=170 closed - U1 [11/Jan/2016:22:45:21 +0000] conn=36487 fd=163 slot=163 connection from 10.21.31.101 to 10.178.0.99 [11/Jan/2016:22:45:21 +0000] conn=36487 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [11/Jan/2016:22:45:21 +0000] conn=36487 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:21 +0000] conn=6 op=236782 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/db1.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/db1.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:21 +0000] conn=6 op=236782 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:21 +0000] conn=6 op=236783 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [11/Jan/2016:22:45:21 +0000] conn=6 op=236783 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:21 +0000] conn=6 op=236784 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:21 +0000] conn=6 op=236784 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:21 +0000] conn=6 op=236785 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [11/Jan/2016:22:45:21 +0000] conn=6 op=236785 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:21 +0000] conn=5 op=159890 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/db1.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/db1.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:21 +0000] conn=5 op=159890 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:21 +0000] conn=5 op=159891 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [11/Jan/2016:22:45:21 +0000] conn=5 op=159891 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:21 +0000] conn=5 op=159892 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:21 +0000] conn=5 op=159892 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:21 +0000] conn=5 op=159893 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [11/Jan/2016:22:45:21 +0000] conn=5 op=159893 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:21 +0000] conn=5 op=159894 SRCH base="fqdn=db1.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [11/Jan/2016:22:45:21 +0000] conn=5 op=159894 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:21 +0000] conn=5 op=159895 SRCH base="cn=db1.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [11/Jan/2016:22:45:21 +0000] conn=5 op=159895 RESULT err=32 tag=101 nentries=0 etime=0 [11/Jan/2016:22:45:21 +0000] conn=5 op=159896 MOD dn="fqdn=db1.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [11/Jan/2016:22:45:21 +0000] conn=5 op=159896 RESULT err=0 tag=103 nentries=0 etime=0 csn=56943170000b00030000 [11/Jan/2016:22:45:21 +0000] conn=6 op=236786 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:21 +0000] conn=6 op=236786 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:21 +0000] conn=6 op=236787 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc1.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc1.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:21 +0000] conn=6 op=236787 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:21 +0000] conn=6 op=236788 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [11/Jan/2016:22:45:21 +0000] conn=6 op=236788 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:21 +0000] conn=6 op=236789 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/db1.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:21 +0000] conn=6 op=236789 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:21 +0000] conn=6 op=236790 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [11/Jan/2016:22:45:21 +0000] conn=6 op=236790 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:21 +0000] conn=36487 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [11/Jan/2016:22:45:21 +0000] conn=36487 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [11/Jan/2016:22:45:21 +0000] conn=36487 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [11/Jan/2016:22:45:21 +0000] conn=36487 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [11/Jan/2016:22:45:21 +0000] conn=36487 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI [11/Jan/2016:22:45:21 +0000] conn=36487 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=db1.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [11/Jan/2016:22:45:21 +0000] conn=36487 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=11794370)(!(entryusn=11794370)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=db1.mydomain.net)(sudoHost=db1)(sudoHost=10.21.31.101)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:ef)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" [11/Jan/2016:22:45:21 +0000] conn=36487 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 [11/Jan/2016:22:45:21 +0000] conn=36488 fd=166 slot=166 connection from 10.21.29.82 to 10.178.0.99 [11/Jan/2016:22:45:21 +0000] conn=36488 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [11/Jan/2016:22:45:21 +0000] conn=36488 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:22 +0000] conn=6 op=236791 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/cass1.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/cass1.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:22 +0000] conn=6 op=236791 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:22 +0000] conn=6 op=236792 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [11/Jan/2016:22:45:22 +0000] conn=6 op=236792 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:22 +0000] conn=6 op=236793 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:22 +0000] conn=6 op=236793 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:22 +0000] conn=6 op=236794 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [11/Jan/2016:22:45:22 +0000] conn=6 op=236794 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:22 +0000] conn=6 op=236795 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/cass1.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/cass1.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:22 +0000] conn=6 op=236795 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:22 +0000] conn=6 op=236796 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [11/Jan/2016:22:45:22 +0000] conn=6 op=236796 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:22 +0000] conn=6 op=236797 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:22 +0000] conn=6 op=236797 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:22 +0000] conn=6 op=236798 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [11/Jan/2016:22:45:22 +0000] conn=6 op=236798 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:22 +0000] conn=6 op=236799 SRCH base="fqdn=cass1.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [11/Jan/2016:22:45:22 +0000] conn=6 op=236799 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:22 +0000] conn=6 op=236800 SRCH base="cn=cass1.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [11/Jan/2016:22:45:22 +0000] conn=6 op=236800 RESULT err=32 tag=101 nentries=0 etime=0 [11/Jan/2016:22:45:22 +0000] conn=6 op=236801 MOD dn="fqdn=cass1.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [11/Jan/2016:22:45:22 +0000] conn=6 op=236801 RESULT err=0 tag=103 nentries=0 etime=0 csn=56943170000d00030000 [11/Jan/2016:22:45:22 +0000] conn=6 op=236802 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:22 +0000] conn=6 op=236802 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:22 +0000] conn=6 op=236803 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc1.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc1.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:22 +0000] conn=6 op=236803 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:22 +0000] conn=6 op=236804 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [11/Jan/2016:22:45:22 +0000] conn=6 op=236804 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:22 +0000] conn=6 op=236805 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/cass1.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:22 +0000] conn=6 op=236805 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:22 +0000] conn=6 op=236806 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [11/Jan/2016:22:45:22 +0000] conn=6 op=236806 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:22 +0000] conn=36488 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [11/Jan/2016:22:45:22 +0000] conn=36488 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [11/Jan/2016:22:45:22 +0000] conn=36488 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [11/Jan/2016:22:45:22 +0000] conn=36488 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [11/Jan/2016:22:45:22 +0000] conn=36488 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI [11/Jan/2016:22:45:22 +0000] conn=36488 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=cass1.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [11/Jan/2016:22:45:22 +0000] conn=36488 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=11794370)(!(entryusn=11794370)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=cass1.mydomain.net)(sudoHost=cass1)(sudoHost=10.21.29.82)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:31ae)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" [11/Jan/2016:22:45:22 +0000] conn=36488 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 [11/Jan/2016:22:45:24 +0000] conn=17878 op=43117 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [11/Jan/2016:22:45:24 +0000] conn=17878 op=43117 RESULT err=0 tag=120 nentries=0 etime=0 [11/Jan/2016:22:45:24 +0000] conn=17878 op=43118 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [11/Jan/2016:22:45:24 +0000] conn=17878 op=43118 RESULT err=0 tag=120 nentries=0 etime=0 [11/Jan/2016:22:45:24 +0000] conn=17878 op=43119 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [11/Jan/2016:22:45:24 +0000] conn=17878 op=43119 RESULT err=0 tag=120 nentries=0 etime=0 [11/Jan/2016:22:45:24 +0000] conn=17878 op=43120 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [11/Jan/2016:22:45:24 +0000] conn=17878 op=43120 RESULT err=0 tag=120 nentries=0 etime=0 [11/Jan/2016:22:45:25 +0000] conn=36489 fd=167 slot=167 connection from 10.21.35.21 to 10.178.0.99 [11/Jan/2016:22:45:25 +0000] conn=36489 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [11/Jan/2016:22:45:25 +0000] conn=36489 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:25 +0000] conn=6 op=236807 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/es1.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/es1.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:25 +0000] conn=6 op=236807 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:25 +0000] conn=6 op=236808 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [11/Jan/2016:22:45:25 +0000] conn=6 op=236808 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:25 +0000] conn=6 op=236809 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:25 +0000] conn=6 op=236809 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:25 +0000] conn=6 op=236810 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [11/Jan/2016:22:45:25 +0000] conn=6 op=236810 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:25 +0000] conn=6 op=236811 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/es1.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/es1.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:25 +0000] conn=6 op=236811 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:25 +0000] conn=6 op=236812 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [11/Jan/2016:22:45:25 +0000] conn=6 op=236812 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:25 +0000] conn=6 op=236813 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:25 +0000] conn=6 op=236813 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:25 +0000] conn=6 op=236814 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [11/Jan/2016:22:45:25 +0000] conn=6 op=236814 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:25 +0000] conn=6 op=236815 SRCH base="fqdn=es1.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [11/Jan/2016:22:45:25 +0000] conn=6 op=236815 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:25 +0000] conn=6 op=236816 SRCH base="cn=es1.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [11/Jan/2016:22:45:25 +0000] conn=6 op=236816 RESULT err=32 tag=101 nentries=0 etime=0 [11/Jan/2016:22:45:25 +0000] conn=6 op=236817 MOD dn="fqdn=es1.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [11/Jan/2016:22:45:25 +0000] conn=6 op=236817 RESULT err=0 tag=103 nentries=0 etime=0 csn=5694317c000600030000 [11/Jan/2016:22:45:25 +0000] conn=6 op=236818 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:25 +0000] conn=6 op=236818 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:25 +0000] conn=6 op=236819 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc1.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc1.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:25 +0000] conn=6 op=236819 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:25 +0000] conn=6 op=236820 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [11/Jan/2016:22:45:25 +0000] conn=6 op=236820 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:25 +0000] conn=6 op=236821 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/es1.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:25 +0000] conn=6 op=236821 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:25 +0000] conn=6 op=236822 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [11/Jan/2016:22:45:25 +0000] conn=6 op=236822 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:25 +0000] conn=36489 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [11/Jan/2016:22:45:25 +0000] conn=36489 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [11/Jan/2016:22:45:25 +0000] conn=36489 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [11/Jan/2016:22:45:25 +0000] conn=36489 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [11/Jan/2016:22:45:25 +0000] conn=36489 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI [11/Jan/2016:22:45:25 +0000] conn=36489 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=es1.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [11/Jan/2016:22:45:25 +0000] conn=36489 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=11794370)(!(entryusn=11794370)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=es1.mydomain.net)(sudoHost=es1)(sudoHost=10.21.35.21)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:7827)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" [11/Jan/2016:22:45:25 +0000] conn=36489 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 [11/Jan/2016:22:45:25 +0000] conn=17878 op=43121 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [11/Jan/2016:22:45:25 +0000] conn=17878 op=43121 RESULT err=0 tag=120 nentries=0 etime=0 [11/Jan/2016:22:45:25 +0000] conn=17878 op=43122 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [11/Jan/2016:22:45:25 +0000] conn=17878 op=43122 RESULT err=0 tag=120 nentries=0 etime=0 [11/Jan/2016:22:45:25 +0000] conn=17878 op=43123 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [11/Jan/2016:22:45:25 +0000] conn=17878 op=43123 RESULT err=0 tag=120 nentries=0 etime=0 [11/Jan/2016:22:45:25 +0000] conn=17878 op=43124 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [11/Jan/2016:22:45:25 +0000] conn=17878 op=43124 RESULT err=0 tag=120 nentries=0 etime=0 [11/Jan/2016:22:45:26 +0000] conn=36490 fd=170 slot=170 connection from 10.21.8.92 to 10.178.0.99 [11/Jan/2016:22:45:26 +0000] conn=36490 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [11/Jan/2016:22:45:26 +0000] conn=36490 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:26 +0000] conn=6 op=236823 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/logger2.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/logger2.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:26 +0000] conn=6 op=236823 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:26 +0000] conn=6 op=236824 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [11/Jan/2016:22:45:26 +0000] conn=6 op=236824 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:26 +0000] conn=6 op=236825 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:26 +0000] conn=6 op=236825 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:26 +0000] conn=6 op=236826 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [11/Jan/2016:22:45:26 +0000] conn=6 op=236826 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:26 +0000] conn=6 op=236827 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/logger2.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/logger2.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:26 +0000] conn=6 op=236827 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:26 +0000] conn=6 op=236828 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [11/Jan/2016:22:45:26 +0000] conn=6 op=236828 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:26 +0000] conn=6 op=236829 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:26 +0000] conn=6 op=236829 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:26 +0000] conn=6 op=236830 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [11/Jan/2016:22:45:26 +0000] conn=6 op=236830 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:26 +0000] conn=6 op=236831 SRCH base="fqdn=logger2.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [11/Jan/2016:22:45:26 +0000] conn=6 op=236831 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:26 +0000] conn=6 op=236832 SRCH base="cn=logger2.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [11/Jan/2016:22:45:26 +0000] conn=6 op=236832 RESULT err=32 tag=101 nentries=0 etime=0 [11/Jan/2016:22:45:26 +0000] conn=6 op=236833 MOD dn="fqdn=logger2.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [11/Jan/2016:22:45:26 +0000] conn=6 op=236833 RESULT err=0 tag=103 nentries=0 etime=0 csn=5694317d000700030000 [11/Jan/2016:22:45:26 +0000] conn=6 op=236834 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:26 +0000] conn=6 op=236834 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:26 +0000] conn=6 op=236835 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc1.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc1.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:26 +0000] conn=6 op=236835 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:26 +0000] conn=6 op=236836 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [11/Jan/2016:22:45:26 +0000] conn=6 op=236836 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:26 +0000] conn=6 op=236837 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/logger2.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:26 +0000] conn=6 op=236837 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:26 +0000] conn=6 op=236838 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [11/Jan/2016:22:45:26 +0000] conn=6 op=236838 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:26 +0000] conn=36490 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [11/Jan/2016:22:45:26 +0000] conn=36490 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [11/Jan/2016:22:45:26 +0000] conn=36490 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [11/Jan/2016:22:45:26 +0000] conn=36490 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [11/Jan/2016:22:45:26 +0000] conn=36490 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI [11/Jan/2016:22:45:26 +0000] conn=36490 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=logger2.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [11/Jan/2016:22:45:26 +0000] conn=36490 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=11794370)(!(entryusn=11794370)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=logger2.mydomain.net)(sudoHost=logger2)(sudoHost=10.21.8.92)(sudoHost=10.21.0.0/16)(sudoHost=fe80::21f:29ff:fee8:671c)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" [11/Jan/2016:22:45:26 +0000] conn=36490 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 [11/Jan/2016:22:45:27 +0000] conn=17878 op=43125 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [11/Jan/2016:22:45:27 +0000] conn=17878 op=43125 RESULT err=0 tag=120 nentries=0 etime=0 [11/Jan/2016:22:45:27 +0000] conn=17878 op=43126 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [11/Jan/2016:22:45:27 +0000] conn=17878 op=43126 RESULT err=0 tag=120 nentries=0 etime=0 [11/Jan/2016:22:45:28 +0000] conn=36491 fd=241 slot=241 connection from 10.21.5.241 to 10.178.0.99 [11/Jan/2016:22:45:28 +0000] conn=36491 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [11/Jan/2016:22:45:28 +0000] conn=36491 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:28 +0000] conn=36491 op=1 UNBIND [11/Jan/2016:22:45:28 +0000] conn=36491 op=1 fd=241 closed - U1 [11/Jan/2016:22:45:31 +0000] conn=36492 fd=241 slot=241 SSL connection from 10.21.2.100 to 10.178.0.99 [11/Jan/2016:22:45:31 +0000] conn=36492 op=-1 fd=241 closed - Encountered end of file. [11/Jan/2016:22:45:32 +0000] conn=5 op=159897 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=realm-proxy at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:32 +0000] conn=5 op=159897 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:32 +0000] conn=5 op=159898 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [11/Jan/2016:22:45:32 +0000] conn=5 op=159898 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:32 +0000] conn=5 op=159899 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:32 +0000] conn=5 op=159899 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:32 +0000] conn=5 op=159900 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [11/Jan/2016:22:45:32 +0000] conn=5 op=159900 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:32 +0000] conn=5 op=159901 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=realm-proxy at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:32 +0000] conn=5 op=159901 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:32 +0000] conn=5 op=159902 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [11/Jan/2016:22:45:32 +0000] conn=5 op=159902 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:32 +0000] conn=5 op=159903 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:32 +0000] conn=5 op=159903 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:32 +0000] conn=5 op=159904 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [11/Jan/2016:22:45:32 +0000] conn=5 op=159904 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:32 +0000] conn=5 op=159905 SRCH base="uid=realm-proxy,cn=users,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [11/Jan/2016:22:45:32 +0000] conn=5 op=159905 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:32 +0000] conn=5 op=159906 MOD dn="uid=realm-proxy,cn=users,cn=accounts,dc=mydomain,dc=net" [11/Jan/2016:22:45:32 +0000] conn=5 op=159906 RESULT err=0 tag=103 nentries=0 etime=0 csn=5694317f000400030000 [11/Jan/2016:22:45:32 +0000] conn=6 op=236839 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:32 +0000] conn=6 op=236839 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:32 +0000] conn=6 op=236840 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=HTTP/dc1.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=HTTP/dc1.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:32 +0000] conn=6 op=236840 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:32 +0000] conn=6 op=236841 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [11/Jan/2016:22:45:32 +0000] conn=6 op=236841 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:32 +0000] conn=6 op=236842 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=realm-proxy at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:32 +0000] conn=6 op=236842 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:32 +0000] conn=6 op=236843 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [11/Jan/2016:22:45:32 +0000] conn=6 op=236843 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:32 +0000] conn=36493 fd=241 slot=241 connection from 10.178.0.99 to 10.178.0.99 [11/Jan/2016:22:45:32 +0000] conn=6 op=236844 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:32 +0000] conn=6 op=236844 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:32 +0000] conn=6 op=236845 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc1.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc1.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:32 +0000] conn=6 op=236845 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:32 +0000] conn=6 op=236846 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [11/Jan/2016:22:45:32 +0000] conn=6 op=236846 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:32 +0000] conn=6 op=236847 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc1.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:32 +0000] conn=6 op=236847 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:32 +0000] conn=6 op=236848 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [11/Jan/2016:22:45:32 +0000] conn=6 op=236848 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:32 +0000] conn=6 op=236849 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc1.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" [11/Jan/2016:22:45:32 +0000] conn=6 op=236849 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:32 +0000] conn=6 op=236850 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=realm-proxy at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:32 +0000] conn=6 op=236850 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:32 +0000] conn=6 op=236851 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [11/Jan/2016:22:45:32 +0000] conn=6 op=236851 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:32 +0000] conn=36493 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [11/Jan/2016:22:45:32 +0000] conn=36493 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [11/Jan/2016:22:45:32 +0000] conn=36493 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [11/Jan/2016:22:45:32 +0000] conn=36493 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [11/Jan/2016:22:45:32 +0000] conn=36493 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [11/Jan/2016:22:45:32 +0000] conn=36493 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=realm-proxy,cn=users,cn=accounts,dc=mydomain,dc=net" [11/Jan/2016:22:45:32 +0000] conn=36493 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [11/Jan/2016:22:45:32 +0000] conn=36493 op=3 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:32 +0000] conn=36493 op=4 SRCH base="fqdn=testhostcentos6.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" [11/Jan/2016:22:45:32 +0000] conn=36493 op=4 RESULT err=32 tag=101 nentries=0 etime=0 [11/Jan/2016:22:45:32 +0000] conn=36493 op=5 SRCH base="cn=computers,cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=ipaobject)(objectClass=nshost)(objectClass=ipahost)(objectClass=pkiuser)(objectClass=ipaservice))(serverHostName=testhostcentos6.mydomain.net))" attrs="" [11/Jan/2016:22:45:32 +0000] conn=36493 op=5 RESULT err=0 tag=101 nentries=0 etime=0 notes=U [11/Jan/2016:22:45:32 +0000] conn=36493 op=6 SRCH base="fqdn=testhostcentos6.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="macAddress memberOf description nsHardwarePlatform ipaAllowedToPerform memberofindirect l nsOsVersion fqdn managedBy ipaAssignedIDView userCertificate krbPrincipalName nsHostLocation userClass" [11/Jan/2016:22:45:32 +0000] conn=36493 op=6 RESULT err=32 tag=101 nentries=0 etime=0 [11/Jan/2016:22:45:32 +0000] conn=36493 op=7 UNBIND [11/Jan/2016:22:45:32 +0000] conn=36493 op=7 fd=241 closed - U1 [11/Jan/2016:22:45:32 +0000] conn=36494 fd=241 slot=241 connection from 10.178.0.99 to 10.178.0.99 [11/Jan/2016:22:45:32 +0000] conn=6 op=236852 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:33 +0000] conn=6 op=236852 RESULT err=0 tag=101 nentries=1 etime=1 [11/Jan/2016:22:45:33 +0000] conn=6 op=236853 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc1.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc1.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:33 +0000] conn=6 op=236853 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:33 +0000] conn=6 op=236854 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [11/Jan/2016:22:45:33 +0000] conn=6 op=236854 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:33 +0000] conn=6 op=236855 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc1.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:33 +0000] conn=6 op=236855 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:33 +0000] conn=6 op=236856 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [11/Jan/2016:22:45:33 +0000] conn=6 op=236856 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:33 +0000] conn=6 op=236857 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc1.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" [11/Jan/2016:22:45:33 +0000] conn=6 op=236857 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:33 +0000] conn=6 op=236858 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=realm-proxy at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:33 +0000] conn=6 op=236858 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:33 +0000] conn=6 op=236859 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [11/Jan/2016:22:45:33 +0000] conn=6 op=236859 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:33 +0000] conn=36494 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [11/Jan/2016:22:45:33 +0000] conn=36494 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [11/Jan/2016:22:45:33 +0000] conn=36494 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [11/Jan/2016:22:45:33 +0000] conn=36494 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [11/Jan/2016:22:45:33 +0000] conn=36494 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [11/Jan/2016:22:45:33 +0000] conn=36494 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=realm-proxy,cn=users,cn=accounts,dc=mydomain,dc=net" [11/Jan/2016:22:45:33 +0000] conn=36494 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [11/Jan/2016:22:45:33 +0000] conn=36494 op=3 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:33 +0000] conn=36494 op=4 SRCH base="fqdn=testhostcentos6.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" [11/Jan/2016:22:45:33 +0000] conn=36494 op=4 RESULT err=32 tag=101 nentries=0 etime=0 [11/Jan/2016:22:45:33 +0000] conn=36494 op=5 SRCH base="cn=computers,cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=ipaobject)(objectClass=nshost)(objectClass=ipahost)(objectClass=pkiuser)(objectClass=ipaservice))(serverHostName=testhostcentos6.mydomain.net))" attrs="" [11/Jan/2016:22:45:33 +0000] conn=36494 op=5 RESULT err=0 tag=101 nentries=0 etime=0 notes=U [11/Jan/2016:22:45:33 +0000] conn=36494 op=6 ADD dn="fqdn=testhostcentos6.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [11/Jan/2016:22:45:33 +0000] conn=36494 op=6 RESULT err=0 tag=105 nentries=0 etime=0 csn=5694317f000700030000 [11/Jan/2016:22:45:33 +0000] conn=36494 op=7 SRCH base="fqdn=testhostcentos6.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="macAddress memberOf description nsHardwarePlatform objectClass ipaAllowedToPerform memberofindirect l nsOsVersion fqdn managedBy ipaAssignedIDView ipaUniqueID userCertificate krbPrincipalName nsHostLocation userClass" [11/Jan/2016:22:45:33 +0000] conn=36494 op=7 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:33 +0000] conn=36494 op=8 SRCH base="dc=mydomain,dc=net" scope=2 filter="(|(member=fqdn=testhostcentos6.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberUser=fqdn=testhostcentos6.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberHost=fqdn=testhostcentos6.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net))" attrs="" [11/Jan/2016:22:45:33 +0000] conn=36494 op=8 RESULT err=0 tag=101 nentries=0 etime=0 [11/Jan/2016:22:45:33 +0000] conn=36494 op=9 SRCH base="cn=dns,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [11/Jan/2016:22:45:33 +0000] conn=36494 op=9 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:33 +0000] conn=36494 op=10 SRCH base="fqdn=testhostcentos6.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(userPassword=*)" attrs="userPassword" [11/Jan/2016:22:45:33 +0000] conn=36494 op=10 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:33 +0000] conn=36494 op=11 SRCH base="fqdn=testhostcentos6.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(krbPrincipalKey=*)" attrs="krbPrincipalKey" [11/Jan/2016:22:45:33 +0000] conn=36494 op=11 RESULT err=0 tag=101 nentries=0 etime=0 [11/Jan/2016:22:45:33 +0000] conn=36494 op=12 SRCH base="fqdn=testhostcentos6.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaSshPubKey" [11/Jan/2016:22:45:33 +0000] conn=36494 op=12 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:33 +0000] conn=36494 op=13 UNBIND [11/Jan/2016:22:45:33 +0000] conn=36494 op=13 fd=241 closed - U1 [11/Jan/2016:22:45:33 +0000] conn=36495 fd=241 slot=241 connection from 10.21.2.100 to 10.178.0.99 [11/Jan/2016:22:45:33 +0000] conn=36495 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="namingContexts" [11/Jan/2016:22:45:33 +0000] conn=36495 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:33 +0000] conn=36495 op=1 UNBIND [11/Jan/2016:22:45:33 +0000] conn=36495 op=1 fd=241 closed - U1 [11/Jan/2016:22:45:33 +0000] conn=36244 op=5 UNBIND [11/Jan/2016:22:45:33 +0000] conn=36244 op=5 fd=171 closed - U1 [11/Jan/2016:22:45:34 +0000] conn=36245 op=5 UNBIND [11/Jan/2016:22:45:34 +0000] conn=36245 op=5 fd=172 closed - U1 [11/Jan/2016:22:45:36 +0000] conn=36386 op=19 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=foreman)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType usercertificate;binary" [11/Jan/2016:22:45:36 +0000] conn=36386 op=19 RESULT err=0 tag=101 nentries=0 etime=0 [11/Jan/2016:22:45:37 +0000] conn=36456 op=5 SRCH base="cn=ranges,cn=etc,dc=mydomain,dc=net" scope=2 filter="(objectClass=ipaIDRange)" attrs="objectClass cn ipaBaseID ipaBaseRID ipaSecondaryBaseRID ipaIDRangeSize ipaNTTrustedDomainSID ipaRangeType" [11/Jan/2016:22:45:37 +0000] conn=36456 op=5 RESULT err=0 tag=101 nentries=3 etime=0 [11/Jan/2016:22:45:37 +0000] conn=36456 op=6 SRCH base="cn=trusts,dc=mydomain,dc=net" scope=2 filter="(objectClass=ipaNTTrustedDomain)" attrs="cn ipaNTFlatName ipaNTTrustedDomainSID" [11/Jan/2016:22:45:37 +0000] conn=36456 op=6 RESULT err=0 tag=101 nentries=0 etime=0 [11/Jan/2016:22:45:37 +0000] conn=36456 op=7 SRCH base="cn=ad,cn=etc,dc=mydomain,dc=net" scope=2 filter="(objectClass=ipaNTDomainAttrs)" attrs="cn ipaNTFlatName ipaNTSecurityIdentifier" [11/Jan/2016:22:45:37 +0000] conn=36456 op=7 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:37 +0000] conn=36246 op=5 UNBIND [11/Jan/2016:22:45:37 +0000] conn=36246 op=5 fd=185 closed - U1 [11/Jan/2016:22:45:38 +0000] conn=36496 fd=171 slot=171 connection from 10.21.2.100 to 10.178.0.99 [11/Jan/2016:22:45:38 +0000] conn=36496 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS" [11/Jan/2016:22:45:38 +0000] conn=36496 op=0 RESULT err=0 tag=120 nentries=0 etime=0 [11/Jan/2016:22:45:38 +0000] conn=36496 op=-1 fd=171 closed - Peer reports failure of signature verification or key exchange. [11/Jan/2016:22:45:38 +0000] conn=36386 op=20 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=nobody)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType usercertificate;binary" [11/Jan/2016:22:45:38 +0000] conn=36386 op=20 RESULT err=0 tag=101 nentries=0 etime=0 [11/Jan/2016:22:45:38 +0000] conn=36386 op=21 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=nobody)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType usercertificate;binary" [11/Jan/2016:22:45:38 +0000] conn=36386 op=21 RESULT err=0 tag=101 nentries=0 etime=0 [11/Jan/2016:22:45:39 +0000] conn=17878 op=43127 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [11/Jan/2016:22:45:39 +0000] conn=17878 op=43127 RESULT err=0 tag=120 nentries=0 etime=0 [11/Jan/2016:22:45:39 +0000] conn=17878 op=43128 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [11/Jan/2016:22:45:39 +0000] conn=17878 op=43128 RESULT err=0 tag=120 nentries=0 etime=0 [11/Jan/2016:22:45:39 +0000] conn=17878 op=43129 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [11/Jan/2016:22:45:39 +0000] conn=17878 op=43129 RESULT err=0 tag=120 nentries=0 etime=0 [11/Jan/2016:22:45:39 +0000] conn=17878 op=43130 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [11/Jan/2016:22:45:39 +0000] conn=17878 op=43130 RESULT err=0 tag=120 nentries=0 etime=0 [11/Jan/2016:22:45:39 +0000] conn=36386 op=22 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=nobody)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType usercertificate;binary" [11/Jan/2016:22:45:39 +0000] conn=36386 op=22 RESULT err=0 tag=101 nentries=0 etime=0 [11/Jan/2016:22:45:39 +0000] conn=36386 op=23 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=nobody)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType usercertificate;binary" [11/Jan/2016:22:45:39 +0000] conn=36386 op=23 RESULT err=0 tag=101 nentries=0 etime=0 [11/Jan/2016:22:45:39 +0000] conn=36386 op=24 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=nobody)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType usercertificate;binary" [11/Jan/2016:22:45:39 +0000] conn=36386 op=24 RESULT err=0 tag=101 nentries=0 etime=0 [11/Jan/2016:22:45:39 +0000] conn=36497 fd=171 slot=171 connection from 10.21.25.13 to 10.178.0.99 [11/Jan/2016:22:45:39 +0000] conn=36497 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [11/Jan/2016:22:45:39 +0000] conn=36497 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:39 +0000] conn=6 op=236860 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/uwp2.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/uwp2.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:39 +0000] conn=6 op=236860 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:39 +0000] conn=6 op=236861 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [11/Jan/2016:22:45:39 +0000] conn=6 op=236861 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:39 +0000] conn=6 op=236862 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:39 +0000] conn=6 op=236862 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:39 +0000] conn=6 op=236863 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [11/Jan/2016:22:45:39 +0000] conn=6 op=236863 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:39 +0000] conn=6 op=236864 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/uwp2.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/uwp2.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:39 +0000] conn=6 op=236864 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:39 +0000] conn=6 op=236865 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [11/Jan/2016:22:45:39 +0000] conn=6 op=236865 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:39 +0000] conn=6 op=236866 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:39 +0000] conn=6 op=236866 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:39 +0000] conn=6 op=236867 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [11/Jan/2016:22:45:39 +0000] conn=6 op=236867 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:39 +0000] conn=6 op=236868 SRCH base="fqdn=uwp2.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [11/Jan/2016:22:45:39 +0000] conn=6 op=236868 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:39 +0000] conn=6 op=236869 SRCH base="cn=uwp2.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [11/Jan/2016:22:45:39 +0000] conn=6 op=236869 RESULT err=32 tag=101 nentries=0 etime=0 [11/Jan/2016:22:45:39 +0000] conn=6 op=236870 MOD dn="fqdn=uwp2.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [11/Jan/2016:22:45:39 +0000] conn=6 op=236870 RESULT err=0 tag=103 nentries=0 etime=0 csn=5694318c000400030000 [11/Jan/2016:22:45:39 +0000] conn=6 op=236871 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:39 +0000] conn=6 op=236871 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:39 +0000] conn=6 op=236872 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc1.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc1.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:39 +0000] conn=6 op=236872 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:39 +0000] conn=6 op=236873 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [11/Jan/2016:22:45:39 +0000] conn=6 op=236873 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:39 +0000] conn=6 op=236874 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/uwp2.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [11/Jan/2016:22:45:39 +0000] conn=6 op=236874 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:39 +0000] conn=6 op=236875 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [11/Jan/2016:22:45:39 +0000] conn=6 op=236875 RESULT err=0 tag=101 nentries=1 etime=0 [11/Jan/2016:22:45:39 +0000] conn=36497 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [11/Jan/2016:22:45:39 +0000] conn=36497 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [11/Jan/2016:22:45:39 +0000] conn=36497 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [11/Jan/2016:22:45:40 +0000] conn=36497 op=2 RESULT err=14 tag=97 nentries=0 etime=1, SASL bind in progress [11/Jan/2016:22:45:40 +0000] conn=36497 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI [11/Jan/2016:22:45:40 +0000] conn=36497 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=uwp2.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [11/Jan/2016:22:45:40 +0000] conn=36497 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=11794370)(!(entryusn=11794370)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=uwp2.mydomain.net)(sudoHost=uwp2)(sudoHost=10.21.25.13)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:3667)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" [11/Jan/2016:22:45:40 +0000] conn=36497 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 From anthony.wan.cheng at gmail.com Mon Jan 11 23:56:37 2016 From: anthony.wan.cheng at gmail.com (Anthony Cheng) Date: Mon, 11 Jan 2016 18:56:37 -0500 Subject: [Freeipa-users] Documentation on Testing page Message-ID: Hi all, I have been looking at the documentation, specifically the test page: http://www.freeipa.org/page/Testing It looks like it has missing info on the Build section, specifically I don't see reference to a makefile or where to run make to build the testing utility. Thanks, Anthony From ftweedal at redhat.com Tue Jan 12 01:05:41 2016 From: ftweedal at redhat.com (Fraser Tweedale) Date: Tue, 12 Jan 2016 11:05:41 +1000 Subject: [Freeipa-users] error while installin ipa-replica with ca In-Reply-To: <56939848.7000609@redhat.com> References: <56938B91.7090603@deus.pro> <56939677.9080103@redhat.com> <56939755.1050808@deus.pro> <56939848.7000609@redhat.com> Message-ID: <20160112010541.GP31821@dhcp-40-8.bne.redhat.com> On Mon, Jan 11, 2016 at 12:55:52PM +0100, Martin Kosek wrote: > On 01/11/2016 12:51 PM, Arthur Fayzullin wrote: > > Bingo!!! > > that it is!!! > > dm password contains % - symbol! > > > > I am not sure but with previous versions that have not caused any problem. > > Good :-) > > Still, it would be nice to fix Dogtag installation procedures to not parse > passwords that way. Endi, please just make sure there is a Dogtag Bugzilla > filed and in some realistic milestone as this bug's root cause is not so obvious. > There is an existing BZ and upstream ticket: https://bugzilla.redhat.com/show_bug.cgi?id=1283631 https://fedorahosted.org/pki/ticket/1703 > > > > Thanks a lot! > > > > 11.01.2016 16:48, Martin Kosek ?????: > >> On 01/11/2016 12:01 PM, Arthur Fayzullin wrote: > >>> Good day, Colleagues! > >>> > >>> And Happy New Year! > >>> > >>> I have tried to install test stend with ipa v4.2 and 2 master-master > >>> servers. > >>> > >>> files /etc/hosts on both servers contain: > >>> 127.0.0.1 localhost localhost.localdomain localhost4 > >>> localhost4.localdomain4 > >>> ::1 localhost localhost.localdomain localhost6 > >>> localhost6.localdomain6 > >>> > >>> 10.254.1.114 radipa00.test.ckt radipa00 > >>> 10.254.1.154 radipa01.test.ckt radipa01 > >>> > >>> prepare key for replica server: > >>> [root at radipa00 ipa]# ipa-replica-prepare --ip-address=10.254.1.154 > >>> radipa01.test.ckt > >>> > >>> copy it to replica: > >>> [root at radipa00 ipa]# scp /var/lib/ipa/replica-info-radipa01.test.ckt.gpg > >>> root at radipa01.test.ckt:/var/lib/ipa/ > >>> > >>> then on replica start installation: > >>> [root at radipa01 ~]# ipa-replica-install --setup-ca --setup-kra > >>> --mkhomedir --ssh-trust-dns --ip-address=10.254.1.154 --setup-dns > >>> --forwarder=77.88.8.7 --forwarder=77.88.8.3 > >>> /var/lib/ipa/replica-info-radipa01.test.ckt.gpg > >>> > >>> and!!! I have got such error: > >>> [2/23]: configuring certificate server instance > >>> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to > >>> configure CA instance: Command ''/usr/sbin/pkispawn' '-s' 'CA' '-f' > >>> '/tmp/tmpvgc4S6'' returned non-zero exit status 1 > >>> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL See the > >>> installation logs and the following files/directories for more information: > >>> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL > >>> /var/log/pki-ca-install.log > >>> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL > >>> /var/log/pki/pki-tomcat > >>> [error] RuntimeError: CA configuration failed. > >>> Your system may be partly configured. > >>> Run /usr/sbin/ipa-server-install --uninstall to clean up. > >>> > >>> log file contains this error: > >>> [root at radipa01 ~]# less /var/log/pki/pki-ca-spawn.20160111150634.log > >>> 'application_version': '[APPLICATION_VERSION]'} > >>> 2016-01-11 15:06:34 pkispawn : ERROR ....... Deployment file could > >>> not be parsed correctly. This might be because of unescaped '%%' > >>> characters. You must escape '%%' characters in deployment files > >>> (example - 'setting=foo%%%%bar'). > >>> 2016-01-11 15:06:34 pkispawn : ERROR ....... Interpolation error > >>> ('%' must be followed by '%' or '(', found: '%') > >>> > >>> I have reproduced that error several times with cenos7 and fedora23 > >>> installations. > >>> > >>> I am really confused if I am doing something wrong or may it is > >>> something else... > >>> what it can be? > >>> ____________ > >>> Best wishes! > >> CCing Endi. There used to be an error, when DM password (used also for Dogtag) > >> contained special characters, PKI installer choked on it. I could not find the > >> bug number right now. > > > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project From prasun.gera at gmail.com Tue Jan 12 02:21:05 2016 From: prasun.gera at gmail.com (Prasun Gera) Date: Mon, 11 Jan 2016 21:21:05 -0500 Subject: [Freeipa-users] IPA users not visible in NIS passwd map In-Reply-To: <20160111212125.GC4316@redhat.com> References: <20160111212125.GC4316@redhat.com> Message-ID: This is the output of the command: ldapsearch -LLL -H $(cat /etc/ipa/default.conf | grep ldap_uri|cut -d= -f2) -b cn=config '(nis-domain=*)' dn CreateTimestamp ModifyTimestamp SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 dn: nis-domain=domain.edu+nis-map=auto.home,cn=NIS Server,cn=plugins,cn=config CreateTimestamp: 20150321091139Z ModifyTimestamp: 20150321091139Z dn: nis-domain=domain.edu+nis-map=auto.local,cn=NIS Server,cn=plugins,cn=confi g CreateTimestamp: 20150321091209Z ModifyTimestamp: 20150321091209Z dn: nis-domain=domain.edu+nis-map=auto.master,cn=NIS Server,cn=plugins,cn=conf ig CreateTimestamp: 20150321091201Z ModifyTimestamp: 20150321091201Z dn: nis-domain=domain.edu+nis-map=ethers.byaddr,cn=NIS Server,cn=plugins,cn=co nfig CreateTimestamp: 20150320220124Z ModifyTimestamp: 20150320220124Z dn: nis-domain=domain.edu+nis-map=ethers.byname,cn=NIS Server,cn=plugins,cn=co nfig CreateTimestamp: 20150320220124Z ModifyTimestamp: 20150320220124Z dn: nis-domain=domain.edu+nis-map=group.bygid,cn=NIS Server,cn=plugins,cn=conf ig CreateTimestamp: 20150320220124Z ModifyTimestamp: 20150320220124Z dn: nis-domain=domain.edu+nis-map=group.byname,cn=NIS Server,cn=plugins,cn=con fig CreateTimestamp: 20150320220124Z ModifyTimestamp: 20150320220124Z dn: nis-domain=domain.edu+nis-map=netgroup,cn=NIS Server,cn=plugins,cn=config CreateTimestamp: 20150320220124Z ModifyTimestamp: 20150320220124Z dn: nis-domain=domain.edu+nis-map=netid.byname,cn=NIS Server,cn=plugins,cn=con fig CreateTimestamp: 20150320220124Z ModifyTimestamp: 20150320220124Z dn: nis-domain=domain.edu+nis-map=passwd.byname,cn=NIS Server,cn=plugins,cn=co nfig CreateTimestamp: 20150320220124Z ModifyTimestamp: 20150320220124Z dn: nis-domain=domain.edu+nis-map=passwd.byuid,cn=NIS Server,cn=plugins,cn=con fig CreateTimestamp: 20150320220124Z ModifyTimestamp: 20150320220124Z All the maps are listed from what I can tell. passwd is the one that is not working as expected. Autofs maps are working all right on nis clients. On Mon, Jan 11, 2016 at 4:21 PM, Alexander Bokovoy wrote: > On Mon, 11 Jan 2016, Prasun Gera wrote: > >> I upgraded ipa to 4.2 on my rhel 7.2 servers a few weeks ago. One of the >> users reported that he is not able to log in to certain systems any more. >> It turns out that there is some change in behaviour w.r.t NIS clients >> after >> this upgrade. I see that his username is not visible in "ypcat passwd" on >> the old clients that are using NIS. This user was added natively through >> ipa. The old users that were migrated from NIS still work as expected on >> the NIS clients. I can also confirm that if I add a new user now in ipa, >> it >> is not visible in NIS maps. Until we phase out the NIS clients completely, >> I would like all users to be able to log into them. This used to be the >> case, but a recent update seems to have changed that. I don't know if this >> is intentional. How do i revert to the old behaviour ? >> > Do you see all the maps configured? > > # ldapsearch -LLL -H $(cat /etc/ipa/default.conf | grep ldap_uri|cut -d= > -f2) -b cn=config '(nis-domain=*)' dn CreateTimestamp ModifyTimestamp > > We have a bug in the upgrade script that was fixed this morning > https://www.redhat.com/archives/freeipa-devel/2016-January/msg00154.html > > -- > / Alexander Bokovoy > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rcritten at redhat.com Tue Jan 12 02:54:18 2016 From: rcritten at redhat.com (Rob Crittenden) Date: Mon, 11 Jan 2016 21:54:18 -0500 Subject: [Freeipa-users] Documentation on Testing page In-Reply-To: References: Message-ID: <56946ADA.1070008@redhat.com> Anthony Cheng wrote: > Hi all, > > I have been looking at the documentation, specifically the test page: > http://www.freeipa.org/page/Testing > > It looks like it has missing info on the Build section, specifically I > don't see reference to a makefile or where to run make to build the > testing utility. You just run make from the top-level directory. There is a BUILD.txt to help get you started as well. rob From nathan at nathanpeters.com Tue Jan 12 04:30:46 2016 From: nathan at nathanpeters.com (nathan at nathanpeters.com) Date: Mon, 11 Jan 2016 20:30:46 -0800 Subject: [Freeipa-users] Replication failing on FreeIPA 4.2.0 Message-ID: <1c326ef734aae3f4647643d61d5712e9.squirrel@webmail.nathanpeters.com> I have 3 FreeIPA 4.2.0 servers running on CentOS 7.2 I am getting replication errors that I cannot seem to figure out. Here is the setup : (I refer to master and slave because apparently your CA is the only one who can create replica certs so it is the 'master') dc1 : master, been running for a long time on 4.1.4, recently upgraded to 4.2.0 dc2 : replica, been running for a long time on 4.1.4, recently upgraded to 4.2.0 dc3 : replica, newly added as fresh freeipa 4.2.0 after the other 2 were upgraded. Changes from dc2 were not being replicated to dc1 for a long time and I had to ipa-replica-manage re-initialize 3 times for it to finally start replicating again. Every time it reported success, but the first 2 times, any changes on dc2 were not replicated to dc1. Although replication seems to be working again, I've not got a bunch of errors in my logs and status checks, and fear it may start failing in the future again due to some verbage in the log entries. Also, although I've read the busy replica error is supposed to be 'transient' i've been refreshing the output of the replica-manage list command for an hour and it hasn't gone away... I'm also quite confused about the 1970 dates... [root at dc1 slapd-MYDOMAIN-NET]# ipa-replica-manage list -v `hostname` dc2.mydomain.net: replica last init status: 0 Total update succeeded last init ended: 2016-01-12 04:08:47+00:00 last update status: 0 Replica acquired successfully: Incremental update succeeded last update ended: 2016-01-12 04:25:15+00:00 dc3.mydomain.net: replica last init status: 0 Total update succeeded last init ended: 2016-01-10 08:06:35+00:00 last update status: 0 Replica acquired successfully: Incremental update succeeded last update ended: 2016-01-12 04:25:15+00:00 [root at dc2 slapd-MYDOMAIN-NET]# ipa-replica-manage list -v `hostname` dc1.mydomain.net: replica last init status: 1 Replication error acquiring replica: replica busy last init ended: 1970-01-01 00:00:00+00:00 last update status: 1 Can't acquire busy replica last update ended: 2016-01-12 04:25:05+00:00 [root at dc3 slapd-MYDOMAIN-NET]# ipa-replica-manage list -v `hostname` dc1.mydomain.net: replica last init status: None last init ended: 1970-01-01 00:00:00+00:00 last update status: 0 Replica acquired successfully: Incremental update started last update ended: 1970-01-01 00:00:00+00:00 dc2 error logs : ---------------- [12/Jan/2016:04:08:47 +0000] NSMMReplicationPlugin - replica_reload_ruv: Warning: new data for replica dc=mycompany,dc=net does not match the data in the changelog. Recreating the changelog file. This could affect replication with replica's consumers in which case the consumers should be reinitialized. [12/Jan/2016:04:08:47 +0000] NSMMReplicationPlugin - replication keep alive entry already exists [12/Jan/2016:04:08:47 +0000] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=mycompany,dc=net does not exist [12/Jan/2016:04:08:47 +0000] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=mycompany,dc=net does not exist [12/Jan/2016:04:08:47 +0000] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=mycompany,dc=net does not exist [12/Jan/2016:04:08:47 +0000] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=mycompany,dc=net does not exist [12/Jan/2016:04:08:47 +0000] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=mycompany,dc=net does not exist [12/Jan/2016:04:08:47 +0000] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=mycompany,dc=net does not exist [12/Jan/2016:04:08:47 +0000] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=mycompany,dc=net does not exist [12/Jan/2016:04:08:47 +0000] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=mycompany,dc=net does not exist [12/Jan/2016:04:08:47 +0000] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=mycompany,dc=net does not exist [12/Jan/2016:04:08:47 +0000] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=mycompany,dc=net does not exist [12/Jan/2016:04:08:47 +0000] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=mycompany,dc=net does not exist [12/Jan/2016:04:08:47 +0000] NSACLPlugin - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=mycompany,dc=net does not exist [12/Jan/2016:04:08:47 +0000] NSACLPlugin - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=mycompany,dc=net does not exist [12/Jan/2016:04:09:46 +0000] agmt="cn=meTodc1.mycompany.net" (dc1:389) - Can't locate CSN 56947cbe000800030000 in the changelog (DB rc=-30988). If replication stops, the consumer may need to be reinitialized. dc1 error logs : ---------------- [12/Jan/2016:04:08:07 +0000] NSMMReplicationPlugin - Beginning total update of replica "agmt="cn=meTodc2.mycompany.net" (dc2:389)". [12/Jan/2016:04:08:07 +0000] NSMMReplicationPlugin - replication keep alive entry already exists [12/Jan/2016:04:08:48 +0000] NSMMReplicationPlugin - Finished total update of replica "agmt="cn=meTodc2.mycompany.net" (dc2:389)". Sent 7700 entries. [12/Jan/2016:04:09:34 +0000] NSMMReplicationPlugin - replication keep alive entry already exists [12/Jan/2016:04:14:17 +0000] NSMMReplicationPlugin - replication keep alive entry already exists [12/Jan/2016:04:14:17 +0000] NSMMReplicationPlugin - replication keep alive entry already exists [12/Jan/2016:04:18:58 +0000] NSMMReplicationPlugin - replication keep alive entry already exists [12/Jan/2016:04:18:58 +0000] NSMMReplicationPlugin - replication keep alive entry already exists dc3 error logs : ---------------- [12/Jan/2016:02:24:34 +0000] NSMMReplicationPlugin - replication keep alive entry already exists [12/Jan/2016:03:05:13 +0000] NSMMReplicationPlugin - replication keep alive entry already exists [12/Jan/2016:04:03:59 +0000] NSMMReplicationPlugin - replication keep alive entry already exists [12/Jan/2016:04:08:35 +0000] NSMMReplicationPlugin - replication keep alive entry already exists [12/Jan/2016:04:14:02 +0000] NSMMReplicationPlugin - replication keep alive entry already exists [12/Jan/2016:04:20:23 +0000] NSMMReplicationPlugin - replication keep alive entry already exists From jpazdziora at redhat.com Tue Jan 12 07:32:05 2016 From: jpazdziora at redhat.com (Jan Pazdziora) Date: Tue, 12 Jan 2016 08:32:05 +0100 Subject: [Freeipa-users] Upgrade to FreeIPA 4.2.0 broke Katello/Foreman realm proxy In-Reply-To: References: Message-ID: <20160112073205.GI8334@redhat.com> On Mon, Jan 11, 2016 at 03:01:40PM -0800, nathan at nathanpeters.com wrote: > > Basically I have a Katello server running as a realm proxy. It is joined > as a client to the FreeIPA domain. I have provisioned 20 hosts last week > using its Foreman realm proxy feature and they all worked fine. > > This weekend I updated to Katello 2.4/FreeIPA 4.2.0. Now, when I create a > new host, it is not properly provisioned. > > A post to the foreman users mailing list seems to indicate that foreman is > working because it got an OTP from FreeIP : > https://groups.google.com/forum/#!topic/foreman-users/GlGSM6EAyUs In that thread you note that the issue was in fact a replication problem. Did you manage to resolve it? -- Jan Pazdziora Senior Principal Software Engineer, Identity Management Engineering, Red Hat From f.zoske at euroimmun.de Tue Jan 12 08:25:28 2016 From: f.zoske at euroimmun.de (Zoske, Fabian) Date: Tue, 12 Jan 2016 08:25:28 +0000 Subject: [Freeipa-users] Cross Domain Trust In-Reply-To: <20160111183721.GA19957@mail.corp.redhat.com> References: <20151215123822.GB24928@p.redhat.com> <20160111183721.GA19957@mail.corp.redhat.com> Message-ID: <01E75E6E-4BF3-4996-9A26-6B182C460196@euroimmun.de> We recently upgraded our IPA-Server from CentOS 7.1 to CentOS 7.2. So far no differences. Best regards, Fabian > On 11 Jan 2016, at 19:37, Lukas Slebodnik wrote: > > On (11/01/16 14:56), Zoske, Fabian wrote: >> I looked deeper into the problem and tested it with ubuntu 16.04 Alpha which includes SSSD 1-13-3. >> Now I have the same problem on Ubuntu. >> On Ubuntu 14.04 I have installed the shipped SSSD-1.11.5 and everything works. >> > It might be issue on ipa server. > sssd-1.11 fetch trusted users from ipa server in different way than > sssd-1.12+ > > Could you try to upgrade FreeIPA from CentOS 7.1 to CentOS 7.2 > > LS From support at cfms.org.uk Tue Jan 12 09:47:44 2016 From: support at cfms.org.uk (CFMS Support) Date: Tue, 12 Jan 2016 09:47:44 +0000 Subject: [Freeipa-users] FreeIPA and Pulse Secure (Juniper SSLVPN) In-Reply-To: References: Message-ID: Hi All, New to the mailing list, fairly new to IPA. We have three IPA servers in a cluster in a staging environment. We're looking to replace AD with IPA as we are mostly Linux based and we have just bought some new Pulse Secure Appliances to replace our aging Juniper SA devices. With a migration to IPA currently being staged, the PSA devices have been added to the staging environment so that we can provide them with Directory access. Unfortunately, we seem to be having some problems with the configuration of both (Pulse Secure are also working with us) to allow the directory contents to be searched. The connection between the devices and the IPA cluster are fine, it's more the LDAP binding that seems to be the problem. The following is the configuration from the pulse secure device: [image: Screen Shot 2016-01-11 at 16.08.23.png] We get 6 groups shown out of 200 that are currently placed on the IPA Servers, All groups are posix, and have no other configuration. We don't see the users who are in those groups though. Has anyone connected PSA/Juniper SA devices to the IPA server before, and has anyone got any advice on connecting the above? Kind Regards, Josh Cullum -- *Josh Cullum* // IT Systems Administrator *e: josh.cullum at cfms.org.uk * // *t: *0117 906 1106 // *w: *www.cfms.org.uk // [image: Linkedin grey icon scaled] CFMS Services Ltd // Bristol & Bath Science Park // Dirac Crescent // Emersons Green // Bristol // BS16 7FR -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: Screen Shot 2016-01-11 at 16.08.23.png Type: image/png Size: 801748 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: Screen Shot 2016-01-11 at 16.08.23.png Type: image/png Size: 801748 bytes Desc: not available URL: From abokovoy at redhat.com Tue Jan 12 09:55:24 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Tue, 12 Jan 2016 11:55:24 +0200 Subject: [Freeipa-users] FreeIPA and Pulse Secure (Juniper SSLVPN) In-Reply-To: References: Message-ID: <20160112095524.GG4316@redhat.com> On Tue, 12 Jan 2016, CFMS Support wrote: >Hi All, > >New to the mailing list, fairly new to IPA. We have three IPA servers in a >cluster in a staging environment. > >We're looking to replace AD with IPA as we are mostly Linux based and we >have just bought some new Pulse Secure Appliances to replace our aging >Juniper SA devices. > >With a migration to IPA currently being staged, the PSA devices have been >added to the staging environment so that we can provide them with Directory >access. Unfortunately, we seem to be having some problems with the >configuration of both (Pulse Secure are also working with us) to allow the >directory contents to be searched. The connection between the devices and >the IPA cluster are fine, it's more the LDAP binding that seems to be the >problem. > >The following is the configuration from the pulse secure device: There are some incorrectly set options: - change to use StartTLS, not unencrypted connection - finding user entries requires 'uid=' filter -- / Alexander Bokovoy From support at cfms.org.uk Tue Jan 12 10:09:37 2016 From: support at cfms.org.uk (CFMS Support) Date: Tue, 12 Jan 2016 10:09:37 +0000 Subject: [Freeipa-users] FreeIPA and Pulse Secure (Juniper SSLVPN) In-Reply-To: <20160112095524.GG4316@redhat.com> References: <20160112095524.GG4316@redhat.com> Message-ID: Hi Alexander, Brilliant thanks. I still don't seem to be able to see any users, and cannot sign in as a user from one of the groups that I can see. Do you have any ideas about groups, I'm only picking up 8 static groups when Member Attribute is set to memberof (Filter is cn= and DN is cn=groups,cn=accounts) Kind Regards, Josh Cullum On Tue, Jan 12, 2016 at 9:55 AM Alexander Bokovoy wrote: > On Tue, 12 Jan 2016, CFMS Support wrote: > >Hi All, > > > >New to the mailing list, fairly new to IPA. We have three IPA servers in a > >cluster in a staging environment. > > > >We're looking to replace AD with IPA as we are mostly Linux based and we > >have just bought some new Pulse Secure Appliances to replace our aging > >Juniper SA devices. > > > >With a migration to IPA currently being staged, the PSA devices have been > >added to the staging environment so that we can provide them with > Directory > >access. Unfortunately, we seem to be having some problems with the > >configuration of both (Pulse Secure are also working with us) to allow the > >directory contents to be searched. The connection between the devices and > >the IPA cluster are fine, it's more the LDAP binding that seems to be the > >problem. > > > >The following is the configuration from the pulse secure device: > There are some incorrectly set options: > > - change to use StartTLS, not unencrypted connection > - finding user entries requires 'uid=' filter > > > -- > / Alexander Bokovoy > -------------- next part -------------- An HTML attachment was scrubbed... URL: From lslebodn at redhat.com Tue Jan 12 10:11:28 2016 From: lslebodn at redhat.com (Lukas Slebodnik) Date: Tue, 12 Jan 2016 11:11:28 +0100 Subject: [Freeipa-users] Cross Domain Trust In-Reply-To: <01E75E6E-4BF3-4996-9A26-6B182C460196@euroimmun.de> References: <20151215123822.GB24928@p.redhat.com> <20160111183721.GA19957@mail.corp.redhat.com> <01E75E6E-4BF3-4996-9A26-6B182C460196@euroimmun.de> Message-ID: <20160112101128.GD14430@mail.corp.redhat.com> On (12/01/16 08:25), Zoske, Fabian wrote: >We recently upgraded our IPA-Server from CentOS 7.1 to CentOS 7.2. So far no differences. > Then please provide sssd logfiles (1.13.3) from client and also log files from sssd on freeipa server (sssd on freeipa server is used indirectly by extop plugin in 389-ds) Please provide log files from the same time when you reproduced an issue. LS From support at cfms.org.uk Tue Jan 12 10:13:52 2016 From: support at cfms.org.uk (CFMS Support) Date: Tue, 12 Jan 2016 10:13:52 +0000 Subject: [Freeipa-users] FreeIPA and Pulse Secure (Juniper SSLVPN) In-Reply-To: References: <20160112095524.GG4316@redhat.com> Message-ID: Hi Alexander, In fact, I have specified one of the rules as a direct username and can log in to it using that username and password. However, it's just the group membership that isn't working. Kind Regards, Josh Cullum On Tue, Jan 12, 2016 at 10:09 AM CFMS Support wrote: > Hi Alexander, > > Brilliant thanks. I still don't seem to be able to see any users, and > cannot sign in as a user from one of the groups that I can see. > > Do you have any ideas about groups, I'm only picking up 8 static groups > when Member Attribute is set to memberof (Filter is cn= and DN > is cn=groups,cn=accounts) > > Kind Regards, > > Josh Cullum > > On Tue, Jan 12, 2016 at 9:55 AM Alexander Bokovoy > wrote: > >> On Tue, 12 Jan 2016, CFMS Support wrote: >> >Hi All, >> > >> >New to the mailing list, fairly new to IPA. We have three IPA servers in >> a >> >cluster in a staging environment. >> > >> >We're looking to replace AD with IPA as we are mostly Linux based and we >> >have just bought some new Pulse Secure Appliances to replace our aging >> >Juniper SA devices. >> > >> >With a migration to IPA currently being staged, the PSA devices have been >> >added to the staging environment so that we can provide them with >> Directory >> >access. Unfortunately, we seem to be having some problems with the >> >configuration of both (Pulse Secure are also working with us) to allow >> the >> >directory contents to be searched. The connection between the devices and >> >the IPA cluster are fine, it's more the LDAP binding that seems to be the >> >problem. >> > >> >The following is the configuration from the pulse secure device: >> There are some incorrectly set options: >> >> - change to use StartTLS, not unencrypted connection >> - finding user entries requires 'uid=' filter >> >> >> -- >> / Alexander Bokovoy >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From abokovoy at redhat.com Tue Jan 12 10:14:47 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Tue, 12 Jan 2016 12:14:47 +0200 Subject: [Freeipa-users] FreeIPA and Pulse Secure (Juniper SSLVPN) In-Reply-To: References: <20160112095524.GG4316@redhat.com> Message-ID: <20160112101447.GI4316@redhat.com> Hi Josh, On Tue, 12 Jan 2016, CFMS Support wrote: >Brilliant thanks. I still don't seem to be able to see any users, and >cannot sign in as a user from one of the groups that I can see. > >Do you have any ideas about groups, I'm only picking up 8 static groups >when Member Attribute is set to memberof (Filter is cn= and DN >is cn=groups,cn=accounts) Show entries from /var/log/dirsrv/slapd-/access that correspond in time and connection from the PSA IP addresses. They will tell us what exactly PSA tries to do. -- / Alexander Bokovoy From support at cfms.org.uk Tue Jan 12 10:24:47 2016 From: support at cfms.org.uk (CFMS Support) Date: Tue, 12 Jan 2016 10:24:47 +0000 Subject: [Freeipa-users] FreeIPA and Pulse Secure (Juniper SSLVPN) In-Reply-To: <20160112101447.GI4316@redhat.com> References: <20160112095524.GG4316@redhat.com> <20160112101447.GI4316@redhat.com> Message-ID: Hi Alexander, These are the entries from /var/log/dirsrv/slapd-/access [12/Jan/2016:10:22:13 +0000] conn=30642 fd=128 slot=128 connection from 172.19.6.16 to 172.20.3.6 [12/Jan/2016:10:22:13 +0000] conn=30642 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS" [12/Jan/2016:10:22:13 +0000] conn=30642 op=0 RESULT err=0 tag=120 nentries=0 etime=0 [12/Jan/2016:10:22:13 +0000] conn=30642 TLS1.2 128-bit AES-GCM [12/Jan/2016:10:22:13 +0000] conn=30642 op=1 BIND dn="uid=ldap,cn=sysaccounts,cn=etc,dc=identity,dc=cfms,dc=org,dc=uk" method=128 version=3 [12/Jan/2016:10:22:13 +0000] conn=30642 op=1 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=ldap,cn=sysaccounts,cn=etc,dc=identity,dc=cfms,dc=org,dc=uk" [12/Jan/2016:10:22:13 +0000] conn=30642 op=2 SRCH base="cn=groups,cn=accounts,dc=identity,dc=cfms,dc=org,dc=uk" scope=2 filter="(cn=*)" attrs="memberOf" [12/Jan/2016:10:22:13 +0000] conn=30642 op=2 RESULT err=0 tag=101 nentries=145 etime=0 [12/Jan/2016:10:22:13 +0000] conn=30642 op=3 UNBIND [12/Jan/2016:10:22:13 +0000] conn=30642 op=3 fd=128 closed - U1 This is where it's searching for a group that exists but it doesn't return any result. Kind Regards, Josh Cullum On Tue, Jan 12, 2016 at 10:14 AM Alexander Bokovoy wrote: > Hi Josh, > > On Tue, 12 Jan 2016, CFMS Support wrote: > >Brilliant thanks. I still don't seem to be able to see any users, and > >cannot sign in as a user from one of the groups that I can see. > > > >Do you have any ideas about groups, I'm only picking up 8 static groups > >when Member Attribute is set to memberof (Filter is cn= and DN > >is cn=groups,cn=accounts) > Show entries from /var/log/dirsrv/slapd-/access that correspond > in time and connection from the PSA IP addresses. They will tell us what > exactly PSA tries to do. > > -- > / Alexander Bokovoy > -------------- next part -------------- An HTML attachment was scrubbed... URL: From abokovoy at redhat.com Tue Jan 12 10:30:17 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Tue, 12 Jan 2016 12:30:17 +0200 Subject: [Freeipa-users] FreeIPA and Pulse Secure (Juniper SSLVPN) In-Reply-To: References: <20160112095524.GG4316@redhat.com> <20160112101447.GI4316@redhat.com> Message-ID: <20160112103017.GJ4316@redhat.com> On Tue, 12 Jan 2016, CFMS Support wrote: >Hi Alexander, > >These are the entries from /var/log/dirsrv/slapd-/access > >[12/Jan/2016:10:22:13 +0000] conn=30642 fd=128 slot=128 connection from >172.19.6.16 to 172.20.3.6 >[12/Jan/2016:10:22:13 +0000] conn=30642 op=0 EXT >oid="1.3.6.1.4.1.1466.20037" name="startTLS" >[12/Jan/2016:10:22:13 +0000] conn=30642 op=0 RESULT err=0 tag=120 >nentries=0 etime=0 >[12/Jan/2016:10:22:13 +0000] conn=30642 TLS1.2 128-bit AES-GCM >[12/Jan/2016:10:22:13 +0000] conn=30642 op=1 BIND >dn="uid=ldap,cn=sysaccounts,cn=etc,dc=identity,dc=cfms,dc=org,dc=uk" >method=128 version=3 >[12/Jan/2016:10:22:13 +0000] conn=30642 op=1 RESULT err=0 tag=97 nentries=0 >etime=0 dn="uid=ldap,cn=sysaccounts,cn=etc,dc=identity,dc=cfms,dc=org,dc=uk" >[12/Jan/2016:10:22:13 +0000] conn=30642 op=2 SRCH >base="cn=groups,cn=accounts,dc=identity,dc=cfms,dc=org,dc=uk" scope=2 >filter="(cn=*)" attrs="memberOf" >[12/Jan/2016:10:22:13 +0000] conn=30642 op=2 RESULT err=0 tag=101 >nentries=145 etime=0 >[12/Jan/2016:10:22:13 +0000] conn=30642 op=3 UNBIND >[12/Jan/2016:10:22:13 +0000] conn=30642 op=3 fd=128 closed - U1 > >This is where it's searching for a group that exists but it doesn't return >any result. That's not what I see. I see a search for all groups (filter "(cn=*)") and retrieiving memberOf attribute of those. The result is 145 entries which have memberOf attribute set, all returned to the client. What client then does with this list is unknown. -- / Alexander Bokovoy From support at cfms.org.uk Tue Jan 12 10:37:24 2016 From: support at cfms.org.uk (CFMS Support) Date: Tue, 12 Jan 2016 10:37:24 +0000 Subject: [Freeipa-users] FreeIPA and Pulse Secure (Juniper SSLVPN) In-Reply-To: <20160112103017.GJ4316@redhat.com> References: <20160112095524.GG4316@redhat.com> <20160112101447.GI4316@redhat.com> <20160112103017.GJ4316@redhat.com> Message-ID: Hi Alexander, Yes I see that as well actually, and when looking for a specific group I get: [12/Jan/2016:10:30:50 +0000] conn=30648 fd=114 slot=114 connection from 172.19.6.16 to 172.20.3.6 [12/Jan/2016:10:30:50 +0000] conn=30648 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS" [12/Jan/2016:10:30:50 +0000] conn=30648 op=0 RESULT err=0 tag=120 nentries=0 etime=0 [12/Jan/2016:10:30:50 +0000] conn=30648 TLS1.2 128-bit AES-GCM [12/Jan/2016:10:30:50 +0000] conn=30648 op=1 BIND dn="uid=ldap,cn=sysaccounts,cn=etc,dc=identity,dc=cfms,dc=org,dc=uk" method=128 version=3 [12/Jan/2016:10:30:50 +0000] conn=30648 op=1 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=ldap,cn=sysaccounts,cn=etc,dc=identity,dc=cfms,dc=org,dc=uk" [12/Jan/2016:10:30:50 +0000] conn=30648 op=2 SRCH base="cn=groups,cn=accounts,dc=identity,dc=cfms,dc=org,dc=uk" scope=2 filter="(cn=XXXXX)" attrs="memberOf" [12/Jan/2016:10:30:50 +0000] conn=30648 op=2 RESULT err=0 tag=101 nentries=1 etime=0 [12/Jan/2016:10:30:50 +0000] conn=30648 op=3 UNBIND [12/Jan/2016:10:30:50 +0000] conn=30648 op=3 fd=114 closed - U1 And that the directory server has returned one entry, however, the VPN device doesn't see it and returns that the group is not found. Kind Regards, Josh Cullum On Tue, Jan 12, 2016 at 10:30 AM Alexander Bokovoy wrote: > On Tue, 12 Jan 2016, CFMS Support wrote: > >Hi Alexander, > > > >These are the entries from /var/log/dirsrv/slapd-/access > > > >[12/Jan/2016:10:22:13 +0000] conn=30642 fd=128 slot=128 connection from > >172.19.6.16 to 172.20.3.6 > >[12/Jan/2016:10:22:13 +0000] conn=30642 op=0 EXT > >oid="1.3.6.1.4.1.1466.20037" name="startTLS" > >[12/Jan/2016:10:22:13 +0000] conn=30642 op=0 RESULT err=0 tag=120 > >nentries=0 etime=0 > >[12/Jan/2016:10:22:13 +0000] conn=30642 TLS1.2 128-bit AES-GCM > >[12/Jan/2016:10:22:13 +0000] conn=30642 op=1 BIND > >dn="uid=ldap,cn=sysaccounts,cn=etc,dc=identity,dc=cfms,dc=org,dc=uk" > >method=128 version=3 > >[12/Jan/2016:10:22:13 +0000] conn=30642 op=1 RESULT err=0 tag=97 > nentries=0 > >etime=0 > dn="uid=ldap,cn=sysaccounts,cn=etc,dc=identity,dc=cfms,dc=org,dc=uk" > >[12/Jan/2016:10:22:13 +0000] conn=30642 op=2 SRCH > >base="cn=groups,cn=accounts,dc=identity,dc=cfms,dc=org,dc=uk" scope=2 > >filter="(cn=*)" attrs="memberOf" > >[12/Jan/2016:10:22:13 +0000] conn=30642 op=2 RESULT err=0 tag=101 > >nentries=145 etime=0 > >[12/Jan/2016:10:22:13 +0000] conn=30642 op=3 UNBIND > >[12/Jan/2016:10:22:13 +0000] conn=30642 op=3 fd=128 closed - U1 > > > >This is where it's searching for a group that exists but it doesn't return > >any result. > That's not what I see. I see a search for all groups (filter "(cn=*)") > and retrieiving memberOf attribute of those. The result is 145 entries > which have memberOf attribute set, all returned to the client. What > client then does with this list is unknown. > > -- > / Alexander Bokovoy > -------------- next part -------------- An HTML attachment was scrubbed... URL: From abokovoy at redhat.com Tue Jan 12 10:57:00 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Tue, 12 Jan 2016 12:57:00 +0200 Subject: [Freeipa-users] FreeIPA and Pulse Secure (Juniper SSLVPN) In-Reply-To: References: <20160112095524.GG4316@redhat.com> <20160112101447.GI4316@redhat.com> <20160112103017.GJ4316@redhat.com> Message-ID: <20160112105700.GM4316@redhat.com> On Tue, 12 Jan 2016, CFMS Support wrote: >Hi Alexander, > >Yes I see that as well actually, and when looking for a specific group I >get: > >[12/Jan/2016:10:30:50 +0000] conn=30648 fd=114 slot=114 connection from >172.19.6.16 to 172.20.3.6 >[12/Jan/2016:10:30:50 +0000] conn=30648 op=0 EXT >oid="1.3.6.1.4.1.1466.20037" name="startTLS" >[12/Jan/2016:10:30:50 +0000] conn=30648 op=0 RESULT err=0 tag=120 >nentries=0 etime=0 >[12/Jan/2016:10:30:50 +0000] conn=30648 TLS1.2 128-bit AES-GCM >[12/Jan/2016:10:30:50 +0000] conn=30648 op=1 BIND >dn="uid=ldap,cn=sysaccounts,cn=etc,dc=identity,dc=cfms,dc=org,dc=uk" >method=128 version=3 >[12/Jan/2016:10:30:50 +0000] conn=30648 op=1 RESULT err=0 tag=97 nentries=0 >etime=0 dn="uid=ldap,cn=sysaccounts,cn=etc,dc=identity,dc=cfms,dc=org,dc=uk" >[12/Jan/2016:10:30:50 +0000] conn=30648 op=2 SRCH >base="cn=groups,cn=accounts,dc=identity,dc=cfms,dc=org,dc=uk" scope=2 >filter="(cn=XXXXX)" attrs="memberOf" >[12/Jan/2016:10:30:50 +0000] conn=30648 op=2 RESULT err=0 tag=101 >nentries=1 etime=0 >[12/Jan/2016:10:30:50 +0000] conn=30648 op=3 UNBIND >[12/Jan/2016:10:30:50 +0000] conn=30648 op=3 fd=114 closed - U1 > >And that the directory server has returned one entry, however, the VPN >device doesn't see it and returns that the group is not found. Can you show the result of the ldapsearch under the same credentials from the command line to see what exactly it gets? Looking at the setup instructions [1], I think you need to choose between static or dynamic group selection. Right now you have static group selection configured which assumes you have an LDAP Server catalog configured in PSA to list all groups that can be there, and these group DNs must match what you get as result of the searches performed. If you have already defined those static groups in LDAP Server catalog, then I think you need to use 'member' attribute instead of memberOf -- memberOf is used in the user (or a nested group) entry to say what group this object is meber of, while the group itself will have member attribute values pointing to its members. [1] http://www.juniper.net/techpubs/software/ive/admin/j-sa-sslvpn-7.1-adminguide.pdf -- / Alexander Bokovoy From support at cfms.org.uk Tue Jan 12 11:39:01 2016 From: support at cfms.org.uk (CFMS Support) Date: Tue, 12 Jan 2016 11:39:01 +0000 Subject: [Freeipa-users] FreeIPA and Pulse Secure (Juniper SSLVPN) In-Reply-To: <20160112105700.GM4316@redhat.com> References: <20160112095524.GG4316@redhat.com> <20160112101447.GI4316@redhat.com> <20160112103017.GJ4316@redhat.com> <20160112105700.GM4316@redhat.com> Message-ID: Hi Alexander, I've just had a call with Pulse Secure, and we've worked out the various problems, thanks for your help as that really helped with Pulse Secure. FYI, and for anyone in the future; The User filter should be uid=, The Group filter should be cn= and both member attribute and query attribute should be member not MemberOf (as you said) This allows all groups the groups to be returned, but also allows a user who is a part of the group to login. Kind Regards, Josh Cullum On Tue, Jan 12, 2016 at 10:57 AM Alexander Bokovoy wrote: > On Tue, 12 Jan 2016, CFMS Support wrote: > >Hi Alexander, > > > >Yes I see that as well actually, and when looking for a specific group I > >get: > > > >[12/Jan/2016:10:30:50 +0000] conn=30648 fd=114 slot=114 connection from > >172.19.6.16 to 172.20.3.6 > >[12/Jan/2016:10:30:50 +0000] conn=30648 op=0 EXT > >oid="1.3.6.1.4.1.1466.20037" name="startTLS" > >[12/Jan/2016:10:30:50 +0000] conn=30648 op=0 RESULT err=0 tag=120 > >nentries=0 etime=0 > >[12/Jan/2016:10:30:50 +0000] conn=30648 TLS1.2 128-bit AES-GCM > >[12/Jan/2016:10:30:50 +0000] conn=30648 op=1 BIND > >dn="uid=ldap,cn=sysaccounts,cn=etc,dc=identity,dc=cfms,dc=org,dc=uk" > >method=128 version=3 > >[12/Jan/2016:10:30:50 +0000] conn=30648 op=1 RESULT err=0 tag=97 > nentries=0 > >etime=0 > dn="uid=ldap,cn=sysaccounts,cn=etc,dc=identity,dc=cfms,dc=org,dc=uk" > >[12/Jan/2016:10:30:50 +0000] conn=30648 op=2 SRCH > >base="cn=groups,cn=accounts,dc=identity,dc=cfms,dc=org,dc=uk" scope=2 > >filter="(cn=XXXXX)" attrs="memberOf" > >[12/Jan/2016:10:30:50 +0000] conn=30648 op=2 RESULT err=0 tag=101 > >nentries=1 etime=0 > >[12/Jan/2016:10:30:50 +0000] conn=30648 op=3 UNBIND > >[12/Jan/2016:10:30:50 +0000] conn=30648 op=3 fd=114 closed - U1 > > > >And that the directory server has returned one entry, however, the VPN > >device doesn't see it and returns that the group is not found. > Can you show the result of the ldapsearch under the same credentials > from the command line to see what exactly it gets? > > Looking at the setup instructions [1], I think you need to choose > between static or dynamic group selection. Right now you have static > group selection configured which assumes you have an LDAP Server catalog > configured in PSA to list all groups that can be there, and these group > DNs must match what you get as result of the searches performed. > > If you have already defined those static groups in LDAP Server catalog, > then I think you need to use 'member' attribute instead of memberOf -- > memberOf is used in the user (or a nested group) entry to say what group > this object is meber of, while the group itself will have member > attribute values pointing to its members. > > [1] > http://www.juniper.net/techpubs/software/ive/admin/j-sa-sslvpn-7.1-adminguide.pdf > > -- > / Alexander Bokovoy > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mkosek at redhat.com Tue Jan 12 12:24:23 2016 From: mkosek at redhat.com (Martin Kosek) Date: Tue, 12 Jan 2016 13:24:23 +0100 Subject: [Freeipa-users] 4.2 (or 4.3) clients on 4.1.4 server? In-Reply-To: <56941CD9.3020500@gmail.com> References: <56941CD9.3020500@gmail.com> Message-ID: <5694F077.1060908@redhat.com> On 01/11/2016 10:21 PM, Janelle wrote: > Good day, > > Just wondering if anyone knows of any reason a 4.2 client running on RHEL 7.2 > would have any issues talking to 4.1.4 server on RHEL 7.1? The reason I ask is > the process of upgrading. In this case we have to do clients first. If by "talk", you mean use identity, authentication and authorization services - 7.2 talking to 7.1 will work. If by "talk" you mean "ipa" management tool, then this would not work unless special option is used (see recent thread from Jan Pazdziora for details). Details: http://www.freeipa.org/page/Client#Compatibility Martin From mkosek at redhat.com Tue Jan 12 12:26:05 2016 From: mkosek at redhat.com (Martin Kosek) Date: Tue, 12 Jan 2016 13:26:05 +0100 Subject: [Freeipa-users] Documentation on Testing page In-Reply-To: <56946ADA.1070008@redhat.com> References: <56946ADA.1070008@redhat.com> Message-ID: <5694F0DD.1000103@redhat.com> On 01/12/2016 03:54 AM, Rob Crittenden wrote: > Anthony Cheng wrote: >> Hi all, >> >> I have been looking at the documentation, specifically the test page: >> http://www.freeipa.org/page/Testing >> >> It looks like it has missing info on the Build section, specifically I >> don't see reference to a makefile or where to run make to build the >> testing utility. > > You just run make from the top-level directory. > > There is a BUILD.txt to help get you started as well. > > rob Right. There is also http://www.freeipa.org/page/Build with more additional information. From janellenicole80 at gmail.com Tue Jan 12 15:18:59 2016 From: janellenicole80 at gmail.com (Janelle) Date: Tue, 12 Jan 2016 07:18:59 -0800 Subject: [Freeipa-users] 4.2 (or 4.3) clients on 4.1.4 server? In-Reply-To: <5694F077.1060908@redhat.com> References: <56941CD9.3020500@gmail.com> <5694F077.1060908@redhat.com> Message-ID: <56951963.5050700@gmail.com> Perfect! Thank you! ~J On 1/12/16 4:24 AM, Martin Kosek wrote: > On 01/11/2016 10:21 PM, Janelle wrote: >> Good day, >> >> Just wondering if anyone knows of any reason a 4.2 client running on RHEL 7.2 >> would have any issues talking to 4.1.4 server on RHEL 7.1? The reason I ask is >> the process of upgrading. In this case we have to do clients first. > If by "talk", you mean use identity, authentication and authorization services > - 7.2 talking to 7.1 will work. If by "talk" you mean "ipa" management tool, > then this would not work unless special option is used (see recent thread from > Jan Pazdziora for details). > > Details: > http://www.freeipa.org/page/Client#Compatibility > > Martin From schogan at us.ibm.com Tue Jan 12 16:06:36 2016 From: schogan at us.ibm.com (Sean Hogan) Date: Tue, 12 Jan 2016 09:06:36 -0700 Subject: [Freeipa-users] SSSD Child not responding Message-ID: <201601121606.u0CG6sSG022342@d01av02.pok.ibm.com> Hi all, Over the past couple of months we have been seeing the sssd process eat up 100% cpu and not allowing anyone to log on. Krb5.conf is set for DNS discovery, RHEL 6.6. If we kill the java process it clears up the box and able to log back into it. This is due to IBM java ibmjgssprovider.jar but fixes for that are in place. What we do see in the sssd.log is below .. has anyone seen this before? SSSD enumerate is set to false, 120 timeout (Tue Jan 12 10:52:22 2016) [sssd] [tasks_check_handler] (0x0020): Child (watson.local) not responding! (yet) (Tue Jan 12 10:52:22 2016) [sssd] [service_send_ping] (0x0100): Pinging sudo (Tue Jan 12 10:52:22 2016) [sssd] [sbus_add_timeout] (0x2000): 0x10021fe1260 (Tue Jan 12 10:52:22 2016) [sssd] [sbus_remove_timeout] (0x2000): 0x10021fdfff0 (Tue Jan 12 10:52:22 2016) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x10021fdea00 (Tue Jan 12 10:52:22 2016) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Tue Jan 12 10:52:22 2016) [sssd] [ping_check] (0x0100): Service pac replied to ping (Tue Jan 12 10:52:22 2016) [sssd] [sbus_remove_timeout] (0x2000): 0x10021fe1260 (Tue Jan 12 10:52:22 2016) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x10021fd7cd0 (Tue Jan 12 10:52:22 2016) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Tue Jan 12 10:52:22 2016) [sssd] [ping_check] (0x0100): Service sudo replied to ping (Tue Jan 12 10:52:26 2016) [sssd] [service_send_ping] (0x0100): Pinging pam (Tue Jan 12 10:52:26 2016) [sssd] [sbus_add_timeout] (0x2000): 0x10021fe1260 (Tue Jan 12 10:52:26 2016) [sssd] [sbus_remove_timeout] (0x2000): 0x10021fe1260 (Tue Jan 12 10:52:26 2016) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x10021fdbfa0 (Tue Jan 12 10:52:26 2016) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Tue Jan 12 10:52:26 2016) [sssd] [ping_check] (0x0100): Service pam replied to ping (Tue Jan 12 10:52:28 2016) [sssd] [service_send_ping] (0x0100): Pinging ssh (Tue Jan 12 10:52:28 2016) [sssd] [sbus_add_timeout] (0x2000): 0x10021fe1260 (Tue Jan 12 10:52:28 2016) [sssd] [sbus_remove_timeout] (0x2000): 0x10021fe1260 (Tue Jan 12 10:52:28 2016) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x10021fd9550 (Tue Jan 12 10:52:28 2016) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Tue Jan 12 10:52:28 2016) [sssd] [ping_check] (0x0100): Service ssh replied to ping (Tue Jan 12 10:52:32 2016) [sssd] [service_send_ping] (0x0100): Pinging pac (Tue Jan 12 10:52:32 2016) [sssd] [sbus_add_timeout] (0x2000): 0x10021fe1260 (Tue Jan 12 10:52:32 2016) [sssd] [service_send_ping] (0x2000): Service not yet initialized (Tue Jan 12 10:52:32 2016) [sssd] [tasks_check_handler] (0x0020): Child (watson.local) not responding! (yet) (Tue Jan 12 10:52:32 2016) [sssd] [service_send_ping] (0x0100): Pinging sudo (Tue Jan 12 10:52:32 2016) [sssd] [sbus_add_timeout] (0x2000): 0x10021fdfff0 (Tue Jan 12 10:52:32 2016) [sssd] [sbus_remove_timeout] (0x2000): 0x10021fe1260 (Tue Jan 12 10:52:32 2016) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x10021fdea00 (Tue Jan 12 10:52:32 2016) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Tue Jan 12 10:52:32 2016) [sssd] [ping_check] (0x0100): Service pac replied to ping (Tue Jan 12 10:52:32 2016) [sssd] [sbus_remove_timeout] (0x2000): 0x10021fdfff0 (Tue Jan 12 10:52:32 2016) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x10021fd7cd0 (Tue Jan 12 10:52:32 2016) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Tue Jan 12 10:52:32 2016) [sssd] [ping_check] (0x0100): Service sudo replied to ping (Tue Jan 12 10:52:36 2016) [sssd] [service_send_ping] (0x0100): Pinging pam (Tue Jan 12 10:52:36 2016) [sssd] [sbus_add_timeout] (0x2000): 0x10021fdfff0 (Tue Jan 12 10:52:36 2016) [sssd] [sbus_remove_timeout] (0x2000): 0x10021fdfff0 (Tue Jan 12 10:52:36 2016) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x10021fdbfa0 (Tue Jan 12 10:52:36 2016) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Tue Jan 12 10:52:36 2016) [sssd] [ping_check] (0x0100): Service pam replied to ping (Tue Jan 12 10:52:38 2016) [sssd] [service_send_ping] (0x0100): Pinging ssh (Tue Jan 12 10:52:38 2016) [sssd] [sbus_add_timeout] (0x2000): 0x10021fdfff0 (Tue Jan 12 10:52:38 2016) [sssd] [sbus_remove_timeout] (0x2000): 0x10021fdfff0 (Tue Jan 12 10:52:38 2016) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x10021fd9550 (Tue Jan 12 10:52:38 2016) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Tue Jan 12 10:52:38 2016) [sssd] [ping_check] (0x0100): Service ssh replied to ping (Tue Jan 12 10:52:42 2016) [sssd] [service_send_ping] (0x0100): Pinging pac (Tue Jan 12 10:52:42 2016) [sssd] [sbus_add_timeout] (0x2000): 0x10021fdfff0 (Tue Jan 12 10:52:42 2016) [sssd] [service_send_ping] (0x2000): Service not yet initialized (Tue Jan 12 10:52:42 2016) [sssd] [tasks_check_handler] (0x0020): Child (watson.local) not responding! (yet) (Tue Jan 12 10:52:42 2016) [sssd] [service_send_ping] (0x0100): Pinging sudo (Tue Jan 12 10:52:42 2016) [sssd] [sbus_add_timeout] (0x2000): 0x10021fe1260 (Tue Jan 12 10:52:42 2016) [sssd] [sbus_remove_timeout] (0x2000): 0x10021fdfff0 (Tue Jan 12 10:52:42 2016) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x10021fdea00 (Tue Jan 12 10:52:42 2016) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Tue Jan 12 10:52:42 2016) [sssd] [ping_check] (0x0100): Service pac replied to ping (Tue Jan 12 10:52:42 2016) [sssd] [sbus_remove_timeout] (0x2000): 0x10021fe1260 (Tue Jan 12 10:52:42 2016) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x10021fd7cd0 (Tue Jan 12 10:52:42 2016) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Tue Jan 12 10:52:42 2016) [sssd] [ping_check] (0x0100): Service sudo replied to ping (Tue Jan 12 10:52:46 2016) [sssd] [service_send_ping] (0x0100): Pinging pam (Tue Jan 12 10:52:46 2016) [sssd] [sbus_add_timeout] (0x2000): 0x10021fe1260 (Tue Jan 12 10:52:46 2016) [sssd] [sbus_remove_timeout] (0x2000): 0x10021fe1260 (Tue Jan 12 10:52:46 2016) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x10021fdbfa0 (Tue Jan 12 10:52:46 2016) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Tue Jan 12 10:52:46 2016) [sssd] [ping_check] (0x0100): Service pam replied to ping Sean Hogan Security Engineer -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 0C458136.jpg Type: image/jpeg Size: 27085 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 0C740642.gif Type: image/gif Size: 1650 bytes Desc: not available URL: From jhrozek at redhat.com Tue Jan 12 16:32:47 2016 From: jhrozek at redhat.com (Jakub Hrozek) Date: Tue, 12 Jan 2016 17:32:47 +0100 Subject: [Freeipa-users] SSSD Child not responding In-Reply-To: <201601121606.u0CG6sSG022342@d01av02.pok.ibm.com> References: <201601121606.u0CG6sSG022342@d01av02.pok.ibm.com> Message-ID: <20160112163247.GB3957@hendrix.redhat.com> On Tue, Jan 12, 2016 at 09:06:36AM -0700, Sean Hogan wrote: > > > Hi all, > > Over the past couple of months we have been seeing the sssd process eat > up 100% cpu and not allowing anyone to log on. Krb5.conf is set for DNS > discovery, RHEL 6.6. If we kill the java process it clears up the box and > able to log back into it. This is due to IBM java ibmjgssprovider.jar but > fixes for that are in place. What we do see in the sssd.log is below .. > has anyone seen this before? > > SSSD enumerate is set to false, 120 timeout Can you get a pstack of the child that is not responding? From nathan at nathanpeters.com Tue Jan 12 17:37:24 2016 From: nathan at nathanpeters.com (nathan at nathanpeters.com) Date: Tue, 12 Jan 2016 09:37:24 -0800 Subject: [Freeipa-users] Upgrade to FreeIPA 4.2.0 broke Katello/Foreman realm proxy In-Reply-To: <20160112073205.GI8334@redhat.com> References: <20160112073205.GI8334@redhat.com> Message-ID: <9010c5500988f46c8da429a0b15ce7fe.squirrel@webmail.nathanpeters.com> No, the replication logs are still giving strange output and errors. I started a new thread here with a better title to indicate that this is strictly an IPA replication issue : https://www.redhat.com/archives/freeipa-users/2016-January/msg00139.html > On Mon, Jan 11, 2016 at 03:01:40PM -0800, nathan at nathanpeters.com wrote: >> >> Basically I have a Katello server running as a realm proxy. It is >> joined >> as a client to the FreeIPA domain. I have provisioned 20 hosts last >> week >> using its Foreman realm proxy feature and they all worked fine. >> >> This weekend I updated to Katello 2.4/FreeIPA 4.2.0. Now, when I create >> a >> new host, it is not properly provisioned. >> >> A post to the foreman users mailing list seems to indicate that foreman >> is >> working because it got an OTP from FreeIP : >> https://groups.google.com/forum/#!topic/foreman-users/GlGSM6EAyUs > > In that thread you note that the issue was in fact a replication > problem. > > Did you manage to resolve it? > > -- > Jan Pazdziora > Senior Principal Software Engineer, Identity Management Engineering, Red > Hat > From schogan at us.ibm.com Tue Jan 12 17:59:28 2016 From: schogan at us.ibm.com (Sean Hogan) Date: Tue, 12 Jan 2016 10:59:28 -0700 Subject: [Freeipa-users] SSSD Child not responding In-Reply-To: <20160112163247.GB3957@hendrix.redhat.com> References: <201601121606.u0CG6sSG022342@d01av02.pok.ibm.com> <20160112163247.GB3957@hendrix.redhat.com> Message-ID: <201601121759.u0CHxbE9006946@d03av02.boulder.ibm.com> Hi Jakub, I changed the DNS server in resolv.conf to a closer IPA server and it seems to be stable now. If it bombs out again I will get more info but right now I don't think we will see anything. I also found this though from yesterday /var/log/sssd/check# cat sssd_watson.local.log.1 (Mon Jan 11 22:43:40 2016) [sssd[be[watson.local]]] [id_callback] (0x0010): The Monitor returned an error [org.freedesktop.DBus.Error.NoReply] Sean Hogan Security Engineer Watson Security & Risk Assurance Watson Cloud Technology and Support email: schogan at us.ibm.com | Tel 919 486 1397 From: Jakub Hrozek To: freeipa-users at redhat.com Date: 01/12/2016 09:46 AM Subject: Re: [Freeipa-users] SSSD Child not responding Sent by: freeipa-users-bounces at redhat.com On Tue, Jan 12, 2016 at 09:06:36AM -0700, Sean Hogan wrote: > > > Hi all, > > Over the past couple of months we have been seeing the sssd process eat > up 100% cpu and not allowing anyone to log on. Krb5.conf is set for DNS > discovery, RHEL 6.6. If we kill the java process it clears up the box and > able to log back into it. This is due to IBM java ibmjgssprovider.jar but > fixes for that are in place. What we do see in the sssd.log is below .. > has anyone seen this before? > > SSSD enumerate is set to false, 120 timeout Can you get a pstack of the child that is not responding? -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 0C695246.jpg Type: image/jpeg Size: 27085 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 0C530466.gif Type: image/gif Size: 1650 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: graycol.gif Type: image/gif Size: 105 bytes Desc: not available URL: From Nathan.Peters at globalrelay.net Tue Jan 12 22:49:18 2016 From: Nathan.Peters at globalrelay.net (Nathan Peters) Date: Tue, 12 Jan 2016 22:49:18 +0000 Subject: [Freeipa-users] Replication failing on FreeIPA 4.2.0 plus ldapmodify freezes up Message-ID: (I apologize if this isn't threading properly, I signed up with another email address since my primary ISP is having issues right now) So to recap about the issues in this thread : https://www.redhat.com/archives/freeipa-users/2016-January/msg00139.html I have 3 dcs. Dc1 and 3 replicate fine. Dc2 will replicate after a re-initialize for about 12 hours, then start failing. Here are the logs from dc2. Strangely enough, I couldn't even turn the debugging on properly. Here is what happens when I turn it on : ldapmodify -x -D "cn=directory manager" -w password dn: cn=config changetype: modify replace: nsslapd-errorlog-level nsslapd-errorlog-level: 8192 Modifying : cn=config ^C ----- And then it just freezes up indefinitely until I ctrl-c it. Strangely enough, it appears to have actually made the modification because my log is full of stuff now, but replication is still failing : [12/Jan/2016:22:36:57 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:36:57 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:36:57 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569580fc000600030000 [12/Jan/2016:22:36:57 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [12/Jan/2016:22:36:57 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569580fc000700030000 into pending list [12/Jan/2016:22:36:57 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=report1-urs-masnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568c467c000600030000 [12/Jan/2016:22:36:57 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:36:57 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:36:57 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569580fc000700030000 [12/Jan/2016:22:36:57 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [12/Jan/2016:22:37:00 +0000] - _csngen_adjust_local_time: gen state before 569580fc0008:1452638217:117:126 [12/Jan/2016:22:37:00 +0000] - _csngen_adjust_local_time: gen state after 569580fc0008:1452638220:114:126 [12/Jan/2016:22:37:00 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569580fc000800030000 into pending list [12/Jan/2016:22:37:00 +0000] NSMMReplicationPlugin - Purged state information from entry uid=appdeployer,cn=users,cn=accounts,dc=mydomain,dc=net up to CSN 568c467c000700030000 [12/Jan/2016:22:37:00 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:37:00 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:37:00 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569580fc000800030000 [12/Jan/2016:22:37:00 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [12/Jan/2016:22:37:00 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:37:00 +0000] NSMMReplicationPlugin - changelog program - cl5GetOperationCount: found DB object 7f612a11c890 [12/Jan/2016:22:37:00 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:37:00 +0000] NSMMReplicationPlugin - changelog program - cl5GetOperationCount: found DB object 7f612a11c890 [12/Jan/2016:22:37:01 +0000] NSMMReplicationPlugin - conn=11 op=2388 Acquired consumer connection extension [12/Jan/2016:22:37:01 +0000] NSMMReplicationPlugin - conn=11 op=2388 repl="dc=mydomain,dc=net": Begin incremental protocol [12/Jan/2016:22:37:01 +0000] - csngen_adjust_time: gen state before 569580fc0009:1452638220:114:126 [12/Jan/2016:22:37:01 +0000] - _csngen_adjust_local_time: gen state before 569580fc0009:1452638220:114:126 [12/Jan/2016:22:37:01 +0000] - _csngen_adjust_local_time: gen state after 569580fc0009:1452638221:113:126 [12/Jan/2016:22:37:01 +0000] - csngen_adjust_time: gen state after 569581050004:1452638221:122:126 [12/Jan/2016:22:37:01 +0000] NSMMReplicationPlugin - conn=11 op=2388 repl="dc=mydomain,dc=net": Acquired replica [12/Jan/2016:22:37:01 +0000] NSMMReplicationPlugin - conn=11 op=2388 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=0 rc=0 [12/Jan/2016:22:37:01 +0000] NSMMReplicationPlugin - conn=11 op=2388 Relinquishing consumer connection extension [12/Jan/2016:22:37:01 +0000] NSMMReplicationPlugin - conn=11 op=2389 Acquired consumer connection extension [12/Jan/2016:22:37:01 +0000] NSMMReplicationPlugin - conn=11 op=2389 repl="dc=mydomain,dc=net": Released replica held by locking_purl=conn=11 id=2388 [12/Jan/2016:22:37:01 +0000] NSMMReplicationPlugin - conn=11 op=2389 Relinquishing consumer connection extension [12/Jan/2016:22:37:01 +0000] NSMMReplicationPlugin - conn=11 op=2390 Acquired consumer connection extension [12/Jan/2016:22:37:01 +0000] NSMMReplicationPlugin - conn=11 op=2390 repl="dc=mydomain,dc=net": Begin incremental protocol [12/Jan/2016:22:37:01 +0000] - csngen_adjust_time: gen state before 569581050004:1452638221:122:126 [12/Jan/2016:22:37:01 +0000] - csngen_adjust_time: gen state after 569581060004:1452638221:123:126 [12/Jan/2016:22:37:01 +0000] NSMMReplicationPlugin - conn=11 op=2390 repl="dc=mydomain,dc=net": Acquired replica [12/Jan/2016:22:37:01 +0000] NSMMReplicationPlugin - conn=11 op=2390 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=0 rc=0 [12/Jan/2016:22:37:01 +0000] NSMMReplicationPlugin - conn=11 op=2390 Relinquishing consumer connection extension [12/Jan/2016:22:37:01 +0000] NSMMReplicationPlugin - conn=11 op=2391 Acquired consumer connection extension [12/Jan/2016:22:37:01 +0000] NSMMReplicationPlugin - conn=11 op=2391 repl="dc=mydomain,dc=net": Released replica held by locking_purl=conn=11 id=2390 [12/Jan/2016:22:37:01 +0000] NSMMReplicationPlugin - conn=11 op=2391 Relinquishing consumer connection extension [root at dc1-ipa-dev-nvan slapd-MYDOMAIN-NET]# clear [root at dc1-ipa-dev-nvan slapd-MYDOMAIN-NET]# tail erorrs tail: cannot open 'erorrs' for reading: No such file or directory [root at dc1-ipa-dev-nvan slapd-MYDOMAIN-NET]# tail errors [12/Jan/2016:22:39:20 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:20 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:20 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 56958186000700030000 [12/Jan/2016:22:39:20 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [12/Jan/2016:22:39:20 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 56958186000800030000 into pending list [12/Jan/2016:22:39:20 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=fe1-arch-cpqa2-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568c4706000700030000 [12/Jan/2016:22:39:20 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:20 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:20 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 56958186000800030000 [12/Jan/2016:22:39:20 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [root at dc1-ipa-dev-nvan slapd-MYDOMAIN-NET]# tail -f errors [12/Jan/2016:22:39:26 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:26 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:26 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 56958186000b00030000 [12/Jan/2016:22:39:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [12/Jan/2016:22:39:26 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 56958186000c00030000 into pending list [12/Jan/2016:22:39:26 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=importer1-arch-cpqa2-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568c4706000b00030000 [12/Jan/2016:22:39:26 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:26 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:26 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 56958186000c00030000 [12/Jan/2016:22:39:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [12/Jan/2016:22:39:30 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:30 +0000] NSMMReplicationPlugin - changelog program - cl5GetOperationCount: found DB object 7f612a11c890 [12/Jan/2016:22:39:30 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:30 +0000] NSMMReplicationPlugin - changelog program - cl5GetOperationCount: found DB object 7f612a11c890 [12/Jan/2016:22:39:35 +0000] - _csngen_adjust_local_time: gen state before 56958186000d:1452638366:106:126 [12/Jan/2016:22:39:35 +0000] - _csngen_adjust_local_time: gen state after 56958186000d:1452638375:97:126 [12/Jan/2016:22:39:35 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 56958186000d00030000 into pending list [12/Jan/2016:22:39:35 +0000] NSMMReplicationPlugin - Purged state information from entry uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net up to CSN 568c4706000c00030000 [12/Jan/2016:22:39:35 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:35 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:35 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 56958186000d00030000 [12/Jan/2016:22:39:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [12/Jan/2016:22:39:41 +0000] - _csngen_adjust_local_time: gen state before 56958186000e:1452638375:97:126 [12/Jan/2016:22:39:41 +0000] - _csngen_adjust_local_time: gen state after 56958186000e:1452638381:91:126 [12/Jan/2016:22:39:41 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 56958186000e00030000 into pending list [12/Jan/2016:22:39:41 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=proxy1-pr-mcsnap4-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568c4706000d00030000 [12/Jan/2016:22:39:41 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:41 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:41 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 56958186000e00030000 [12/Jan/2016:22:39:41 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [12/Jan/2016:22:39:41 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 56958186000f00030000 into pending list [12/Jan/2016:22:39:41 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=proxy1-pr-mcsnap4-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568c4706000e00030000 [12/Jan/2016:22:39:41 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:41 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:41 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 56958186000f00030000 [12/Jan/2016:22:39:41 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [12/Jan/2016:22:39:41 +0000] NSMMReplicationPlugin - conn=11 op=2482 Acquired consumer connection extension [12/Jan/2016:22:39:41 +0000] NSMMReplicationPlugin - conn=11 op=2482 repl="dc=mydomain,dc=net": Begin incremental protocol [12/Jan/2016:22:39:41 +0000] - csngen_adjust_time: gen state before 569581860010:1452638381:91:126 [12/Jan/2016:22:39:41 +0000] - csngen_adjust_time: gen state after 569581a50002:1452638381:122:126 [12/Jan/2016:22:39:41 +0000] NSMMReplicationPlugin - conn=11 op=2482 repl="dc=mydomain,dc=net": Acquired replica [12/Jan/2016:22:39:41 +0000] NSMMReplicationPlugin - conn=11 op=2482 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=0 rc=0 [12/Jan/2016:22:39:41 +0000] NSMMReplicationPlugin - conn=11 op=2482 Relinquishing consumer connection extension [12/Jan/2016:22:39:41 +0000] NSMMReplicationPlugin - conn=11 op=2483 Acquired consumer connection extension [12/Jan/2016:22:39:41 +0000] NSMMReplicationPlugin - conn=11 op=2483 repl="dc=mydomain,dc=net": Released replica held by locking_purl=conn=11 id=2482 [12/Jan/2016:22:39:41 +0000] NSMMReplicationPlugin - conn=11 op=2483 Relinquishing consumer connection extension [12/Jan/2016:22:39:42 +0000] NSMMReplicationPlugin - conn=11 op=2484 Acquired consumer connection extension [12/Jan/2016:22:39:42 +0000] NSMMReplicationPlugin - conn=11 op=2484 repl="dc=mydomain,dc=net": Begin incremental protocol [12/Jan/2016:22:39:42 +0000] - csngen_adjust_time: gen state before 569581a50002:1452638381:122:126 [12/Jan/2016:22:39:42 +0000] - _csngen_adjust_local_time: gen state before 569581a50002:1452638381:122:126 [12/Jan/2016:22:39:42 +0000] - _csngen_adjust_local_time: gen state after 569581a50002:1452638382:121:126 [12/Jan/2016:22:39:42 +0000] - csngen_adjust_time: gen state after 569581a70003:1452638382:123:126 [12/Jan/2016:22:39:42 +0000] NSMMReplicationPlugin - conn=11 op=2484 repl="dc=mydomain,dc=net": Acquired replica [12/Jan/2016:22:39:42 +0000] NSMMReplicationPlugin - conn=11 op=2484 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=0 rc=0 [12/Jan/2016:22:39:42 +0000] NSMMReplicationPlugin - conn=11 op=2484 Relinquishing consumer connection extension [12/Jan/2016:22:39:42 +0000] NSMMReplicationPlugin - conn=11 op=2485 Acquired consumer connection extension [12/Jan/2016:22:39:42 +0000] NSMMReplicationPlugin - conn=11 op=2485 repl="dc=mydomain,dc=net": Released replica held by locking_purl=conn=11 id=2484 [12/Jan/2016:22:39:42 +0000] NSMMReplicationPlugin - conn=11 op=2485 Relinquishing consumer connection extension [12/Jan/2016:22:39:42 +0000] NSMMReplicationPlugin - conn=11 op=2486 Acquired consumer connection extension [12/Jan/2016:22:39:42 +0000] NSMMReplicationPlugin - conn=11 op=2486 repl="dc=mydomain,dc=net": Begin incremental protocol [12/Jan/2016:22:39:42 +0000] - csngen_adjust_time: gen state before 569581a70003:1452638382:123:126 [12/Jan/2016:22:39:42 +0000] - csngen_adjust_time: gen state after 569581a70006:1452638382:123:126 [12/Jan/2016:22:39:42 +0000] NSMMReplicationPlugin - conn=11 op=2486 repl="dc=mydomain,dc=net": Acquired replica [12/Jan/2016:22:39:42 +0000] NSMMReplicationPlugin - conn=11 op=2486 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=0 rc=0 [12/Jan/2016:22:39:42 +0000] NSMMReplicationPlugin - conn=11 op=2486 Relinquishing consumer connection extension [12/Jan/2016:22:39:42 +0000] NSMMReplicationPlugin - conn=11 op=2487 Acquired consumer connection extension [12/Jan/2016:22:39:42 +0000] NSMMReplicationPlugin - conn=11 op=2487 repl="dc=mydomain,dc=net": Released replica held by locking_purl=conn=11 id=2486 [12/Jan/2016:22:39:42 +0000] NSMMReplicationPlugin - conn=11 op=2487 Relinquishing consumer connection extension [12/Jan/2016:22:39:42 +0000] NSMMReplicationPlugin - conn=11 op=2488 Acquired consumer connection extension [12/Jan/2016:22:39:42 +0000] NSMMReplicationPlugin - conn=11 op=2488 repl="dc=mydomain,dc=net": Begin incremental protocol [12/Jan/2016:22:39:42 +0000] - csngen_adjust_time: gen state before 569581a70006:1452638382:123:126 [12/Jan/2016:22:39:42 +0000] - csngen_adjust_time: gen state after 569581a7000a:1452638382:123:126 [12/Jan/2016:22:39:42 +0000] NSMMReplicationPlugin - conn=11 op=2488 repl="dc=mydomain,dc=net": Acquired replica [12/Jan/2016:22:39:42 +0000] NSMMReplicationPlugin - conn=11 op=2488 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=0 rc=0 [12/Jan/2016:22:39:42 +0000] NSMMReplicationPlugin - conn=11 op=2488 Relinquishing consumer connection extension [12/Jan/2016:22:39:42 +0000] NSMMReplicationPlugin - conn=11 op=2489 Acquired consumer connection extension [12/Jan/2016:22:39:42 +0000] NSMMReplicationPlugin - conn=11 op=2489 repl="dc=mydomain,dc=net": Released replica held by locking_purl=conn=11 id=2488 [12/Jan/2016:22:39:42 +0000] NSMMReplicationPlugin - conn=11 op=2489 Relinquishing consumer connection extension [12/Jan/2016:22:39:43 +0000] NSMMReplicationPlugin - conn=11 op=2490 Acquired consumer connection extension [12/Jan/2016:22:39:43 +0000] NSMMReplicationPlugin - conn=11 op=2490 repl="dc=mydomain,dc=net": Begin incremental protocol [12/Jan/2016:22:39:43 +0000] - csngen_adjust_time: gen state before 569581a7000a:1452638382:123:126 [12/Jan/2016:22:39:43 +0000] - _csngen_adjust_local_time: gen state before 569581a7000a:1452638382:123:126 [12/Jan/2016:22:39:43 +0000] - _csngen_adjust_local_time: gen state after 569581a7000a:1452638383:122:126 [12/Jan/2016:22:39:43 +0000] - csngen_adjust_time: gen state after 569581a7000d:1452638383:122:126 [12/Jan/2016:22:39:43 +0000] NSMMReplicationPlugin - conn=11 op=2490 repl="dc=mydomain,dc=net": Acquired replica [12/Jan/2016:22:39:43 +0000] NSMMReplicationPlugin - conn=11 op=2490 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=0 rc=0 [12/Jan/2016:22:39:43 +0000] NSMMReplicationPlugin - conn=11 op=2490 Relinquishing consumer connection extension [12/Jan/2016:22:39:43 +0000] NSMMReplicationPlugin - conn=11 op=2491 Acquired consumer connection extension [12/Jan/2016:22:39:43 +0000] NSMMReplicationPlugin - conn=11 op=2491 repl="dc=mydomain,dc=net": Released replica held by locking_purl=conn=11 id=2490 [12/Jan/2016:22:39:43 +0000] NSMMReplicationPlugin - conn=11 op=2491 Relinquishing consumer connection extension [12/Jan/2016:22:39:43 +0000] NSMMReplicationPlugin - conn=11 op=2492 Acquired consumer connection extension [12/Jan/2016:22:39:43 +0000] NSMMReplicationPlugin - conn=11 op=2492 repl="dc=mydomain,dc=net": Begin incremental protocol [12/Jan/2016:22:39:43 +0000] - csngen_adjust_time: gen state before 569581a7000d:1452638383:122:126 [12/Jan/2016:22:39:43 +0000] - csngen_adjust_time: gen state after 569581a70011:1452638383:122:126 [12/Jan/2016:22:39:43 +0000] NSMMReplicationPlugin - conn=11 op=2492 repl="dc=mydomain,dc=net": Acquired replica [12/Jan/2016:22:39:43 +0000] NSMMReplicationPlugin - conn=11 op=2492 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=0 rc=0 [12/Jan/2016:22:39:43 +0000] NSMMReplicationPlugin - conn=11 op=2492 Relinquishing consumer connection extension [12/Jan/2016:22:39:43 +0000] NSMMReplicationPlugin - conn=11 op=2493 Acquired consumer connection extension [12/Jan/2016:22:39:43 +0000] NSMMReplicationPlugin - conn=11 op=2493 repl="dc=mydomain,dc=net": Released replica held by locking_purl=conn=11 id=2492 [12/Jan/2016:22:39:43 +0000] NSMMReplicationPlugin - conn=11 op=2493 Relinquishing consumer connection extension [12/Jan/2016:22:39:46 +0000] - _csngen_adjust_local_time: gen state before 569581a70011:1452638383:122:126 [12/Jan/2016:22:39:46 +0000] - _csngen_adjust_local_time: gen state after 569581a70011:1452638386:119:126 [12/Jan/2016:22:39:46 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569581a7001100030000 into pending list [12/Jan/2016:22:39:46 +0000] NSMMReplicationPlugin - Purged state information from entry uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net up to CSN 568c4706000f00030000 [12/Jan/2016:22:39:46 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:46 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:46 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569581a7001100030000 [12/Jan/2016:22:39:46 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [12/Jan/2016:22:39:47 +0000] - _csngen_adjust_local_time: gen state before 569581a70012:1452638386:119:126 [12/Jan/2016:22:39:47 +0000] - _csngen_adjust_local_time: gen state after 569581a70012:1452638387:118:126 [12/Jan/2016:22:39:47 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569581a7001200030000 into pending list [12/Jan/2016:22:39:47 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=fe6-mc-mcqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568c4727001100030000 [12/Jan/2016:22:39:47 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:47 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:47 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569581a7001200030000 [12/Jan/2016:22:39:47 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [12/Jan/2016:22:39:47 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569581a7001300030000 into pending list [12/Jan/2016:22:39:47 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=fe6-mc-mcqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568c4727001200030000 [12/Jan/2016:22:39:47 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:47 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:47 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569581a7001300030000 [12/Jan/2016:22:39:47 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [12/Jan/2016:22:39:48 +0000] - _csngen_adjust_local_time: gen state before 569581a70014:1452638387:118:126 [12/Jan/2016:22:39:48 +0000] - _csngen_adjust_local_time: gen state after 569581a70014:1452638388:117:126 [12/Jan/2016:22:39:48 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569581a7001400030000 into pending list [12/Jan/2016:22:39:48 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:48 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:48 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569581a7001400030000 [12/Jan/2016:22:39:48 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [12/Jan/2016:22:39:48 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569581a7001500030000 into pending list [12/Jan/2016:22:39:48 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:48 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:48 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569581a7001500030000 [12/Jan/2016:22:39:48 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [12/Jan/2016:22:39:48 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569581a7001600030000 into pending list [12/Jan/2016:22:39:48 +0000] NSMMReplicationPlugin - Purged state information from entry idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net up to CSN 568c4727001500030000 [12/Jan/2016:22:39:48 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:48 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:48 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569581a7001600030000 [12/Jan/2016:22:39:48 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [12/Jan/2016:22:39:49 +0000] NSMMReplicationPlugin - conn=11 op=2494 Acquired consumer connection extension [12/Jan/2016:22:39:49 +0000] NSMMReplicationPlugin - conn=11 op=2494 repl="dc=mydomain,dc=net": Begin incremental protocol [12/Jan/2016:22:39:49 +0000] - csngen_adjust_time: gen state before 569581a70017:1452638388:117:126 [12/Jan/2016:22:39:49 +0000] - _csngen_adjust_local_time: gen state before 569581a70017:1452638388:117:126 [12/Jan/2016:22:39:49 +0000] - _csngen_adjust_local_time: gen state after 569581a70017:1452638389:116:126 [12/Jan/2016:22:39:49 +0000] - csngen_adjust_time: gen state after 569581ad0003:1452638389:122:126 [12/Jan/2016:22:39:49 +0000] NSMMReplicationPlugin - conn=11 op=2494 repl="dc=mydomain,dc=net": Acquired replica [12/Jan/2016:22:39:49 +0000] NSMMReplicationPlugin - conn=11 op=2494 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=0 rc=0 [12/Jan/2016:22:39:49 +0000] NSMMReplicationPlugin - conn=11 op=2494 Relinquishing consumer connection extension [12/Jan/2016:22:39:49 +0000] NSMMReplicationPlugin - conn=11 op=2495 Acquired consumer connection extension [12/Jan/2016:22:39:49 +0000] NSMMReplicationPlugin - conn=11 op=2495 repl="dc=mydomain,dc=net": Released replica held by locking_purl=conn=11 id=2494 [12/Jan/2016:22:39:49 +0000] NSMMReplicationPlugin - conn=11 op=2495 Relinquishing consumer connection extension [12/Jan/2016:22:39:49 +0000] NSMMReplicationPlugin - conn=11 op=2496 Acquired consumer connection extension [12/Jan/2016:22:39:49 +0000] NSMMReplicationPlugin - conn=11 op=2496 repl="dc=mydomain,dc=net": Begin incremental protocol [12/Jan/2016:22:39:49 +0000] - csngen_adjust_time: gen state before 569581ad0003:1452638389:122:126 [12/Jan/2016:22:39:49 +0000] - csngen_adjust_time: gen state after 569581ae0004:1452638389:123:126 [12/Jan/2016:22:39:49 +0000] NSMMReplicationPlugin - conn=11 op=2496 repl="dc=mydomain,dc=net": Acquired replica [12/Jan/2016:22:39:49 +0000] NSMMReplicationPlugin - conn=11 op=2496 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=0 rc=0 [12/Jan/2016:22:39:49 +0000] NSMMReplicationPlugin - conn=11 op=2496 Relinquishing consumer connection extension [12/Jan/2016:22:39:49 +0000] NSMMReplicationPlugin - conn=11 op=2497 Acquired consumer connection extension [12/Jan/2016:22:39:49 +0000] NSMMReplicationPlugin - conn=11 op=2497 repl="dc=mydomain,dc=net": Released replica held by locking_purl=conn=11 id=2496 [12/Jan/2016:22:39:49 +0000] NSMMReplicationPlugin - conn=11 op=2497 Relinquishing consumer connection extension [12/Jan/2016:22:39:50 +0000] - _csngen_adjust_local_time: gen state before 569581ae0004:1452638389:123:126 [12/Jan/2016:22:39:50 +0000] - _csngen_adjust_local_time: gen state after 569581ae0004:1452638390:122:126 [12/Jan/2016:22:39:50 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569581ae000400030000 into pending list [12/Jan/2016:22:39:50 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=analyzer1-arch-cpqa2-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568c4727001600030000 [12/Jan/2016:22:39:50 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:50 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:50 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569581ae000400030000 [12/Jan/2016:22:39:50 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [12/Jan/2016:22:39:50 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569581ae000500030000 into pending list [12/Jan/2016:22:39:50 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=analyzer1-arch-cpqa2-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568c472e000400030000 [12/Jan/2016:22:39:50 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:50 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:50 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569581ae000500030000 [12/Jan/2016:22:39:50 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [12/Jan/2016:22:39:50 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569581ae000600030000 into pending list [12/Jan/2016:22:39:50 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=fe1-gas-gasqa2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568c472e000500030000 [12/Jan/2016:22:39:50 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:50 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:50 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569581ae000600030000 [12/Jan/2016:22:39:50 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [12/Jan/2016:22:39:50 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569581ae000700030000 into pending list [12/Jan/2016:22:39:50 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=webrtc1-test-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568c472e000600030000 [12/Jan/2016:22:39:50 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:50 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:50 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569581ae000700030000 [12/Jan/2016:22:39:50 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [12/Jan/2016:22:39:50 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569581ae000800030000 into pending list [12/Jan/2016:22:39:50 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=fe1-gas-gasqa2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568c472e000700030000 [12/Jan/2016:22:39:50 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:50 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:50 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569581ae000800030000 [12/Jan/2016:22:39:50 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [12/Jan/2016:22:39:50 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569581ae000900030000 into pending list [12/Jan/2016:22:39:50 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=webrtc1-test-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568c472e000800030000 [12/Jan/2016:22:39:50 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:50 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:50 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569581ae000900030000 [12/Jan/2016:22:39:50 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [12/Jan/2016:22:39:50 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569581ae000a00030000 into pending list [12/Jan/2016:22:39:50 +0000] NSMMReplicationPlugin - Purged state information from entry uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net up to CSN 568c472e000900030000 [12/Jan/2016:22:39:50 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:50 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:50 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569581ae000a00030000 [12/Jan/2016:22:39:50 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [12/Jan/2016:22:39:51 +0000] - _csngen_adjust_local_time: gen state before 569581ae000b:1452638390:122:126 [12/Jan/2016:22:39:51 +0000] - _csngen_adjust_local_time: gen state after 569581ae000b:1452638391:121:126 [12/Jan/2016:22:39:51 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569581ae000b00030000 into pending list [12/Jan/2016:22:39:51 +0000] NSMMReplicationPlugin - Purged state information from entry uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net up to CSN 568c472e000a00030000 [12/Jan/2016:22:39:51 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:51 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:51 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569581ae000b00030000 [12/Jan/2016:22:39:51 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [12/Jan/2016:22:39:51 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569581ae000c00030000 into pending list [12/Jan/2016:22:39:51 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=es1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568c472e000b00030000 [12/Jan/2016:22:39:51 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:51 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:51 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569581ae000c00030000 [12/Jan/2016:22:39:51 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [12/Jan/2016:22:39:51 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569581ae000d00030000 into pending list [12/Jan/2016:22:39:51 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=es1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568c472e000c00030000 [12/Jan/2016:22:39:51 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:51 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:51 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569581ae000d00030000 [12/Jan/2016:22:39:51 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [12/Jan/2016:22:39:52 +0000] - _csngen_adjust_local_time: gen state before 569581ae000e:1452638391:121:126 [12/Jan/2016:22:39:52 +0000] - _csngen_adjust_local_time: gen state after 569581ae000e:1452638392:120:126 [12/Jan/2016:22:39:52 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569581ae000e00030000 into pending list [12/Jan/2016:22:39:52 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=mcsource1-sl-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568c472e000d00030000 [12/Jan/2016:22:39:52 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:52 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:52 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569581ae000e00030000 [12/Jan/2016:22:39:52 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [12/Jan/2016:22:39:52 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569581ae000f00030000 into pending list [12/Jan/2016:22:39:52 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=mcsource1-sl-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568c472e000e00030000 [12/Jan/2016:22:39:52 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:52 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:52 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569581ae000f00030000 [12/Jan/2016:22:39:52 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [12/Jan/2016:22:39:55 +0000] - _csngen_adjust_local_time: gen state before 569581ae0010:1452638392:120:126 [12/Jan/2016:22:39:55 +0000] - _csngen_adjust_local_time: gen state after 569581ae0010:1452638395:117:126 [12/Jan/2016:22:39:55 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569581ae001000030000 into pending list [12/Jan/2016:22:39:55 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=hadoop7-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568c472e000f00030000 [12/Jan/2016:22:39:55 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:55 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:55 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569581ae001000030000 [12/Jan/2016:22:39:55 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [12/Jan/2016:22:39:55 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569581ae001100030000 into pending list [12/Jan/2016:22:39:55 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=hadoop7-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568c472e001000030000 [12/Jan/2016:22:39:55 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:55 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:55 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569581ae001100030000 [12/Jan/2016:22:39:55 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [12/Jan/2016:22:39:56 +0000] - _csngen_adjust_local_time: gen state before 569581ae0012:1452638395:117:126 [12/Jan/2016:22:39:56 +0000] - _csngen_adjust_local_time: gen state after 569581ae0012:1452638396:116:126 [12/Jan/2016:22:39:56 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569581ae001200030000 into pending list [12/Jan/2016:22:39:56 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=uwp1-portal-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568c472e001100030000 [12/Jan/2016:22:39:56 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:56 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:56 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569581ae001200030000 [12/Jan/2016:22:39:56 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [12/Jan/2016:22:39:56 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569581ae001300030000 into pending list [12/Jan/2016:22:39:56 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=uwp1-portal-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568c472e001200030000 [12/Jan/2016:22:39:56 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:56 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:56 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569581ae001300030000 [12/Jan/2016:22:39:56 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [12/Jan/2016:22:39:58 +0000] - _csngen_adjust_local_time: gen state before 569581ae0014:1452638396:116:126 [12/Jan/2016:22:39:58 +0000] - _csngen_adjust_local_time: gen state after 569581ae0014:1452638398:114:126 [12/Jan/2016:22:39:58 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569581ae001400030000 into pending list [12/Jan/2016:22:39:58 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=lb1-pr-prsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568c472e001300030000 [12/Jan/2016:22:39:58 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:58 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:58 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569581ae001400030000 [12/Jan/2016:22:39:58 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [12/Jan/2016:22:39:58 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569581ae001500030000 into pending list [12/Jan/2016:22:39:58 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=lb1-pr-prsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568c472e001400030000 [12/Jan/2016:22:39:58 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:58 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:58 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569581ae001500030000 [12/Jan/2016:22:39:58 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [12/Jan/2016:22:39:58 +0000] NSMMReplicationPlugin - conn=11 op=2498 Acquired consumer connection extension [12/Jan/2016:22:39:58 +0000] NSMMReplicationPlugin - conn=11 op=2498 repl="dc=mydomain,dc=net": Begin incremental protocol [12/Jan/2016:22:39:58 +0000] - csngen_adjust_time: gen state before 569581ae0016:1452638398:114:126 [12/Jan/2016:22:39:58 +0000] - csngen_adjust_time: gen state after 569581b50002:1452638398:121:126 [12/Jan/2016:22:39:58 +0000] NSMMReplicationPlugin - conn=11 op=2498 repl="dc=mydomain,dc=net": Acquired replica [12/Jan/2016:22:39:58 +0000] NSMMReplicationPlugin - conn=11 op=2498 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=0 rc=0 [12/Jan/2016:22:39:58 +0000] NSMMReplicationPlugin - conn=11 op=2498 Relinquishing consumer connection extension [12/Jan/2016:22:39:58 +0000] NSMMReplicationPlugin - conn=11 op=2499 Acquired consumer connection extension [12/Jan/2016:22:39:58 +0000] NSMMReplicationPlugin - conn=11 op=2499 repl="dc=mydomain,dc=net": Released replica held by locking_purl=conn=11 id=2498 [12/Jan/2016:22:39:58 +0000] NSMMReplicationPlugin - conn=11 op=2499 Relinquishing consumer connection extension [12/Jan/2016:22:39:58 +0000] NSMMReplicationPlugin - conn=11 op=2500 Acquired consumer connection extension [12/Jan/2016:22:39:58 +0000] NSMMReplicationPlugin - conn=11 op=2500 repl="dc=mydomain,dc=net": Begin incremental protocol [12/Jan/2016:22:39:58 +0000] - csngen_adjust_time: gen state before 569581b50002:1452638398:121:126 [12/Jan/2016:22:39:58 +0000] - csngen_adjust_time: gen state after 569581b60002:1452638398:122:126 [12/Jan/2016:22:39:58 +0000] NSMMReplicationPlugin - conn=11 op=2500 repl="dc=mydomain,dc=net": Acquired replica [12/Jan/2016:22:39:58 +0000] NSMMReplicationPlugin - conn=11 op=2500 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=0 rc=0 [12/Jan/2016:22:39:58 +0000] NSMMReplicationPlugin - conn=11 op=2500 Relinquishing consumer connection extension [12/Jan/2016:22:39:58 +0000] NSMMReplicationPlugin - conn=11 op=2501 Acquired consumer connection extension [12/Jan/2016:22:39:58 +0000] NSMMReplicationPlugin - conn=11 op=2501 repl="dc=mydomain,dc=net": Released replica held by locking_purl=conn=11 id=2500 [12/Jan/2016:22:39:58 +0000] NSMMReplicationPlugin - conn=11 op=2501 Relinquishing consumer connection extension [12/Jan/2016:22:39:59 +0000] - _csngen_adjust_local_time: gen state before 569581b60002:1452638398:122:126 [12/Jan/2016:22:39:59 +0000] - _csngen_adjust_local_time: gen state after 569581b60002:1452638399:121:126 [12/Jan/2016:22:39:59 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569581b6000200030000 into pending list [12/Jan/2016:22:39:59 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=javaxtractor1-arch-cpqa2-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568c472e001500030000 [12/Jan/2016:22:39:59 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:59 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:59 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569581b6000200030000 [12/Jan/2016:22:39:59 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [12/Jan/2016:22:39:59 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569581b6000300030000 into pending list [12/Jan/2016:22:39:59 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=javaxtractor1-arch-cpqa2-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568c4736000200030000 [12/Jan/2016:22:39:59 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:59 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:59 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569581b6000300030000 [12/Jan/2016:22:39:59 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [12/Jan/2016:22:39:59 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569581b6000400030000 into pending list [12/Jan/2016:22:39:59 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=fe2-gas-cpqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568c4736000300030000 [12/Jan/2016:22:39:59 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:59 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:39:59 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569581b6000400030000 [12/Jan/2016:22:39:59 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [12/Jan/2016:22:40:00 +0000] - _csngen_adjust_local_time: gen state before 569581b60005:1452638399:121:126 [12/Jan/2016:22:40:00 +0000] - _csngen_adjust_local_time: gen state after 569581b60005:1452638400:120:126 [12/Jan/2016:22:40:00 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569581b6000500030000 into pending list [12/Jan/2016:22:40:00 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=fe2-gas-cpqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568c4736000400030000 [12/Jan/2016:22:40:00 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:40:00 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:40:00 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569581b6000500030000 [12/Jan/2016:22:40:00 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [12/Jan/2016:22:40:00 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:40:00 +0000] NSMMReplicationPlugin - changelog program - cl5GetOperationCount: found DB object 7f612a11c890 [12/Jan/2016:22:40:00 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:40:00 +0000] NSMMReplicationPlugin - changelog program - cl5GetOperationCount: found DB object 7f612a11c890 [12/Jan/2016:22:40:00 +0000] NSMMReplicationPlugin - conn=11 op=2502 Acquired consumer connection extension [12/Jan/2016:22:40:00 +0000] NSMMReplicationPlugin - conn=11 op=2502 repl="dc=mydomain,dc=net": Begin incremental protocol [12/Jan/2016:22:40:00 +0000] - csngen_adjust_time: gen state before 569581b60006:1452638400:120:126 [12/Jan/2016:22:40:00 +0000] - csngen_adjust_time: gen state after 569581b80002:1452638400:122:126 [12/Jan/2016:22:40:00 +0000] NSMMReplicationPlugin - conn=11 op=2502 repl="dc=mydomain,dc=net": Acquired replica [12/Jan/2016:22:40:00 +0000] NSMMReplicationPlugin - conn=11 op=2502 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=0 rc=0 [12/Jan/2016:22:40:00 +0000] NSMMReplicationPlugin - conn=11 op=2502 Relinquishing consumer connection extension [12/Jan/2016:22:40:00 +0000] NSMMReplicationPlugin - conn=11 op=2503 Acquired consumer connection extension [12/Jan/2016:22:40:00 +0000] NSMMReplicationPlugin - conn=11 op=2503 repl="dc=mydomain,dc=net": Released replica held by locking_purl=conn=11 id=2502 [12/Jan/2016:22:40:00 +0000] NSMMReplicationPlugin - conn=11 op=2503 Relinquishing consumer connection extension [12/Jan/2016:22:40:00 +0000] NSMMReplicationPlugin - conn=11 op=2504 Acquired consumer connection extension [12/Jan/2016:22:40:00 +0000] NSMMReplicationPlugin - conn=11 op=2504 repl="dc=mydomain,dc=net": Begin incremental protocol [12/Jan/2016:22:40:00 +0000] - csngen_adjust_time: gen state before 569581b80002:1452638400:122:126 [12/Jan/2016:22:40:00 +0000] - csngen_adjust_time: gen state after 569581b80006:1452638400:122:126 [12/Jan/2016:22:40:00 +0000] NSMMReplicationPlugin - conn=11 op=2504 repl="dc=mydomain,dc=net": Acquired replica [12/Jan/2016:22:40:00 +0000] NSMMReplicationPlugin - conn=11 op=2504 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=0 rc=0 [12/Jan/2016:22:40:00 +0000] NSMMReplicationPlugin - conn=11 op=2504 Relinquishing consumer connection extension [12/Jan/2016:22:40:00 +0000] NSMMReplicationPlugin - conn=11 op=2505 Acquired consumer connection extension [12/Jan/2016:22:40:00 +0000] NSMMReplicationPlugin - conn=11 op=2505 repl="dc=mydomain,dc=net": Released replica held by locking_purl=conn=11 id=2504 [12/Jan/2016:22:40:00 +0000] NSMMReplicationPlugin - conn=11 op=2505 Relinquishing consumer connection extension [12/Jan/2016:22:40:00 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569581b8000600030000 into pending list [12/Jan/2016:22:40:00 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=all-mre-masnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568c4736000500030000 [12/Jan/2016:22:40:00 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:40:00 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:40:00 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569581b8000600030000 [12/Jan/2016:22:40:00 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [12/Jan/2016:22:40:00 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569581b8000700030000 into pending list [12/Jan/2016:22:40:00 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=all-mre-masnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568c4738000600030000 [12/Jan/2016:22:40:00 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:40:00 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:40:00 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569581b8000700030000 [12/Jan/2016:22:40:00 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [12/Jan/2016:22:40:06 +0000] NSMMReplicationPlugin - conn=11 op=2506 Acquired consumer connection extension [12/Jan/2016:22:40:06 +0000] NSMMReplicationPlugin - conn=11 op=2506 repl="dc=mydomain,dc=net": Begin incremental protocol [12/Jan/2016:22:40:06 +0000] - csngen_adjust_time: gen state before 569581b80008:1452638400:122:126 [12/Jan/2016:22:40:06 +0000] - _csngen_adjust_local_time: gen state before 569581b80008:1452638400:122:126 [12/Jan/2016:22:40:06 +0000] - _csngen_adjust_local_time: gen state after 569581b80008:1452638406:116:126 [12/Jan/2016:22:40:06 +0000] - csngen_adjust_time: gen state after 569581be0002:1452638406:122:126 [12/Jan/2016:22:40:06 +0000] NSMMReplicationPlugin - conn=11 op=2506 repl="dc=mydomain,dc=net": Acquired replica [12/Jan/2016:22:40:06 +0000] NSMMReplicationPlugin - conn=11 op=2506 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=0 rc=0 [12/Jan/2016:22:40:06 +0000] NSMMReplicationPlugin - conn=11 op=2506 Relinquishing consumer connection extension [12/Jan/2016:22:40:06 +0000] NSMMReplicationPlugin - conn=11 op=2507 Acquired consumer connection extension [12/Jan/2016:22:40:06 +0000] NSMMReplicationPlugin - conn=11 op=2507 repl="dc=mydomain,dc=net": Released replica held by locking_purl=conn=11 id=2506 [12/Jan/2016:22:40:06 +0000] NSMMReplicationPlugin - conn=11 op=2507 Relinquishing consumer connection extension [12/Jan/2016:22:40:06 +0000] NSMMReplicationPlugin - conn=11 op=2508 Acquired consumer connection extension [12/Jan/2016:22:40:06 +0000] NSMMReplicationPlugin - conn=11 op=2508 repl="dc=mydomain,dc=net": Begin incremental protocol [12/Jan/2016:22:40:06 +0000] - csngen_adjust_time: gen state before 569581be0002:1452638406:122:126 [12/Jan/2016:22:40:06 +0000] - csngen_adjust_time: gen state after 569581be0006:1452638406:122:126 [12/Jan/2016:22:40:06 +0000] NSMMReplicationPlugin - conn=11 op=2508 repl="dc=mydomain,dc=net": Acquired replica [12/Jan/2016:22:40:06 +0000] NSMMReplicationPlugin - conn=11 op=2508 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=0 rc=0 [12/Jan/2016:22:40:06 +0000] NSMMReplicationPlugin - conn=11 op=2508 Relinquishing consumer connection extension [12/Jan/2016:22:40:06 +0000] NSMMReplicationPlugin - conn=11 op=2509 Acquired consumer connection extension [12/Jan/2016:22:40:06 +0000] NSMMReplicationPlugin - conn=11 op=2509 repl="dc=mydomain,dc=net": Released replica held by locking_purl=conn=11 id=2508 [12/Jan/2016:22:40:06 +0000] NSMMReplicationPlugin - conn=11 op=2509 Relinquishing consumer connection extension [12/Jan/2016:22:40:08 +0000] - _csngen_adjust_local_time: gen state before 569581be0006:1452638406:122:126 [12/Jan/2016:22:40:08 +0000] - _csngen_adjust_local_time: gen state after 569581be0006:1452638408:120:126 [12/Jan/2016:22:40:08 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569581be000600030000 into pending list [12/Jan/2016:22:40:08 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=katello1-ops-int-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568c4738000700030000 [12/Jan/2016:22:40:08 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:40:08 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:40:08 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569581be000600030000 [12/Jan/2016:22:40:08 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [12/Jan/2016:22:40:08 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569581be000700030000 into pending list [12/Jan/2016:22:40:08 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=katello1-ops-int-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568c473e000600030000 [12/Jan/2016:22:40:08 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:40:08 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [12/Jan/2016:22:40:08 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569581be000700030000 [12/Jan/2016:22:40:08 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff -------------- next part -------------- An HTML attachment was scrubbed... URL: From rcritten at redhat.com Tue Jan 12 23:08:28 2016 From: rcritten at redhat.com (Rob Crittenden) Date: Tue, 12 Jan 2016 18:08:28 -0500 Subject: [Freeipa-users] Replication failing on FreeIPA 4.2.0 plus ldapmodify freezes up In-Reply-To: References: Message-ID: <5695876C.4080600@redhat.com> Nathan Peters wrote: > (I apologize if this isn?t threading properly, I signed up with another > email address since my primary ISP is having issues right now) > > > > So to recap about the issues in this thread : > https://www.redhat.com/archives/freeipa-users/2016-January/msg00139.html > > > > I have 3 dcs. Dc1 and 3 replicate fine. Dc2 will replicate after a > re-initialize for about 12 hours, then start failing. > > > > Here are the logs from dc2. Strangely enough, I couldn?t even turn the > debugging on properly. > > > > Here is what happens when I turn it on : > > > > ldapmodify -x -D "cn=directory manager" -w password > > dn: cn=config > > changetype: modify > > replace: nsslapd-errorlog-level > > nsslapd-errorlog-level: 8192 > > > > Modifying : cn=config > > ^C > > ----- > > And then it just freezes up indefinitely until I ctrl-c it. Strangely > enough, it appears to have actually made the modification because my log > is full of stuff now, but replication is still failing : > Use ^D to finish up ldapmodify. It may not be hanging, it may just be waiting on input. For 389-ds hangs you should see http://directory.fedoraproject.org/docs/389ds/FAQ/faq.html#debugging-hangs rob From Nathan.Peters at globalrelay.net Tue Jan 12 23:16:30 2016 From: Nathan.Peters at globalrelay.net (Nathan Peters) Date: Tue, 12 Jan 2016 23:16:30 +0000 Subject: [Freeipa-users] Replication failing on FreeIPA 4.2.0 plus ldapmodify freezes up In-Reply-To: <5695876C.4080600@redhat.com> References: <5695876C.4080600@redhat.com> Message-ID: Ok. I did that and it ended properly. Debugging was enabled properly. Here are the logs from dc1 where it is refusing the update ? Not sure how to parse these... [12/Jan/2016:23:11:15 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 56956024000000050000 into pending list [12/Jan/2016:23:11:15 +0000] NSMMReplicationPlugin - conn=5219 op=121512 csn=56956024000000050000 process postop: canceling operation csn [12/Jan/2016:23:11:17 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569563c2000000050000 into pending list [12/Jan/2016:23:11:17 +0000] NSMMReplicationPlugin - conn=5219 op=121513 csn=569563c2000000050000 process postop: canceling operation csn [12/Jan/2016:23:11:19 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5695667c000000050000 into pending list [12/Jan/2016:23:11:19 +0000] NSMMReplicationPlugin - conn=5219 op=121514 csn=5695667c000000050000 process postop: canceling operation csn [12/Jan/2016:23:11:21 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 56956866000000050000 into pending list [12/Jan/2016:23:11:21 +0000] NSMMReplicationPlugin - conn=5219 op=121515 csn=56956866000000050000 process postop: canceling operation csn [12/Jan/2016:23:11:23 +0000] - _csngen_adjust_local_time: gen state before 569589070003:1452640271:0:248 [12/Jan/2016:23:11:23 +0000] - _csngen_adjust_local_time: gen state after 569589130000:1452640283:0:248 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 56958913000000040000 into pending list [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=proxy2-pr-prqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568c4e86000400040000 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-mydomain-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-mydomain-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 56958913000000040000 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: wait_for_changes -> wait_for_changes [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: wait_for_changes -> ready_to_acquire_replica [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): State: wait_for_changes -> wait_for_changes [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): State: wait_for_changes -> ready_to_acquire_replica [12/Jan/2016:23:11:23 +0000] - acquire_replica, supplier RUV: [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - supplier: {replicageneration} 553fe9bb000000040000 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - supplier: {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 56958913000000040000 5695881b [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - supplier: {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 56947ab7000200050000 56947a54 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - supplier: {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56949070000b00030000 56948f81 [12/Jan/2016:23:11:23 +0000] - acquire_replica, consumer RUV: [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - consumer: {replicageneration} 553fe9bb000000040000 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - consumer: {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 56958906000400040000 5695880e [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - consumer: {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56949070000b00030000 56948f81 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - consumer: {replica 5} 56921205000100050000 56947ab7000200050000 56947a54 [12/Jan/2016:23:11:23 +0000] - acquire_replica, supplier RUV is newer [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): Cancelling linger on the connection [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replica was successfully acquired. [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 56956dfb000000050000 into pending list [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - conn=5219 op=121516 csn=56956dfb000000050000 process postop: canceling operation csn [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - windows sync - windows_acquire_replica returned success (101) [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): State: ready_to_acquire_replica -> sending_updates [12/Jan/2016:23:11:23 +0000] - csngen_adjust_time: gen state before 569589130003:1452640283:0:248 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 56958913000300040000 into pending list [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=proxy2-pr-prqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568c4e93000000040000 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: ready_to_acquire_replica -> sending_updates [12/Jan/2016:23:11:23 +0000] - csngen_adjust_time: gen state before 569589130004:1452640283:0:248 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-mydomain-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [12/Jan/2016:23:11:23 +0000] - _cl5PositionCursorForReplay (agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389)): Consumer RUV: [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): {replicageneration} 553fe9bb000000040000 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56958907000800030000 00000000 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569588f4000100040000 00000000 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 56947ab7000200050000 00000000 [12/Jan/2016:23:11:23 +0000] - _cl5PositionCursorForReplay (agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389)): Supplier RUV: [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): {replicageneration} 553fe9bb000000040000 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 56958913000000040000 5695881b [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 56947ab7000200050000 56947a54 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56949070000b00030000 56948f81 [12/Jan/2016:23:11:23 +0000] agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - clcache_get_buffer: found thread private buffer cache 7fc71c004480 [12/Jan/2016:23:11:23 +0000] agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - clcache_get_buffer: _pool is 7fc74461e350 _pool->pl_busy_lists is 7fc71406c630 _pool->pl_busy_lists->bl_buffers is 7fc6f5181410 [12/Jan/2016:23:11:23 +0000] agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - session start: anchorcsn=569588f4000100040000 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - changelog program - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): CSN 569588f4000100040000 found, position set for replay [12/Jan/2016:23:11:23 +0000] agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - load=1 rec=1 csn=56958906000000040000 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=mole2-mh-interopsnap1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958906000000040000) [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=mole2-mh-interopsnap1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958906000000040000) not sent - empty [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56958906000000040000 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 5a395106-b42a11e5-b6d1a094-64a60b74, CSN 56958906000000040000): [12/Jan/2016:23:11:23 +0000] agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - load=1 rec=2 csn=56958906000400040000 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=mole2-mh-interopsnap1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958906000400040000) [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=mole2-mh-interopsnap1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958906000400040000) not sent - empty [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56958906000400040000 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 5a395106-b42a11e5-b6d1a094-64a60b74, CSN 56958906000400040000): [12/Jan/2016:23:11:23 +0000] agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - load=1 rec=3 csn=56958913000000040000 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=proxy2-pr-prqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958913000000040000) [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=proxy2-pr-prqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958913000000040000) not sent - empty [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56958913000000040000 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid c1515986-58bf11e5-b1f1cd78-f19552bb, CSN 56958913000000040000): [12/Jan/2016:23:11:23 +0000] agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - clcache_load_buffer: rc=-30988 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): No more updates to send (cl5GetNextOperationToReplay) [12/Jan/2016:23:11:23 +0000] - repl5_inc_waitfor_async_results: 0 0 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-mydomain-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-mydomain-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 56958913000300040000 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-mydomain-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [12/Jan/2016:23:11:23 +0000] - _cl5PositionCursorForReplay (agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389)): Consumer RUV: [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): {replicageneration} 553fe9bb000000040000 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 56958906000400040000 5695880e [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56949070000b00030000 56948f81 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): {replica 5} 56921205000100050000 56947ab7000200050000 56947a54 [12/Jan/2016:23:11:23 +0000] - _cl5PositionCursorForReplay (agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389)): Supplier RUV: [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): {replicageneration} 553fe9bb000000040000 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 56958913000300040000 5695881b [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 56947ab7000200050000 56947a54 [12/Jan/2016:23:11:23 +0000] - repl5_inc_result_threadmain starting [12/Jan/2016:23:11:23 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56949070000b00030000 56948f81 [12/Jan/2016:23:11:23 +0000] agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389) - clcache_get_buffer: found thread private buffer cache 7fc71407c6e0 [12/Jan/2016:23:11:23 +0000] agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389) - clcache_get_buffer: _pool is 7fc74461e350 _pool->pl_busy_lists is 7fc71406c630 _pool->pl_busy_lists->bl_buffers is 7fc6f5181410 [12/Jan/2016:23:11:23 +0000] - repl5_inc_result_threadmain exiting [12/Jan/2016:23:11:23 +0000] agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - session end: state=5 load=1 sent=3 skipped=0 skipped_new_rid=0 skipped_csn_gt_cons_maxcsn=0 skipped_up_to_date=0 skipped_csn_gt_ruv=0 skipped_csn_covered=0 [12/Jan/2016:23:11:23 +0000] agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389) - session start: anchorcsn=56958906000400040000 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: wait_for_changes -> wait_for_changes [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - changelog program - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): CSN 56958906000400040000 found, position set for replay [12/Jan/2016:23:11:23 +0000] agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389) - load=1 rec=1 csn=56958913000000040000 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: wait_for_changes -> ready_to_acquire_replica [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [12/Jan/2016:23:11:23 +0000] agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389) - load=1 rec=2 csn=56958913000300040000 [12/Jan/2016:23:11:23 +0000] agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389) - clcache_load_buffer: rc=-30988 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): No more updates to send (cl5GetNextOperationToReplay) [12/Jan/2016:23:11:23 +0000] agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389) - session end: state=5 load=1 sent=2 skipped=0 skipped_new_rid=0 skipped_csn_gt_cons_maxcsn=0 skipped_up_to_date=0 skipped_csn_gt_ruv=0 skipped_csn_covered=0 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Successfully released consumer [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: sending_updates -> wait_for_changes [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: wait_for_changes -> ready_to_acquire_replica [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [12/Jan/2016:23:11:23 +0000] - Calling dirsync search request plugin [12/Jan/2016:23:11:23 +0000] - Sending dirsync search request [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replica was successfully acquired. [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: ready_to_acquire_replica -> sending_updates [12/Jan/2016:23:11:23 +0000] - csngen_adjust_time: gen state before 569589130006:1452640283:0:248 [12/Jan/2016:23:11:23 +0000] - csngen_adjust_time: gen state after 569589140002:1452640283:1:248 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-mydomain-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [12/Jan/2016:23:11:23 +0000] - _cl5PositionCursorForReplay (agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389)): Consumer RUV: [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replicageneration} 553fe9bb000000040000 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 56958914000100050000 00000000 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569588f4000100040000 00000000 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56949070000b00030000 00000000 [12/Jan/2016:23:11:23 +0000] - _cl5PositionCursorForReplay (agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389)): Supplier RUV: [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replicageneration} 553fe9bb000000040000 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 56958913000300040000 5695881b [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 56947ab7000200050000 56947a54 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56949070000b00030000 56948f81 [12/Jan/2016:23:11:23 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - clcache_get_buffer: found thread private buffer cache 7fc6f5181410 [12/Jan/2016:23:11:23 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - clcache_get_buffer: _pool is 7fc74461e350 _pool->pl_busy_lists is 7fc71406c630 _pool->pl_busy_lists->bl_buffers is 7fc6f5181410 [12/Jan/2016:23:11:23 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - session start: anchorcsn=569588f4000100040000 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - changelog program - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): CSN 569588f4000100040000 found, position set for replay [12/Jan/2016:23:11:23 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=1 csn=56958906000000040000 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=mole2-mh-interopsnap1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958906000000040000) [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=mole2-mh-interopsnap1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958906000000040000) not sent - empty [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56958906000000040000 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 5a395106-b42a11e5-b6d1a094-64a60b74, CSN 56958906000000040000): [12/Jan/2016:23:11:23 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=2 csn=56958906000400040000 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=mole2-mh-interopsnap1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958906000400040000) [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=mole2-mh-interopsnap1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958906000400040000) not sent - empty [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56958906000400040000 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 5a395106-b42a11e5-b6d1a094-64a60b74, CSN 56958906000400040000): [12/Jan/2016:23:11:23 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=3 csn=56958913000000040000 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=proxy2-pr-prqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958913000000040000) [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=proxy2-pr-prqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958913000000040000) not sent - empty [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56958913000000040000 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid c1515986-58bf11e5-b1f1cd78-f19552bb, CSN 56958913000000040000): [12/Jan/2016:23:11:23 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=4 csn=56958913000300040000 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=proxy2-pr-prqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958913000300040000) [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=proxy2-pr-prqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958913000300040000) not sent - empty [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56958913000300040000 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid c1515986-58bf11e5-b1f1cd78-f19552bb, CSN 56958913000300040000): [12/Jan/2016:23:11:23 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - clcache_load_buffer: rc=-30988 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): No more updates to send (cl5GetNextOperationToReplay) [12/Jan/2016:23:11:23 +0000] - repl5_inc_waitfor_async_results: 0 0 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replica was successfully acquired. [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: ready_to_acquire_replica -> sending_updates [12/Jan/2016:23:11:23 +0000] - csngen_adjust_time: gen state before 569589140002:1452640283:1:248 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-mydomain-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [12/Jan/2016:23:11:23 +0000] - _cl5PositionCursorForReplay (agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389)): Consumer RUV: [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): {replicageneration} 553fe9bb000000040000 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56958907000800030000 00000000 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569588f4000100040000 00000000 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 56947ab7000200050000 00000000 [12/Jan/2016:23:11:23 +0000] - _cl5PositionCursorForReplay (agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389)): Supplier RUV: [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): {replicageneration} 553fe9bb000000040000 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 56958913000300040000 5695881b [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 56947ab7000200050000 56947a54 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56949070000b00030000 56948f81 [12/Jan/2016:23:11:23 +0000] agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - clcache_get_buffer: found thread private buffer cache 7fc71c004480 [12/Jan/2016:23:11:23 +0000] agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - clcache_get_buffer: _pool is 7fc74461e350 _pool->pl_busy_lists is 7fc71406c630 _pool->pl_busy_lists->bl_buffers is 7fc6f5181410 [12/Jan/2016:23:11:23 +0000] agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - session start: anchorcsn=569588f4000100040000 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - changelog program - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): CSN 569588f4000100040000 found, position set for replay [12/Jan/2016:23:11:23 +0000] agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - load=1 rec=1 csn=56958906000000040000 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=mole2-mh-interopsnap1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958906000000040000) [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=mole2-mh-interopsnap1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958906000000040000) not sent - empty [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56958906000000040000 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 5a395106-b42a11e5-b6d1a094-64a60b74, CSN 56958906000000040000): [12/Jan/2016:23:11:23 +0000] agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - load=1 rec=2 csn=56958906000400040000 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=mole2-mh-interopsnap1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958906000400040000) [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=mole2-mh-interopsnap1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958906000400040000) not sent - empty [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56958906000400040000 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 5a395106-b42a11e5-b6d1a094-64a60b74, CSN 56958906000400040000): [12/Jan/2016:23:11:23 +0000] agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - load=1 rec=3 csn=56958913000000040000 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=proxy2-pr-prqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958913000000040000) [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=proxy2-pr-prqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958913000000040000) not sent - empty [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56958913000000040000 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid c1515986-58bf11e5-b1f1cd78-f19552bb, CSN 56958913000000040000): [12/Jan/2016:23:11:23 +0000] agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - load=1 rec=4 csn=56958913000300040000 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=proxy2-pr-prqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958913000300040000) [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=proxy2-pr-prqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958913000300040000) not sent - empty [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56958913000300040000 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid c1515986-58bf11e5-b1f1cd78-f19552bb, CSN 56958913000300040000): [12/Jan/2016:23:11:23 +0000] agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - clcache_load_buffer: rc=-30988 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): No more updates to send (cl5GetNextOperationToReplay) [12/Jan/2016:23:11:23 +0000] - repl5_inc_waitfor_async_results: 0 0 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): Beginning linger on the connection [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): State: sending_updates -> wait_for_changes [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): State: wait_for_changes -> ready_to_acquire_replica [12/Jan/2016:23:11:23 +0000] - acquire_replica, supplier RUV: [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - supplier: {replicageneration} 553fe9bb000000040000 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - supplier: {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 56958913000300040000 5695881b [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - supplier: {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 56947ab7000200050000 56947a54 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - supplier: {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56949070000b00030000 56948f81 [12/Jan/2016:23:11:23 +0000] - acquire_replica, consumer RUV: [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - consumer: {replicageneration} 553fe9bb000000040000 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - consumer: {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 56958913000300040000 5695881b [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - consumer: {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56949070000b00030000 56948f81 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - consumer: {replica 5} 56921205000100050000 56947ab7000200050000 56947a54 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): Cancelling linger on the connection [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - windows sync - windows_acquire_replica returned success (101) [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): State: ready_to_acquire_replica -> sending_updates [12/Jan/2016:23:11:23 +0000] - csngen_adjust_time: gen state before 569589140003:1452640283:1:248 [12/Jan/2016:23:11:23 +0000] - repl5_inc_result_threadmain starting [12/Jan/2016:23:11:23 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [12/Jan/2016:23:11:23 +0000] - repl5_inc_result_threadmain starting [12/Jan/2016:23:11:23 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [12/Jan/2016:23:11:23 +0000] - repl5_inc_result_threadmain exiting [12/Jan/2016:23:11:23 +0000] agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - session end: state=5 load=1 sent=4 skipped=0 skipped_new_rid=0 skipped_csn_gt_cons_maxcsn=0 skipped_up_to_date=0 skipped_csn_gt_ruv=0 skipped_csn_covered=0 [12/Jan/2016:23:11:23 +0000] - repl5_inc_result_threadmain exiting [12/Jan/2016:23:11:23 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - session end: state=5 load=1 sent=4 skipped=0 skipped_new_rid=0 skipped_csn_gt_cons_maxcsn=0 skipped_up_to_date=0 skipped_csn_gt_ruv=0 skipped_csn_covered=0 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-mydomain-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [12/Jan/2016:23:11:23 +0000] - _cl5PositionCursorForReplay (agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389)): Consumer RUV: [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): {replicageneration} 553fe9bb000000040000 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 56958913000300040000 5695881b [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56949070000b00030000 56948f81 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): {replica 5} 56921205000100050000 56947ab7000200050000 56947a54 [12/Jan/2016:23:11:23 +0000] - _cl5PositionCursorForReplay (agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389)): Supplier RUV: [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): {replicageneration} 553fe9bb000000040000 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 56958913000300040000 5695881b [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 56947ab7000200050000 56947a54 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56949070000b00030000 56948f81 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): No changes to send [12/Jan/2016:23:11:23 +0000] - Calling dirsync search request plugin [12/Jan/2016:23:11:23 +0000] - Sending dirsync search request [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Successfully released consumer [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: sending_updates -> wait_for_changes [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Successfully released consumer [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: sending_updates -> wait_for_changes [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): Beginning linger on the connection [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): State: sending_updates -> wait_for_changes [12/Jan/2016:23:11:25 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 56957170000000050000 into pending list [12/Jan/2016:23:11:25 +0000] NSMMReplicationPlugin - conn=5219 op=121517 csn=56957170000000050000 process postop: canceling operation csn [12/Jan/2016:23:11:26 +0000] - _csngen_adjust_local_time: gen state before 569589140003:1452640283:1:248 [12/Jan/2016:23:11:26 +0000] - _csngen_adjust_local_time: gen state after 569589160000:1452640286:0:248 [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 56958916000000040000 into pending list [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=es1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568c4e93000300040000 [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-mydomain-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-mydomain-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 56958916000000040000 [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: wait_for_changes -> wait_for_changes [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: wait_for_changes -> ready_to_acquire_replica [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): State: wait_for_changes -> wait_for_changes [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): State: wait_for_changes -> ready_to_acquire_replica [12/Jan/2016:23:11:26 +0000] - acquire_replica, supplier RUV: [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - supplier: {replicageneration} 553fe9bb000000040000 [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - supplier: {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 56958916000000040000 5695881e [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - supplier: {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 56947ab7000200050000 56947a54 [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - supplier: {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56949070000b00030000 56948f81 [12/Jan/2016:23:11:26 +0000] - acquire_replica, consumer RUV: [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - consumer: {replicageneration} 553fe9bb000000040000 [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - consumer: {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 56958913000300040000 5695881b [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - consumer: {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56949070000b00030000 56948f81 [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - consumer: {replica 5} 56921205000100050000 56947ab7000200050000 56947a54 [12/Jan/2016:23:11:26 +0000] - acquire_replica, supplier RUV is newer [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): Cancelling linger on the connection [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - windows sync - windows_acquire_replica returned success (101) [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): State: ready_to_acquire_replica -> sending_updates [12/Jan/2016:23:11:26 +0000] - csngen_adjust_time: gen state before 569589160003:1452640286:0:248 [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: wait_for_changes -> wait_for_changes [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: wait_for_changes -> ready_to_acquire_replica [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replica was successfully acquired. [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: ready_to_acquire_replica -> sending_updates [12/Jan/2016:23:11:26 +0000] - csngen_adjust_time: gen state before 569589160004:1452640286:0:248 [12/Jan/2016:23:11:26 +0000] - csngen_adjust_time: gen state after 569589160004:1452640286:0:248 [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-mydomain-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [12/Jan/2016:23:11:26 +0000] - _cl5PositionCursorForReplay (agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389)): Consumer RUV: [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replicageneration} 553fe9bb000000040000 [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 56958916000300050000 00000000 [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569588f4000100040000 00000000 [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56949070000b00030000 00000000 [12/Jan/2016:23:11:26 +0000] - _cl5PositionCursorForReplay (agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389)): Supplier RUV: [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replicageneration} 553fe9bb000000040000 [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 56958916000000040000 5695881e [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 56947ab7000200050000 56947a54 [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56949070000b00030000 56948f81 [12/Jan/2016:23:11:26 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - clcache_get_buffer: found thread private buffer cache 7fc6f5181410 [12/Jan/2016:23:11:26 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - clcache_get_buffer: _pool is 7fc74461e350 _pool->pl_busy_lists is 7fc71406c630 _pool->pl_busy_lists->bl_buffers is 7fc6f5181410 [12/Jan/2016:23:11:26 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - session start: anchorcsn=569588f4000100040000 [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - changelog program - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): CSN 569588f4000100040000 found, position set for replay [12/Jan/2016:23:11:26 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=1 csn=56958906000000040000 [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=mole2-mh-interopsnap1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958906000000040000) [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=mole2-mh-interopsnap1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958906000000040000) not sent - empty [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56958906000000040000 [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 5a395106-b42a11e5-b6d1a094-64a60b74, CSN 56958906000000040000): [12/Jan/2016:23:11:26 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=2 csn=56958906000400040000 [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=mole2-mh-interopsnap1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958906000400040000) [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=mole2-mh-interopsnap1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958906000400040000) not sent - empty [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56958906000400040000 [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 5a395106-b42a11e5-b6d1a094-64a60b74, CSN 56958906000400040000): [12/Jan/2016:23:11:26 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=3 csn=56958913000000040000 [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=proxy2-pr-prqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958913000000040000) [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=proxy2-pr-prqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958913000000040000) not sent - empty [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56958913000000040000 [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid c1515986-58bf11e5-b1f1cd78-f19552bb, CSN 56958913000000040000): [12/Jan/2016:23:11:26 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=4 csn=56958913000300040000 [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=proxy2-pr-prqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958913000300040000) [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=proxy2-pr-prqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958913000300040000) not sent - empty [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56958913000300040000 [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid c1515986-58bf11e5-b1f1cd78-f19552bb, CSN 56958913000300040000): [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-mydomain-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 56958916000400040000 into pending list [12/Jan/2016:23:11:26 +0000] - _cl5PositionCursorForReplay (agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389)): Consumer RUV: [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): {replicageneration} 553fe9bb000000040000 [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 56958913000300040000 5695881b [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56949070000b00030000 56948f81 [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): {replica 5} 56921205000100050000 56947ab7000200050000 56947a54 [12/Jan/2016:23:11:26 +0000] - _cl5PositionCursorForReplay (agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389)): Supplier RUV: [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): {replicageneration} 553fe9bb000000040000 [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 56958916000000040000 5695881e [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 56947ab7000200050000 56947a54 [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56949070000b00030000 56948f81 [12/Jan/2016:23:11:26 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=5 csn=56958916000000040000 [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958916000000040000) [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958916000000040000) not sent - empty [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56958916000000040000 [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid ff855529-240611e5-a0c7cd78-f19552bb, CSN 56958916000000040000): [12/Jan/2016:23:11:26 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - clcache_load_buffer: rc=-30988 [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): No more updates to send (cl5GetNextOperationToReplay) [12/Jan/2016:23:11:26 +0000] - repl5_inc_waitfor_async_results: 0 0 [12/Jan/2016:23:11:26 +0000] agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389) - clcache_get_buffer: found thread private buffer cache 7fc71407c6e0 [12/Jan/2016:23:11:26 +0000] agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389) - clcache_get_buffer: _pool is 7fc74461e350 _pool->pl_busy_lists is 7fc71406c630 _pool->pl_busy_lists->bl_buffers is 7fc6f5181410 [12/Jan/2016:23:11:26 +0000] - repl5_inc_result_threadmain starting [12/Jan/2016:23:11:26 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=es1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568c4e96000000040000 [12/Jan/2016:23:11:26 +0000] agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389) - session start: anchorcsn=56958913000300040000 [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - changelog program - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): CSN 56958913000300040000 found, position set for replay [12/Jan/2016:23:11:26 +0000] agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389) - load=1 rec=1 csn=56958916000000040000 [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-mydomain-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-mydomain-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 56958916000400040000 [12/Jan/2016:23:11:26 +0000] agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389) - clcache_load_buffer: rc=-30988 [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): No more updates to send (cl5GetNextOperationToReplay) [12/Jan/2016:23:11:26 +0000] agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389) - session end: state=5 load=1 sent=1 skipped=0 skipped_new_rid=0 skipped_csn_gt_cons_maxcsn=0 skipped_up_to_date=0 skipped_csn_gt_ruv=0 skipped_csn_covered=0 [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replica was successfully acquired. [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: ready_to_acquire_replica -> sending_updates [12/Jan/2016:23:11:26 +0000] - csngen_adjust_time: gen state before 569589160005:1452640286:0:248 [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-mydomain-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [12/Jan/2016:23:11:26 +0000] - _cl5PositionCursorForReplay (agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389)): Consumer RUV: [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): {replicageneration} 553fe9bb000000040000 [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56958913000700030000 00000000 [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569588f4000100040000 00000000 [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 56947ab7000200050000 00000000 [12/Jan/2016:23:11:26 +0000] - _cl5PositionCursorForReplay (agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389)): Supplier RUV: [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): {replicageneration} 553fe9bb000000040000 [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 56958916000400040000 5695881e [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 56947ab7000200050000 56947a54 [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56949070000b00030000 56948f81 [12/Jan/2016:23:11:26 +0000] agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - clcache_get_buffer: found thread private buffer cache 7fc71c004480 [12/Jan/2016:23:11:26 +0000] agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - clcache_get_buffer: _pool is 7fc74461e350 _pool->pl_busy_lists is 7fc71406c630 _pool->pl_busy_lists->bl_buffers is 7fc6f5181410 [12/Jan/2016:23:11:26 +0000] - Calling dirsync search request plugin [12/Jan/2016:23:11:26 +0000] - Sending dirsync search request [12/Jan/2016:23:11:26 +0000] agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - session start: anchorcsn=569588f4000100040000 [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - changelog program - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): CSN 569588f4000100040000 found, position set for replay [12/Jan/2016:23:11:26 +0000] agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - load=1 rec=1 csn=56958906000000040000 [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=mole2-mh-interopsnap1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958906000000040000) [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=mole2-mh-interopsnap1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958906000000040000) not sent - empty [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56958906000000040000 [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 5a395106-b42a11e5-b6d1a094-64a60b74, CSN 56958906000000040000): [12/Jan/2016:23:11:26 +0000] agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - load=1 rec=2 csn=56958906000400040000 [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=mole2-mh-interopsnap1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958906000400040000) [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=mole2-mh-interopsnap1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958906000400040000) not sent - empty [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56958906000400040000 [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 5a395106-b42a11e5-b6d1a094-64a60b74, CSN 56958906000400040000): [12/Jan/2016:23:11:26 +0000] agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - load=1 rec=3 csn=56958913000000040000 [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=proxy2-pr-prqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958913000000040000) [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=proxy2-pr-prqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958913000000040000) not sent - empty [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56958913000000040000 [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid c1515986-58bf11e5-b1f1cd78-f19552bb, CSN 56958913000000040000): [12/Jan/2016:23:11:26 +0000] agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - load=1 rec=4 csn=56958913000300040000 [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=proxy2-pr-prqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958913000300040000) [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=proxy2-pr-prqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958913000300040000) not sent - empty [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56958913000300040000 [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid c1515986-58bf11e5-b1f1cd78-f19552bb, CSN 56958913000300040000): [12/Jan/2016:23:11:26 +0000] agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - load=1 rec=5 csn=56958916000000040000 [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958916000000040000) [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958916000000040000) not sent - empty [12/Jan/2016:23:11:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56958916000000040000 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid ff855529-240611e5-a0c7cd78-f19552bb, CSN 56958916000000040000): [12/Jan/2016:23:11:27 +0000] agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - load=1 rec=6 csn=56958916000400040000 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958916000400040000) [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958916000400040000) not sent - empty [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56958916000400040000 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid ff855529-240611e5-a0c7cd78-f19552bb, CSN 56958916000400040000): [12/Jan/2016:23:11:27 +0000] agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - clcache_load_buffer: rc=-30988 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): No more updates to send (cl5GetNextOperationToReplay) [12/Jan/2016:23:11:27 +0000] - repl5_inc_waitfor_async_results: 0 0 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): Beginning linger on the connection [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): State: sending_updates -> wait_for_changes [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): State: wait_for_changes -> ready_to_acquire_replica [12/Jan/2016:23:11:27 +0000] - acquire_replica, supplier RUV: [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - supplier: {replicageneration} 553fe9bb000000040000 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - supplier: {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 56958916000400040000 5695881e [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - supplier: {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 56947ab7000200050000 56947a54 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - supplier: {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56949070000b00030000 56948f81 [12/Jan/2016:23:11:27 +0000] - acquire_replica, consumer RUV: [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - consumer: {replicageneration} 553fe9bb000000040000 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - consumer: {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 56958916000000040000 5695881e [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - consumer: {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56949070000b00030000 56948f81 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - consumer: {replica 5} 56921205000100050000 56947ab7000200050000 56947a54 [12/Jan/2016:23:11:27 +0000] - acquire_replica, supplier RUV is newer [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): Cancelling linger on the connection [12/Jan/2016:23:11:27 +0000] - _csngen_adjust_local_time: gen state before 569589160005:1452640286:0:248 [12/Jan/2016:23:11:27 +0000] - _csngen_adjust_local_time: gen state after 569589170000:1452640287:0:248 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - windows sync - windows_acquire_replica returned success (101) [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): State: ready_to_acquire_replica -> sending_updates [12/Jan/2016:23:11:27 +0000] - csngen_adjust_time: gen state before 569589170001:1452640287:0:248 [12/Jan/2016:23:11:27 +0000] - repl5_inc_result_threadmain starting [12/Jan/2016:23:11:27 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [12/Jan/2016:23:11:27 +0000] - repl5_inc_result_threadmain exiting [12/Jan/2016:23:11:27 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - session end: state=5 load=1 sent=5 skipped=0 skipped_new_rid=0 skipped_csn_gt_cons_maxcsn=0 skipped_up_to_date=0 skipped_csn_gt_ruv=0 skipped_csn_covered=0 [12/Jan/2016:23:11:27 +0000] - repl5_inc_result_threadmain exiting [12/Jan/2016:23:11:27 +0000] agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - session end: state=5 load=1 sent=6 skipped=0 skipped_new_rid=0 skipped_csn_gt_cons_maxcsn=0 skipped_up_to_date=0 skipped_csn_gt_ruv=0 skipped_csn_covered=0 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Successfully released consumer [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: sending_updates -> wait_for_changes [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: wait_for_changes -> ready_to_acquire_replica [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-mydomain-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [12/Jan/2016:23:11:27 +0000] - _cl5PositionCursorForReplay (agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389)): Consumer RUV: [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): {replicageneration} 553fe9bb000000040000 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 56958916000000040000 5695881e [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56949070000b00030000 56948f81 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): {replica 5} 56921205000100050000 56947ab7000200050000 56947a54 [12/Jan/2016:23:11:27 +0000] - _cl5PositionCursorForReplay (agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389)): Supplier RUV: [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): {replicageneration} 553fe9bb000000040000 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 56958916000400040000 5695881e [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 56947ab7000200050000 56947a54 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56949070000b00030000 56948f81 [12/Jan/2016:23:11:27 +0000] agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389) - clcache_get_buffer: found thread private buffer cache 7fc71407c6e0 [12/Jan/2016:23:11:27 +0000] agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389) - clcache_get_buffer: _pool is 7fc74461e350 _pool->pl_busy_lists is 7fc71406c630 _pool->pl_busy_lists->bl_buffers is 7fc6f5181410 [12/Jan/2016:23:11:27 +0000] agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389) - session start: anchorcsn=56958916000000040000 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - changelog program - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): CSN 56958916000000040000 found, position set for replay [12/Jan/2016:23:11:27 +0000] agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389) - load=1 rec=1 csn=56958916000400040000 [12/Jan/2016:23:11:27 +0000] agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389) - clcache_load_buffer: rc=-30988 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): No more updates to send (cl5GetNextOperationToReplay) [12/Jan/2016:23:11:27 +0000] agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389) - session end: state=5 load=1 sent=1 skipped=0 skipped_new_rid=0 skipped_csn_gt_cons_maxcsn=0 skipped_up_to_date=0 skipped_csn_gt_ruv=0 skipped_csn_covered=0 [12/Jan/2016:23:11:27 +0000] - Calling dirsync search request plugin [12/Jan/2016:23:11:27 +0000] - Sending dirsync search request [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Successfully released consumer [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: sending_updates -> wait_for_changes [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: wait_for_changes -> ready_to_acquire_replica [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replica was successfully acquired. [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: ready_to_acquire_replica -> sending_updates [12/Jan/2016:23:11:27 +0000] - csngen_adjust_time: gen state before 569589170003:1452640287:0:248 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-mydomain-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [12/Jan/2016:23:11:27 +0000] - _cl5PositionCursorForReplay (agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389)): Consumer RUV: [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replicageneration} 553fe9bb000000040000 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 56958916000300050000 00000000 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569588f4000100040000 00000000 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56949070000b00030000 00000000 [12/Jan/2016:23:11:27 +0000] - _cl5PositionCursorForReplay (agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389)): Supplier RUV: [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replicageneration} 553fe9bb000000040000 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 56958916000400040000 5695881e [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 56947ab7000200050000 56947a54 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56949070000b00030000 56948f81 [12/Jan/2016:23:11:27 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - clcache_get_buffer: found thread private buffer cache 7fc6f5181410 [12/Jan/2016:23:11:27 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - clcache_get_buffer: _pool is 7fc74461e350 _pool->pl_busy_lists is 7fc71406c630 _pool->pl_busy_lists->bl_buffers is 7fc6f5181410 [12/Jan/2016:23:11:27 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - session start: anchorcsn=569588f4000100040000 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - changelog program - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): CSN 569588f4000100040000 found, position set for replay [12/Jan/2016:23:11:27 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=1 csn=56958906000000040000 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=mole2-mh-interopsnap1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958906000000040000) [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=mole2-mh-interopsnap1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958906000000040000) not sent - empty [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56958906000000040000 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 5a395106-b42a11e5-b6d1a094-64a60b74, CSN 56958906000000040000): [12/Jan/2016:23:11:27 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=2 csn=56958906000400040000 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=mole2-mh-interopsnap1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958906000400040000) [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=mole2-mh-interopsnap1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958906000400040000) not sent - empty [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56958906000400040000 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 5a395106-b42a11e5-b6d1a094-64a60b74, CSN 56958906000400040000): [12/Jan/2016:23:11:27 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=3 csn=56958913000000040000 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=proxy2-pr-prqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958913000000040000) [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=proxy2-pr-prqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958913000000040000) not sent - empty [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56958913000000040000 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid c1515986-58bf11e5-b1f1cd78-f19552bb, CSN 56958913000000040000): [12/Jan/2016:23:11:27 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=4 csn=56958913000300040000 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=proxy2-pr-prqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958913000300040000) [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=proxy2-pr-prqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958913000300040000) not sent - empty [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56958913000300040000 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid c1515986-58bf11e5-b1f1cd78-f19552bb, CSN 56958913000300040000): [12/Jan/2016:23:11:27 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=5 csn=56958916000000040000 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958916000000040000) [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958916000000040000) not sent - empty [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56958916000000040000 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid ff855529-240611e5-a0c7cd78-f19552bb, CSN 56958916000000040000): [12/Jan/2016:23:11:27 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=6 csn=56958916000400040000 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958916000400040000) [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958916000400040000) not sent - empty [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56958916000400040000 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid ff855529-240611e5-a0c7cd78-f19552bb, CSN 56958916000400040000): [12/Jan/2016:23:11:27 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - clcache_load_buffer: rc=-30988 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): No more updates to send (cl5GetNextOperationToReplay) [12/Jan/2016:23:11:27 +0000] - repl5_inc_waitfor_async_results: 0 0 [12/Jan/2016:23:11:27 +0000] - repl5_inc_result_threadmain starting [12/Jan/2016:23:11:27 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replica was successfully acquired. [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: ready_to_acquire_replica -> sending_updates [12/Jan/2016:23:11:27 +0000] - csngen_adjust_time: gen state before 569589170003:1452640287:0:248 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-mydomain-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [12/Jan/2016:23:11:27 +0000] - _cl5PositionCursorForReplay (agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389)): Consumer RUV: [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): {replicageneration} 553fe9bb000000040000 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56958913000700030000 00000000 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569588f4000100040000 00000000 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 56947ab7000200050000 00000000 [12/Jan/2016:23:11:27 +0000] - _cl5PositionCursorForReplay (agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389)): Supplier RUV: [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): {replicageneration} 553fe9bb000000040000 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 56958916000400040000 5695881e [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 56947ab7000200050000 56947a54 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56949070000b00030000 56948f81 [12/Jan/2016:23:11:27 +0000] agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - clcache_get_buffer: found thread private buffer cache 7fc71c004480 [12/Jan/2016:23:11:27 +0000] agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - clcache_get_buffer: _pool is 7fc74461e350 _pool->pl_busy_lists is 7fc71406c630 _pool->pl_busy_lists->bl_buffers is 7fc6f5181410 [12/Jan/2016:23:11:27 +0000] agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - session start: anchorcsn=569588f4000100040000 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - changelog program - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): CSN 569588f4000100040000 found, position set for replay [12/Jan/2016:23:11:27 +0000] agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - load=1 rec=1 csn=56958906000000040000 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=mole2-mh-interopsnap1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958906000000040000) [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=mole2-mh-interopsnap1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958906000000040000) not sent - empty [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56958906000000040000 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 5a395106-b42a11e5-b6d1a094-64a60b74, CSN 56958906000000040000): [12/Jan/2016:23:11:27 +0000] agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - load=1 rec=2 csn=56958906000400040000 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=mole2-mh-interopsnap1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958906000400040000) [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=mole2-mh-interopsnap1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958906000400040000) not sent - empty [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56958906000400040000 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 5a395106-b42a11e5-b6d1a094-64a60b74, CSN 56958906000400040000): [12/Jan/2016:23:11:27 +0000] agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - load=1 rec=3 csn=56958913000000040000 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=proxy2-pr-prqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958913000000040000) [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=proxy2-pr-prqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958913000000040000) not sent - empty [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56958913000000040000 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid c1515986-58bf11e5-b1f1cd78-f19552bb, CSN 56958913000000040000): [12/Jan/2016:23:11:27 +0000] agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - load=1 rec=4 csn=56958913000300040000 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=proxy2-pr-prqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958913000300040000) [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=proxy2-pr-prqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958913000300040000) not sent - empty [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56958913000300040000 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid c1515986-58bf11e5-b1f1cd78-f19552bb, CSN 56958913000300040000): [12/Jan/2016:23:11:27 +0000] agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - load=1 rec=5 csn=56958916000000040000 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958916000000040000) [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958916000000040000) not sent - empty [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56958916000000040000 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid ff855529-240611e5-a0c7cd78-f19552bb, CSN 56958916000000040000): [12/Jan/2016:23:11:27 +0000] agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - load=1 rec=6 csn=56958916000400040000 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958916000400040000) [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958916000400040000) not sent - empty [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56958916000400040000 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid ff855529-240611e5-a0c7cd78-f19552bb, CSN 56958916000400040000): [12/Jan/2016:23:11:27 +0000] agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - clcache_load_buffer: rc=-30988 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): No more updates to send (cl5GetNextOperationToReplay) [12/Jan/2016:23:11:27 +0000] - repl5_inc_waitfor_async_results: 0 0 [12/Jan/2016:23:11:27 +0000] - repl5_inc_result_threadmain starting [12/Jan/2016:23:11:27 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): Beginning linger on the connection [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.office.myotherdomain.net" (officedc2:389): State: sending_updates -> wait_for_changes [12/Jan/2016:23:11:27 +0000] - repl5_inc_result_threadmain exiting [12/Jan/2016:23:11:27 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - session end: state=5 load=1 sent=6 skipped=0 skipped_new_rid=0 skipped_csn_gt_cons_maxcsn=0 skipped_up_to_date=0 skipped_csn_gt_ruv=0 skipped_csn_covered=0 [12/Jan/2016:23:11:27 +0000] - repl5_inc_result_threadmain exiting [12/Jan/2016:23:11:27 +0000] agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - session end: state=5 load=1 sent=6 skipped=0 skipped_new_rid=0 skipped_csn_gt_cons_maxcsn=0 skipped_up_to_date=0 skipped_csn_gt_ruv=0 skipped_csn_covered=0 [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Successfully released consumer [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: sending_updates -> wait_for_changes [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Successfully released consumer [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: sending_updates -> wait_for_changes [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 56957536000200050000 into pending list [12/Jan/2016:23:11:27 +0000] NSMMReplicationPlugin - conn=5219 op=121518 csn=56957536000200050000 process postop: canceling operation csn ^C [root at dc1-ipa-dev-van slapd-mydomain-NET]# From mareynol at redhat.com Wed Jan 13 01:55:38 2016 From: mareynol at redhat.com (Mark Reynolds) Date: Tue, 12 Jan 2016 20:55:38 -0500 Subject: [Freeipa-users] Replication failing on FreeIPA 4.2.0 plus ldapmodify freezes up In-Reply-To: References: <5695876C.4080600@redhat.com> Message-ID: <5695AE9A.2080100@redhat.com> On 01/12/2016 06:16 PM, Nathan Peters wrote: > [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=mole2-mh-interopsnap1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958906000000040000) > [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=mole2-mh-interopsnap1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958906000000040000)*not sent - empty* > [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56958906000000040000 > [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 5a395106-b42a11e5-b6d1a094-64a60b74, CSN 56958906000000040000): There is a series of updates like above that all have empty modifications (modifications that have been striped and are now empty) so it never sends those "empty" updates. Replication then keeps trying to send this same series of operations over and over. But it's not finding any updates in the changelog that are not stripped. So, can you make an update to entry (change a password, add a description attribute, whatever) and see what the logging shows and if that update replicates? Grep for "agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" and check the timestamps. I'm also only seeing issues when updates going to "dc1-ipa-dev-nvan:389", other replication agreements seem fine and accept the updates. Can any of the other replicas update dc1? Also, you can ignore: [12/Jan/2016:04:20:23 +0000] NSMMReplicationPlugin - replication keep alive entry already exists These messages were not supposed to be logged by default. Mark -------------- next part -------------- An HTML attachment was scrubbed... URL: From Nathan.Peters at globalrelay.net Wed Jan 13 04:19:26 2016 From: Nathan.Peters at globalrelay.net (Nathan Peters) Date: Wed, 13 Jan 2016 04:19:26 +0000 Subject: [Freeipa-users] Replication failing on FreeIPA 4.2.0 plus ldapmodify freezes up In-Reply-To: <5695AE9A.2080100@redhat.com> References: <5695876C.4080600@redhat.com> <5695AE9A.2080100@redhat.com> Message-ID: These are the replication agreements: -dc1-van (master) replicates to dc1-nvan -dc1-van (master) replicates to dc2-nvan I do not have an agreement between the 2 other servers at this time so updates from dc1-nvan should go through dc1-van to reach dc2-nvan I did the following test: On each of the 3 domain controllers, create a test host named after itself. After replication, the following hosts existed on the following servers: Dc1-van had entries for testhostdc1van and testhostdc2nvan Dc1-nvan had entries for testhostdc1van, testhostdc1nvan, and testhostdc2nvan Dc2-nvan had entries for testhostdc1van and testhostdc2nvan So replication is working both ways between dc2-nvan and dc1-van Replication is only working one way from dc1-van to dc1-nvan My guess is that a new CSN ending in 3000 was successfully added for the update, but still the same thing is happening and causing it to be ignored ? Is this related to https://fedorahosted.org/389/ticket/48225 ? The description sounds similar. If so, is there a workaround? Logs from both servers (dc1-van and dc1-nvan) during the update Here are the logs from dc1-nvan during the update : -------- [root at dc1-ipa-dev-nvan slapd-mydomain.net]# tail -f errors [13/Jan/2016:04:05:42 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:04:05:42 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:04:05:42 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 5695ce07000800030000 [13/Jan/2016:04:05:42 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:04:05:42 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5695ce07000900030000 into pending list [13/Jan/2016:04:05:42 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=jira-sandbox-atdev-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568c9387000800030000 [13/Jan/2016:04:05:42 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:04:05:42 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:04:05:42 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 5695ce07000900030000 [13/Jan/2016:04:05:42 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:04:05:51 +0000] NSMMReplicationPlugin - conn=11 op=13960 Acquired consumer connection extension [13/Jan/2016:04:05:51 +0000] NSMMReplicationPlugin - conn=11 op=13960 repl="dc=mydomain,dc=net": Begin incremental protocol [13/Jan/2016:04:05:51 +0000] - csngen_adjust_time: gen state before 5695ce07000a:1452657942:115:126 [13/Jan/2016:04:05:51 +0000] - _csngen_adjust_local_time: gen state before 5695ce07000a:1452657942:115:126 [13/Jan/2016:04:05:51 +0000] - _csngen_adjust_local_time: gen state after 5695ce07000a:1452657951:106:126 [13/Jan/2016:04:05:51 +0000] - csngen_adjust_time: gen state after 5695ce180003:1452657951:123:126 [13/Jan/2016:04:05:51 +0000] NSMMReplicationPlugin - conn=11 op=13960 repl="dc=mydomain,dc=net": Acquired replica [13/Jan/2016:04:05:51 +0000] NSMMReplicationPlugin - conn=11 op=13960 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=0 rc=0 [13/Jan/2016:04:05:51 +0000] NSMMReplicationPlugin - conn=11 op=13960 Relinquishing consumer connection extension [13/Jan/2016:04:05:52 +0000] NSMMReplicationPlugin - conn=11 op=13961 Acquired consumer connection extension [13/Jan/2016:04:05:52 +0000] NSMMReplicationPlugin - conn=11 op=13961 repl="dc=mydomain,dc=net": Released replica held by locking_purl=conn=11 id=13960 [13/Jan/2016:04:05:52 +0000] NSMMReplicationPlugin - conn=11 op=13961 Relinquishing consumer connection extension [13/Jan/2016:04:05:58 +0000] - _csngen_adjust_local_time: gen state before 5695ce180003:1452657951:123:126 [13/Jan/2016:04:05:58 +0000] - _csngen_adjust_local_time: gen state after 5695ce180003:1452657958:116:126 [13/Jan/2016:04:05:58 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5695ce18000300030000 into pending list [13/Jan/2016:04:05:58 +0000] NSMMReplicationPlugin - Purged state information from entry uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net up to CSN 568c9387000900030000 [13/Jan/2016:04:05:58 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:04:05:58 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:04:05:58 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 5695ce18000300030000 [13/Jan/2016:04:05:58 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:04:05:58 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5695ce18000400030000 into pending list [13/Jan/2016:04:05:58 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=testhostdc1nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568c9398000300030000 [13/Jan/2016:04:05:58 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:04:05:58 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:04:05:58 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 5695ce18000400030000 [13/Jan/2016:04:05:58 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:04:05:58 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5695ce18000500030000 into pending list [13/Jan/2016:04:05:58 +0000] NSMMReplicationPlugin - Purged state information from entry uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net up to CSN 568c9398000400030000 [13/Jan/2016:04:05:58 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:04:05:58 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:04:05:58 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 5695ce18000500030000 [13/Jan/2016:04:05:58 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:04:05:58 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5695ce18000600030000 into pending list [13/Jan/2016:04:05:58 +0000] NSMMReplicationPlugin - Purged state information from entry uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net up to CSN 568c9398000500030000 [13/Jan/2016:04:05:58 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:04:05:58 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:04:05:58 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 5695ce18000600030000 [13/Jan/2016:04:05:58 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:04:06:00 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:04:06:00 +0000] NSMMReplicationPlugin - changelog program - cl5GetOperationCount: found DB object 7f612a11c890 [13/Jan/2016:04:06:00 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:04:06:00 +0000] NSMMReplicationPlugin - changelog program - cl5GetOperationCount: found DB object 7f612a11c890 [13/Jan/2016:04:06:04 +0000] NSMMReplicationPlugin - conn=11 op=13962 Acquired consumer connection extension [13/Jan/2016:04:06:04 +0000] NSMMReplicationPlugin - conn=11 op=13962 repl="dc=mydomain,dc=net": Begin incremental protocol [13/Jan/2016:04:06:04 +0000] - csngen_adjust_time: gen state before 5695ce180007:1452657958:116:126 [13/Jan/2016:04:06:04 +0000] - _csngen_adjust_local_time: gen state before 5695ce180007:1452657958:116:126 [13/Jan/2016:04:06:04 +0000] - _csngen_adjust_local_time: gen state after 5695ce180007:1452657964:110:126 [13/Jan/2016:04:06:04 +0000] - csngen_adjust_time: gen state after 5695ce250004:1452657964:123:126 [13/Jan/2016:04:06:04 +0000] NSMMReplicationPlugin - conn=11 op=13962 repl="dc=mydomain,dc=net": Acquired replica [13/Jan/2016:04:06:04 +0000] NSMMReplicationPlugin - conn=11 op=13962 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=0 rc=0 [13/Jan/2016:04:06:04 +0000] NSMMReplicationPlugin - conn=11 op=13962 Relinquishing consumer connection extension [13/Jan/2016:04:06:05 +0000] - _csngen_adjust_local_time: gen state before 5695ce250004:1452657964:123:126 [13/Jan/2016:04:06:05 +0000] - _csngen_adjust_local_time: gen state after 5695ce250004:1452657965:122:126 [13/Jan/2016:04:06:05 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5695ce25000400030000 into pending list [13/Jan/2016:04:06:05 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=fe1-sin-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568c9398000600030000 [13/Jan/2016:04:06:05 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:04:06:05 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:04:06:05 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 5695ce25000400030000 [13/Jan/2016:04:06:05 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:04:06:05 +0000] NSMMReplicationPlugin - conn=11 op=13963 Acquired consumer connection extension [13/Jan/2016:04:06:05 +0000] NSMMReplicationPlugin - conn=11 op=13963 repl="dc=mydomain,dc=net": Released replica held by locking_purl=conn=11 id=13962 [13/Jan/2016:04:06:05 +0000] NSMMReplicationPlugin - conn=11 op=13963 Relinquishing consumer connection extension [13/Jan/2016:04:06:05 +0000] NSMMReplicationPlugin - conn=11 op=13964 Acquired consumer connection extension [13/Jan/2016:04:06:05 +0000] NSMMReplicationPlugin - conn=11 op=13964 repl="dc=mydomain,dc=net": Begin incremental protocol [13/Jan/2016:04:06:05 +0000] - csngen_adjust_time: gen state before 5695ce250005:1452657965:122:126 [13/Jan/2016:04:06:05 +0000] - csngen_adjust_time: gen state after 5695ce270003:1452657965:124:126 [13/Jan/2016:04:06:05 +0000] NSMMReplicationPlugin - conn=11 op=13964 repl="dc=mydomain,dc=net": Acquired replica [13/Jan/2016:04:06:05 +0000] NSMMReplicationPlugin - conn=11 op=13964 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=0 rc=0 [13/Jan/2016:04:06:05 +0000] NSMMReplicationPlugin - conn=11 op=13964 Relinquishing consumer connection extension [13/Jan/2016:04:06:06 +0000] NSMMReplicationPlugin - conn=11 op=13965 Acquired consumer connection extension [13/Jan/2016:04:06:06 +0000] NSMMReplicationPlugin - conn=11 op=13965 repl="dc=mydomain,dc=net": Released replica held by locking_purl=conn=11 id=13964 [13/Jan/2016:04:06:06 +0000] NSMMReplicationPlugin - conn=11 op=13965 Relinquishing consumer connection extension [13/Jan/2016:04:06:07 +0000] - _csngen_adjust_local_time: gen state before 5695ce270003:1452657965:124:126 [13/Jan/2016:04:06:07 +0000] - _csngen_adjust_local_time: gen state after 5695ce270003:1452657967:122:126 [13/Jan/2016:04:06:07 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5695ce27000300030000 into pending list [13/Jan/2016:04:06:07 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=mvl1-sal-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568c93a5000400030000 [13/Jan/2016:04:06:07 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:04:06:07 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:04:06:07 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 5695ce27000300030000 [13/Jan/2016:04:06:07 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:04:06:07 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5695ce27000400030000 into pending list [13/Jan/2016:04:06:07 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=mvl1-sal-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568c93a7000300030000 [13/Jan/2016:04:06:07 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:04:06:07 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:04:06:07 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 5695ce27000400030000 [13/Jan/2016:04:06:07 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:04:06:08 +0000] - _csngen_adjust_local_time: gen state before 5695ce270005:1452657967:122:126 [13/Jan/2016:04:06:08 +0000] - _csngen_adjust_local_time: gen state after 5695ce270005:1452657968:121:126 [13/Jan/2016:04:06:08 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5695ce27000500030000 into pending list [13/Jan/2016:04:06:08 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=fe1-sin-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568c93a7000400030000 [13/Jan/2016:04:06:08 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:04:06:08 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:04:06:08 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 5695ce27000500030000 [13/Jan/2016:04:06:08 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:04:06:09 +0000] - _csngen_adjust_local_time: gen state before 5695ce270006:1452657968:121:126 [13/Jan/2016:04:06:09 +0000] - _csngen_adjust_local_time: gen state after 5695ce270006:1452657969:120:126 [13/Jan/2016:04:06:09 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5695ce27000600030000 into pending list [13/Jan/2016:04:06:09 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=hadoopjt1-mc-liqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568c93a7000500030000 [13/Jan/2016:04:06:09 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:04:06:09 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:04:06:09 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 5695ce27000600030000 [13/Jan/2016:04:06:09 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:04:06:09 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5695ce27000700030000 into pending list [13/Jan/2016:04:06:09 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=hadoopjt1-mc-liqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568c93a7000600030000 [13/Jan/2016:04:06:09 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:04:06:09 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:04:06:09 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 5695ce27000700030000 [13/Jan/2016:04:06:09 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:04:06:14 +0000] NSMMReplicationPlugin - conn=11 op=13966 Acquired consumer connection extension [13/Jan/2016:04:06:14 +0000] NSMMReplicationPlugin - conn=11 op=13966 repl="dc=mydomain,dc=net": Begin incremental protocol [13/Jan/2016:04:06:14 +0000] - csngen_adjust_time: gen state before 5695ce270008:1452657969:120:126 [13/Jan/2016:04:06:14 +0000] - _csngen_adjust_local_time: gen state before 5695ce270008:1452657969:120:126 [13/Jan/2016:04:06:14 +0000] - _csngen_adjust_local_time: gen state after 5695ce270008:1452657974:115:126 [13/Jan/2016:04:06:14 +0000] - csngen_adjust_time: gen state after 5695ce2e0004:1452657974:122:126 [13/Jan/2016:04:06:14 +0000] NSMMReplicationPlugin - conn=11 op=13966 repl="dc=mydomain,dc=net": Acquired replica [13/Jan/2016:04:06:14 +0000] NSMMReplicationPlugin - conn=11 op=13966 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=0 rc=0 [13/Jan/2016:04:06:14 +0000] NSMMReplicationPlugin - conn=11 op=13966 Relinquishing consumer connection extension [13/Jan/2016:04:06:15 +0000] - _csngen_adjust_local_time: gen state before 5695ce2e0004:1452657974:122:126 [13/Jan/2016:04:06:15 +0000] - _csngen_adjust_local_time: gen state after 5695ce2e0004:1452657975:121:126 [13/Jan/2016:04:06:15 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5695ce2e000400030000 into pending list [13/Jan/2016:04:06:15 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=hadoopnn1-mc-liqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568c93a7000700030000 [13/Jan/2016:04:06:15 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:04:06:15 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:04:06:15 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 5695ce2e000400030000 [13/Jan/2016:04:06:15 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:04:06:15 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5695ce2e000500030000 into pending list [13/Jan/2016:04:06:15 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=hadoopnn1-mc-liqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568c93ae000400030000 [13/Jan/2016:04:06:15 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:04:06:15 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:04:06:15 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 5695ce2e000500030000 [13/Jan/2016:04:06:15 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:04:06:15 +0000] NSMMReplicationPlugin - conn=11 op=13967 Acquired consumer connection extension [13/Jan/2016:04:06:15 +0000] NSMMReplicationPlugin - conn=11 op=13967 repl="dc=mydomain,dc=net": Released replica held by locking_purl=conn=11 id=13966 [13/Jan/2016:04:06:15 +0000] NSMMReplicationPlugin - conn=11 op=13967 Relinquishing consumer connection extension [13/Jan/2016:04:06:15 +0000] NSMMReplicationPlugin - conn=11 op=13968 Acquired consumer connection extension [13/Jan/2016:04:06:15 +0000] NSMMReplicationPlugin - conn=11 op=13968 repl="dc=mydomain,dc=net": Begin incremental protocol [13/Jan/2016:04:06:15 +0000] - csngen_adjust_time: gen state before 5695ce2e0006:1452657975:121:126 [13/Jan/2016:04:06:15 +0000] - csngen_adjust_time: gen state after 5695ce300002:1452657975:123:126 [13/Jan/2016:04:06:15 +0000] NSMMReplicationPlugin - conn=11 op=13968 repl="dc=mydomain,dc=net": Acquired replica [13/Jan/2016:04:06:15 +0000] NSMMReplicationPlugin - conn=11 op=13968 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=0 rc=0 [13/Jan/2016:04:06:15 +0000] NSMMReplicationPlugin - conn=11 op=13968 Relinquishing consumer connection extension [13/Jan/2016:04:06:16 +0000] NSMMReplicationPlugin - conn=11 op=13969 Acquired consumer connection extension [13/Jan/2016:04:06:16 +0000] NSMMReplicationPlugin - conn=11 op=13969 repl="dc=mydomain,dc=net": Released replica held by locking_purl=conn=11 id=13968 [13/Jan/2016:04:06:16 +0000] NSMMReplicationPlugin - conn=11 op=13969 Relinquishing consumer connection extension [13/Jan/2016:04:06:17 +0000] - _csngen_adjust_local_time: gen state before 5695ce300002:1452657975:123:126 [13/Jan/2016:04:06:17 +0000] - _csngen_adjust_local_time: gen state after 5695ce300002:1452657977:121:126 [13/Jan/2016:04:06:17 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5695ce30000200030000 into pending list [13/Jan/2016:04:06:17 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=hadoophbase1-mc-liqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568c93ae000500030000 [13/Jan/2016:04:06:17 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:04:06:17 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:04:06:17 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 5695ce30000200030000 [13/Jan/2016:04:06:17 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:04:06:17 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5695ce30000300030000 into pending list [13/Jan/2016:04:06:17 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=hadoophbase1-mc-liqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568c93b0000200030000 [13/Jan/2016:04:06:17 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:04:06:17 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:04:06:17 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 5695ce30000300030000 [13/Jan/2016:04:06:17 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:04:06:20 +0000] NSMMReplicationPlugin - conn=11 op=13970 Acquired consumer connection extension [13/Jan/2016:04:06:20 +0000] NSMMReplicationPlugin - conn=11 op=13970 repl="dc=mydomain,dc=net": Begin incremental protocol [13/Jan/2016:04:06:20 +0000] - csngen_adjust_time: gen state before 5695ce300004:1452657977:121:126 [13/Jan/2016:04:06:20 +0000] - _csngen_adjust_local_time: gen state before 5695ce300004:1452657977:121:126 [13/Jan/2016:04:06:20 +0000] - _csngen_adjust_local_time: gen state after 5695ce300004:1452657980:118:126 [13/Jan/2016:04:06:20 +0000] - csngen_adjust_time: gen state after 5695ce350002:1452657980:123:126 [13/Jan/2016:04:06:20 +0000] NSMMReplicationPlugin - conn=11 op=13970 repl="dc=mydomain,dc=net": Acquired replica [13/Jan/2016:04:06:20 +0000] NSMMReplicationPlugin - conn=11 op=13970 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=0 rc=0 [13/Jan/2016:04:06:20 +0000] NSMMReplicationPlugin - conn=11 op=13970 Relinquishing consumer connection extension [13/Jan/2016:04:06:20 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5695ce35000200030000 into pending list [13/Jan/2016:04:06:20 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=buffer3-arch-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568c93b0000300030000 [13/Jan/2016:04:06:20 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:04:06:20 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:04:06:20 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 5695ce35000200030000 [13/Jan/2016:04:06:20 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:04:06:21 +0000] - _csngen_adjust_local_time: gen state before 5695ce350003:1452657980:123:126 [13/Jan/2016:04:06:21 +0000] - _csngen_adjust_local_time: gen state after 5695ce350003:1452657981:122:126 [13/Jan/2016:04:06:21 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5695ce35000300030000 into pending list [13/Jan/2016:04:06:21 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=buffer3-arch-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568c93b5000200030000 [13/Jan/2016:04:06:21 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:04:06:21 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:04:06:21 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 5695ce35000300030000 [13/Jan/2016:04:06:21 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:04:06:21 +0000] NSMMReplicationPlugin - conn=11 op=13971 Acquired consumer connection extension [13/Jan/2016:04:06:21 +0000] NSMMReplicationPlugin - conn=11 op=13971 repl="dc=mydomain,dc=net": Released replica held by locking_purl=conn=11 id=13970 [13/Jan/2016:04:06:21 +0000] NSMMReplicationPlugin - conn=11 op=13971 Relinquishing consumer connection extension [13/Jan/2016:04:06:21 +0000] NSMMReplicationPlugin - conn=11 op=13972 Acquired consumer connection extension [13/Jan/2016:04:06:21 +0000] NSMMReplicationPlugin - conn=11 op=13972 repl="dc=mydomain,dc=net": Begin incremental protocol [13/Jan/2016:04:06:21 +0000] - csngen_adjust_time: gen state before 5695ce350004:1452657981:122:126 [13/Jan/2016:04:06:21 +0000] - csngen_adjust_time: gen state after 5695ce350007:1452657981:122:126 [13/Jan/2016:04:06:21 +0000] NSMMReplicationPlugin - conn=11 op=13972 repl="dc=mydomain,dc=net": Acquired replica [13/Jan/2016:04:06:21 +0000] NSMMReplicationPlugin - conn=11 op=13972 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=0 rc=0 [13/Jan/2016:04:06:21 +0000] NSMMReplicationPlugin - conn=11 op=13972 Relinquishing consumer connection extension [13/Jan/2016:04:06:22 +0000] NSMMReplicationPlugin - conn=11 op=13973 Acquired consumer connection extension [13/Jan/2016:04:06:22 +0000] NSMMReplicationPlugin - conn=11 op=13973 repl="dc=mydomain,dc=net": Released replica held by locking_purl=conn=11 id=13972 [13/Jan/2016:04:06:22 +0000] NSMMReplicationPlugin - conn=11 op=13973 Relinquishing consumer connection extension [13/Jan/2016:04:06:24 +0000] NSMMReplicationPlugin - conn=11 op=13974 Acquired consumer connection extension [13/Jan/2016:04:06:24 +0000] NSMMReplicationPlugin - conn=11 op=13974 repl="dc=mydomain,dc=net": Begin incremental protocol [13/Jan/2016:04:06:24 +0000] - csngen_adjust_time: gen state before 5695ce350007:1452657981:122:126 [13/Jan/2016:04:06:24 +0000] - _csngen_adjust_local_time: gen state before 5695ce350007:1452657981:122:126 [13/Jan/2016:04:06:24 +0000] - _csngen_adjust_local_time: gen state after 5695ce350007:1452657984:119:126 [13/Jan/2016:04:06:24 +0000] - csngen_adjust_time: gen state after 5695ce3b0002:1452657984:125:126 [13/Jan/2016:04:06:24 +0000] NSMMReplicationPlugin - conn=11 op=13974 repl="dc=mydomain,dc=net": Acquired replica [13/Jan/2016:04:06:24 +0000] NSMMReplicationPlugin - conn=11 op=13974 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=0 rc=0 [13/Jan/2016:04:06:24 +0000] NSMMReplicationPlugin - conn=11 op=13974 Relinquishing consumer connection extension [13/Jan/2016:04:06:25 +0000] - _csngen_adjust_local_time: gen state before 5695ce3b0002:1452657984:125:126 [13/Jan/2016:04:06:25 +0000] - _csngen_adjust_local_time: gen state after 5695ce3b0002:1452657985:124:126 [13/Jan/2016:04:06:25 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5695ce3b000200030000 into pending list [13/Jan/2016:04:06:25 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=fe1-gas-smqa2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568c93b5000300030000 [13/Jan/2016:04:06:25 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:04:06:25 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:04:06:25 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 5695ce3b000200030000 [13/Jan/2016:04:06:25 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:04:06:25 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5695ce3b000300030000 into pending list [13/Jan/2016:04:06:25 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=fe1-gas-smqa2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568c93bb000200030000 [13/Jan/2016:04:06:25 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:04:06:25 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:04:06:25 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 5695ce3b000300030000 [13/Jan/2016:04:06:25 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:04:06:26 +0000] NSMMReplicationPlugin - conn=11 op=13975 Acquired consumer connection extension [13/Jan/2016:04:06:26 +0000] NSMMReplicationPlugin - conn=11 op=13975 repl="dc=mydomain,dc=net": Released replica held by locking_purl=conn=11 id=13974 [13/Jan/2016:04:06:26 +0000] NSMMReplicationPlugin - conn=11 op=13975 Relinquishing consumer connection extension [13/Jan/2016:04:06:26 +0000] NSMMReplicationPlugin - conn=11 op=13976 Acquired consumer connection extension [13/Jan/2016:04:06:26 +0000] NSMMReplicationPlugin - conn=11 op=13976 repl="dc=mydomain,dc=net": Begin incremental protocol [13/Jan/2016:04:06:26 +0000] - csngen_adjust_time: gen state before 5695ce3b0004:1452657985:124:126 [13/Jan/2016:04:06:26 +0000] - _csngen_adjust_local_time: gen state before 5695ce3b0004:1452657985:124:126 [13/Jan/2016:04:06:26 +0000] - _csngen_adjust_local_time: gen state after 5695ce3b0004:1452657986:123:126 [13/Jan/2016:04:06:26 +0000] - csngen_adjust_time: gen state after 5695ce3b0009:1452657986:123:126 [13/Jan/2016:04:06:26 +0000] NSMMReplicationPlugin - conn=11 op=13976 repl="dc=mydomain,dc=net": Acquired replica [13/Jan/2016:04:06:26 +0000] NSMMReplicationPlugin - conn=11 op=13976 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=0 rc=0 [13/Jan/2016:04:06:26 +0000] NSMMReplicationPlugin - conn=11 op=13976 Relinquishing consumer connection extension [13/Jan/2016:04:06:27 +0000] NSMMReplicationPlugin - conn=11 op=13977 Acquired consumer connection extension [13/Jan/2016:04:06:27 +0000] NSMMReplicationPlugin - conn=11 op=13977 repl="dc=mydomain,dc=net": Released replica held by locking_purl=conn=11 id=13976 [13/Jan/2016:04:06:27 +0000] NSMMReplicationPlugin - conn=11 op=13977 Relinquishing consumer connection extension [13/Jan/2016:04:06:28 +0000] NSMMReplicationPlugin - conn=11 op=13978 Acquired consumer connection extension [13/Jan/2016:04:06:28 +0000] NSMMReplicationPlugin - conn=11 op=13978 repl="dc=mydomain,dc=net": Begin incremental protocol [13/Jan/2016:04:06:28 +0000] - csngen_adjust_time: gen state before 5695ce3b0009:1452657986:123:126 [13/Jan/2016:04:06:28 +0000] - _csngen_adjust_local_time: gen state before 5695ce3b0009:1452657986:123:126 [13/Jan/2016:04:06:28 +0000] - _csngen_adjust_local_time: gen state after 5695ce3b0009:1452657988:121:126 [13/Jan/2016:04:06:28 +0000] - csngen_adjust_time: gen state after 5695ce3c0002:1452657988:122:126 [13/Jan/2016:04:06:28 +0000] NSMMReplicationPlugin - conn=11 op=13978 repl="dc=mydomain,dc=net": Acquired replica [13/Jan/2016:04:06:28 +0000] NSMMReplicationPlugin - conn=11 op=13978 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=0 rc=0 [13/Jan/2016:04:06:28 +0000] NSMMReplicationPlugin - conn=11 op=13978 Relinquishing consumer connection extension [13/Jan/2016:04:06:29 +0000] NSMMReplicationPlugin - conn=11 op=13979 Acquired consumer connection extension [13/Jan/2016:04:06:29 +0000] NSMMReplicationPlugin - conn=11 op=13979 repl="dc=mydomain,dc=net": Released replica held by locking_purl=conn=11 id=13978 [13/Jan/2016:04:06:29 +0000] NSMMReplicationPlugin - conn=11 op=13979 Relinquishing consumer connection extension [13/Jan/2016:04:06:29 +0000] NSMMReplicationPlugin - conn=11 op=13980 Acquired consumer connection extension [13/Jan/2016:04:06:29 +0000] NSMMReplicationPlugin - conn=11 op=13980 repl="dc=mydomain,dc=net": Begin incremental protocol [13/Jan/2016:04:06:29 +0000] - csngen_adjust_time: gen state before 5695ce3c0002:1452657988:122:126 [13/Jan/2016:04:06:29 +0000] - _csngen_adjust_local_time: gen state before 5695ce3c0002:1452657988:122:126 [13/Jan/2016:04:06:29 +0000] - _csngen_adjust_local_time: gen state after 5695ce3c0002:1452657989:121:126 [13/Jan/2016:04:06:29 +0000] - csngen_adjust_time: gen state after 5695ce3d0004:1452657989:122:126 [13/Jan/2016:04:06:29 +0000] NSMMReplicationPlugin - conn=11 op=13980 repl="dc=mydomain,dc=net": Acquired replica [13/Jan/2016:04:06:29 +0000] NSMMReplicationPlugin - conn=11 op=13980 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=0 rc=0 [13/Jan/2016:04:06:29 +0000] NSMMReplicationPlugin - conn=11 op=13980 Relinquishing consumer connection extension [13/Jan/2016:04:06:30 +0000] - _csngen_adjust_local_time: gen state before 5695ce3d0004:1452657989:122:126 [13/Jan/2016:04:06:30 +0000] - _csngen_adjust_local_time: gen state after 5695ce3d0004:1452657990:121:126 [13/Jan/2016:04:06:30 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5695ce3d000400030000 into pending list [13/Jan/2016:04:06:30 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=hadoopoozie1-mc-lisnap1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568c93bb000300030000 [13/Jan/2016:04:06:30 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:04:06:30 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:04:06:30 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 5695ce3d000400030000 [13/Jan/2016:04:06:30 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:04:06:30 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5695ce3d000500030000 into pending list [13/Jan/2016:04:06:30 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=hadoopoozie1-mc-lisnap1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568c93bd000400030000 [13/Jan/2016:04:06:30 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:04:06:30 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:04:06:30 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 5695ce3d000500030000 [13/Jan/2016:04:06:30 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:04:06:30 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:04:06:30 +0000] NSMMReplicationPlugin - changelog program - cl5GetOperationCount: found DB object 7f612a11c890 [13/Jan/2016:04:06:30 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7f612a11c890 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:04:06:30 +0000] NSMMReplicationPlugin - changelog program - cl5GetOperationCount: found DB object 7f612a11c890 [13/Jan/2016:04:06:31 +0000] NSMMReplicationPlugin - conn=11 op=13981 Acquired consumer connection extension [13/Jan/2016:04:06:31 +0000] NSMMReplicationPlugin - conn=11 op=13981 repl="dc=mydomain,dc=net": Released replica held by locking_purl=conn=11 id=13980 [13/Jan/2016:04:06:31 +0000] NSMMReplicationPlugin - conn=11 op=13981 Relinquishing consumer connection extension [13/Jan/2016:04:06:31 +0000] NSMMReplicationPlugin - conn=11 op=13982 Acquired consumer connection extension [13/Jan/2016:04:06:31 +0000] NSMMReplicationPlugin - conn=11 op=13982 repl="dc=mydomain,dc=net": Begin incremental protocol [13/Jan/2016:04:06:31 +0000] - csngen_adjust_time: gen state before 5695ce3d0006:1452657990:121:126 [13/Jan/2016:04:06:31 +0000] - _csngen_adjust_local_time: gen state before 5695ce3d0006:1452657990:121:126 [13/Jan/2016:04:06:31 +0000] - _csngen_adjust_local_time: gen state after 5695ce3d0006:1452657991:120:126 [13/Jan/2016:04:06:31 +0000] - csngen_adjust_time: gen state after 5695ce40000a:1452657991:123:126 [13/Jan/2016:04:06:31 +0000] NSMMReplicationPlugin - conn=11 op=13982 repl="dc=mydomain,dc=net": Acquired replica [13/Jan/2016:04:06:31 +0000] NSMMReplicationPlugin - conn=11 op=13982 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=0 rc=0 [13/Jan/2016:04:06:31 +0000] NSMMReplicationPlugin - conn=11 op=13982 Relinquishing consumer connection extension [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - conn=11 op=13983 Acquired consumer connection extension [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - conn=11 op=13983 repl="dc=mydomain,dc=net": Released replica held by locking_purl=conn=11 id=13982 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - conn=11 op=13983 Relinquishing consumer connection extension [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - conn=11 op=13984 Acquired consumer connection extension [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - conn=11 op=13984 repl="dc=mydomain,dc=net": Begin incremental protocol [13/Jan/2016:04:06:32 +0000] - csngen_adjust_time: gen state before 5695ce40000a:1452657991:123:126 [13/Jan/2016:04:06:32 +0000] - _csngen_adjust_local_time: gen state before 5695ce40000a:1452657991:123:126 [13/Jan/2016:04:06:32 +0000] - _csngen_adjust_local_time: gen state after 5695ce40000a:1452657992:122:126 [13/Jan/2016:04:06:32 +0000] - csngen_adjust_time: gen state after 5695ce40000d:1452657992:122:126 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - conn=11 op=13984 repl="dc=mydomain,dc=net": Acquired replica [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - conn=11 op=13984 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=0 rc=0 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - conn=11 op=13984 Relinquishing consumer connection extension [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - conn=11 op=13985 Acquired consumer connection extension [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - conn=11 op=13985 repl="dc=mydomain,dc=net": Released replica held by locking_purl=conn=11 id=13984 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - conn=11 op=13985 Relinquishing consumer connection extension And here are the logs from dc1-van during the update ---------------------------------------------------- [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=lb2-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695ce3b000600040000) not sent - empty [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5695ce3b000600040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid d628ef90-58b511e5-b1f1cd78-f19552bb, CSN 5695ce3b000600040000): [13/Jan/2016:04:06:32 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=33 csn=5695ce3c000000040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=hadoopnn2-mc-liqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695ce3c000000040000) [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=hadoopnn2-mc-liqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695ce3c000000040000) not sent - empty [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5695ce3c000000040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid e8dfd6bf-b5c011e5-b1f1cd78-f19552bb, CSN 5695ce3c000000040000): [13/Jan/2016:04:06:32 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=34 csn=5695ce3d000000040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=hadoopnn2-mc-liqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695ce3d000000040000) [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=hadoopnn2-mc-liqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695ce3d000000040000) not sent - empty [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5695ce3d000000040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid e8dfd6bf-b5c011e5-b1f1cd78-f19552bb, CSN 5695ce3d000000040000): [13/Jan/2016:04:06:32 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=35 csn=5695ce40000500040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=van-test-conv6.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695ce40000500040000) [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=van-test-conv6.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695ce40000500040000) not sent - empty [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5695ce40000500040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid eac08945-ab2e11e5-b6d1a094-64a60b74, CSN 5695ce40000500040000): [13/Jan/2016:04:06:32 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load next: anchorcsn=5695ce40000500040000 [13/Jan/2016:04:06:32 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=2 rec=36 csn=5695ce40000800040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=van-test-conv6.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695ce40000800040000) [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=van-test-conv6.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695ce40000800040000) not sent - empty [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5695ce40000800040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid eac08945-ab2e11e5-b6d1a094-64a60b74, CSN 5695ce40000800040000): [13/Jan/2016:04:06:32 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - clcache_load_buffer: rc=-30988 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): No more updates to send (cl5GetNextOperationToReplay) [13/Jan/2016:04:06:32 +0000] - repl5_inc_waitfor_async_results: 0 0 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-salci-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695ce06000b00040000) [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-salci-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695ce06000b00040000) not sent - empty [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5695ce06000b00040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid d4372c1b-4d0c11e5-b1f1cd78-f19552bb, CSN 5695ce06000b00040000): [13/Jan/2016:04:06:32 +0000] agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - load=1 rec=21 csn=5695ce07000000040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-salci-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695ce07000000040000) [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-salci-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695ce07000000040000) not sent - empty [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5695ce07000000040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid d4372c1b-4d0c11e5-b1f1cd78-f19552bb, CSN 5695ce07000000040000): [13/Jan/2016:04:06:32 +0000] agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - load=1 rec=22 csn=5695ce18000000040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="krbprincipalname=cifs/dc1-ipa-dev-van.mydomain.net at mydomain.net,cn=services,cn=accounts,dc=mydomain,dc=net" csn=5695ce18000000040000) [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: modifys operation (dn="krbprincipalname=cifs/dc1-ipa-dev-van.mydomain.net at mydomain.net,cn=services,cn=accounts,dc=mydomain,dc=net" csn=5695ce18000000040000) not sent - empty [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5695ce18000000040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid e16b6f0a-f27411e4-bf10cd78-f19552bb, CSN 5695ce18000000040000): [13/Jan/2016:04:06:32 +0000] agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - load=1 rec=23 csn=5695ce25000200040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=hadoopoozie1-mc-liqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695ce25000200040000) [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=hadoopoozie1-mc-liqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695ce25000200040000) not sent - empty [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5695ce25000200040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid dfef0524-b5c011e5-b6d1a094-64a60b74, CSN 5695ce25000200040000): [13/Jan/2016:04:06:32 +0000] agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - load=1 rec=24 csn=5695ce25000600040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=hadoopoozie1-mc-liqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695ce25000600040000) [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=hadoopoozie1-mc-liqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695ce25000600040000) not sent - empty [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5695ce25000600040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid dfef0524-b5c011e5-b6d1a094-64a60b74, CSN 5695ce25000600040000): [13/Jan/2016:04:06:32 +0000] agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - load=1 rec=25 csn=5695ce2e000200040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pres1-msg-mbsnap1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695ce2e000200040000) [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pres1-msg-mbsnap1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695ce2e000200040000) not sent - empty [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5695ce2e000200040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid cb19938f-58a411e5-b1f1cd78-f19552bb, CSN 5695ce2e000200040000): [13/Jan/2016:04:06:32 +0000] agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - load=1 rec=26 csn=5695ce2e000600040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pres1-msg-mbsnap1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695ce2e000600040000) [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pres1-msg-mbsnap1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695ce2e000600040000) not sent - empty [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5695ce2e000600040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid cb19938f-58a411e5-b1f1cd78-f19552bb, CSN 5695ce2e000600040000): [13/Jan/2016:04:06:32 +0000] agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - load=1 rec=27 csn=5695ce35000000040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-log-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695ce35000000040000) [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-log-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695ce35000000040000) not sent - empty [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5695ce35000000040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 49de880a-9e2411e5-b1f1cd78-f19552bb, CSN 5695ce35000000040000): [13/Jan/2016:04:06:32 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:04:06:32 +0000] agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - load=1 rec=28 csn=5695ce35000400040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-log-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695ce35000400040000) [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-log-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695ce35000400040000) not sent - empty [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5695ce35000400040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 49de880a-9e2411e5-b1f1cd78-f19552bb, CSN 5695ce35000400040000): [13/Jan/2016:04:06:32 +0000] agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - load=1 rec=29 csn=5695ce39000200040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" csn=5695ce39000200040000) [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: modifys operation (dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" csn=5695ce39000200040000) not sent - empty [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5695ce39000200040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 21b88d27-030911e5-afbccd78-f19552bb, CSN 5695ce39000200040000): [13/Jan/2016:04:06:32 +0000] agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - load=1 rec=30 csn=5695ce3b000400040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" csn=5695ce3b000400040000) [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: modifys operation (dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" csn=5695ce3b000400040000) not sent - empty [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5695ce3b000400040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 21b88d27-030911e5-afbccd78-f19552bb, CSN 5695ce3b000400040000): [13/Jan/2016:04:06:32 +0000] agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - load=1 rec=31 csn=5695ce3b000500040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=lb2-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695ce3b000500040000) [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=lb2-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695ce3b000500040000) not sent - empty [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5695ce3b000500040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid d628ef90-58b511e5-b1f1cd78-f19552bb, CSN 5695ce3b000500040000): [13/Jan/2016:04:06:32 +0000] agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - load=1 rec=32 csn=5695ce3b000600040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=lb2-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695ce3b000600040000) [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=lb2-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695ce3b000600040000) not sent - empty [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5695ce3b000600040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid d628ef90-58b511e5-b1f1cd78-f19552bb, CSN 5695ce3b000600040000): [13/Jan/2016:04:06:32 +0000] agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - load=1 rec=33 csn=5695ce3c000000040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=hadoopnn2-mc-liqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695ce3c000000040000) [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=hadoopnn2-mc-liqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695ce3c000000040000) not sent - empty [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5695ce3c000000040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid e8dfd6bf-b5c011e5-b1f1cd78-f19552bb, CSN 5695ce3c000000040000): [13/Jan/2016:04:06:32 +0000] agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - load=1 rec=34 csn=5695ce3d000000040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=hadoopnn2-mc-liqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695ce3d000000040000) [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=hadoopnn2-mc-liqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695ce3d000000040000) not sent - empty [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5695ce3d000000040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid e8dfd6bf-b5c011e5-b1f1cd78-f19552bb, CSN 5695ce3d000000040000): [13/Jan/2016:04:06:32 +0000] agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - load=1 rec=35 csn=5695ce40000500040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=van-test-conv6.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695ce40000500040000) [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=van-test-conv6.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695ce40000500040000) not sent - empty [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5695ce40000500040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid eac08945-ab2e11e5-b6d1a094-64a60b74, CSN 5695ce40000500040000): [13/Jan/2016:04:06:32 +0000] agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - load=1 rec=36 csn=5695ce40000800040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=van-test-conv6.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695ce40000800040000) [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=van-test-conv6.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695ce40000800040000) not sent - empty [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5695ce40000800040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid eac08945-ab2e11e5-b6d1a094-64a60b74, CSN 5695ce40000800040000): [13/Jan/2016:04:06:32 +0000] agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - clcache_load_buffer: rc=-30988 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): No more updates to send (cl5GetNextOperationToReplay) [13/Jan/2016:04:06:32 +0000] - repl5_inc_waitfor_async_results: 0 0 [13/Jan/2016:04:06:32 +0000] - repl5_inc_result_threadmain exiting [13/Jan/2016:04:06:32 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - session end: state=5 load=2 sent=36 skipped=0 skipped_new_rid=0 skipped_csn_gt_cons_maxcsn=0 skipped_up_to_date=0 skipped_csn_gt_ruv=0 skipped_csn_covered=0 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Successfully released consumer [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: sending_updates -> wait_for_changes [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: wait_for_changes -> ready_to_acquire_replica [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [13/Jan/2016:04:06:32 +0000] - _csngen_adjust_local_time: gen state before 5695ce40000b:1452657991:1:248 [13/Jan/2016:04:06:32 +0000] - _csngen_adjust_local_time: gen state after 5695ce40000b:1452657992:0:248 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replica was successfully acquired. [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: ready_to_acquire_replica -> sending_updates [13/Jan/2016:04:06:32 +0000] - csngen_adjust_time: gen state before 5695ce40000c:1452657992:0:248 [13/Jan/2016:04:06:32 +0000] - csngen_adjust_time: gen state after 5695ce40000c:1452657992:0:248 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:04:06:32 +0000] - _cl5PositionCursorForReplay (agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389)): Consumer RUV: [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 5695ce40000100050000 00000000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 5695cdcc000200040000 00000000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56949070000b00030000 00000000 [13/Jan/2016:04:06:32 +0000] - _cl5PositionCursorForReplay (agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389)): Supplier RUV: [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 5695ce40000800040000 5695cd47 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56949070000b00030000 56948f81 [13/Jan/2016:04:06:32 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - clcache_get_buffer: found thread private buffer cache 7fc6f5181410 [13/Jan/2016:04:06:32 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - clcache_get_buffer: _pool is 7fc74461e350 _pool->pl_busy_lists is 7fc71406c630 _pool->pl_busy_lists->bl_buffers is 7fc6f5181410 [13/Jan/2016:04:06:32 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - session start: anchorcsn=5695cdcc000200040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - changelog program - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): CSN 5695cdcc000200040000 found, position set for replay [13/Jan/2016:04:06:32 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=1 csn=5695cdd4000100040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-sal-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695cdd4000100040000) [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-sal-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695cdd4000100040000) not sent - empty [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5695cdd4000100040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 0e9cb397-569311e5-b1f1cd78-f19552bb, CSN 5695cdd4000100040000): [13/Jan/2016:04:06:32 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=2 csn=5695cdd4000400040000 [13/Jan/2016:04:06:32 +0000] - repl5_inc_result_threadmain starting [13/Jan/2016:04:06:32 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-sal-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695cdd4000400040000) [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-sal-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695cdd4000400040000) not sent - empty [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5695cdd4000400040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 0e9cb397-569311e5-b1f1cd78-f19552bb, CSN 5695cdd4000400040000): [13/Jan/2016:04:06:32 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=3 csn=5695cde0000000040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=cs1-portal-qa-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695cde0000000040000) [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=cs1-portal-qa-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695cde0000000040000) not sent - empty [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5695cde0000000040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 78867f24-ab0311e5-b6d1a094-64a60b74, CSN 5695cde0000000040000): [13/Jan/2016:04:06:32 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=4 csn=5695cde0000100040000 [13/Jan/2016:04:06:32 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=cs1-portal-qa-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695cde0000100040000) [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=cs1-portal-qa-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695cde0000100040000) not sent - empty [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5695cde0000100040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 78867f24-ab0311e5-b6d1a094-64a60b74, CSN 5695cde0000100040000): [13/Jan/2016:04:06:32 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=5 csn=5695cde3000100040000 [13/Jan/2016:04:06:32 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=van-arch-snap4-db1.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695cde3000100040000) [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=van-arch-snap4-db1.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695cde3000100040000) not sent - empty [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5695cde3000100040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid b3514b0a-50ff11e5-9215a094-64a60b74, CSN 5695cde3000100040000): [13/Jan/2016:04:06:32 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=6 csn=5695cde3000500040000 [13/Jan/2016:04:06:32 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=van-arch-snap4-db1.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695cde3000500040000) [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=van-arch-snap4-db1.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695cde3000500040000) not sent - empty [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5695cde3000500040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid b3514b0a-50ff11e5-9215a094-64a60b74, CSN 5695cde3000500040000): [13/Jan/2016:04:06:32 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=7 csn=5695cde7000300040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=tc2-mc-mcqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695cde7000300040000) [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=tc2-mc-mcqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695cde7000300040000) not sent - empty [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5695cde7000300040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 3767b7b8-58e411e5-b1f1cd78-f19552bb, CSN 5695cde7000300040000): [13/Jan/2016:04:06:32 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=8 csn=5695cde8000200040000 [13/Jan/2016:04:06:32 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=tc2-mc-mcqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695cde8000200040000) [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=tc2-mc-mcqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695cde8000200040000) not sent - empty [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5695cde8000200040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 3767b7b8-58e411e5-b1f1cd78-f19552bb, CSN 5695cde8000200040000): [13/Jan/2016:04:06:32 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=9 csn=5695cde8000600040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="krbprincipalname=cifs/dc1-ipa-dev-van.mydomain.net at mydomain.net,cn=services,cn=accounts,dc=mydomain,dc=net" csn=5695cde8000600040000) [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="krbprincipalname=cifs/dc1-ipa-dev-van.mydomain.net at mydomain.net,cn=services,cn=accounts,dc=mydomain,dc=net" csn=5695cde8000600040000) not sent - empty [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5695cde8000600040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid e16b6f0a-f27411e4-bf10cd78-f19552bb, CSN 5695cde8000600040000): [13/Jan/2016:04:06:32 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=10 csn=5695cdec000100040000 [13/Jan/2016:04:06:32 +0000] - repl5_inc_result_threadmain exiting [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=auto-pr-perf1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695cdec000100040000) [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=auto-pr-perf1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695cdec000100040000) not sent - empty [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5695cdec000100040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid aaefd19b-58b011e5-b1f1cd78-f19552bb, CSN 5695cdec000100040000): [13/Jan/2016:04:06:32 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=11 csn=5695cdf0000200040000 [13/Jan/2016:04:06:32 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=van-arch-snap4-db3.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695cdf0000200040000) [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=van-arch-snap4-db3.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695cdf0000200040000) not sent - empty [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5695cdf0000200040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 25192e88-ab0d11e5-b1f1cd78-f19552bb, CSN 5695cdf0000200040000): [13/Jan/2016:04:06:32 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=12 csn=5695cdf0000300040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=van-arch-snap4-db3.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695cdf0000300040000) [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=van-arch-snap4-db3.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695cdf0000300040000) not sent - empty [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5695cdf0000300040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 25192e88-ab0d11e5-b1f1cd78-f19552bb, CSN 5695cdf0000300040000): [13/Jan/2016:04:06:32 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=13 csn=5695cdf0000a00040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=auto-pr-perf1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695cdf0000a00040000) [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=auto-pr-perf1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695cdf0000a00040000) not sent - empty [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5695cdf0000a00040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid aaefd19b-58b011e5-b1f1cd78-f19552bb, CSN 5695cdf0000a00040000): [13/Jan/2016:04:06:32 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=14 csn=5695cdf7000000040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=mail1-sin-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695cdf7000000040000) [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=mail1-sin-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695cdf7000000040000) not sent - empty [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5695cdf7000000040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid e1814b1e-30bc11e5-b1f1cd78-f19552bb, CSN 5695cdf7000000040000): [13/Jan/2016:04:06:32 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=15 csn=5695cdf8000200040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=mail1-sin-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695cdf8000200040000) [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=mail1-sin-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695cdf8000200040000) not sent - empty [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5695cdf8000200040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid e1814b1e-30bc11e5-b1f1cd78-f19552bb, CSN 5695cdf8000200040000): [13/Jan/2016:04:06:32 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=16 csn=5695ce03000000040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=gopher2-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695ce03000000040000) [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=gopher2-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695ce03000000040000) not sent - empty [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5695ce03000000040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid a7b56106-519f11e5-9215a094-64a60b74, CSN 5695ce03000000040000): [13/Jan/2016:04:06:32 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=17 csn=5695ce03000400040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=gopher2-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695ce03000400040000) [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=gopher2-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695ce03000400040000) not sent - empty [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5695ce03000400040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid a7b56106-519f11e5-9215a094-64a60b74, CSN 5695ce03000400040000): [13/Jan/2016:04:06:32 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=18 csn=5695ce06000300040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=analyzer1-arch-cpqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695ce06000300040000) [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=analyzer1-arch-cpqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695ce06000300040000) not sent - empty [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5695ce06000300040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid a050c41b-9e2e11e5-b1f1cd78-f19552bb, CSN 5695ce06000300040000): [13/Jan/2016:04:06:32 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=19 csn=5695ce06000600040000 [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=analyzer1-arch-cpqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695ce06000600040000) [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=analyzer1-arch-cpqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5695ce06000600040000) not sent - empty [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5695ce06000600040000 From: Mark Reynolds [mailto:mareynol at redhat.com] Sent: January-12-16 5:56 PM To: Nathan Peters; Rob Crittenden; freeipa-users at redhat.com Subject: Re: [Freeipa-users] Replication failing on FreeIPA 4.2.0 plus ldapmodify freezes up On 01/12/2016 06:16 PM, Nathan Peters wrote: [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=mole2-mh-interopsnap1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958906000000040000) [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=mole2-mh-interopsnap1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958906000000040000) not sent - empty [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56958906000000040000 [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 5a395106-b42a11e5-b6d1a094-64a60b74, CSN 56958906000000040000): There is a series of updates like above that all have empty modifications (modifications that have been striped and are now empty) so it never sends those "empty" updates. Replication then keeps trying to send this same series of operations over and over. But it's not finding any updates in the changelog that are not stripped. So, can you make an update to entry (change a password, add a description attribute, whatever) and see what the logging shows and if that update replicates? Grep for "agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" and check the timestamps. I'm also only seeing issues when updates going to "dc1-ipa-dev-nvan:389", other replication agreements seem fine and accept the updates. Can any of the other replicas update dc1? Also, you can ignore: [12/Jan/2016:04:20:23 +0000] NSMMReplicationPlugin - replication keep alive entry already exists These messages were not supposed to be logged by default. Mark -------------- next part -------------- An HTML attachment was scrubbed... URL: From jhrozek at redhat.com Wed Jan 13 07:17:24 2016 From: jhrozek at redhat.com (Jakub Hrozek) Date: Wed, 13 Jan 2016 08:17:24 +0100 Subject: [Freeipa-users] SSSD Child not responding In-Reply-To: <201601121759.u0CHxbx2003489@d01av04.pok.ibm.com> References: <201601121606.u0CG6sSG022342@d01av02.pok.ibm.com> <20160112163247.GB3957@hendrix.redhat.com> <201601121759.u0CHxbx2003489@d01av04.pok.ibm.com> Message-ID: <20160113071724.GA27126@hendrix> On Tue, Jan 12, 2016 at 10:59:28AM -0700, Sean Hogan wrote: > > Hi Jakub, > > I changed the DNS server in resolv.conf to a closer IPA server and it > seems to be stable now. If it bombs out again I will get more info but > right now I don't think we will see anything. Hmm, maybe some of the DNS-related operations like GSSAPI binds were blocking the sssd for too long.. > > > I also found this though from yesterday > > /var/log/sssd/check# cat sssd_watson.local.log.1 > (Mon Jan 11 22:43:40 2016) [sssd[be[watson.local]]] [id_callback] (0x0010): > The Monitor returned an error [org.freedesktop.DBus.Error.NoReply] > > > Sean Hogan > Security Engineer > Watson Security & Risk Assurance > Watson Cloud Technology and Support > email: schogan at us.ibm.com | Tel 919 486 1397 > > > > > > > > > > From: Jakub Hrozek > To: freeipa-users at redhat.com > Date: 01/12/2016 09:46 AM > Subject: Re: [Freeipa-users] SSSD Child not responding > Sent by: freeipa-users-bounces at redhat.com > > > > On Tue, Jan 12, 2016 at 09:06:36AM -0700, Sean Hogan wrote: > > > > > > Hi all, > > > > Over the past couple of months we have been seeing the sssd process > eat > > up 100% cpu and not allowing anyone to log on. Krb5.conf is set for DNS > > discovery, RHEL 6.6. If we kill the java process it clears up the box > and > > able to log back into it. This is due to IBM java ibmjgssprovider.jar > but > > fixes for that are in place. What we do see in the sssd.log is below .. > > has anyone seen this before? > > > > SSSD enumerate is set to false, 120 timeout > > Can you get a pstack of the child that is not responding? > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project > > > From lkrispen at redhat.com Wed Jan 13 10:10:05 2016 From: lkrispen at redhat.com (Ludwig Krispenz) Date: Wed, 13 Jan 2016 11:10:05 +0100 Subject: [Freeipa-users] Replication failing on FreeIPA 4.2.0 plus ldapmodify freezes up In-Reply-To: References: <5695876C.4080600@redhat.com> <5695AE9A.2080100@redhat.com> Message-ID: <5696227D.7000903@redhat.com> On 01/13/2016 05:19 AM, Nathan Peters wrote: > > These are the replication agreements: > > -dc1-van (master) replicates to dc1-nvan > > -dc1-van (master) replicates to dc2-nvan > > I do not have an agreement between the 2 other servers at this time so > updates from dc1-nvan should go through dc1-van to reach dc2-nvan > > I did the following test: > > On each of the 3 domain controllers, create a test host named after > itself. After replication, the following hosts existed on the > following servers: > > Dc1-van had entries for testhostdc1van and testhostdc2nvan > > Dc1-nvan had entries for testhostdc1van, testhostdc1nvan, and > testhostdc2nvan > > Dc2-nvan had entries for testhostdc1van and testhostdc2nvan > > So replication is working both ways between dc2-nvan and dc1-van > > Replication is only working one way from dc1-van to dc1-nvan > > My guess is that a new CSN ending in 3000 was successfully added for > the update, but still the same thing is happening and causing it to be > ignored ? > > Is this related to https://fedorahosted.org/389/ticket/48225 ? The > description sounds similar. > This is fixed by ticket #48266, and you already have seen traces of this fix (about keep alive entry), > > If so, is there a workaround? > > Logs from both servers (dc1-van and dc1-nvan) during the update > unfortunately the master log only spans 1 second 2016:04:06:32 and the nvan log ands at this second. What is strange in the nvan log is that it always keeps in backoff state. agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff It should try to acquire the replica and only if it fails go into backoff again. Could you: - restartdc1-nvanand provide the error log of the replication startup - make a change on dc1-nvan and provide access and error logs of both dc1-nvan and dc1-van for the same time span (~10sec) around the change > > Here are the logs from dc1-nvan during the update : > > -------- > > [root at dc1-ipa-dev-nvan slapd-mydomain.net]# tail -f errors > > [13/Jan/2016:04:05:42 +0000] NSMMReplicationPlugin - changelog program > - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for > database > /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db > > [13/Jan/2016:04:05:42 +0000] NSMMReplicationPlugin - changelog program > - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for > database > /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db > > [13/Jan/2016:04:05:42 +0000] NSMMReplicationPlugin - ruv_update_ruv: > successfully committed csn 5695ce07000800030000 > > [13/Jan/2016:04:05:42 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): > State: backoff -> backoff > > [13/Jan/2016:04:05:42 +0000] NSMMReplicationPlugin - > ruv_add_csn_inprogress: successfully inserted csn 5695ce07000900030000 > into pending list > > [13/Jan/2016:04:05:42 +0000] NSMMReplicationPlugin - Purged state > information from entry > fqdn=jira-sandbox-atdev-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net > up to CSN 568c9387000800030000 > > [13/Jan/2016:04:05:42 +0000] NSMMReplicationPlugin - changelog program > - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for > database > /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db > > [13/Jan/2016:04:05:42 +0000] NSMMReplicationPlugin - changelog program > - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for > database > /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db > > [13/Jan/2016:04:05:42 +0000] NSMMReplicationPlugin - ruv_update_ruv: > successfully committed csn 5695ce07000900030000 > > [13/Jan/2016:04:05:42 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): > State: backoff -> backoff > > [13/Jan/2016:04:05:51 +0000] NSMMReplicationPlugin - conn=11 op=13960 > Acquired consumer connection extension > > [13/Jan/2016:04:05:51 +0000] NSMMReplicationPlugin - conn=11 op=13960 > repl="dc=mydomain,dc=net": Begin incremental protocol > > [13/Jan/2016:04:05:51 +0000] - csngen_adjust_time: gen state before > 5695ce07000a:1452657942:115:126 > > [13/Jan/2016:04:05:51 +0000] - _csngen_adjust_local_time: gen state > before 5695ce07000a:1452657942:115:126 > > [13/Jan/2016:04:05:51 +0000] - _csngen_adjust_local_time: gen state > after 5695ce07000a:1452657951:106:126 > > [13/Jan/2016:04:05:51 +0000] - csngen_adjust_time: gen state after > 5695ce180003:1452657951:123:126 > > [13/Jan/2016:04:05:51 +0000] NSMMReplicationPlugin - conn=11 op=13960 > repl="dc=mydomain,dc=net": Acquired replica > > [13/Jan/2016:04:05:51 +0000] NSMMReplicationPlugin - conn=11 op=13960 > repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=0 rc=0 > > [13/Jan/2016:04:05:51 +0000] NSMMReplicationPlugin - conn=11 op=13960 > Relinquishing consumer connection extension > > [13/Jan/2016:04:05:52 +0000] NSMMReplicationPlugin - conn=11 op=13961 > Acquired consumer connection extension > > [13/Jan/2016:04:05:52 +0000] NSMMReplicationPlugin - conn=11 op=13961 > repl="dc=mydomain,dc=net": Released replica held by > locking_purl=conn=11 id=13960 > > [13/Jan/2016:04:05:52 +0000] NSMMReplicationPlugin - conn=11 op=13961 > Relinquishing consumer connection extension > > [13/Jan/2016:04:05:58 +0000] - _csngen_adjust_local_time: gen state > before 5695ce180003:1452657951:123:126 > > [13/Jan/2016:04:05:58 +0000] - _csngen_adjust_local_time: gen state > after 5695ce180003:1452657958:116:126 > > [13/Jan/2016:04:05:58 +0000] NSMMReplicationPlugin - > ruv_add_csn_inprogress: successfully inserted csn 5695ce18000300030000 > into pending list > > [13/Jan/2016:04:05:58 +0000] NSMMReplicationPlugin - Purged state > information from entry > uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net up to CSN > 568c9387000900030000 > > [13/Jan/2016:04:05:58 +0000] NSMMReplicationPlugin - changelog program > - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for > database > /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db > > [13/Jan/2016:04:05:58 +0000] NSMMReplicationPlugin - changelog program > - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for > database > /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db > > [13/Jan/2016:04:05:58 +0000] NSMMReplicationPlugin - ruv_update_ruv: > successfully committed csn 5695ce18000300030000 > > [13/Jan/2016:04:05:58 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): > State: backoff -> backoff > > [13/Jan/2016:04:05:58 +0000] NSMMReplicationPlugin - > ruv_add_csn_inprogress: successfully inserted csn 5695ce18000400030000 > into pending list > > [13/Jan/2016:04:05:58 +0000] NSMMReplicationPlugin - Purged state > information from entry > fqdn=testhostdc1nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net > up to CSN 568c9398000300030000 > > [13/Jan/2016:04:05:58 +0000] NSMMReplicationPlugin - changelog program > - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for > database > /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db > > [13/Jan/2016:04:05:58 +0000] NSMMReplicationPlugin - changelog program > - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for > database > /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db > > [13/Jan/2016:04:05:58 +0000] NSMMReplicationPlugin - ruv_update_ruv: > successfully committed csn 5695ce18000400030000 > > [13/Jan/2016:04:05:58 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): > State: backoff -> backoff > > [13/Jan/2016:04:05:58 +0000] NSMMReplicationPlugin - > ruv_add_csn_inprogress: successfully inserted csn 5695ce18000500030000 > into pending list > > [13/Jan/2016:04:05:58 +0000] NSMMReplicationPlugin - Purged state > information from entry > uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net up to CSN > 568c9398000400030000 > > [13/Jan/2016:04:05:58 +0000] NSMMReplicationPlugin - changelog program > - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for > database > /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db > > [13/Jan/2016:04:05:58 +0000] NSMMReplicationPlugin - changelog program > - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for > database > /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db > > [13/Jan/2016:04:05:58 +0000] NSMMReplicationPlugin - ruv_update_ruv: > successfully committed csn 5695ce18000500030000 > > [13/Jan/2016:04:05:58 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): > State: backoff -> backoff > > [13/Jan/2016:04:05:58 +0000] NSMMReplicationPlugin - > ruv_add_csn_inprogress: successfully inserted csn 5695ce18000600030000 > into pending list > > [13/Jan/2016:04:05:58 +0000] NSMMReplicationPlugin - Purged state > information from entry > uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net up to CSN > 568c9398000500030000 > > [13/Jan/2016:04:05:58 +0000] NSMMReplicationPlugin - changelog program > - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for > database > /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db > > [13/Jan/2016:04:05:58 +0000] NSMMReplicationPlugin - changelog program > - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for > database > /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db > > [13/Jan/2016:04:05:58 +0000] NSMMReplicationPlugin - ruv_update_ruv: > successfully committed csn 5695ce18000600030000 > > [13/Jan/2016:04:05:58 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): > State: backoff -> backoff > > [13/Jan/2016:04:06:00 +0000] NSMMReplicationPlugin - changelog program > - _cl5GetDBFile: found DB object 7f612a11c890 for database > /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db > > [13/Jan/2016:04:06:00 +0000] NSMMReplicationPlugin - changelog program > - cl5GetOperationCount: found DB object 7f612a11c890 > > [13/Jan/2016:04:06:00 +0000] NSMMReplicationPlugin - changelog program > - _cl5GetDBFile: found DB object 7f612a11c890 for database > /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db > > [13/Jan/2016:04:06:00 +0000] NSMMReplicationPlugin - changelog program > - cl5GetOperationCount: found DB object 7f612a11c890 > > [13/Jan/2016:04:06:04 +0000] NSMMReplicationPlugin - conn=11 op=13962 > Acquired consumer connection extension > > [13/Jan/2016:04:06:04 +0000] NSMMReplicationPlugin - conn=11 op=13962 > repl="dc=mydomain,dc=net": Begin incremental protocol > > [13/Jan/2016:04:06:04 +0000] - csngen_adjust_time: gen state before > 5695ce180007:1452657958:116:126 > > [13/Jan/2016:04:06:04 +0000] - _csngen_adjust_local_time: gen state > before 5695ce180007:1452657958:116:126 > > [13/Jan/2016:04:06:04 +0000] - _csngen_adjust_local_time: gen state > after 5695ce180007:1452657964:110:126 > > [13/Jan/2016:04:06:04 +0000] - csngen_adjust_time: gen state after > 5695ce250004:1452657964:123:126 > > [13/Jan/2016:04:06:04 +0000] NSMMReplicationPlugin - conn=11 op=13962 > repl="dc=mydomain,dc=net": Acquired replica > > [13/Jan/2016:04:06:04 +0000] NSMMReplicationPlugin - conn=11 op=13962 > repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=0 rc=0 > > [13/Jan/2016:04:06:04 +0000] NSMMReplicationPlugin - conn=11 op=13962 > Relinquishing consumer connection extension > > [13/Jan/2016:04:06:05 +0000] - _csngen_adjust_local_time: gen state > before 5695ce250004:1452657964:123:126 > > [13/Jan/2016:04:06:05 +0000] - _csngen_adjust_local_time: gen state > after 5695ce250004:1452657965:122:126 > > [13/Jan/2016:04:06:05 +0000] NSMMReplicationPlugin - > ruv_add_csn_inprogress: successfully inserted csn 5695ce25000400030000 > into pending list > > [13/Jan/2016:04:06:05 +0000] NSMMReplicationPlugin - Purged state > information from entry > fqdn=fe1-sin-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net > up to CSN 568c9398000600030000 > > [13/Jan/2016:04:06:05 +0000] NSMMReplicationPlugin - changelog program > - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for > database > /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db > > [13/Jan/2016:04:06:05 +0000] NSMMReplicationPlugin - changelog program > - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for > database > /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db > > [13/Jan/2016:04:06:05 +0000] NSMMReplicationPlugin - ruv_update_ruv: > successfully committed csn 5695ce25000400030000 > > [13/Jan/2016:04:06:05 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): > State: backoff -> backoff > > [13/Jan/2016:04:06:05 +0000] NSMMReplicationPlugin - conn=11 op=13963 > Acquired consumer connection extension > > [13/Jan/2016:04:06:05 +0000] NSMMReplicationPlugin - conn=11 op=13963 > repl="dc=mydomain,dc=net": Released replica held by > locking_purl=conn=11 id=13962 > > [13/Jan/2016:04:06:05 +0000] NSMMReplicationPlugin - conn=11 op=13963 > Relinquishing consumer connection extension > > [13/Jan/2016:04:06:05 +0000] NSMMReplicationPlugin - conn=11 op=13964 > Acquired consumer connection extension > > [13/Jan/2016:04:06:05 +0000] NSMMReplicationPlugin - conn=11 op=13964 > repl="dc=mydomain,dc=net": Begin incremental protocol > > [13/Jan/2016:04:06:05 +0000] - csngen_adjust_time: gen state before > 5695ce250005:1452657965:122:126 > > [13/Jan/2016:04:06:05 +0000] - csngen_adjust_time: gen state after > 5695ce270003:1452657965:124:126 > > [13/Jan/2016:04:06:05 +0000] NSMMReplicationPlugin - conn=11 op=13964 > repl="dc=mydomain,dc=net": Acquired replica > > [13/Jan/2016:04:06:05 +0000] NSMMReplicationPlugin - conn=11 op=13964 > repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=0 rc=0 > > [13/Jan/2016:04:06:05 +0000] NSMMReplicationPlugin - conn=11 op=13964 > Relinquishing consumer connection extension > > [13/Jan/2016:04:06:06 +0000] NSMMReplicationPlugin - conn=11 op=13965 > Acquired consumer connection extension > > [13/Jan/2016:04:06:06 +0000] NSMMReplicationPlugin - conn=11 op=13965 > repl="dc=mydomain,dc=net": Released replica held by > locking_purl=conn=11 id=13964 > > [13/Jan/2016:04:06:06 +0000] NSMMReplicationPlugin - conn=11 op=13965 > Relinquishing consumer connection extension > > [13/Jan/2016:04:06:07 +0000] - _csngen_adjust_local_time: gen state > before 5695ce270003:1452657965:124:126 > > [13/Jan/2016:04:06:07 +0000] - _csngen_adjust_local_time: gen state > after 5695ce270003:1452657967:122:126 > > [13/Jan/2016:04:06:07 +0000] NSMMReplicationPlugin - > ruv_add_csn_inprogress: successfully inserted csn 5695ce27000300030000 > into pending list > > [13/Jan/2016:04:06:07 +0000] NSMMReplicationPlugin - Purged state > information from entry > fqdn=mvl1-sal-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net > up to CSN 568c93a5000400030000 > > [13/Jan/2016:04:06:07 +0000] NSMMReplicationPlugin - changelog program > - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for > database > /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db > > [13/Jan/2016:04:06:07 +0000] NSMMReplicationPlugin - changelog program > - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for > database > /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db > > [13/Jan/2016:04:06:07 +0000] NSMMReplicationPlugin - ruv_update_ruv: > successfully committed csn 5695ce27000300030000 > > [13/Jan/2016:04:06:07 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): > State: backoff -> backoff > > [13/Jan/2016:04:06:07 +0000] NSMMReplicationPlugin - > ruv_add_csn_inprogress: successfully inserted csn 5695ce27000400030000 > into pending list > > [13/Jan/2016:04:06:07 +0000] NSMMReplicationPlugin - Purged state > information from entry > fqdn=mvl1-sal-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net > up to CSN 568c93a7000300030000 > > [13/Jan/2016:04:06:07 +0000] NSMMReplicationPlugin - changelog program > - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for > database > /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db > > [13/Jan/2016:04:06:07 +0000] NSMMReplicationPlugin - changelog program > - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for > database > /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db > > [13/Jan/2016:04:06:07 +0000] NSMMReplicationPlugin - ruv_update_ruv: > successfully committed csn 5695ce27000400030000 > > [13/Jan/2016:04:06:07 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): > State: backoff -> backoff > > [13/Jan/2016:04:06:08 +0000] - _csngen_adjust_local_time: gen state > before 5695ce270005:1452657967:122:126 > > [13/Jan/2016:04:06:08 +0000] - _csngen_adjust_local_time: gen state > after 5695ce270005:1452657968:121:126 > > [13/Jan/2016:04:06:08 +0000] NSMMReplicationPlugin - > ruv_add_csn_inprogress: successfully inserted csn 5695ce27000500030000 > into pending list > > [13/Jan/2016:04:06:08 +0000] NSMMReplicationPlugin - Purged state > information from entry > fqdn=fe1-sin-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net > up to CSN 568c93a7000400030000 > > [13/Jan/2016:04:06:08 +0000] NSMMReplicationPlugin - changelog program > - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for > database > /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db > > [13/Jan/2016:04:06:08 +0000] NSMMReplicationPlugin - changelog program > - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for > database > /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db > > [13/Jan/2016:04:06:08 +0000] NSMMReplicationPlugin - ruv_update_ruv: > successfully committed csn 5695ce27000500030000 > > [13/Jan/2016:04:06:08 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): > State: backoff -> backoff > > [13/Jan/2016:04:06:09 +0000] - _csngen_adjust_local_time: gen state > before 5695ce270006:1452657968:121:126 > > [13/Jan/2016:04:06:09 +0000] - _csngen_adjust_local_time: gen state > after 5695ce270006:1452657969:120:126 > > [13/Jan/2016:04:06:09 +0000] NSMMReplicationPlugin - > ruv_add_csn_inprogress: successfully inserted csn 5695ce27000600030000 > into pending list > > [13/Jan/2016:04:06:09 +0000] NSMMReplicationPlugin - Purged state > information from entry > fqdn=hadoopjt1-mc-liqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net > up to CSN 568c93a7000500030000 > > [13/Jan/2016:04:06:09 +0000] NSMMReplicationPlugin - changelog program > - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for > database > /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db > > [13/Jan/2016:04:06:09 +0000] NSMMReplicationPlugin - changelog program > - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for > database > /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db > > [13/Jan/2016:04:06:09 +0000] NSMMReplicationPlugin - ruv_update_ruv: > successfully committed csn 5695ce27000600030000 > > [13/Jan/2016:04:06:09 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): > State: backoff -> backoff > > [13/Jan/2016:04:06:09 +0000] NSMMReplicationPlugin - > ruv_add_csn_inprogress: successfully inserted csn 5695ce27000700030000 > into pending list > > [13/Jan/2016:04:06:09 +0000] NSMMReplicationPlugin - Purged state > information from entry > fqdn=hadoopjt1-mc-liqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net > up to CSN 568c93a7000600030000 > > [13/Jan/2016:04:06:09 +0000] NSMMReplicationPlugin - changelog program > - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for > database > /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db > > [13/Jan/2016:04:06:09 +0000] NSMMReplicationPlugin - changelog program > - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for > database > /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db > > [13/Jan/2016:04:06:09 +0000] NSMMReplicationPlugin - ruv_update_ruv: > successfully committed csn 5695ce27000700030000 > > [13/Jan/2016:04:06:09 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): > State: backoff -> backoff > > [13/Jan/2016:04:06:14 +0000] NSMMReplicationPlugin - conn=11 op=13966 > Acquired consumer connection extension > > [13/Jan/2016:04:06:14 +0000] NSMMReplicationPlugin - conn=11 op=13966 > repl="dc=mydomain,dc=net": Begin incremental protocol > > [13/Jan/2016:04:06:14 +0000] - csngen_adjust_time: gen state before > 5695ce270008:1452657969:120:126 > > [13/Jan/2016:04:06:14 +0000] - _csngen_adjust_local_time: gen state > before 5695ce270008:1452657969:120:126 > > [13/Jan/2016:04:06:14 +0000] - _csngen_adjust_local_time: gen state > after 5695ce270008:1452657974:115:126 > > [13/Jan/2016:04:06:14 +0000] - csngen_adjust_time: gen state after > 5695ce2e0004:1452657974:122:126 > > [13/Jan/2016:04:06:14 +0000] NSMMReplicationPlugin - conn=11 op=13966 > repl="dc=mydomain,dc=net": Acquired replica > > [13/Jan/2016:04:06:14 +0000] NSMMReplicationPlugin - conn=11 op=13966 > repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=0 rc=0 > > [13/Jan/2016:04:06:14 +0000] NSMMReplicationPlugin - conn=11 op=13966 > Relinquishing consumer connection extension > > [13/Jan/2016:04:06:15 +0000] - _csngen_adjust_local_time: gen state > before 5695ce2e0004:1452657974:122:126 > > [13/Jan/2016:04:06:15 +0000] - _csngen_adjust_local_time: gen state > after 5695ce2e0004:1452657975:121:126 > > [13/Jan/2016:04:06:15 +0000] NSMMReplicationPlugin - > ruv_add_csn_inprogress: successfully inserted csn 5695ce2e000400030000 > into pending list > > [13/Jan/2016:04:06:15 +0000] NSMMReplicationPlugin - Purged state > information from entry > fqdn=hadoopnn1-mc-liqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net > up to CSN 568c93a7000700030000 > > [13/Jan/2016:04:06:15 +0000] NSMMReplicationPlugin - changelog program > - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for > database > /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db > > [13/Jan/2016:04:06:15 +0000] NSMMReplicationPlugin - changelog program > - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for > database > /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db > > [13/Jan/2016:04:06:15 +0000] NSMMReplicationPlugin - ruv_update_ruv: > successfully committed csn 5695ce2e000400030000 > > [13/Jan/2016:04:06:15 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): > State: backoff -> backoff > > [13/Jan/2016:04:06:15 +0000] NSMMReplicationPlugin - > ruv_add_csn_inprogress: successfully inserted csn 5695ce2e000500030000 > into pending list > > [13/Jan/2016:04:06:15 +0000] NSMMReplicationPlugin - Purged state > information from entry > fqdn=hadoopnn1-mc-liqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net > up to CSN 568c93ae000400030000 > > [13/Jan/2016:04:06:15 +0000] NSMMReplicationPlugin - changelog program > - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for > database > /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db > > [13/Jan/2016:04:06:15 +0000] NSMMReplicationPlugin - changelog program > - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for > database > /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db > > [13/Jan/2016:04:06:15 +0000] NSMMReplicationPlugin - ruv_update_ruv: > successfully committed csn 5695ce2e000500030000 > > [13/Jan/2016:04:06:15 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): > State: backoff -> backoff > > [13/Jan/2016:04:06:15 +0000] NSMMReplicationPlugin - conn=11 op=13967 > Acquired consumer connection extension > > [13/Jan/2016:04:06:15 +0000] NSMMReplicationPlugin - conn=11 op=13967 > repl="dc=mydomain,dc=net": Released replica held by > locking_purl=conn=11 id=13966 > > [13/Jan/2016:04:06:15 +0000] NSMMReplicationPlugin - conn=11 op=13967 > Relinquishing consumer connection extension > > [13/Jan/2016:04:06:15 +0000] NSMMReplicationPlugin - conn=11 op=13968 > Acquired consumer connection extension > > [13/Jan/2016:04:06:15 +0000] NSMMReplicationPlugin - conn=11 op=13968 > repl="dc=mydomain,dc=net": Begin incremental protocol > > [13/Jan/2016:04:06:15 +0000] - csngen_adjust_time: gen state before > 5695ce2e0006:1452657975:121:126 > > [13/Jan/2016:04:06:15 +0000] - csngen_adjust_time: gen state after > 5695ce300002:1452657975:123:126 > > [13/Jan/2016:04:06:15 +0000] NSMMReplicationPlugin - conn=11 op=13968 > repl="dc=mydomain,dc=net": Acquired replica > > [13/Jan/2016:04:06:15 +0000] NSMMReplicationPlugin - conn=11 op=13968 > repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=0 rc=0 > > [13/Jan/2016:04:06:15 +0000] NSMMReplicationPlugin - conn=11 op=13968 > Relinquishing consumer connection extension > > [13/Jan/2016:04:06:16 +0000] NSMMReplicationPlugin - conn=11 op=13969 > Acquired consumer connection extension > > [13/Jan/2016:04:06:16 +0000] NSMMReplicationPlugin - conn=11 op=13969 > repl="dc=mydomain,dc=net": Released replica held by > locking_purl=conn=11 id=13968 > > [13/Jan/2016:04:06:16 +0000] NSMMReplicationPlugin - conn=11 op=13969 > Relinquishing consumer connection extension > > [13/Jan/2016:04:06:17 +0000] - _csngen_adjust_local_time: gen state > before 5695ce300002:1452657975:123:126 > > [13/Jan/2016:04:06:17 +0000] - _csngen_adjust_local_time: gen state > after 5695ce300002:1452657977:121:126 > > [13/Jan/2016:04:06:17 +0000] NSMMReplicationPlugin - > ruv_add_csn_inprogress: successfully inserted csn 5695ce30000200030000 > into pending list > > [13/Jan/2016:04:06:17 +0000] NSMMReplicationPlugin - Purged state > information from entry > fqdn=hadoophbase1-mc-liqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net > up to CSN 568c93ae000500030000 > > [13/Jan/2016:04:06:17 +0000] NSMMReplicationPlugin - changelog program > - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for > database > /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db > > [13/Jan/2016:04:06:17 +0000] NSMMReplicationPlugin - changelog program > - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for > database > /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db > > [13/Jan/2016:04:06:17 +0000] NSMMReplicationPlugin - ruv_update_ruv: > successfully committed csn 5695ce30000200030000 > > [13/Jan/2016:04:06:17 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): > State: backoff -> backoff > > [13/Jan/2016:04:06:17 +0000] NSMMReplicationPlugin - > ruv_add_csn_inprogress: successfully inserted csn 5695ce30000300030000 > into pending list > > [13/Jan/2016:04:06:17 +0000] NSMMReplicationPlugin - Purged state > information from entry > fqdn=hadoophbase1-mc-liqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net > up to CSN 568c93b0000200030000 > > [13/Jan/2016:04:06:17 +0000] NSMMReplicationPlugin - changelog program > - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for > database > /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db > > [13/Jan/2016:04:06:17 +0000] NSMMReplicationPlugin - changelog program > - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for > database > /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db > > [13/Jan/2016:04:06:17 +0000] NSMMReplicationPlugin - ruv_update_ruv: > successfully committed csn 5695ce30000300030000 > > [13/Jan/2016:04:06:17 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): > State: backoff -> backoff > > [13/Jan/2016:04:06:20 +0000] NSMMReplicationPlugin - conn=11 op=13970 > Acquired consumer connection extension > > [13/Jan/2016:04:06:20 +0000] NSMMReplicationPlugin - conn=11 op=13970 > repl="dc=mydomain,dc=net": Begin incremental protocol > > [13/Jan/2016:04:06:20 +0000] - csngen_adjust_time: gen state before > 5695ce300004:1452657977:121:126 > > [13/Jan/2016:04:06:20 +0000] - _csngen_adjust_local_time: gen state > before 5695ce300004:1452657977:121:126 > > [13/Jan/2016:04:06:20 +0000] - _csngen_adjust_local_time: gen state > after 5695ce300004:1452657980:118:126 > > [13/Jan/2016:04:06:20 +0000] - csngen_adjust_time: gen state after > 5695ce350002:1452657980:123:126 > > [13/Jan/2016:04:06:20 +0000] NSMMReplicationPlugin - conn=11 op=13970 > repl="dc=mydomain,dc=net": Acquired replica > > [13/Jan/2016:04:06:20 +0000] NSMMReplicationPlugin - conn=11 op=13970 > repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=0 rc=0 > > [13/Jan/2016:04:06:20 +0000] NSMMReplicationPlugin - conn=11 op=13970 > Relinquishing consumer connection extension > > [13/Jan/2016:04:06:20 +0000] NSMMReplicationPlugin - > ruv_add_csn_inprogress: successfully inserted csn 5695ce35000200030000 > into pending list > > [13/Jan/2016:04:06:20 +0000] NSMMReplicationPlugin - Purged state > information from entry > fqdn=buffer3-arch-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net > up to CSN 568c93b0000300030000 > > [13/Jan/2016:04:06:20 +0000] NSMMReplicationPlugin - changelog program > - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for > database > /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db > > [13/Jan/2016:04:06:20 +0000] NSMMReplicationPlugin - changelog program > - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for > database > /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db > > [13/Jan/2016:04:06:20 +0000] NSMMReplicationPlugin - ruv_update_ruv: > successfully committed csn 5695ce35000200030000 > > [13/Jan/2016:04:06:20 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): > State: backoff -> backoff > > [13/Jan/2016:04:06:21 +0000] - _csngen_adjust_local_time: gen state > before 5695ce350003:1452657980:123:126 > > [13/Jan/2016:04:06:21 +0000] - _csngen_adjust_local_time: gen state > after 5695ce350003:1452657981:122:126 > > [13/Jan/2016:04:06:21 +0000] NSMMReplicationPlugin - > ruv_add_csn_inprogress: successfully inserted csn 5695ce35000300030000 > into pending list > > [13/Jan/2016:04:06:21 +0000] NSMMReplicationPlugin - Purged state > information from entry > fqdn=buffer3-arch-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net > up to CSN 568c93b5000200030000 > > [13/Jan/2016:04:06:21 +0000] NSMMReplicationPlugin - changelog program > - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for > database > /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db > > [13/Jan/2016:04:06:21 +0000] NSMMReplicationPlugin - changelog program > - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for > database > /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db > > [13/Jan/2016:04:06:21 +0000] NSMMReplicationPlugin - ruv_update_ruv: > successfully committed csn 5695ce35000300030000 > > [13/Jan/2016:04:06:21 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): > State: backoff -> backoff > > [13/Jan/2016:04:06:21 +0000] NSMMReplicationPlugin - conn=11 op=13971 > Acquired consumer connection extension > > [13/Jan/2016:04:06:21 +0000] NSMMReplicationPlugin - conn=11 op=13971 > repl="dc=mydomain,dc=net": Released replica held by > locking_purl=conn=11 id=13970 > > [13/Jan/2016:04:06:21 +0000] NSMMReplicationPlugin - conn=11 op=13971 > Relinquishing consumer connection extension > > [13/Jan/2016:04:06:21 +0000] NSMMReplicationPlugin - conn=11 op=13972 > Acquired consumer connection extension > > [13/Jan/2016:04:06:21 +0000] NSMMReplicationPlugin - conn=11 op=13972 > repl="dc=mydomain,dc=net": Begin incremental protocol > > [13/Jan/2016:04:06:21 +0000] - csngen_adjust_time: gen state before > 5695ce350004:1452657981:122:126 > > [13/Jan/2016:04:06:21 +0000] - csngen_adjust_time: gen state after > 5695ce350007:1452657981:122:126 > > [13/Jan/2016:04:06:21 +0000] NSMMReplicationPlugin - conn=11 op=13972 > repl="dc=mydomain,dc=net": Acquired replica > > [13/Jan/2016:04:06:21 +0000] NSMMReplicationPlugin - conn=11 op=13972 > repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=0 rc=0 > > [13/Jan/2016:04:06:21 +0000] NSMMReplicationPlugin - conn=11 op=13972 > Relinquishing consumer connection extension > > [13/Jan/2016:04:06:22 +0000] NSMMReplicationPlugin - conn=11 op=13973 > Acquired consumer connection extension > > [13/Jan/2016:04:06:22 +0000] NSMMReplicationPlugin - conn=11 op=13973 > repl="dc=mydomain,dc=net": Released replica held by > locking_purl=conn=11 id=13972 > > [13/Jan/2016:04:06:22 +0000] NSMMReplicationPlugin - conn=11 op=13973 > Relinquishing consumer connection extension > > [13/Jan/2016:04:06:24 +0000] NSMMReplicationPlugin - conn=11 op=13974 > Acquired consumer connection extension > > [13/Jan/2016:04:06:24 +0000] NSMMReplicationPlugin - conn=11 op=13974 > repl="dc=mydomain,dc=net": Begin incremental protocol > > [13/Jan/2016:04:06:24 +0000] - csngen_adjust_time: gen state before > 5695ce350007:1452657981:122:126 > > [13/Jan/2016:04:06:24 +0000] - _csngen_adjust_local_time: gen state > before 5695ce350007:1452657981:122:126 > > [13/Jan/2016:04:06:24 +0000] - _csngen_adjust_local_time: gen state > after 5695ce350007:1452657984:119:126 > > [13/Jan/2016:04:06:24 +0000] - csngen_adjust_time: gen state after > 5695ce3b0002:1452657984:125:126 > > [13/Jan/2016:04:06:24 +0000] NSMMReplicationPlugin - conn=11 op=13974 > repl="dc=mydomain,dc=net": Acquired replica > > [13/Jan/2016:04:06:24 +0000] NSMMReplicationPlugin - conn=11 op=13974 > repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=0 rc=0 > > [13/Jan/2016:04:06:24 +0000] NSMMReplicationPlugin - conn=11 op=13974 > Relinquishing consumer connection extension > > [13/Jan/2016:04:06:25 +0000] - _csngen_adjust_local_time: gen state > before 5695ce3b0002:1452657984:125:126 > > [13/Jan/2016:04:06:25 +0000] - _csngen_adjust_local_time: gen state > after 5695ce3b0002:1452657985:124:126 > > [13/Jan/2016:04:06:25 +0000] NSMMReplicationPlugin - > ruv_add_csn_inprogress: successfully inserted csn 5695ce3b000200030000 > into pending list > > [13/Jan/2016:04:06:25 +0000] NSMMReplicationPlugin - Purged state > information from entry > fqdn=fe1-gas-smqa2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net > up to CSN 568c93b5000300030000 > > [13/Jan/2016:04:06:25 +0000] NSMMReplicationPlugin - changelog program > - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for > database > /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db > > [13/Jan/2016:04:06:25 +0000] NSMMReplicationPlugin - changelog program > - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for > database > /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db > > [13/Jan/2016:04:06:25 +0000] NSMMReplicationPlugin - ruv_update_ruv: > successfully committed csn 5695ce3b000200030000 > > [13/Jan/2016:04:06:25 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): > State: backoff -> backoff > > [13/Jan/2016:04:06:25 +0000] NSMMReplicationPlugin - > ruv_add_csn_inprogress: successfully inserted csn 5695ce3b000300030000 > into pending list > > [13/Jan/2016:04:06:25 +0000] NSMMReplicationPlugin - Purged state > information from entry > fqdn=fe1-gas-smqa2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net > up to CSN 568c93bb000200030000 > > [13/Jan/2016:04:06:25 +0000] NSMMReplicationPlugin - changelog program > - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for > database > /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db > > [13/Jan/2016:04:06:25 +0000] NSMMReplicationPlugin - changelog program > - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for > database > /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db > > [13/Jan/2016:04:06:25 +0000] NSMMReplicationPlugin - ruv_update_ruv: > successfully committed csn 5695ce3b000300030000 > > [13/Jan/2016:04:06:25 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): > State: backoff -> backoff > > [13/Jan/2016:04:06:26 +0000] NSMMReplicationPlugin - conn=11 op=13975 > Acquired consumer connection extension > > [13/Jan/2016:04:06:26 +0000] NSMMReplicationPlugin - conn=11 op=13975 > repl="dc=mydomain,dc=net": Released replica held by > locking_purl=conn=11 id=13974 > > [13/Jan/2016:04:06:26 +0000] NSMMReplicationPlugin - conn=11 op=13975 > Relinquishing consumer connection extension > > [13/Jan/2016:04:06:26 +0000] NSMMReplicationPlugin - conn=11 op=13976 > Acquired consumer connection extension > > [13/Jan/2016:04:06:26 +0000] NSMMReplicationPlugin - conn=11 op=13976 > repl="dc=mydomain,dc=net": Begin incremental protocol > > [13/Jan/2016:04:06:26 +0000] - csngen_adjust_time: gen state before > 5695ce3b0004:1452657985:124:126 > > [13/Jan/2016:04:06:26 +0000] - _csngen_adjust_local_time: gen state > before 5695ce3b0004:1452657985:124:126 > > [13/Jan/2016:04:06:26 +0000] - _csngen_adjust_local_time: gen state > after 5695ce3b0004:1452657986:123:126 > > [13/Jan/2016:04:06:26 +0000] - csngen_adjust_time: gen state after > 5695ce3b0009:1452657986:123:126 > > [13/Jan/2016:04:06:26 +0000] NSMMReplicationPlugin - conn=11 op=13976 > repl="dc=mydomain,dc=net": Acquired replica > > [13/Jan/2016:04:06:26 +0000] NSMMReplicationPlugin - conn=11 op=13976 > repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=0 rc=0 > > [13/Jan/2016:04:06:26 +0000] NSMMReplicationPlugin - conn=11 op=13976 > Relinquishing consumer connection extension > > [13/Jan/2016:04:06:27 +0000] NSMMReplicationPlugin - conn=11 op=13977 > Acquired consumer connection extension > > [13/Jan/2016:04:06:27 +0000] NSMMReplicationPlugin - conn=11 op=13977 > repl="dc=mydomain,dc=net": Released replica held by > locking_purl=conn=11 id=13976 > > [13/Jan/2016:04:06:27 +0000] NSMMReplicationPlugin - conn=11 op=13977 > Relinquishing consumer connection extension > > [13/Jan/2016:04:06:28 +0000] NSMMReplicationPlugin - conn=11 op=13978 > Acquired consumer connection extension > > [13/Jan/2016:04:06:28 +0000] NSMMReplicationPlugin - conn=11 op=13978 > repl="dc=mydomain,dc=net": Begin incremental protocol > > [13/Jan/2016:04:06:28 +0000] - csngen_adjust_time: gen state before > 5695ce3b0009:1452657986:123:126 > > [13/Jan/2016:04:06:28 +0000] - _csngen_adjust_local_time: gen state > before 5695ce3b0009:1452657986:123:126 > > [13/Jan/2016:04:06:28 +0000] - _csngen_adjust_local_time: gen state > after 5695ce3b0009:1452657988:121:126 > > [13/Jan/2016:04:06:28 +0000] - csngen_adjust_time: gen state after > 5695ce3c0002:1452657988:122:126 > > [13/Jan/2016:04:06:28 +0000] NSMMReplicationPlugin - conn=11 op=13978 > repl="dc=mydomain,dc=net": Acquired replica > > [13/Jan/2016:04:06:28 +0000] NSMMReplicationPlugin - conn=11 op=13978 > repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=0 rc=0 > > [13/Jan/2016:04:06:28 +0000] NSMMReplicationPlugin - conn=11 op=13978 > Relinquishing consumer connection extension > > [13/Jan/2016:04:06:29 +0000] NSMMReplicationPlugin - conn=11 op=13979 > Acquired consumer connection extension > > [13/Jan/2016:04:06:29 +0000] NSMMReplicationPlugin - conn=11 op=13979 > repl="dc=mydomain,dc=net": Released replica held by > locking_purl=conn=11 id=13978 > > [13/Jan/2016:04:06:29 +0000] NSMMReplicationPlugin - conn=11 op=13979 > Relinquishing consumer connection extension > > [13/Jan/2016:04:06:29 +0000] NSMMReplicationPlugin - conn=11 op=13980 > Acquired consumer connection extension > > [13/Jan/2016:04:06:29 +0000] NSMMReplicationPlugin - conn=11 op=13980 > repl="dc=mydomain,dc=net": Begin incremental protocol > > [13/Jan/2016:04:06:29 +0000] - csngen_adjust_time: gen state before > 5695ce3c0002:1452657988:122:126 > > [13/Jan/2016:04:06:29 +0000] - _csngen_adjust_local_time: gen state > before 5695ce3c0002:1452657988:122:126 > > [13/Jan/2016:04:06:29 +0000] - _csngen_adjust_local_time: gen state > after 5695ce3c0002:1452657989:121:126 > > [13/Jan/2016:04:06:29 +0000] - csngen_adjust_time: gen state after > 5695ce3d0004:1452657989:122:126 > > [13/Jan/2016:04:06:29 +0000] NSMMReplicationPlugin - conn=11 op=13980 > repl="dc=mydomain,dc=net": Acquired replica > > [13/Jan/2016:04:06:29 +0000] NSMMReplicationPlugin - conn=11 op=13980 > repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=0 rc=0 > > [13/Jan/2016:04:06:29 +0000] NSMMReplicationPlugin - conn=11 op=13980 > Relinquishing consumer connection extension > > [13/Jan/2016:04:06:30 +0000] - _csngen_adjust_local_time: gen state > before 5695ce3d0004:1452657989:122:126 > > [13/Jan/2016:04:06:30 +0000] - _csngen_adjust_local_time: gen state > after 5695ce3d0004:1452657990:121:126 > > [13/Jan/2016:04:06:30 +0000] NSMMReplicationPlugin - > ruv_add_csn_inprogress: successfully inserted csn 5695ce3d000400030000 > into pending list > > [13/Jan/2016:04:06:30 +0000] NSMMReplicationPlugin - Purged state > information from entry > fqdn=hadoopoozie1-mc-lisnap1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net > up to CSN 568c93bb000300030000 > > [13/Jan/2016:04:06:30 +0000] NSMMReplicationPlugin - changelog program > - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for > database > /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db > > [13/Jan/2016:04:06:30 +0000] NSMMReplicationPlugin - changelog program > - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for > database > /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db > > [13/Jan/2016:04:06:30 +0000] NSMMReplicationPlugin - ruv_update_ruv: > successfully committed csn 5695ce3d000400030000 > > [13/Jan/2016:04:06:30 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): > State: backoff -> backoff > > [13/Jan/2016:04:06:30 +0000] NSMMReplicationPlugin - > ruv_add_csn_inprogress: successfully inserted csn 5695ce3d000500030000 > into pending list > > [13/Jan/2016:04:06:30 +0000] NSMMReplicationPlugin - Purged state > information from entry > fqdn=hadoopoozie1-mc-lisnap1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net > up to CSN 568c93bd000400030000 > > [13/Jan/2016:04:06:30 +0000] NSMMReplicationPlugin - changelog program > - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for > database > /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db > > [13/Jan/2016:04:06:30 +0000] NSMMReplicationPlugin - changelog program > - _cl5GetDBFileByReplicaName: found DB object 7f612a11c890 for > database > /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db > > [13/Jan/2016:04:06:30 +0000] NSMMReplicationPlugin - ruv_update_ruv: > successfully committed csn 5695ce3d000500030000 > > [13/Jan/2016:04:06:30 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): > State: backoff -> backoff > > [13/Jan/2016:04:06:30 +0000] NSMMReplicationPlugin - changelog program > - _cl5GetDBFile: found DB object 7f612a11c890 for database > /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db > > [13/Jan/2016:04:06:30 +0000] NSMMReplicationPlugin - changelog program > - cl5GetOperationCount: found DB object 7f612a11c890 > > [13/Jan/2016:04:06:30 +0000] NSMMReplicationPlugin - changelog program > - _cl5GetDBFile: found DB object 7f612a11c890 for database > /var/lib/dirsrv/slapd-mydomain.net/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db > > [13/Jan/2016:04:06:30 +0000] NSMMReplicationPlugin - changelog program > - cl5GetOperationCount: found DB object 7f612a11c890 > > [13/Jan/2016:04:06:31 +0000] NSMMReplicationPlugin - conn=11 op=13981 > Acquired consumer connection extension > > [13/Jan/2016:04:06:31 +0000] NSMMReplicationPlugin - conn=11 op=13981 > repl="dc=mydomain,dc=net": Released replica held by > locking_purl=conn=11 id=13980 > > [13/Jan/2016:04:06:31 +0000] NSMMReplicationPlugin - conn=11 op=13981 > Relinquishing consumer connection extension > > [13/Jan/2016:04:06:31 +0000] NSMMReplicationPlugin - conn=11 op=13982 > Acquired consumer connection extension > > [13/Jan/2016:04:06:31 +0000] NSMMReplicationPlugin - conn=11 op=13982 > repl="dc=mydomain,dc=net": Begin incremental protocol > > [13/Jan/2016:04:06:31 +0000] - csngen_adjust_time: gen state before > 5695ce3d0006:1452657990:121:126 > > [13/Jan/2016:04:06:31 +0000] - _csngen_adjust_local_time: gen state > before 5695ce3d0006:1452657990:121:126 > > [13/Jan/2016:04:06:31 +0000] - _csngen_adjust_local_time: gen state > after 5695ce3d0006:1452657991:120:126 > > [13/Jan/2016:04:06:31 +0000] - csngen_adjust_time: gen state after > 5695ce40000a:1452657991:123:126 > > [13/Jan/2016:04:06:31 +0000] NSMMReplicationPlugin - conn=11 op=13982 > repl="dc=mydomain,dc=net": Acquired replica > > [13/Jan/2016:04:06:31 +0000] NSMMReplicationPlugin - conn=11 op=13982 > repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=0 rc=0 > > [13/Jan/2016:04:06:31 +0000] NSMMReplicationPlugin - conn=11 op=13982 > Relinquishing consumer connection extension > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - conn=11 op=13983 > Acquired consumer connection extension > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - conn=11 op=13983 > repl="dc=mydomain,dc=net": Released replica held by > locking_purl=conn=11 id=13982 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - conn=11 op=13983 > Relinquishing consumer connection extension > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - conn=11 op=13984 > Acquired consumer connection extension > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - conn=11 op=13984 > repl="dc=mydomain,dc=net": Begin incremental protocol > > [13/Jan/2016:04:06:32 +0000] - csngen_adjust_time: gen state before > 5695ce40000a:1452657991:123:126 > > [13/Jan/2016:04:06:32 +0000] - _csngen_adjust_local_time: gen state > before 5695ce40000a:1452657991:123:126 > > [13/Jan/2016:04:06:32 +0000] - _csngen_adjust_local_time: gen state > after 5695ce40000a:1452657992:122:126 > > [13/Jan/2016:04:06:32 +0000] - csngen_adjust_time: gen state after > 5695ce40000d:1452657992:122:126 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - conn=11 op=13984 > repl="dc=mydomain,dc=net": Acquired replica > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - conn=11 op=13984 > repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=0 rc=0 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - conn=11 op=13984 > Relinquishing consumer connection extension > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - conn=11 op=13985 > Acquired consumer connection extension > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - conn=11 op=13985 > repl="dc=mydomain,dc=net": Released replica held by > locking_purl=conn=11 id=13984 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - conn=11 op=13985 > Relinquishing consumer connection extension > > And here are the logs from dc1-van during the update > > ---------------------------------------------------- > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: modifys operation > (dn="fqdn=lb2-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695ce3b000600040000) not sent - empty > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: Consumer successfully sent operation with csn > 5695ce3b000600040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > Skipping update operation with no message_id (uniqueid > d628ef90-58b511e5-b1f1cd78-f19552bb, CSN 5695ce3b000600040000): > > [13/Jan/2016:04:06:32 +0000] > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - > load=1 rec=33 csn=5695ce3c000000040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: Sending modify operation > (dn="fqdn=hadoopnn2-mc-liqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695ce3c000000040000) > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: modifys operation > (dn="fqdn=hadoopnn2-mc-liqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695ce3c000000040000) not sent - empty > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: Consumer successfully sent operation with csn > 5695ce3c000000040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > Skipping update operation with no message_id (uniqueid > e8dfd6bf-b5c011e5-b1f1cd78-f19552bb, CSN 5695ce3c000000040000): > > [13/Jan/2016:04:06:32 +0000] > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - > load=1 rec=34 csn=5695ce3d000000040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: Sending modify operation > (dn="fqdn=hadoopnn2-mc-liqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695ce3d000000040000) > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: modifys operation > (dn="fqdn=hadoopnn2-mc-liqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695ce3d000000040000) not sent - empty > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: Consumer successfully sent operation with csn > 5695ce3d000000040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > Skipping update operation with no message_id (uniqueid > e8dfd6bf-b5c011e5-b1f1cd78-f19552bb, CSN 5695ce3d000000040000): > > [13/Jan/2016:04:06:32 +0000] > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - > load=1 rec=35 csn=5695ce40000500040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: Sending modify operation > (dn="fqdn=van-test-conv6.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695ce40000500040000) > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: modifys operation > (dn="fqdn=van-test-conv6.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695ce40000500040000) not sent - empty > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: Consumer successfully sent operation with csn > 5695ce40000500040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > Skipping update operation with no message_id (uniqueid > eac08945-ab2e11e5-b6d1a094-64a60b74, CSN 5695ce40000500040000): > > [13/Jan/2016:04:06:32 +0000] > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - > load next: anchorcsn=5695ce40000500040000 > > [13/Jan/2016:04:06:32 +0000] > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - > load=2 rec=36 csn=5695ce40000800040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: Sending modify operation > (dn="fqdn=van-test-conv6.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695ce40000800040000) > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: modifys operation > (dn="fqdn=van-test-conv6.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695ce40000800040000) not sent - empty > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: Consumer successfully sent operation with csn > 5695ce40000800040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > Skipping update operation with no message_id (uniqueid > eac08945-ab2e11e5-b6d1a094-64a60b74, CSN 5695ce40000800040000): > > [13/Jan/2016:04:06:32 +0000] > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - > clcache_load_buffer: rc=-30988 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): No > more updates to send (cl5GetNextOperationToReplay) > > [13/Jan/2016:04:06:32 +0000] - repl5_inc_waitfor_async_results: 0 0 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > replay_update: Sending modify operation > (dn="fqdn=fe1-gas-salci-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695ce06000b00040000) > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > replay_update: modifys operation > (dn="fqdn=fe1-gas-salci-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695ce06000b00040000) not sent - empty > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > replay_update: Consumer successfully sent operation with csn > 5695ce06000b00040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > Skipping update operation with no message_id (uniqueid > d4372c1b-4d0c11e5-b1f1cd78-f19552bb, CSN 5695ce06000b00040000): > > [13/Jan/2016:04:06:32 +0000] > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - > load=1 rec=21 csn=5695ce07000000040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > replay_update: Sending modify operation > (dn="fqdn=fe1-gas-salci-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695ce07000000040000) > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > replay_update: modifys operation > (dn="fqdn=fe1-gas-salci-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695ce07000000040000) not sent - empty > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > replay_update: Consumer successfully sent operation with csn > 5695ce07000000040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > Skipping update operation with no message_id (uniqueid > d4372c1b-4d0c11e5-b1f1cd78-f19552bb, CSN 5695ce07000000040000): > > [13/Jan/2016:04:06:32 +0000] > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - > load=1 rec=22 csn=5695ce18000000040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > replay_update: Sending modify operation > (dn="krbprincipalname=cifs/dc1-ipa-dev-van.mydomain.net at mydomain.net,cn=services,cn=accounts,dc=mydomain,dc=net" > csn=5695ce18000000040000) > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > replay_update: modifys operation > (dn="krbprincipalname=cifs/dc1-ipa-dev-van.mydomain.net at mydomain.net,cn=services,cn=accounts,dc=mydomain,dc=net" > csn=5695ce18000000040000) not sent - empty > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > replay_update: Consumer successfully sent operation with csn > 5695ce18000000040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > Skipping update operation with no message_id (uniqueid > e16b6f0a-f27411e4-bf10cd78-f19552bb, CSN 5695ce18000000040000): > > [13/Jan/2016:04:06:32 +0000] > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - > load=1 rec=23 csn=5695ce25000200040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > replay_update: Sending modify operation > (dn="fqdn=hadoopoozie1-mc-liqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695ce25000200040000) > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > replay_update: modifys operation > (dn="fqdn=hadoopoozie1-mc-liqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695ce25000200040000) not sent - empty > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > replay_update: Consumer successfully sent operation with csn > 5695ce25000200040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > Skipping update operation with no message_id (uniqueid > dfef0524-b5c011e5-b6d1a094-64a60b74, CSN 5695ce25000200040000): > > [13/Jan/2016:04:06:32 +0000] > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - > load=1 rec=24 csn=5695ce25000600040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > replay_update: Sending modify operation > (dn="fqdn=hadoopoozie1-mc-liqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695ce25000600040000) > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > replay_update: modifys operation > (dn="fqdn=hadoopoozie1-mc-liqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695ce25000600040000) not sent - empty > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > replay_update: Consumer successfully sent operation with csn > 5695ce25000600040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > Skipping update operation with no message_id (uniqueid > dfef0524-b5c011e5-b6d1a094-64a60b74, CSN 5695ce25000600040000): > > [13/Jan/2016:04:06:32 +0000] > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - > load=1 rec=25 csn=5695ce2e000200040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > replay_update: Sending modify operation > (dn="fqdn=pres1-msg-mbsnap1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695ce2e000200040000) > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > replay_update: modifys operation > (dn="fqdn=pres1-msg-mbsnap1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695ce2e000200040000) not sent - empty > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > replay_update: Consumer successfully sent operation with csn > 5695ce2e000200040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > Skipping update operation with no message_id (uniqueid > cb19938f-58a411e5-b1f1cd78-f19552bb, CSN 5695ce2e000200040000): > > [13/Jan/2016:04:06:32 +0000] > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - > load=1 rec=26 csn=5695ce2e000600040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > replay_update: Sending modify operation > (dn="fqdn=pres1-msg-mbsnap1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695ce2e000600040000) > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > replay_update: modifys operation > (dn="fqdn=pres1-msg-mbsnap1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695ce2e000600040000) not sent - empty > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > replay_update: Consumer successfully sent operation with csn > 5695ce2e000600040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > Skipping update operation with no message_id (uniqueid > cb19938f-58a411e5-b1f1cd78-f19552bb, CSN 5695ce2e000600040000): > > [13/Jan/2016:04:06:32 +0000] > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - > load=1 rec=27 csn=5695ce35000000040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > replay_update: Sending modify operation > (dn="fqdn=es1-log-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695ce35000000040000) > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > replay_update: modifys operation > (dn="fqdn=es1-log-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695ce35000000040000) not sent - empty > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > replay_update: Consumer successfully sent operation with csn > 5695ce35000000040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > Skipping update operation with no message_id (uniqueid > 49de880a-9e2411e5-b1f1cd78-f19552bb, CSN 5695ce35000000040000): > > [13/Jan/2016:04:06:32 +0000] - repl5_inc_result_threadmain: read > result for message_id 0 > > [13/Jan/2016:04:06:32 +0000] > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - > load=1 rec=28 csn=5695ce35000400040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > replay_update: Sending modify operation > (dn="fqdn=es1-log-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695ce35000400040000) > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > replay_update: modifys operation > (dn="fqdn=es1-log-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695ce35000400040000) not sent - empty > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > replay_update: Consumer successfully sent operation with csn > 5695ce35000400040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > Skipping update operation with no message_id (uniqueid > 49de880a-9e2411e5-b1f1cd78-f19552bb, CSN 5695ce35000400040000): > > [13/Jan/2016:04:06:32 +0000] > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - > load=1 rec=29 csn=5695ce39000200040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > replay_update: Sending modify operation > (dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" > csn=5695ce39000200040000) > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > replay_update: modifys operation > (dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" > csn=5695ce39000200040000) not sent - empty > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > replay_update: Consumer successfully sent operation with csn > 5695ce39000200040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > Skipping update operation with no message_id (uniqueid > 21b88d27-030911e5-afbccd78-f19552bb, CSN 5695ce39000200040000): > > [13/Jan/2016:04:06:32 +0000] > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - > load=1 rec=30 csn=5695ce3b000400040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > replay_update: Sending modify operation > (dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" > csn=5695ce3b000400040000) > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > replay_update: modifys operation > (dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" > csn=5695ce3b000400040000) not sent - empty > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > replay_update: Consumer successfully sent operation with csn > 5695ce3b000400040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > Skipping update operation with no message_id (uniqueid > 21b88d27-030911e5-afbccd78-f19552bb, CSN 5695ce3b000400040000): > > [13/Jan/2016:04:06:32 +0000] > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - > load=1 rec=31 csn=5695ce3b000500040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > replay_update: Sending modify operation > (dn="fqdn=lb2-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695ce3b000500040000) > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > replay_update: modifys operation > (dn="fqdn=lb2-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695ce3b000500040000) not sent - empty > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > replay_update: Consumer successfully sent operation with csn > 5695ce3b000500040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > Skipping update operation with no message_id (uniqueid > d628ef90-58b511e5-b1f1cd78-f19552bb, CSN 5695ce3b000500040000): > > [13/Jan/2016:04:06:32 +0000] > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - > load=1 rec=32 csn=5695ce3b000600040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > replay_update: Sending modify operation > (dn="fqdn=lb2-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695ce3b000600040000) > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > replay_update: modifys operation > (dn="fqdn=lb2-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695ce3b000600040000) not sent - empty > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > replay_update: Consumer successfully sent operation with csn > 5695ce3b000600040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > Skipping update operation with no message_id (uniqueid > d628ef90-58b511e5-b1f1cd78-f19552bb, CSN 5695ce3b000600040000): > > [13/Jan/2016:04:06:32 +0000] > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - > load=1 rec=33 csn=5695ce3c000000040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > replay_update: Sending modify operation > (dn="fqdn=hadoopnn2-mc-liqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695ce3c000000040000) > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > replay_update: modifys operation > (dn="fqdn=hadoopnn2-mc-liqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695ce3c000000040000) not sent - empty > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > replay_update: Consumer successfully sent operation with csn > 5695ce3c000000040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > Skipping update operation with no message_id (uniqueid > e8dfd6bf-b5c011e5-b1f1cd78-f19552bb, CSN 5695ce3c000000040000): > > [13/Jan/2016:04:06:32 +0000] > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - > load=1 rec=34 csn=5695ce3d000000040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > replay_update: Sending modify operation > (dn="fqdn=hadoopnn2-mc-liqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695ce3d000000040000) > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > replay_update: modifys operation > (dn="fqdn=hadoopnn2-mc-liqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695ce3d000000040000) not sent - empty > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > replay_update: Consumer successfully sent operation with csn > 5695ce3d000000040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > Skipping update operation with no message_id (uniqueid > e8dfd6bf-b5c011e5-b1f1cd78-f19552bb, CSN 5695ce3d000000040000): > > [13/Jan/2016:04:06:32 +0000] > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - > load=1 rec=35 csn=5695ce40000500040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > replay_update: Sending modify operation > (dn="fqdn=van-test-conv6.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695ce40000500040000) > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > replay_update: modifys operation > (dn="fqdn=van-test-conv6.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695ce40000500040000) not sent - empty > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > replay_update: Consumer successfully sent operation with csn > 5695ce40000500040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > Skipping update operation with no message_id (uniqueid > eac08945-ab2e11e5-b6d1a094-64a60b74, CSN 5695ce40000500040000): > > [13/Jan/2016:04:06:32 +0000] > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - > load=1 rec=36 csn=5695ce40000800040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > replay_update: Sending modify operation > (dn="fqdn=van-test-conv6.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695ce40000800040000) > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > replay_update: modifys operation > (dn="fqdn=van-test-conv6.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695ce40000800040000) not sent - empty > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > replay_update: Consumer successfully sent operation with csn > 5695ce40000800040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): > Skipping update operation with no message_id (uniqueid > eac08945-ab2e11e5-b6d1a094-64a60b74, CSN 5695ce40000800040000): > > [13/Jan/2016:04:06:32 +0000] > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389) - > clcache_load_buffer: rc=-30988 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): No > more updates to send (cl5GetNextOperationToReplay) > > [13/Jan/2016:04:06:32 +0000] - repl5_inc_waitfor_async_results: 0 0 > > [13/Jan/2016:04:06:32 +0000] - repl5_inc_result_threadmain exiting > > [13/Jan/2016:04:06:32 +0000] > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - > session end: state=5 load=2 sent=36 skipped=0 skipped_new_rid=0 > skipped_csn_gt_cons_maxcsn=0 skipped_up_to_date=0 skipped_csn_gt_ruv=0 > skipped_csn_covered=0 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > Successfully released consumer > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > Beginning linger on the connection > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > State: sending_updates -> wait_for_changes > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > State: wait_for_changes -> ready_to_acquire_replica > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > Cancelling linger on the connection > > [13/Jan/2016:04:06:32 +0000] - _csngen_adjust_local_time: gen state > before 5695ce40000b:1452657991:1:248 > > [13/Jan/2016:04:06:32 +0000] - _csngen_adjust_local_time: gen state > after 5695ce40000b:1452657992:0:248 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > Replica was successfully acquired. > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > State: ready_to_acquire_replica -> sending_updates > > [13/Jan/2016:04:06:32 +0000] - csngen_adjust_time: gen state before > 5695ce40000c:1452657992:0:248 > > [13/Jan/2016:04:06:32 +0000] - csngen_adjust_time: gen state after > 5695ce40000c:1452657992:0:248 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - changelog program > - _cl5GetDBFile: found DB object 7fc743a5f4c0 for database > /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db > > [13/Jan/2016:04:06:32 +0000] - _cl5PositionCursorForReplay > (agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389)): > Consumer RUV: > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > {replicageneration} 553fe9bb000000040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} > 56921205000100050000 5695ce40000100050000 00000000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} > 553fe9c9000000040000 5695cdcc000200040000 00000000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} > 553fe9c4000000030000 56949070000b00030000 00000000 > > [13/Jan/2016:04:06:32 +0000] - _cl5PositionCursorForReplay > (agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389)): > Supplier RUV: > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > {replicageneration} 553fe9bb000000040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} > 553fe9c9000000040000 5695ce40000800040000 5695cd47 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} > 56921205000100050000 5695cad2000400050000 5695ca7c > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} > 553fe9c4000000030000 56949070000b00030000 56948f81 > > [13/Jan/2016:04:06:32 +0000] > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - > clcache_get_buffer: found thread private buffer cache 7fc6f5181410 > > [13/Jan/2016:04:06:32 +0000] > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - > clcache_get_buffer: _pool is 7fc74461e350 _pool->pl_busy_lists is > 7fc71406c630 _pool->pl_busy_lists->bl_buffers is 7fc6f5181410 > > [13/Jan/2016:04:06:32 +0000] > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - > session start: anchorcsn=5695cdcc000200040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - changelog program > - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > CSN 5695cdcc000200040000 found, position set for replay > > [13/Jan/2016:04:06:32 +0000] > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - > load=1 rec=1 csn=5695cdd4000100040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: Sending modify operation > (dn="fqdn=es1-sal-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695cdd4000100040000) > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: modifys operation > (dn="fqdn=es1-sal-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695cdd4000100040000) not sent - empty > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: Consumer successfully sent operation with csn > 5695cdd4000100040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > Skipping update operation with no message_id (uniqueid > 0e9cb397-569311e5-b1f1cd78-f19552bb, CSN 5695cdd4000100040000): > > [13/Jan/2016:04:06:32 +0000] > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - > load=1 rec=2 csn=5695cdd4000400040000 > > [13/Jan/2016:04:06:32 +0000] - repl5_inc_result_threadmain starting > > [13/Jan/2016:04:06:32 +0000] - repl5_inc_result_threadmain: read > result for message_id 0 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: Sending modify operation > (dn="fqdn=es1-sal-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695cdd4000400040000) > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: modifys operation > (dn="fqdn=es1-sal-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695cdd4000400040000) not sent - empty > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: Consumer successfully sent operation with csn > 5695cdd4000400040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > Skipping update operation with no message_id (uniqueid > 0e9cb397-569311e5-b1f1cd78-f19552bb, CSN 5695cdd4000400040000): > > [13/Jan/2016:04:06:32 +0000] > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - > load=1 rec=3 csn=5695cde0000000040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: Sending modify operation > (dn="fqdn=cs1-portal-qa-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695cde0000000040000) > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: modifys operation > (dn="fqdn=cs1-portal-qa-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695cde0000000040000) not sent - empty > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: Consumer successfully sent operation with csn > 5695cde0000000040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > Skipping update operation with no message_id (uniqueid > 78867f24-ab0311e5-b6d1a094-64a60b74, CSN 5695cde0000000040000): > > [13/Jan/2016:04:06:32 +0000] > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - > load=1 rec=4 csn=5695cde0000100040000 > > [13/Jan/2016:04:06:32 +0000] - repl5_inc_result_threadmain: read > result for message_id 0 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: Sending modify operation > (dn="fqdn=cs1-portal-qa-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695cde0000100040000) > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: modifys operation > (dn="fqdn=cs1-portal-qa-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695cde0000100040000) not sent - empty > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: Consumer successfully sent operation with csn > 5695cde0000100040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > Skipping update operation with no message_id (uniqueid > 78867f24-ab0311e5-b6d1a094-64a60b74, CSN 5695cde0000100040000): > > [13/Jan/2016:04:06:32 +0000] > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - > load=1 rec=5 csn=5695cde3000100040000 > > [13/Jan/2016:04:06:32 +0000] - repl5_inc_result_threadmain: read > result for message_id 0 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: Sending modify operation > (dn="fqdn=van-arch-snap4-db1.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695cde3000100040000) > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: modifys operation > (dn="fqdn=van-arch-snap4-db1.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695cde3000100040000) not sent - empty > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: Consumer successfully sent operation with csn > 5695cde3000100040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > Skipping update operation with no message_id (uniqueid > b3514b0a-50ff11e5-9215a094-64a60b74, CSN 5695cde3000100040000): > > [13/Jan/2016:04:06:32 +0000] > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - > load=1 rec=6 csn=5695cde3000500040000 > > [13/Jan/2016:04:06:32 +0000] - repl5_inc_result_threadmain: read > result for message_id 0 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: Sending modify operation > (dn="fqdn=van-arch-snap4-db1.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695cde3000500040000) > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: modifys operation > (dn="fqdn=van-arch-snap4-db1.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695cde3000500040000) not sent - empty > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: Consumer successfully sent operation with csn > 5695cde3000500040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > Skipping update operation with no message_id (uniqueid > b3514b0a-50ff11e5-9215a094-64a60b74, CSN 5695cde3000500040000): > > [13/Jan/2016:04:06:32 +0000] > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - > load=1 rec=7 csn=5695cde7000300040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: Sending modify operation > (dn="fqdn=tc2-mc-mcqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695cde7000300040000) > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: modifys operation > (dn="fqdn=tc2-mc-mcqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695cde7000300040000) not sent - empty > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: Consumer successfully sent operation with csn > 5695cde7000300040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > Skipping update operation with no message_id (uniqueid > 3767b7b8-58e411e5-b1f1cd78-f19552bb, CSN 5695cde7000300040000): > > [13/Jan/2016:04:06:32 +0000] > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - > load=1 rec=8 csn=5695cde8000200040000 > > [13/Jan/2016:04:06:32 +0000] - repl5_inc_result_threadmain: read > result for message_id 0 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: Sending modify operation > (dn="fqdn=tc2-mc-mcqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695cde8000200040000) > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: modifys operation > (dn="fqdn=tc2-mc-mcqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695cde8000200040000) not sent - empty > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: Consumer successfully sent operation with csn > 5695cde8000200040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > Skipping update operation with no message_id (uniqueid > 3767b7b8-58e411e5-b1f1cd78-f19552bb, CSN 5695cde8000200040000): > > [13/Jan/2016:04:06:32 +0000] > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - > load=1 rec=9 csn=5695cde8000600040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: Sending modify operation > (dn="krbprincipalname=cifs/dc1-ipa-dev-van.mydomain.net at mydomain.net,cn=services,cn=accounts,dc=mydomain,dc=net" > csn=5695cde8000600040000) > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: modifys operation > (dn="krbprincipalname=cifs/dc1-ipa-dev-van.mydomain.net at mydomain.net,cn=services,cn=accounts,dc=mydomain,dc=net" > csn=5695cde8000600040000) not sent - empty > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: Consumer successfully sent operation with csn > 5695cde8000600040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > Skipping update operation with no message_id (uniqueid > e16b6f0a-f27411e4-bf10cd78-f19552bb, CSN 5695cde8000600040000): > > [13/Jan/2016:04:06:32 +0000] > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - > load=1 rec=10 csn=5695cdec000100040000 > > [13/Jan/2016:04:06:32 +0000] - repl5_inc_result_threadmain exiting > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: Sending modify operation > (dn="fqdn=auto-pr-perf1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695cdec000100040000) > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: modifys operation > (dn="fqdn=auto-pr-perf1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695cdec000100040000) not sent - empty > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: Consumer successfully sent operation with csn > 5695cdec000100040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > Skipping update operation with no message_id (uniqueid > aaefd19b-58b011e5-b1f1cd78-f19552bb, CSN 5695cdec000100040000): > > [13/Jan/2016:04:06:32 +0000] > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - > load=1 rec=11 csn=5695cdf0000200040000 > > [13/Jan/2016:04:06:32 +0000] - repl5_inc_result_threadmain: read > result for message_id 0 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: Sending modify operation > (dn="fqdn=van-arch-snap4-db3.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695cdf0000200040000) > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: modifys operation > (dn="fqdn=van-arch-snap4-db3.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695cdf0000200040000) not sent - empty > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: Consumer successfully sent operation with csn > 5695cdf0000200040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > Skipping update operation with no message_id (uniqueid > 25192e88-ab0d11e5-b1f1cd78-f19552bb, CSN 5695cdf0000200040000): > > [13/Jan/2016:04:06:32 +0000] > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - > load=1 rec=12 csn=5695cdf0000300040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: Sending modify operation > (dn="fqdn=van-arch-snap4-db3.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695cdf0000300040000) > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: modifys operation > (dn="fqdn=van-arch-snap4-db3.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695cdf0000300040000) not sent - empty > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: Consumer successfully sent operation with csn > 5695cdf0000300040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > Skipping update operation with no message_id (uniqueid > 25192e88-ab0d11e5-b1f1cd78-f19552bb, CSN 5695cdf0000300040000): > > [13/Jan/2016:04:06:32 +0000] > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - > load=1 rec=13 csn=5695cdf0000a00040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: Sending modify operation > (dn="fqdn=auto-pr-perf1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695cdf0000a00040000) > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: modifys operation > (dn="fqdn=auto-pr-perf1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695cdf0000a00040000) not sent - empty > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: Consumer successfully sent operation with csn > 5695cdf0000a00040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > Skipping update operation with no message_id (uniqueid > aaefd19b-58b011e5-b1f1cd78-f19552bb, CSN 5695cdf0000a00040000): > > [13/Jan/2016:04:06:32 +0000] > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - > load=1 rec=14 csn=5695cdf7000000040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: Sending modify operation > (dn="fqdn=mail1-sin-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695cdf7000000040000) > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: modifys operation > (dn="fqdn=mail1-sin-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695cdf7000000040000) not sent - empty > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: Consumer successfully sent operation with csn > 5695cdf7000000040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > Skipping update operation with no message_id (uniqueid > e1814b1e-30bc11e5-b1f1cd78-f19552bb, CSN 5695cdf7000000040000): > > [13/Jan/2016:04:06:32 +0000] > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - > load=1 rec=15 csn=5695cdf8000200040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: Sending modify operation > (dn="fqdn=mail1-sin-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695cdf8000200040000) > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: modifys operation > (dn="fqdn=mail1-sin-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695cdf8000200040000) not sent - empty > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: Consumer successfully sent operation with csn > 5695cdf8000200040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > Skipping update operation with no message_id (uniqueid > e1814b1e-30bc11e5-b1f1cd78-f19552bb, CSN 5695cdf8000200040000): > > [13/Jan/2016:04:06:32 +0000] > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - > load=1 rec=16 csn=5695ce03000000040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: Sending modify operation > (dn="fqdn=gopher2-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695ce03000000040000) > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: modifys operation > (dn="fqdn=gopher2-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695ce03000000040000) not sent - empty > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: Consumer successfully sent operation with csn > 5695ce03000000040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > Skipping update operation with no message_id (uniqueid > a7b56106-519f11e5-9215a094-64a60b74, CSN 5695ce03000000040000): > > [13/Jan/2016:04:06:32 +0000] > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - > load=1 rec=17 csn=5695ce03000400040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: Sending modify operation > (dn="fqdn=gopher2-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695ce03000400040000) > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: modifys operation > (dn="fqdn=gopher2-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695ce03000400040000) not sent - empty > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: Consumer successfully sent operation with csn > 5695ce03000400040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > Skipping update operation with no message_id (uniqueid > a7b56106-519f11e5-9215a094-64a60b74, CSN 5695ce03000400040000): > > [13/Jan/2016:04:06:32 +0000] > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - > load=1 rec=18 csn=5695ce06000300040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: Sending modify operation > (dn="fqdn=analyzer1-arch-cpqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695ce06000300040000) > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: modifys operation > (dn="fqdn=analyzer1-arch-cpqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695ce06000300040000) not sent - empty > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: Consumer successfully sent operation with csn > 5695ce06000300040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > Skipping update operation with no message_id (uniqueid > a050c41b-9e2e11e5-b1f1cd78-f19552bb, CSN 5695ce06000300040000): > > [13/Jan/2016:04:06:32 +0000] > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - > load=1 rec=19 csn=5695ce06000600040000 > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: Sending modify operation > (dn="fqdn=analyzer1-arch-cpqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695ce06000600040000) > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: modifys operation > (dn="fqdn=analyzer1-arch-cpqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > csn=5695ce06000600040000) not sent - empty > > [13/Jan/2016:04:06:32 +0000] NSMMReplicationPlugin - > agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): > replay_update: Consumer successfully sent operation with csn > 5695ce06000600040000 > > *From:*Mark Reynolds [mailto:mareynol at redhat.com] > *Sent:* January-12-16 5:56 PM > *To:* Nathan Peters; Rob Crittenden; freeipa-users at redhat.com > *Subject:* Re: [Freeipa-users] Replication failing on FreeIPA 4.2.0 > plus ldapmodify freezes up > > On 01/12/2016 06:16 PM, Nathan Peters wrote: > > [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=mole2-mh-interopsnap1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958906000000040000) > > [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=mole2-mh-interopsnap1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56958906000000040000)*not sent - empty* > > [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56958906000000040000 > > [12/Jan/2016:23:11:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 5a395106-b42a11e5-b6d1a094-64a60b74, CSN 56958906000000040000): > > There is a series of updates like above that all have empty > modifications (modifications that have been striped and are now empty) > so it never sends those "empty" updates. Replication then keeps > trying to send this same series of operations over and over. But it's > not finding any updates in the changelog that are not stripped. So, > can you make an update to entry (change a password, add a description > attribute, whatever) and see what the logging shows and if that update > replicates? Grep for "agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" and > check the timestamps. > > I'm also only seeing issues when updates going to > "dc1-ipa-dev-nvan:389", other replication agreements seem fine and > accept the updates. Can any of the other replicas update dc1? > > Also, you can ignore: > > > [12/Jan/2016:04:20:23 +0000] NSMMReplicationPlugin - replication keep > alive entry already exists > > These messages were not supposed to be logged by default. > > Mark > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmj at ast.cam.ac.uk Wed Jan 13 12:06:15 2016 From: rmj at ast.cam.ac.uk (Roderick Johnstone) Date: Wed, 13 Jan 2016 12:06:15 +0000 Subject: [Freeipa-users] Slow non-kerberised nfs mounts when ipa started Message-ID: <56963DB7.1000408@ast.cam.ac.uk> Hi I'm not sure this is quite the right place to post this query, but the problem is provoked by starting the ipa server so hopefully someone on the list might have encountered and resolved the issue already. This on a fully updated Redhat 7.2 system. Once I have my ipa server started I'm finding that non-kerberised nfs4 mounts of a filesystem from a host that is not an ipa client are very slow. Typically it takes 4-5 seconds for the mount operation to complete. The nfs server is exporting the filesystem with the option sec=sys in /etc/exports. I testing the mount speed with the mount command (so no autofs involved) and specifying the client address by ipv4 number (so no name lookups). I can reduce the delay to 2-3 seconds by specifying -o sec=sys on the mount line, but this too is very slow. The following causes mounts to happen at full speed, ie less than 0.1 sec elapsed: 1) Using mount option -o vers=3 (nfs v3) 2) Turning off the nfs-secure service (stops rpc.gssd) 3) Turning off the ipa server (ipactl stop) On my Redhat 6.7 testing ipa server the nfsv4 mounts also comlplete in under 0.1 sec so this seems to be an RHEL7 change. In /var/log/messages there are lots of messages like this: gssproxy: gssproxy[790]: (OID: { 1 2 840 113554 1 2 2 }) Unspecified GSS failure. Minor code may provide more information, No credentials cache found but they come out whether the nfs mounts are slow or quick. Does anyone else see this or have any ideas on how to speed up the nfs v4 mount on Redhat 7 when the ipa server is running? Thanks Roderick Johnstone From bahanw042014 at gmail.com Wed Jan 13 13:54:27 2016 From: bahanw042014 at gmail.com (bahan w) Date: Wed, 13 Jan 2016 14:54:27 +0100 Subject: [Freeipa-users] How to migrate from freeipa distribution to separate components Message-ID: Hello ! I send you this mail because I have a question relative to the migration from the IPA distribution to the separate components. With FreeIPA, we are using only : - MIT Kerberos - DS389 - The PKI CA is installed but not used from our side Is it possible to migrate to the following separate components : - MIT Kerberos (we keep the same) - OpenLDAP I often found documentation to migrate from MIT Kerberos and OpenLDAP to FreeIPA but not the opposite. Best regards. Bahan -------------- next part -------------- An HTML attachment was scrubbed... URL: From simo at redhat.com Wed Jan 13 13:58:58 2016 From: simo at redhat.com (Simo Sorce) Date: Wed, 13 Jan 2016 08:58:58 -0500 Subject: [Freeipa-users] How to migrate from freeipa distribution to separate components In-Reply-To: References: Message-ID: <1452693538.3356.78.camel@redhat.com> On Wed, 2016-01-13 at 14:54 +0100, bahan w wrote: > Hello ! > > I send you this mail because I have a question relative to the migration > from the IPA distribution to the separate components. > > With FreeIPA, we are using only : > - MIT Kerberos > - DS389 > - The PKI CA is installed but not used from our side > > Is it possible to migrate to the following separate components : > - MIT Kerberos (we keep the same) > - OpenLDAP > > I often found documentation to migrate from MIT Kerberos and OpenLDAP to > FreeIPA but not the opposite. Can you explain what you mean by "migrate to the following separate components" ? And why you want to do so ? Simo. -- Simo Sorce * Red Hat, Inc * New York From bahanw042014 at gmail.com Wed Jan 13 14:10:56 2016 From: bahanw042014 at gmail.com (bahan w) Date: Wed, 13 Jan 2016 15:10:56 +0100 Subject: [Freeipa-users] How to migrate from freeipa distribution to separate components In-Reply-To: <1452693538.3356.78.camel@redhat.com> References: <1452693538.3356.78.camel@redhat.com> Message-ID: Hello Simo ! For the reason : The production team wants to use only the two components openLDAP and MIT Kerberos, possibily on different servers. For the explanation : They want to install only MIT Kerberos and openLDAP. We already have an existing FreeIPA installation, with users, groups, principals, pwpolicies. We would like to migrate this to an openLDAP for the users, groups and pwpolicies, and to another MIT Kerberos for the principals (hope I'm not forgetting anything). Best regards. Bahan On Wed, Jan 13, 2016 at 2:58 PM, Simo Sorce wrote: > On Wed, 2016-01-13 at 14:54 +0100, bahan w wrote: > > Hello ! > > > > I send you this mail because I have a question relative to the migration > > from the IPA distribution to the separate components. > > > > With FreeIPA, we are using only : > > - MIT Kerberos > > - DS389 > > - The PKI CA is installed but not used from our side > > > > Is it possible to migrate to the following separate components : > > - MIT Kerberos (we keep the same) > > - OpenLDAP > > > > I often found documentation to migrate from MIT Kerberos and OpenLDAP to > > FreeIPA but not the opposite. > > Can you explain what you mean by "migrate to the following separate > components" ? And why you want to do so ? > > Simo. > > -- > Simo Sorce * Red Hat, Inc * New York > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From simo at redhat.com Wed Jan 13 14:28:33 2016 From: simo at redhat.com (Simo Sorce) Date: Wed, 13 Jan 2016 09:28:33 -0500 Subject: [Freeipa-users] How to migrate from freeipa distribution to separate components In-Reply-To: References: <1452693538.3356.78.camel@redhat.com> Message-ID: <1452695313.3356.83.camel@redhat.com> On Wed, 2016-01-13 at 15:10 +0100, bahan w wrote: > Hello Simo ! > > For the reason : > The production team wants to use only the two components openLDAP and MIT > Kerberos, possibily on different servers. > > For the explanation : > They want to install only MIT Kerberos and openLDAP. > We already have an existing FreeIPA installation, with users, groups, > principals, pwpolicies. > We would like to migrate this to an openLDAP for the users, groups and > pwpolicies, and to another MIT Kerberos for the principals (hope I'm not > forgetting anything). Sorry but FreeIPA is not just a generic directory server and an MIT KDC, it is an integrated solution. There is no path to use loose parts instead of the integrated set. I do not mean this snarkly in any way, but with a car analogy what you asked is something like: Can we migrate this Toyota Corolla to a set of loose parts (including and engine from Mercedes and the chassis of an Honda) that our mechanic can put together ? Simo. > Best regards. > > Bahan > > On Wed, Jan 13, 2016 at 2:58 PM, Simo Sorce wrote: > > > On Wed, 2016-01-13 at 14:54 +0100, bahan w wrote: > > > Hello ! > > > > > > I send you this mail because I have a question relative to the migration > > > from the IPA distribution to the separate components. > > > > > > With FreeIPA, we are using only : > > > - MIT Kerberos > > > - DS389 > > > - The PKI CA is installed but not used from our side > > > > > > Is it possible to migrate to the following separate components : > > > - MIT Kerberos (we keep the same) > > > - OpenLDAP > > > > > > I often found documentation to migrate from MIT Kerberos and OpenLDAP to > > > FreeIPA but not the opposite. > > > > Can you explain what you mean by "migrate to the following separate > > components" ? And why you want to do so ? > > > > Simo. > > > > -- > > Simo Sorce * Red Hat, Inc * New York > > > > -- Simo Sorce * Red Hat, Inc * New York From abokovoy at redhat.com Wed Jan 13 14:33:25 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Wed, 13 Jan 2016 16:33:25 +0200 Subject: [Freeipa-users] How to migrate from freeipa distribution to separate components In-Reply-To: References: <1452693538.3356.78.camel@redhat.com> Message-ID: <20160113143325.GH4316@redhat.com> On Wed, 13 Jan 2016, bahan w wrote: >Hello Simo ! > >For the reason : >The production team wants to use only the two components openLDAP and MIT >Kerberos, possibily on different servers. > >For the explanation : >They want to install only MIT Kerberos and openLDAP. >We already have an existing FreeIPA installation, with users, groups, >principals, pwpolicies. >We would like to migrate this to an openLDAP for the users, groups and >pwpolicies, and to another MIT Kerberos for the principals (hope I'm not >forgetting anything). FreeIPA provides own LDAP driver for MIT Kerberos that relies on IPA LDAP schema. Standard MIT Kerberos LDAP driver does not support IPA schema. Additionally, 389-ds LDAP server FreeIPA uses is coupled with about two dozen additional plugins. These plugins either don't exist for OpenLDAP at all or have different behavior and rely on different LDAP schema. In short, if you move the data from 389-ds to OpenLDAP, it wouldn't be used by MIT Kerberos LDAP driver because it doesn't know about that data, and OpenLDAP server will not have the same behavior as expected by IPA clients (SSSD) for IPA-specific mode. Whatever your production team is thinking about this move, it is most certainly not properly thought out. -- / Alexander Bokovoy From bahanw042014 at gmail.com Wed Jan 13 14:57:34 2016 From: bahanw042014 at gmail.com (bahan w) Date: Wed, 13 Jan 2016 15:57:34 +0100 Subject: [Freeipa-users] How to migrate from freeipa distribution to separate components In-Reply-To: <20160113143325.GH4316@redhat.com> References: <1452693538.3356.78.camel@redhat.com> <20160113143325.GH4316@redhat.com> Message-ID: Re. Thanks both of you for your answers. Simo, MIT Kerberos and OpenLDAP can work on their own and provide the same kind of service that we want from IPA, even if it is not embedded in integrated solution like IPA. I totally agree that IPA provides a lot of things but I am quite sure the isolated softwares like MIT Kerberos for Kerberos, OpenLDAP for LDAP and a cache client like sssd or nscd/nslcd can work. Alexander, when I mention migration, I think of the following actions : 1. Take the principals that we have for the KDC and recreate them in an MIT Kerberos KDC architecture 2. Take the users/groups/pwpolicies in the LDAP and recreate them in an openLDAP architecture Do you know if there is other things necessary to recreate in the LDAP or in the KDC ? Additionnaly, do you have a list of points which could help to convince to keep the freeipa architecture ? Best regards. Bahan On Wed, Jan 13, 2016 at 3:33 PM, Alexander Bokovoy wrote: > On Wed, 13 Jan 2016, bahan w wrote: > >> Hello Simo ! >> >> For the reason : >> The production team wants to use only the two components openLDAP and MIT >> Kerberos, possibily on different servers. >> >> For the explanation : >> They want to install only MIT Kerberos and openLDAP. >> We already have an existing FreeIPA installation, with users, groups, >> principals, pwpolicies. >> We would like to migrate this to an openLDAP for the users, groups and >> pwpolicies, and to another MIT Kerberos for the principals (hope I'm not >> forgetting anything). >> > FreeIPA provides own LDAP driver for MIT Kerberos that relies on IPA > LDAP schema. Standard MIT Kerberos LDAP driver does not support IPA > schema. > > Additionally, 389-ds LDAP server FreeIPA uses is coupled with about two > dozen additional plugins. These plugins either don't exist for OpenLDAP > at all or have different behavior and rely on different LDAP schema. > > In short, if you move the data from 389-ds to OpenLDAP, it wouldn't be > used by MIT Kerberos LDAP driver because it doesn't know about that > data, and OpenLDAP server will not have the same behavior as expected by > IPA clients (SSSD) for IPA-specific mode. > > Whatever your production team is thinking about this move, it is most > certainly not properly thought out. > > -- > / Alexander Bokovoy > -------------- next part -------------- An HTML attachment was scrubbed... URL: From simo at redhat.com Wed Jan 13 15:10:52 2016 From: simo at redhat.com (Simo Sorce) Date: Wed, 13 Jan 2016 10:10:52 -0500 Subject: [Freeipa-users] How to migrate from freeipa distribution to separate components In-Reply-To: References: <1452693538.3356.78.camel@redhat.com> <20160113143325.GH4316@redhat.com> Message-ID: <1452697852.3356.93.camel@redhat.com> On Wed, 2016-01-13 at 15:57 +0100, bahan w wrote: > Re. > > Thanks both of you for your answers. > > Simo, MIT Kerberos and OpenLDAP can work on their own and provide the same > kind of service that we want from IPA, even if it is not embedded in > integrated solution like IPA. > > I totally agree that IPA provides a lot of things but I am quite sure the > isolated softwares like MIT Kerberos for Kerberos, OpenLDAP for LDAP and a > cache client like sssd or nscd/nslcd can work. I know they *can* work, but there is no "migration" path there because they are not a solution, they are a bag of parts you need to manually configure and integrate on your own. > Alexander, when I mention migration, I think of the following actions : > 1. Take the principals that we have for the KDC and recreate them in an MIT > Kerberos KDC architecture If you know how to deploy openldap+MIT kdc you should know how to do this, if you do not you should ask yourself if you can support your plan, because you'll be on your own there. > 2. Take the users/groups/pwpolicies in the LDAP and recreate them in an > openLDAP architecture This is also just a matter of playing with LDIFs (depending on how close or far the schema you'll chose for your custom soution is) and you should know how to do this if you are planning on your own custom setup. Again if you don't you should ask yourself how likely it is you'll be able to support yourself. > Do you know if there is other things necessary to recreate in the LDAP or > in the KDC ? Look at kdb5_ldap_util from MIT krb5. > Additionnaly, do you have a list of points which could help to convince to > keep the freeipa architecture ? The FreeIPA installer goes through a few hundred steps just to set up the system, and this does not take in accoount the integration plpugins we built, and the management features that will be completely missing in a bare openldap+mit system for things as simple as "allow a non-ldap expert to create a user, manage its passwords and groups", also Access control, delegation, etc... the feature list is huge. Simo. -- Simo Sorce * Red Hat, Inc * New York From mkosek at redhat.com Wed Jan 13 15:11:39 2016 From: mkosek at redhat.com (Martin Kosek) Date: Wed, 13 Jan 2016 16:11:39 +0100 Subject: [Freeipa-users] How to migrate from freeipa distribution to separate components In-Reply-To: References: <1452693538.3356.78.camel@redhat.com> <20160113143325.GH4316@redhat.com> Message-ID: <5696692B.6040101@redhat.com> On 01/13/2016 03:57 PM, bahan w wrote: > Re. > > Thanks both of you for your answers. > > Simo, MIT Kerberos and OpenLDAP can work on their own and provide the same > kind of service that we want from IPA, even if it is not embedded in > integrated solution like IPA. > > I totally agree that IPA provides a lot of things but I am quite sure the > isolated softwares like MIT Kerberos for Kerberos, OpenLDAP for LDAP and a > cache client like sssd or nscd/nslcd can work. It "can" work. But home grown solutions like that require non-trivial effort to even get started. As soon as you have more requests on such home grown infrastructure, you will need to implement enhancements (like something cert or DNS related). At that moment, you may realize you are re-implementing what FreeIPA may support already. FreeIPA project was started for a reason :-) > Alexander, when I mention migration, I think of the following actions : > 1. Take the principals that we have for the KDC and recreate them in an MIT > Kerberos KDC architecture > 2. Take the users/groups/pwpolicies in the LDAP and recreate them in an > openLDAP architecture > > Do you know if there is other things necessary to recreate in the LDAP or > in the KDC ? > > Additionnaly, do you have a list of points which could help to convince to > keep the freeipa architecture ? > > Best regards. > > Bahan > > On Wed, Jan 13, 2016 at 3:33 PM, Alexander Bokovoy > wrote: > >> On Wed, 13 Jan 2016, bahan w wrote: >> >>> Hello Simo ! >>> >>> For the reason : >>> The production team wants to use only the two components openLDAP and MIT >>> Kerberos, possibily on different servers. >>> >>> For the explanation : >>> They want to install only MIT Kerberos and openLDAP. >>> We already have an existing FreeIPA installation, with users, groups, >>> principals, pwpolicies. >>> We would like to migrate this to an openLDAP for the users, groups and >>> pwpolicies, and to another MIT Kerberos for the principals (hope I'm not >>> forgetting anything). >>> >> FreeIPA provides own LDAP driver for MIT Kerberos that relies on IPA >> LDAP schema. Standard MIT Kerberos LDAP driver does not support IPA >> schema. >> >> Additionally, 389-ds LDAP server FreeIPA uses is coupled with about two >> dozen additional plugins. These plugins either don't exist for OpenLDAP >> at all or have different behavior and rely on different LDAP schema. >> >> In short, if you move the data from 389-ds to OpenLDAP, it wouldn't be >> used by MIT Kerberos LDAP driver because it doesn't know about that >> data, and OpenLDAP server will not have the same behavior as expected by >> IPA clients (SSSD) for IPA-specific mode. >> >> Whatever your production team is thinking about this move, it is most >> certainly not properly thought out. >> >> -- >> / Alexander Bokovoy >> > > > From janellenicole80 at gmail.com Wed Jan 13 15:24:26 2016 From: janellenicole80 at gmail.com (Janelle) Date: Wed, 13 Jan 2016 07:24:26 -0800 Subject: [Freeipa-users] tricky one in OpenLDAP migration, groups Message-ID: <56966C2A.9010100@gmail.com> Hello, This may not be possible, or if it is I am going to guess it is not going to be easy. If I have an old OpenLDAP environment with users who never had unique UIG/GID - in other words, the GID was not unique to a user, instead it was some global group. Well, I was hoping to migrate over the OpenLDAP domain to IPA, but at the same time create a private group for each user. Just wondering if this might be possible? Example OpenLDAP user=freddy (UID=13) , GID=123456(friday) After migration to IPA: user= uid=13(freddy), gid=13(freddy), groups=123456(friday) Does that make sense? ~J From loris at lgs.com.ve Wed Jan 13 15:19:05 2016 From: loris at lgs.com.ve (Loris Santamaria) Date: Wed, 13 Jan 2016 10:49:05 -0430 Subject: [Freeipa-users] How to migrate from freeipa distribution to separate components In-Reply-To: References: <1452693538.3356.78.camel@redhat.com> <20160113143325.GH4316@redhat.com> Message-ID: <1452698345.3732.9.camel@lgs.com.ve> El mi?, 13-01-2016 a las 15:57 +0100, bahan w escribi?: > Re. > > Thanks both of you for your answers. > > Simo, MIT Kerberos and OpenLDAP can work on their own and provide the > same kind of service that we want from IPA, even if it is not > embedded in integrated solution like IPA. > > I totally agree that IPA provides a lot of things but I am quite sure > the isolated softwares like MIT Kerberos for Kerberos, OpenLDAP for > LDAP and a cache client like sssd or nscd/nslcd can work. Yes, they work. I installed some similar solutions ten years ago. Then i began using freeipa and never looked back. > Alexander, when I mention migration, I think of the following actions > :> 1. Take the principals that we have for the KDC and recreate them in an MIT Kerberos KDC architecture> 2. Take the users/groups/pwpolicies in the LDAP and recreate them in an openLDAP architecture> > You should first setup openldap following their various howto, then setup kerberos with the ldap kdb driver, then dump ldap data from IPA, massage it in something acceptable for openldap and your chosen schema, then add it using ldapadd or slapadd. After that you'll want to tune openldap and add all the needed indexes. You should think about replication. You should think about security. You should think about ldap administration. Good luck, you will need it. > Do you know if there is other things necessary to recreate in the > LDAP or in the KDC ?> > Additionnaly, do you have a list of points which could help to convince to keep the freeipa architecture ?> > Best regards.> > Bahan > On Wed, Jan 13, 2016 at 3:33 PM, Alexander Bokovoy > > wrote: > > On Wed, 13 Jan 2016, bahan w wrote: > > > > > > > > Hello Simo ! > > > > > > > > > For the reason : > > > > > > The production team wants to use only the two components openLDAP and MIT > > > > > > Kerberos, possibily on different servers. > > > > > > > > > For the explanation : > > > > > > They want to install only MIT Kerberos and openLDAP. > > > > > > We already have an existing FreeIPA installation, with users, groups, > > > > > > principals, pwpolicies. > > > > > > We would like to migrate this to an openLDAP for the users, groups and > > > > > > pwpolicies, and to another MIT Kerberos for the principals (hope I'm not > > > > > > forgetting anything). > > > > > > > FreeIPA provides own LDAP driver for MIT Kerberos that relies on IPA > > > > LDAP schema. Standard MIT Kerberos LDAP driver does not support IPA > > > > schema. > > > > > > Additionally, 389-ds LDAP server FreeIPA uses is coupled with about two > > > > dozen additional plugins. These plugins either don't exist for OpenLDAP > > > > at all or have different behavior and rely on different LDAP schema. > > > > > > In short, if you move the data from 389-ds to OpenLDAP, it wouldn't be > > > > used by MIT Kerberos LDAP driver because it doesn't know about that > > > > data, and OpenLDAP server will not have the same behavior as expected by > > > > IPA clients (SSSD) for IPA-specific mode. > > > > > > Whatever your production team is thinking about this move, it is most > > > > certainly not properly thought out. > > > > > > -- > > Manage your subscription for the Freeipa-users mailing list: > > https://www.redhat.com/mailman/listinfo/freeipa-users > > > > Go to http://freeipa.org for more info on the project -- Loris Santamaria linux user #70506 xmpp:loris at lgs.com.ve Links Global Services, C.A. http://www.lgs.com.ve Tel: 0286 952.06.87 Cel: 0414 095.00.10 sip:103 at lgs.com.ve ------------------------------------------------------------ "If I'd asked my customers what they wanted, they'd have said a faster horse" - Henry Ford -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5693 bytes Desc: not available URL: From janellenicole80 at gmail.com Wed Jan 13 15:29:19 2016 From: janellenicole80 at gmail.com (Janelle) Date: Wed, 13 Jan 2016 07:29:19 -0800 Subject: [Freeipa-users] tricky one in OpenLDAP migration, groups Message-ID: <56966D4F.2080304@gmail.com> Hello, This may not be possible, or if it is I am going to guess it is not going to be easy. If I have an old OpenLDAP environment with users who never had unique UIG/GID - in other words, the GID was not unique to a user, instead it was some global group. Well, I was hoping to migrate over the OpenLDAP domain to IPA, but at the same time create a private group for each user. Just wondering if this might be possible? Example OpenLDAP user=freddy (UID=13) , GID=123456(friday) After migration to IPA: user= uid=13(freddy), gid=13(freddy), groups=123456(friday) Does that make sense? ~J From rcritten at redhat.com Wed Jan 13 15:59:26 2016 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 13 Jan 2016 10:59:26 -0500 Subject: [Freeipa-users] tricky one in OpenLDAP migration, groups In-Reply-To: <56966D4F.2080304@gmail.com> References: <56966D4F.2080304@gmail.com> Message-ID: <5696745E.1010006@redhat.com> Janelle wrote: > Hello, > > This may not be possible, or if it is I am going to guess it is not > going to be easy. If I have an old OpenLDAP environment with users who > never had unique UIG/GID - in other words, the GID was not unique to a > user, instead it was some global group. Well, I was hoping to migrate > over the OpenLDAP domain to IPA, but at the same time create a private > group for each user. Just wondering if this might be possible? > > Example OpenLDAP > user=freddy (UID=13) , GID=123456(friday) > > After migration to IPA: > user= uid=13(freddy), gid=13(freddy), groups=123456(friday) > > Does that make sense? It does but it isn't possible today. In fact the migration won't create user private groups at all (though there is an RFE for that, https://fedorahosted.org/freeipa/ticket/4738 ) I don't think this is an unreasonable request. It may be an extension of the above ticket, probably requiring a new option to deal with the existing primary group. rob From janellenicole80 at gmail.com Wed Jan 13 16:10:02 2016 From: janellenicole80 at gmail.com (Janelle) Date: Wed, 13 Jan 2016 08:10:02 -0800 Subject: [Freeipa-users] tricky one in OpenLDAP migration, groups In-Reply-To: <5696745E.1010006@redhat.com> References: <56966D4F.2080304@gmail.com> <5696745E.1010006@redhat.com> Message-ID: <569676DA.6060804@gmail.com> Might it be possible with a user-mod or group-add/group-mod to accomplish? Just thinking outside the box I guess. ~J On 1/13/16 7:59 AM, Rob Crittenden wrote: > Janelle wrote: >> Hello, >> >> This may not be possible, or if it is I am going to guess it is not >> going to be easy. If I have an old OpenLDAP environment with users who >> never had unique UIG/GID - in other words, the GID was not unique to a >> user, instead it was some global group. Well, I was hoping to migrate >> over the OpenLDAP domain to IPA, but at the same time create a private >> group for each user. Just wondering if this might be possible? >> >> Example OpenLDAP >> user=freddy (UID=13) , GID=123456(friday) >> >> After migration to IPA: >> user= uid=13(freddy), gid=13(freddy), groups=123456(friday) >> >> Does that make sense? > It does but it isn't possible today. In fact the migration won't create > user private groups at all (though there is an RFE for that, > https://fedorahosted.org/freeipa/ticket/4738 ) > > I don't think this is an unreasonable request. It may be an extension of > the above ticket, probably requiring a new option to deal with the > existing primary group. > > rob > From bahanw042014 at gmail.com Wed Jan 13 16:10:30 2016 From: bahanw042014 at gmail.com (bahan w) Date: Wed, 13 Jan 2016 17:10:30 +0100 Subject: [Freeipa-users] How to migrate from freeipa distribution to separate components In-Reply-To: <5696692B.6040101@redhat.com> References: <1452693538.3356.78.camel@redhat.com> <20160113143325.GH4316@redhat.com> <5696692B.6040101@redhat.com> Message-ID: Re ! Thank both of you again for your answers, guys. Simo, I would be very interested in this feature list in fact. Do you know if there is a way to find it ? I would really need it, it would help a lot. Best regards. Bahan On Wed, Jan 13, 2016 at 4:11 PM, Martin Kosek wrote: > On 01/13/2016 03:57 PM, bahan w wrote: > > Re. > > > > Thanks both of you for your answers. > > > > Simo, MIT Kerberos and OpenLDAP can work on their own and provide the > same > > kind of service that we want from IPA, even if it is not embedded in > > integrated solution like IPA. > > > > I totally agree that IPA provides a lot of things but I am quite sure the > > isolated softwares like MIT Kerberos for Kerberos, OpenLDAP for LDAP and > a > > cache client like sssd or nscd/nslcd can work. > > It "can" work. But home grown solutions like that require non-trivial > effort to > even get started. > > As soon as you have more requests on such home grown infrastructure, you > will > need to implement enhancements (like something cert or DNS related). At > that > moment, you may realize you are re-implementing what FreeIPA may support > already. FreeIPA project was started for a reason :-) > > > Alexander, when I mention migration, I think of the following actions : > > 1. Take the principals that we have for the KDC and recreate them in an > MIT > > Kerberos KDC architecture > > 2. Take the users/groups/pwpolicies in the LDAP and recreate them in an > > openLDAP architecture > > > > Do you know if there is other things necessary to recreate in the LDAP or > > in the KDC ? > > > > Additionnaly, do you have a list of points which could help to convince > to > > keep the freeipa architecture ? > > > > Best regards. > > > > Bahan > > > > On Wed, Jan 13, 2016 at 3:33 PM, Alexander Bokovoy > > wrote: > > > >> On Wed, 13 Jan 2016, bahan w wrote: > >> > >>> Hello Simo ! > >>> > >>> For the reason : > >>> The production team wants to use only the two components openLDAP and > MIT > >>> Kerberos, possibily on different servers. > >>> > >>> For the explanation : > >>> They want to install only MIT Kerberos and openLDAP. > >>> We already have an existing FreeIPA installation, with users, groups, > >>> principals, pwpolicies. > >>> We would like to migrate this to an openLDAP for the users, groups and > >>> pwpolicies, and to another MIT Kerberos for the principals (hope I'm > not > >>> forgetting anything). > >>> > >> FreeIPA provides own LDAP driver for MIT Kerberos that relies on IPA > >> LDAP schema. Standard MIT Kerberos LDAP driver does not support IPA > >> schema. > >> > >> Additionally, 389-ds LDAP server FreeIPA uses is coupled with about two > >> dozen additional plugins. These plugins either don't exist for OpenLDAP > >> at all or have different behavior and rely on different LDAP schema. > >> > >> In short, if you move the data from 389-ds to OpenLDAP, it wouldn't be > >> used by MIT Kerberos LDAP driver because it doesn't know about that > >> data, and OpenLDAP server will not have the same behavior as expected by > >> IPA clients (SSSD) for IPA-specific mode. > >> > >> Whatever your production team is thinking about this move, it is most > >> certainly not properly thought out. > >> > >> -- > >> / Alexander Bokovoy > >> > > > > > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rcritten at redhat.com Wed Jan 13 16:21:36 2016 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 13 Jan 2016 11:21:36 -0500 Subject: [Freeipa-users] tricky one in OpenLDAP migration, groups In-Reply-To: <569676DA.6060804@gmail.com> References: <56966D4F.2080304@gmail.com> <5696745E.1010006@redhat.com> <569676DA.6060804@gmail.com> Message-ID: <56967990.6020700@redhat.com> Janelle wrote: > Might it be possible with a user-mod or group-add/group-mod to accomplish? > > Just thinking outside the box I guess. The hard part is the UPG. I think you'd need an ldapmodify to achieve that. IIRC you'd need to manually create the managed group entry and in the same update link the user to it. rob > ~J > > On 1/13/16 7:59 AM, Rob Crittenden wrote: >> Janelle wrote: >>> Hello, >>> >>> This may not be possible, or if it is I am going to guess it is not >>> going to be easy. If I have an old OpenLDAP environment with users who >>> never had unique UIG/GID - in other words, the GID was not unique to a >>> user, instead it was some global group. Well, I was hoping to migrate >>> over the OpenLDAP domain to IPA, but at the same time create a private >>> group for each user. Just wondering if this might be possible? >>> >>> Example OpenLDAP >>> user=freddy (UID=13) , GID=123456(friday) >>> >>> After migration to IPA: >>> user= uid=13(freddy), gid=13(freddy), groups=123456(friday) >>> >>> Does that make sense? >> It does but it isn't possible today. In fact the migration won't create >> user private groups at all (though there is an RFE for that, >> https://fedorahosted.org/freeipa/ticket/4738 ) >> >> I don't think this is an unreasonable request. It may be an extension of >> the above ticket, probably requiring a new option to deal with the >> existing primary group. >> >> rob >> > From Nathan.Peters at globalrelay.net Wed Jan 13 17:48:19 2016 From: Nathan.Peters at globalrelay.net (Nathan Peters) Date: Wed, 13 Jan 2016 17:48:19 +0000 Subject: [Freeipa-users] Replication failing on FreeIPA 4.2.0 plus ldapmodify freezes up In-Reply-To: <5696227D.7000903@redhat.com> References: <5695876C.4080600@redhat.com> <5695AE9A.2080100@redhat.com> <5696227D.7000903@redhat.com> Message-ID: There were a lot of log entries from that first time and I wasn't sure if there was a limit to the size of the posts to this list. Here are some fuller logs as requested. Logs from around 10 seconds during the changeon both, and logs from reboot on dc1-nvan ===================================== startup logs of dc1-nvan after reboot ===================================== [13/Jan/2016:16:48:40 +0000] - slapd stopped. [13/Jan/2016:16:49:35 +0000] - SSL alert: Configured NSS Ciphers [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_RSA_WITH_AES_256_GCM_SHA384: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_RSA_WITH_AES_256_CBC_SHA: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_RSA_WITH_AES_256_CBC_SHA256: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_RSA_WITH_AES_128_GCM_SHA256: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_RSA_WITH_AES_128_CBC_SHA: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_RSA_WITH_AES_128_CBC_SHA256: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_RSA_WITH_SEED_CBC_SHA: enabled [13/Jan/2016:16:49:35 +0000] SSL Initialization - Configured SSL version range: min: TLS1.0, max: TLS1.2 [13/Jan/2016:16:49:35 +0000] - 389-Directory/1.3.4.0 B2015.343.1254 starting up [13/Jan/2016:16:49:36 +0000] - WARNING: userRoot: entry cache size 512000B is less than db size 16547840B; We recommend to increase the entry cache size nsslapd-cachememsize. [13/Jan/2016:16:49:36 +0000] - WARNING: changelog: entry cache size 512000B is less than db size 158687232B; We recommend to increase the entry cache size nsslapd-cachememsize. [13/Jan/2016:16:49:36 +0000] schema-compat-plugin - warning: no entries set up under cn=computers, cn=compat,dc=mydomain,dc=net [13/Jan/2016:16:49:39 +0000] NSACLPlugin - The ACL target cn=groups,cn=compat,dc=mydomain,dc=net does not exist [13/Jan/2016:16:49:39 +0000] NSACLPlugin - The ACL target cn=computers,cn=compat,dc=mydomain,dc=net does not exist [13/Jan/2016:16:49:39 +0000] NSACLPlugin - The ACL target cn=ng,cn=compat,dc=mydomain,dc=net does not exist [13/Jan/2016:16:49:39 +0000] NSACLPlugin - The ACL target ou=sudoers,dc=mydomain,dc=net does not exist [13/Jan/2016:16:49:39 +0000] NSACLPlugin - The ACL target cn=users,cn=compat,dc=mydomain,dc=net does not exist [13/Jan/2016:16:49:39 +0000] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=mydomain,dc=net does not exist [13/Jan/2016:16:49:39 +0000] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=mydomain,dc=net does not exist [13/Jan/2016:16:49:39 +0000] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=mydomain,dc=net does not exist [13/Jan/2016:16:49:39 +0000] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=mydomain,dc=net does not exist [13/Jan/2016:16:49:39 +0000] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=mydomain,dc=net does not exist [13/Jan/2016:16:49:39 +0000] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=mydomain,dc=net does not exist [13/Jan/2016:16:49:39 +0000] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=mydomain,dc=net does not exist [13/Jan/2016:16:49:39 +0000] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=mydomain,dc=net does not exist [13/Jan/2016:16:49:39 +0000] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=mydomain,dc=net does not exist [13/Jan/2016:16:49:39 +0000] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=mydomain,dc=net does not exist [13/Jan/2016:16:49:39 +0000] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=mydomain,dc=net does not exist [13/Jan/2016:16:49:39 +0000] NSACLPlugin - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=mydomain,dc=net does not exist [13/Jan/2016:16:49:39 +0000] NSACLPlugin - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=mydomain,dc=net does not exist [13/Jan/2016:16:49:39 +0000] NSACLPlugin - The ACL target cn=automember rebuild membership,cn=tasks,cn=config does not exist [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - changelog program - _cl5AppInit: fetched backend dbEnv (7f3647916fb0) [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - changelog program - _cl5NewDBFile: semaphore /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74.sema [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - changelog program - _cl5NewDBFile: maxConcurrentWrites=2 [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - changelog program - _cl5GetEntryCount: 44298 changes for replica b26f7c93-ede211e4-bdd5a094-64a60b74 [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - changelog program - _cl5AddDBFile: Added new DB object 7f364812a790 [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - changelog program - _cl5DBOpenFileByReplicaName: created new DB object 7f364812a790 [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - changelog program - _cl5DBOpen: opened 1 existing databases in /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - Found replication agreement named "cn=meTodc1-ipa-dev-van.mydomain.net,cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config". [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - agmtlist_config_init: found 1 replication agreements in DIT [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): No linger to cancel on the connection [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): Disconnected from the consumer [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: start -> ready_to_acquire_replica [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): Trying non-secure slapi_ldap_init_ext [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - changelog max RUV: {replicageneration} 553fe9bb000000040000 [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - changelog max RUV: {replica 5} 56947ab7000200050000 5695cad2000400050000 00000000 [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - changelog max RUV: {replica 3} 56947d1f000400030000 569680da000200030000 00000000 [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - changelog max RUV: {replica 4} 56947d77000200040000 5696802b000100040000 00000000 [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - database RUV: {replicageneration} 553fe9bb000000040000 [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - database RUV: {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 569680da000200030000 00000000 [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - database RUV: {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 5696802b000100040000 00000000 [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - database RUV: {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 5695cad2000400050000 00000000 [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - ruv_compare_ruv: the max CSN [569680da000200030000] from RUV [database RUV] is less than or equal to the max CSN [569680da000200030000] from RUV [changelog max RUV] for element [{replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 569680da000200030000] [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - ruv_compare_ruv: the max CSN [5696802b000100040000] from RUV [database RUV] is less than or equal to the max CSN [5696802b000100040000] from RUV [changelog max RUV] for element [{replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 5696802b000100040000] [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - ruv_compare_ruv: the max CSN [5695cad2000400050000] from RUV [database RUV] is less than or equal to the max CSN [5695cad2000400050000] from RUV [changelog max RUV] for element [{replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 5695cad2000400050000] [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - ruv_compare_ruv: the max CSN [5695cad2000400050000] from RUV [changelog max RUV] is less than or equal to the max CSN [5695cad2000400050000] from RUV [database RUV] for element [{replica 5} 56947ab7000200050000 5695cad2000400050000] [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - ruv_compare_ruv: the max CSN [569680da000200030000] from RUV [changelog max RUV] is less than or equal to the max CSN [569680da000200030000] from RUV [database RUV] for element [{replica 3} 56947d1f000400030000 569680da000200030000] [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - ruv_compare_ruv: the max CSN [5696802b000100040000] from RUV [changelog max RUV] is less than or equal to the max CSN [5696802b000100040000] from RUV [database RUV] for element [{replica 4} 56947d77000200040000 5696802b000100040000] [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): binddn = , passwd = [13/Jan/2016:16:49:39 +0000] set_krb5_creds - Could not get initial credentials for principal [ldap/dc1-ipa-dev-nvan.mydomain.net at mydomain.NET] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328228 (Cannot contact any KDC for requested realm) [13/Jan/2016:16:49:39 +0000] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 0 (Success) [13/Jan/2016:16:49:39 +0000] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -1 (Can't contact LDAP server) [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): Replication bind with GSSAPI auth failed: LDAP error -1 (Can't contact LDAP server) () [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): Disconnected from the consumer [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): Beginning linger on the connection [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): No linger on the closed conn [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: ready_to_acquire_replica -> start_backoff [13/Jan/2016:16:49:39 +0000] - _csngen_adjust_local_time: gen state before 569680da0005:1452703718:118:126 [13/Jan/2016:16:49:39 +0000] - _csngen_adjust_local_time: gen state after 569680da0005:1452703779:57:126 [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569680da000500030000 into pending list [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - Purged state information from entry dc=mydomain,dc=net up to CSN 568d465a000200030000 [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - csn=569680da000500030000 process postop: canceling operation csn [13/Jan/2016:16:49:40 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3093210 (rc: 32) [13/Jan/2016:16:49:40 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3093211 (rc: 32) [13/Jan/2016:16:49:40 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3093212 (rc: 32) [13/Jan/2016:16:49:40 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3093213 (rc: 32) [13/Jan/2016:16:49:40 +0000] - slapd started. Listening on All Interfaces port 389 for LDAP requests [13/Jan/2016:16:49:40 +0000] - Listening on All Interfaces port 636 for LDAPS requests [13/Jan/2016:16:49:40 +0000] - Listening on /var/run/slapd-MYDOMAIN-NET.socket for LDAPI requests [13/Jan/2016:16:49:40 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3093214 (rc: 32) ---LINES OMMITTED FOR BREVITY--- [13/Jan/2016:16:49:41 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3096277 (rc: 32) [13/Jan/2016:16:49:41 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:41 +0000] NSMMReplicationPlugin - changelog program - cl5GetOperationCount: found DB object 7f364812a790 [13/Jan/2016:16:49:41 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3096278 (rc: 32) [13/Jan/2016:16:49:41 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:41 +0000] NSMMReplicationPlugin - changelog program - cl5GetOperationCount: found DB object 7f364812a790 [13/Jan/2016:16:49:41 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3096279 (rc: 32) ---LINES OMMITTED FOR BREVITY--- [13/Jan/2016:16:49:42 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3097819 (rc: 32) [13/Jan/2016:16:49:42 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: start_backoff -> backoff [13/Jan/2016:16:49:42 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): Trying non-secure slapi_ldap_init_ext [13/Jan/2016:16:49:42 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3097820 (rc: 32) [13/Jan/2016:16:49:42 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): binddn = , passwd = [13/Jan/2016:16:49:42 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3097821 (rc: 32) ---LINES OMMITTED FOR BREVITY--- [13/Jan/2016:16:49:42 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3097937 (rc: 32) [13/Jan/2016:16:49:42 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:42 +0000] - dn2entry_ext: Failed to get id for changenumber=3097938,cn=changelog from entryrdn index (-30993) [13/Jan/2016:16:49:42 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3097938 (rc: 1) [13/Jan/2016:16:49:42 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:42 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569680da000600030000 [13/Jan/2016:16:49:42 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3097939 (rc: 32) [13/Jan/2016:16:49:42 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3097940 (rc: 32) [13/Jan/2016:16:49:42 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3097941 (rc: 32) [13/Jan/2016:16:49:42 +0000] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 0 (Success) [13/Jan/2016:16:49:42 +0000] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -1 (Can't contact LDAP server) [13/Jan/2016:16:49:42 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): Replication bind with GSSAPI auth failed: LDAP error -1 (Can't contact LDAP server) () [13/Jan/2016:16:49:42 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): Disconnected from the consumer [13/Jan/2016:16:49:42 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): Beginning linger on the connection [13/Jan/2016:16:49:42 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): No linger on the closed conn [13/Jan/2016:16:49:42 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): Replication session backing off for 6 seconds [13/Jan/2016:16:49:42 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): Incremental protocol: can't go to sleep: event bits - 4 [13/Jan/2016:16:49:42 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:16:49:42 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3097942 (rc: 32) ---LINES OMMITTED FOR BREVITY--- [13/Jan/2016:16:49:42 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3098351 (rc: 32) [13/Jan/2016:16:49:42 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569680da000700030000 into pending list [13/Jan/2016:16:49:42 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3098352 (rc: 32) [13/Jan/2016:16:49:42 +0000] NSMMReplicationPlugin - Purged state information from entry krbprincipalname=DNS/dc1-ipa-dev-nvan.mydomain.net at mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net up to CSN 568d465a000600030000 [13/Jan/2016:16:49:42 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3098353 (rc: 32) [13/Jan/2016:16:49:42 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3098354 (rc: 32) [13/Jan/2016:16:49:42 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3098355 (rc: 32) [13/Jan/2016:16:49:42 +0000] - dn2entry_ext: Failed to get id for changenumber=3098356,cn=changelog from entryrdn index (-30993) [13/Jan/2016:16:49:42 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:42 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3098356 (rc: 1) [13/Jan/2016:16:49:42 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:42 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569680da000700030000 [13/Jan/2016:16:49:42 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3098357 (rc: 32) [13/Jan/2016:16:49:42 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3098358 (rc: 32) [13/Jan/2016:16:49:42 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3098359 (rc: 32) [13/Jan/2016:16:49:42 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3098360 (rc: 32) [13/Jan/2016:16:49:42 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3098361 (rc: 32) [13/Jan/2016:16:49:42 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3098362 (rc: 32) [13/Jan/2016:16:49:42 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3098363 (rc: 32) [13/Jan/2016:16:49:42 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3098364 (rc: 32) [13/Jan/2016:16:49:42 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3098365 (rc: 32) [13/Jan/2016:16:49:42 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:16:49:42 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3098366 (rc: 32) ---LINES OMMITTED FOR BREVITY--- [13/Jan/2016:16:49:44 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3100443 (rc: 32) [13/Jan/2016:16:49:44 +0000] - _csngen_adjust_local_time: gen state before 569680da000b:1452703783:53:126 [13/Jan/2016:16:49:44 +0000] - _csngen_adjust_local_time: gen state after 569680da000b:1452703784:52:126 [13/Jan/2016:16:49:44 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3100444 (rc: 32) [13/Jan/2016:16:49:44 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569680da000b00030000 into pending list [13/Jan/2016:16:49:44 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3100445 (rc: 32) [13/Jan/2016:16:49:44 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3100446 (rc: 32) [13/Jan/2016:16:49:44 +0000] NSMMReplicationPlugin - Purged state information from entry idnsname=login.mydomain.net.,cn=dns,dc=mydomain,dc=net up to CSN 568d465a000a00030000 [13/Jan/2016:16:49:44 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3100447 (rc: 32) [13/Jan/2016:16:49:44 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3100448 (rc: 32) [13/Jan/2016:16:49:44 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3100449 (rc: 32) [13/Jan/2016:16:49:44 +0000] - dn2entry_ext: Failed to get id for changenumber=3100450,cn=changelog from entryrdn index (-30993) [13/Jan/2016:16:49:44 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:44 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3100450 (rc: 1) [13/Jan/2016:16:49:44 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:44 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569680da000b00030000 [13/Jan/2016:16:49:44 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3100451 (rc: 32) ---LINES OMMITTED FOR BREVITY--- [13/Jan/2016:16:49:45 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3100711 (rc: 32) [13/Jan/2016:16:49:45 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:16:49:45 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3100712 (rc: 32) ---LINES OMMITTED FOR BREVITY--- [13/Jan/2016:16:49:47 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3101060 (rc: 32) [13/Jan/2016:16:49:47 +0000] - _csngen_adjust_local_time: gen state before 569680da000c:1452703784:52:126 [13/Jan/2016:16:49:47 +0000] - _csngen_adjust_local_time: gen state after 569680da000c:1452703787:49:126 [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569680da000c00030000 into pending list [13/Jan/2016:16:49:47 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3101061 (rc: 32) [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - Purged state information from entry idnsname=33.148.10.in-addr.arpa.,cn=dns,dc=mydomain,dc=net up to CSN 568d465a000b00030000 [13/Jan/2016:16:49:47 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3101062 (rc: 32) [13/Jan/2016:16:49:47 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3101063 (rc: 32) [13/Jan/2016:16:49:47 +0000] - dn2entry_ext: Failed to get id for changenumber=3101064,cn=changelog from entryrdn index (-30993) [13/Jan/2016:16:49:47 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3101064 (rc: 1) [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569680da000c00030000 [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:16:49:47 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3101065 (rc: 32) [13/Jan/2016:16:49:47 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3101066 (rc: 32) [13/Jan/2016:16:49:47 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3101067 (rc: 32) [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569680da000d00030000 into pending list [13/Jan/2016:16:49:47 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3101068 (rc: 32) [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - Purged state information from entry idnsname=37.158.10.in-addr.arpa.,cn=dns,dc=mydomain,dc=net up to CSN 568d465a000c00030000 [13/Jan/2016:16:49:47 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3101069 (rc: 32) [13/Jan/2016:16:49:47 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3101070 (rc: 32) [13/Jan/2016:16:49:47 +0000] - dn2entry_ext: Failed to get id for changenumber=3101071,cn=changelog from entryrdn index (-30993) [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:47 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3101071 (rc: 1) [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569680da000d00030000 [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569680da000e00030000 into pending list [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=hadoopcoord-log-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568d465a000d00030000 [13/Jan/2016:16:49:47 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3101072 (rc: 32) [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569680da000e00030000 [13/Jan/2016:16:49:47 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3101073 (rc: 32) [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569680da000f00030000 into pending list [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - Purged state information from entry idnsname=48.158.10.in-addr.arpa.,cn=dns,dc=mydomain,dc=net up to CSN 568d465a000e00030000 [13/Jan/2016:16:49:47 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3101074 (rc: 32) [13/Jan/2016:16:49:47 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3101075 (rc: 32) [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:16:49:47 +0000] - dn2entry_ext: Failed to get id for changenumber=3101076,cn=changelog from entryrdn index (-30993) [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:47 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3101076 (rc: 1) [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569680da000f00030000 [13/Jan/2016:16:49:47 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3101077 (rc: 32) [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:16:49:47 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3101078 (rc: 32) ---LINES OMMITTED FOR BREVITY--- [13/Jan/2016:16:49:47 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3101411 (rc: 32) [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569680da001000030000 into pending list [13/Jan/2016:16:49:47 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3101412 (rc: 32) [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - Purged state information from entry krbprincipalname=cifs/dc1-ipa-dev-nvan.mydomain.net at mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net up to CSN 568d465a000f00030000 [13/Jan/2016:16:49:47 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3101413 (rc: 32) [13/Jan/2016:16:49:47 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3101414 (rc: 32) [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569680da001000030000 [13/Jan/2016:16:49:47 +0000] - dn2entry_ext: Failed to get id for changenumber=3101415,cn=changelog from entryrdn index (-30993) [13/Jan/2016:16:49:47 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3101415 (rc: 1) [13/Jan/2016:16:49:47 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3101416 (rc: 32) ---LINES OMMITTED FOR BREVITY--- [13/Jan/2016:16:49:47 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3101455 (rc: 32) [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:16:49:47 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3101456 (rc: 32) ---LINES OMMITTED FOR BREVITY--- [13/Jan/2016:16:49:48 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3102134 (rc: 32) [13/Jan/2016:16:49:48 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:16:49:48 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3102135 (rc: 32) [13/Jan/2016:16:49:48 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): Trying non-secure slapi_ldap_init_ext [13/Jan/2016:16:49:48 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3102136 (rc: 32) [13/Jan/2016:16:49:48 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): binddn = , passwd = [13/Jan/2016:16:49:48 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3102137 (rc: 32) ---LINES OMMITTED FOR BREVITY--- [13/Jan/2016:16:49:48 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3102398 (rc: 32) [13/Jan/2016:16:49:48 +0000] - _csngen_adjust_local_time: gen state before 569680da0011:1452703787:49:126 [13/Jan/2016:16:49:48 +0000] - _csngen_adjust_local_time: gen state after 569680da0011:1452703788:48:126 [13/Jan/2016:16:49:48 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3102399 (rc: 32) [13/Jan/2016:16:49:48 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569680da001100030000 into pending list [13/Jan/2016:16:49:48 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3102400 (rc: 32) [13/Jan/2016:16:49:48 +0000] NSMMReplicationPlugin - Purged state information from entry idnsname=37.160.10.in-addr.arpa.,cn=dns,dc=mydomain,dc=net up to CSN 568d465a001000030000 [13/Jan/2016:16:49:48 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3102401 (rc: 32) [13/Jan/2016:16:49:48 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3102402 (rc: 32) [13/Jan/2016:16:49:48 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3102403 (rc: 32) [13/Jan/2016:16:49:48 +0000] - dn2entry_ext: Failed to get id for changenumber=3102404,cn=changelog from entryrdn index (-30993) [13/Jan/2016:16:49:48 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:48 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3102404 (rc: 1) [13/Jan/2016:16:49:48 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:48 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569680da001100030000 [13/Jan/2016:16:49:48 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3102405 (rc: 32) ---LINES OMMITTED FOR BREVITY--- [13/Jan/2016:16:49:49 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3102676 (rc: 32) [13/Jan/2016:16:49:49 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569680da001200030000 into pending list [13/Jan/2016:16:49:49 +0000] NSMMReplicationPlugin - Purged state information from entry idnsname=12.40.10.in-addr.arpa.,cn=dns,dc=mydomain,dc=net up to CSN 568d465a001100030000 [13/Jan/2016:16:49:49 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3102677 (rc: 32) [13/Jan/2016:16:49:49 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:49 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:49 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569680da001200030000 [13/Jan/2016:16:49:49 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3102678 (rc: 32) [13/Jan/2016:16:49:49 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3102679 (rc: 32) [13/Jan/2016:16:49:49 +0000] - _csngen_adjust_local_time: gen state before 569680da0013:1452703788:48:126 [13/Jan/2016:16:49:49 +0000] - _csngen_adjust_local_time: gen state after 569680da0013:1452703789:47:126 [13/Jan/2016:16:49:49 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3102680 (rc: 32) [13/Jan/2016:16:49:49 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569680da001300030000 into pending list [13/Jan/2016:16:49:49 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3102681 (rc: 32) [13/Jan/2016:16:49:49 +0000] NSMMReplicationPlugin - Purged state information from entry krbprincipalname=cifs/dc1-ipa-dev-nvan.mydomain.net at mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net up to CSN 568d465a001200030000 [13/Jan/2016:16:49:49 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3102682 (rc: 32) [13/Jan/2016:16:49:49 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3102683 (rc: 32) [13/Jan/2016:16:49:49 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:49 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:49 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569680da001300030000 [13/Jan/2016:16:49:49 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569680da001400030000 into pending list [13/Jan/2016:16:49:49 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=hadoopcoord-log-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568d465a001300030000 [13/Jan/2016:16:49:49 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3102684 (rc: 32) [13/Jan/2016:16:49:49 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:49 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:49 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569680da001400030000 [13/Jan/2016:16:49:49 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3102685 (rc: 32) [13/Jan/2016:16:49:49 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569680da001500030000 into pending list [13/Jan/2016:16:49:49 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3102686 (rc: 32) [13/Jan/2016:16:49:49 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=indexer1-log-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568d465a001400030000 [13/Jan/2016:16:49:49 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3102687 (rc: 32) [13/Jan/2016:16:49:49 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3102688 (rc: 32) [13/Jan/2016:16:49:49 +0000] - dn2entry_ext: Failed to get id for changenumber=3102689,cn=changelog from entryrdn index (-30993) [13/Jan/2016:16:49:49 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:49 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3102689 (rc: 1) [13/Jan/2016:16:49:49 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:49 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569680da001500030000 [13/Jan/2016:16:49:49 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3102690 (rc: 32) ---3 THOUSAND LINES OMITTED FOR BREVITY--- [13/Jan/2016:16:49:51 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3105368 (rc: 32) [13/Jan/2016:16:50:09 +0000] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Cannot contact any KDC for realm 'mydomain.NET')) errno 115 (Operation now in progress) [13/Jan/2016:16:50:09 +0000] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local error) [13/Jan/2016:16:50:09 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Cannot contact any KDC for realm 'mydomain.NET')) [13/Jan/2016:16:50:09 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): Disconnected from the consumer [13/Jan/2016:16:50:09 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): Beginning linger on the connection [13/Jan/2016:16:50:09 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): No linger on the closed conn [13/Jan/2016:16:50:09 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): Replication session backing off for -9 seconds [13/Jan/2016:16:50:09 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): Incremental protocol: can't go to sleep: event bits - 4 [13/Jan/2016:16:50:09 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:16:50:09 +0000] - _csngen_adjust_local_time: gen state before 569680da0016:1452703789:47:126 [13/Jan/2016:16:50:09 +0000] - _csngen_adjust_local_time: gen state after 569680da0016:1452703809:27:126 [13/Jan/2016:16:50:09 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569680da001600030000 into pending list [13/Jan/2016:16:50:09 +0000] NSMMReplicationPlugin - Purged state information from entry idnsname=18.30.10.in-addr.arpa.,cn=dns,dc=mydomain,dc=net up to CSN 568d465a001500030000 [13/Jan/2016:16:50:09 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:50:09 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:50:09 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569680da001600030000 [13/Jan/2016:16:50:09 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569680da001700030000 into pending list [13/Jan/2016:16:50:09 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:16:50:09 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:50:09 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:50:09 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569680da001700030000 [13/Jan/2016:16:50:09 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:16:50:09 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569680da001800030000 into pending list [13/Jan/2016:16:50:11 +0000] - Retry count exceeded in delete [13/Jan/2016:16:50:11 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3110876 (rc: 51) [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569680da001800030000 [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:16:50:11 +0000] - _csngen_adjust_local_time: gen state before 569680da0019:1452703809:27:126 [13/Jan/2016:16:50:11 +0000] - _csngen_adjust_local_time: gen state after 569680da0019:1452703811:25:126 [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569680da001900030000 into pending list [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - Purged state information from entry idnsname=5.30.10.in-addr.arpa.,cn=dns,dc=mydomain,dc=net up to CSN 568d465a001800030000 [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): Trying non-secure slapi_ldap_init_ext [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): binddn = , passwd = [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - changelog program - cl5GetOperationCount: found DB object 7f364812a790 [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - changelog program - cl5GetOperationCount: found DB object 7f364812a790 [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569680da001900030000 [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569680da001a00030000 into pending list [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=terrafin.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568d465a001900030000 [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569680da001a00030000 [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569680da001b00030000 into pending list [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=conv2-mc-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568d465a001a00030000 [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569680da001b00030000 [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569680da001c00030000 into pending list [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=kafka1-msg-mbsnap1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568d465a001b00030000 [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569680da001c00030000 [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569680da001d00030000 into pending list [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - Purged state information from entry idnsname=0.20.10.in-addr.arpa.,cn=dns,dc=mydomain,dc=net up to CSN 568d465a001c00030000 [13/Jan/2016:16:50:12 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:50:12 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:50:12 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569680da001d00030000 [13/Jan/2016:16:50:12 +0000] - _csngen_adjust_local_time: gen state before 569680da001e:1452703811:25:126 [13/Jan/2016:16:50:12 +0000] - _csngen_adjust_local_time: gen state after 569680da001e:1452703812:24:126 [13/Jan/2016:16:50:12 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569680da001e00030000 into pending list [13/Jan/2016:16:50:12 +0000] NSMMReplicationPlugin - Purged state information from entry idnsname=4.20.10.in-addr.arpa.,cn=dns,dc=mydomain,dc=net up to CSN 568d465a001d00030000 [13/Jan/2016:16:50:12 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:50:12 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:50:12 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569680da001e00030000 [13/Jan/2016:16:50:15 +0000] - _csngen_adjust_local_time: gen state before 569680da001f:1452703812:24:126 [13/Jan/2016:16:50:15 +0000] - _csngen_adjust_local_time: gen state after 569680da001f:1452703815:21:126 [13/Jan/2016:16:50:15 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569680da001f00030000 into pending list [13/Jan/2016:16:50:15 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=es1-log-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568d465a001e00030000 [13/Jan/2016:16:50:15 +0000] NSMMReplicationPlugin - conn=31 op=5 Acquired consumer connection extension [13/Jan/2016:16:50:15 +0000] NSMMReplicationPlugin - conn=31 op=5 repl="dc=mydomain,dc=net": Begin incremental protocol [13/Jan/2016:16:50:15 +0000] - csngen_adjust_time: gen state before 569680da0020:1452703815:21:126 [13/Jan/2016:16:50:15 +0000] - csngen_adjust_time: gen state after 5696813e0004:1452703815:121:126 [13/Jan/2016:16:50:15 +0000] NSMMReplicationPlugin - conn=31 op=5 repl="dc=mydomain,dc=net": Acquired replica [13/Jan/2016:16:50:15 +0000] NSMMReplicationPlugin - conn=31 op=5 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=0 rc=0 [13/Jan/2016:16:50:15 +0000] NSMMReplicationPlugin - conn=31 op=5 Relinquishing consumer connection extension [13/Jan/2016:16:50:15 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:50:15 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:50:15 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569680da001f00030000 [13/Jan/2016:16:50:15 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5696813e000400030000 into pending list [13/Jan/2016:16:50:15 +0000] NSMMReplicationPlugin - Purged state information from entry krbprincipalname=ldap/dc1-ipa-dev-van.mydomain.net at mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net up to CSN 568d465a001f00030000 [13/Jan/2016:16:50:16 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:50:16 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:50:16 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 5696813e000400030000 [13/Jan/2016:16:50:16 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5696812d000300040000 into pending list [13/Jan/2016:16:50:16 +0000] NSMMReplicationPlugin - Purged state information from entry cn=repl keep alive 4,dc=mydomain,dc=net up to CSN 568d46be000400030000 [13/Jan/2016:16:50:16 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:50:16 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:50:16 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 5696812d000300040000 [13/Jan/2016:16:50:16 +0000] NSMMReplicationPlugin - conn=31 op=7 Acquired consumer connection extension [13/Jan/2016:16:50:16 +0000] NSMMReplicationPlugin - conn=31 op=7 repl="dc=mydomain,dc=net": Released replica held by locking_purl=conn=31 id=5 [13/Jan/2016:16:50:16 +0000] NSMMReplicationPlugin - conn=31 op=7 Relinquishing consumer connection extension [13/Jan/2016:16:50:16 +0000] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 0 (Success) [13/Jan/2016:16:50:16 +0000] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -1 (Can't contact LDAP server) [13/Jan/2016:16:50:16 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): Replication bind with GSSAPI auth failed: LDAP error -1 (Can't contact LDAP server) () [13/Jan/2016:16:50:16 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): Disconnected from the consumer [13/Jan/2016:16:50:16 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): Beginning linger on the connection [13/Jan/2016:16:50:16 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): No linger on the closed conn [13/Jan/2016:16:50:16 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): Replication session backing off for 8 seconds [13/Jan/2016:16:50:16 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): Incremental protocol: can't go to sleep: event bits - 4 [13/Jan/2016:16:50:16 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:16:50:17 +0000] - slapd shutting down - signaling operation threads - op stack size 20 max work q size 17 max work q stack size 17 [13/Jan/2016:16:50:17 +0000] - slapd shutting down - waiting for 29 threads to terminate [13/Jan/2016:16:50:17 +0000] - slapd shutting down - closing down internal subsystems and plugins [13/Jan/2016:16:50:17 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:16:50:17 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:16:50:17 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): No linger to cancel on the connection [13/Jan/2016:16:50:17 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): Disconnected from the consumer [13/Jan/2016:16:50:17 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): repl5_inc_stop: protocol stopped after 0 seconds [13/Jan/2016:16:50:17 +0000] NSMMReplicationPlugin - Database RUV: {replicageneration} 553fe9bb000000040000 [13/Jan/2016:16:50:17 +0000] NSMMReplicationPlugin - Database RUV: {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 5696813e000400030000 56968048 [13/Jan/2016:16:50:17 +0000] NSMMReplicationPlugin - Database RUV: {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 5696812d000300040000 56968048 [13/Jan/2016:16:50:17 +0000] NSMMReplicationPlugin - Database RUV: {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 5695cad2000400050000 00000000 [13/Jan/2016:16:50:17 +0000] NSMMReplicationPlugin - changelog program - _cl5Close: waiting for threads to exit: 1 thread(s) still active [13/Jan/2016:16:50:17 +0000] NSMMReplicationPlugin - changelog program - _cl5TrimMain: exiting [13/Jan/2016:16:50:17 +0000] NSMMReplicationPlugin - changelog program - _cl5DBClose: deleting DB object 7f364812a790 [13/Jan/2016:16:50:17 +0000] NSMMReplicationPlugin - changelog program - _cl5DBClose: closing databases in /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb [13/Jan/2016:16:50:17 +0000] NSMMReplicationPlugin - changelog program - _cl5DBCloseFile: Closing database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:50:17 +0000] NSMMReplicationPlugin - changelog program - _cl5DBCloseFile: Closed the changelog database handle for /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db (rc: 0) [13/Jan/2016:16:50:17 +0000] - Waiting for 4 database threads to stop [13/Jan/2016:16:50:18 +0000] - All database threads now stopped [13/Jan/2016:16:50:18 +0000] - slapd shutting down - freed 17 work q stack objects - freed 21 op stack objects [13/Jan/2016:16:50:18 +0000] - slapd stopped. ===================================== logs of dc1-nvan during change description on one machine (testhostdc1nvan) ===================================== [13/Jan/2016:17:01:12 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): Replication session backing off for 47 seconds [13/Jan/2016:17:01:28 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7faccec70180 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:17:01:28 +0000] NSMMReplicationPlugin - changelog program - cl5GetOperationCount: found DB object 7faccec70180 [13/Jan/2016:17:01:28 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7faccec70180 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:17:01:28 +0000] NSMMReplicationPlugin - changelog program - cl5GetOperationCount: found DB object 7faccec70180 [13/Jan/2016:17:01:29 +0000] - _csngen_adjust_local_time: gen state before 569683560001:1452704472:0:126 [13/Jan/2016:17:01:29 +0000] - _csngen_adjust_local_time: gen state after 569683670000:1452704489:0:126 [13/Jan/2016:17:01:29 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 56968367000000030000 into pending list [13/Jan/2016:17:01:29 +0000] NSMMReplicationPlugin - Purged state information from entry uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net up to CSN 568d48d3000300030000 [13/Jan/2016:17:01:29 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7faccec70180 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:17:01:29 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7faccec70180 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:17:01:29 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 56968367000000030000 [13/Jan/2016:17:01:29 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 56968367000100030000 into pending list [13/Jan/2016:17:01:29 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:17:01:29 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=testhostdc1nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568d48e7000000030000 [13/Jan/2016:17:01:29 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7faccec70180 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:17:01:29 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7faccec70180 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:17:01:29 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 56968367000100030000 [13/Jan/2016:17:01:29 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:17:01:29 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 56968367000200030000 into pending list [13/Jan/2016:17:01:29 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=cass1-msg-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568d48e7000100030000 [13/Jan/2016:17:01:29 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7faccec70180 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:17:01:29 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7faccec70180 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:17:01:29 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 56968367000200030000 [13/Jan/2016:17:01:29 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:17:01:29 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 56968367000300030000 into pending list [13/Jan/2016:17:01:29 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=cass1-msg-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568d48e7000200030000 [13/Jan/2016:17:01:29 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7faccec70180 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:17:01:29 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7faccec70180 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:17:01:29 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 56968367000300030000 [13/Jan/2016:17:01:29 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:17:01:30 +0000] - _csngen_adjust_local_time: gen state before 569683670004:1452704489:0:126 [13/Jan/2016:17:01:30 +0000] - _csngen_adjust_local_time: gen state after 569683680000:1452704490:0:126 [13/Jan/2016:17:01:30 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 56968368000000030000 into pending list [13/Jan/2016:17:01:30 +0000] NSMMReplicationPlugin - Purged state information from entry uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net up to CSN 568d48e7000300030000 [13/Jan/2016:17:01:30 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7faccec70180 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:17:01:30 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7faccec70180 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:17:01:30 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 56968368000000030000 [13/Jan/2016:17:01:30 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 56968368000100030000 into pending list [13/Jan/2016:17:01:30 +0000] NSMMReplicationPlugin - Purged state information from entry uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net up to CSN 568d48e8000000030000 [13/Jan/2016:17:01:30 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:17:01:30 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7faccec70180 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:17:01:30 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7faccec70180 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:17:01:30 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 56968368000100030000 [13/Jan/2016:17:01:30 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:17:01:36 +0000] - _csngen_adjust_local_time: gen state before 569683680002:1452704490:0:126 [13/Jan/2016:17:01:36 +0000] - _csngen_adjust_local_time: gen state after 5696836e0000:1452704496:0:126 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5696836e000000030000 into pending list [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=db1-urs-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568d48e8000100030000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7faccec70180 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7faccec70180 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 5696836e000000030000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:17:01:38 +0000] - _csngen_adjust_local_time: gen state before 5696836e0001:1452704496:0:126 [13/Jan/2016:17:01:38 +0000] - _csngen_adjust_local_time: gen state after 569683700000:1452704498:0:126 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 56968370000000030000 into pending list [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=db1-urs-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568d48ee000000030000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7faccec70180 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7faccec70180 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 56968370000000030000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 56968370000100030000 into pending list [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=fe2-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568d48f0000000030000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7faccec70180 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7faccec70180 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 56968370000100030000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:17:01:40 +0000] - _csngen_adjust_local_time: gen state before 569683700002:1452704498:0:126 [13/Jan/2016:17:01:40 +0000] - _csngen_adjust_local_time: gen state after 569683720000:1452704500:0:126 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 56968372000000030000 into pending list [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=fe2-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568d48f0000100030000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7faccec70180 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7faccec70180 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 56968372000000030000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff ===================================== logs of dc1-van during change description on one machine (testhostdc1nvan) ===================================== [root at dc1-ipa-dev-van slapd-MYDOMAIN-NET]# tail -f errors [13/Jan/2016:17:01:19 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): Beginning linger on the connection [13/Jan/2016:17:01:19 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: sending_updates -> wait_for_changes [13/Jan/2016:17:01:19 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:17:01:19 +0000] - repl5_inc_result_threadmain exiting [13/Jan/2016:17:01:19 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - session end: state=5 load=1 sent=43 skipped=0 skipped_new_rid=0 skipped_csn_gt_cons_maxcsn=0 skipped_up_to_date=0 skipped_csn_gt_ruv=0 skipped_csn_covered=0 [13/Jan/2016:17:01:19 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Successfully released consumer [13/Jan/2016:17:01:19 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [13/Jan/2016:17:01:19 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: sending_updates -> wait_for_changes [13/Jan/2016:17:01:20 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5695f232000000050000 into pending list [13/Jan/2016:17:01:20 +0000] NSMMReplicationPlugin - conn=5219 op=156069 csn=5695f232000000050000 process postop: canceling operation csn [13/Jan/2016:17:01:22 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5695f3a1000000050000 into pending list [13/Jan/2016:17:01:22 +0000] NSMMReplicationPlugin - conn=5219 op=156070 csn=5695f3a1000000050000 process postop: canceling operation csn [13/Jan/2016:17:01:24 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5695f550000000050000 into pending list [13/Jan/2016:17:01:24 +0000] NSMMReplicationPlugin - conn=5219 op=156071 csn=5695f550000000050000 process postop: canceling operation csn [13/Jan/2016:17:01:26 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5695f6db000000050000 into pending list [13/Jan/2016:17:01:26 +0000] NSMMReplicationPlugin - conn=5219 op=156072 csn=5695f6db000000050000 process postop: canceling operation csn [13/Jan/2016:17:01:28 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5695f877000000050000 into pending list [13/Jan/2016:17:01:28 +0000] NSMMReplicationPlugin - conn=5219 op=156073 csn=5695f877000000050000 process postop: canceling operation csn [13/Jan/2016:17:01:30 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5695fa22000000050000 into pending list [13/Jan/2016:17:01:30 +0000] NSMMReplicationPlugin - conn=5219 op=156074 csn=5695fa22000000050000 process postop: canceling operation csn [13/Jan/2016:17:01:32 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5695fba5000000050000 into pending list [13/Jan/2016:17:01:32 +0000] NSMMReplicationPlugin - conn=5219 op=156075 csn=5695fba5000000050000 process postop: canceling operation csn [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5695fce9000000050000 into pending list [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - conn=5219 op=156076 csn=5695fce9000000050000 process postop: canceling operation csn [13/Jan/2016:17:01:34 +0000] - _csngen_adjust_local_time: gen state before 569683d70002:1452704479:0:248 [13/Jan/2016:17:01:34 +0000] - _csngen_adjust_local_time: gen state after 569683e60000:1452704494:0:248 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569683e6000000040000 into pending list [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568d4956000300040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569683e6000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: wait_for_changes -> wait_for_changes [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: wait_for_changes -> ready_to_acquire_replica [13/Jan/2016:17:01:34 +0000] - acquire_replica, supplier RUV: [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - supplier: {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - supplier: {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683e6000000040000 569682ee [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - supplier: {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - supplier: {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:34 +0000] - acquire_replica, consumer RUV: [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - consumer: {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - consumer: {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683d6000300040000 569682df [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - consumer: {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - consumer: {replica 5} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:34 +0000] - acquire_replica, supplier RUV is newer [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): Cancelling linger on the connection [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - windows sync - windows_acquire_replica returned success (101) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: ready_to_acquire_replica -> sending_updates [13/Jan/2016:17:01:34 +0000] - csngen_adjust_time: gen state before 569683e60002:1452704494:0:248 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569683e6000200040000 into pending list [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568d4966000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: wait_for_changes -> wait_for_changes [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: wait_for_changes -> ready_to_acquire_replica [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:34 +0000] - _cl5PositionCursorForReplay (agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389)): Consumer RUV: [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683d6000300040000 569682df [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 5} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:34 +0000] - _cl5PositionCursorForReplay (agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389)): Supplier RUV: [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569683e6000200040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replica was successfully acquired. [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: ready_to_acquire_replica -> sending_updates [13/Jan/2016:17:01:34 +0000] - csngen_adjust_time: gen state before 569683e60004:1452704494:0:248 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:34 +0000] - _cl5PositionCursorForReplay (agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389)): Consumer RUV: [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 569683e0000100050000 00000000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 56968370000400040000 00000000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 00000000 [13/Jan/2016:17:01:34 +0000] - _cl5PositionCursorForReplay (agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389)): Supplier RUV: [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683e6000200040000 569682ee [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - clcache_get_buffer: found thread private buffer cache 7fc6f5181410 [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - clcache_get_buffer: _pool is 7fc74461e350 _pool->pl_busy_lists is 7fc71406c630 _pool->pl_busy_lists->bl_buffers is 7fc6f5181410 [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - session start: anchorcsn=56968370000400040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - changelog program - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): CSN 56968370000400040000 found, position set for replay [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=1 csn=56968372000200040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pmdb1-ops-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968372000200040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pmdb1-ops-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968372000200040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968372000200040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 070df70b-ab2a11e5-b6d1a094-64a60b74, CSN 56968372000200040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=2 csn=56968372000400040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pmdb1-ops-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968372000400040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pmdb1-ops-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968372000400040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968372000400040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 070df70b-ab2a11e5-b6d1a094-64a60b74, CSN 56968372000400040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=3 csn=56968372000600040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="uid=convrter,cn=users,cn=accounts,dc=mydomain,dc=net" csn=56968372000600040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="uid=convrter,cn=users,cn=accounts,dc=mydomain,dc=net" csn=56968372000600040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968372000600040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid c449858a-5b1d11e5-b1f1cd78-f19552bb, CSN 56968372000600040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=4 csn=56968373000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe3-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968373000000040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe3-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968373000000040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968373000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 2c014385-0bb311e5-bde8cd78-f19552bb, CSN 56968373000000040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=5 csn=56968373000300040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe3-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968373000300040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe3-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968373000300040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968373000300040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 2c014385-0bb311e5-bde8cd78-f19552bb, CSN 56968373000300040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=6 csn=56968375000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=writer1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968375000000040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=writer1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968375000000040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968375000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 16a0f586-f5c411e4-afbccd78-f19552bb, CSN 56968375000000040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=7 csn=56968375000300040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=writer1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968375000300040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=writer1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968375000300040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968375000300040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 16a0f586-f5c411e4-afbccd78-f19552bb, CSN 56968375000300040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=8 csn=56968378000300040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=jbl1-tools-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968378000300040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=jbl1-tools-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968378000300040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968378000300040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 892ff89a-aaf511e5-b1f1cd78-f19552bb, CSN 56968378000300040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=9 csn=56968379000200040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=jbl1-tools-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000200040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=jbl1-tools-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000200040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968379000200040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 892ff89a-aaf511e5-b1f1cd78-f19552bb, CSN 56968379000200040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=10 csn=56968379000500040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-msg-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000500040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-msg-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000500040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968379000500040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 8f1a8905-1e8611e5-a0c7cd78-f19552bb, CSN 56968379000500040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=11 csn=56968379000800040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-msg-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000800040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-msg-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000800040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968379000800040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 8f1a8905-1e8611e5-a0c7cd78-f19552bb, CSN 56968379000800040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=12 csn=56968379000b00040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=collector1-log-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000b00040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=collector1-log-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000b00040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968379000b00040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 4193771f-569411e5-9215a094-64a60b74, CSN 56968379000b00040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=13 csn=5696837b000200040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=collector1-log-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000200040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=collector1-log-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000200040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837b000200040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 4193771f-569411e5-9215a094-64a60b74, CSN 5696837b000200040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=14 csn=5696837b000500040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-msg-mbqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000500040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-msg-mbqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000500040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837b000500040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 803f2702-aaf511e5-b6d1a094-64a60b74, CSN 5696837b000500040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=15 csn=5696837b000800040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-msg-mbqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000800040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-msg-mbqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000800040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837b000800040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 803f2702-aaf511e5-b6d1a094-64a60b74, CSN 5696837b000800040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=16 csn=5696837d000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-interopperf1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837d000000040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-interopperf1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837d000000040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837d000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 640cb404-4cd411e5-b1f1cd78-f19552bb, CSN 5696837d000000040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=17 csn=5696837f000200040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-interopperf1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000200040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-interopperf1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000200040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000200040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 640cb404-4cd411e5-b1f1cd78-f19552bb, CSN 5696837f000200040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=18 csn=5696837f000300040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pg1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000300040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pg1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000300040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000300040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 1ea56a11-9e1f11e5-b1f1cd78-f19552bb, CSN 5696837f000300040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=19 csn=5696837f000500040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pg1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000500040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pg1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000500040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000500040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 1ea56a11-9e1f11e5-b1f1cd78-f19552bb, CSN 5696837f000500040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=20 csn=5696837f000800040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pg1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000800040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pg1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000800040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000800040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 23489b25-240711e5-a0c7cd78-f19552bb, CSN 5696837f000800040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=21 csn=5696837f000b00040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pg1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000b00040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pg1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000b00040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000b00040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 23489b25-240711e5-a0c7cd78-f19552bb, CSN 5696837f000b00040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=22 csn=56968381000200040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-msgqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968381000200040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-msgqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968381000200040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968381000200040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 15173e07-4c4411e5-b1f1cd78-f19552bb, CSN 56968381000200040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=23 csn=56968381000500040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-msgqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968381000500040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-msgqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968381000500040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968381000500040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 15173e07-4c4411e5-b1f1cd78-f19552bb, CSN 56968381000500040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=24 csn=56968384000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-interopsnap2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968384000000040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-interopsnap2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968384000000040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968384000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid c16f2824-4d0911e5-b1f1cd78-f19552bb, CSN 56968384000000040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=25 csn=56968384000100040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-interopsnap2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968384000100040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-interopsnap2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968384000100040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968384000100040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid c16f2824-4d0911e5-b1f1cd78-f19552bb, CSN 56968384000100040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=26 csn=5696838d000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=proxy3-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696838d000000040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=proxy3-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696838d000000040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696838d000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid e347dd89-58b911e5-b1f1cd78-f19552bb, CSN 5696838d000000040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=27 csn=5696838d000300040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=proxy3-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696838d000300040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=proxy3-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696838d000300040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696838d000300040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid e347dd89-58b911e5-b1f1cd78-f19552bb, CSN 5696838d000300040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=28 csn=56968392000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=logger1-mls-snap12-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968392000000040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=logger1-mls-snap12-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968392000000040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968392000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 89411b12-58ad11e5-9215a094-64a60b74, CSN 56968392000000040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=29 csn=56968392000300040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=logger1-mls-snap12-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968392000300040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=logger1-mls-snap12-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968392000300040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968392000300040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 89411b12-58ad11e5-9215a094-64a60b74, CSN 56968392000300040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=30 csn=56968397000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=db1-arch-cpqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968397000000040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=db1-arch-cpqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968397000000040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968397000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid a050c41e-9e2e11e5-b1f1cd78-f19552bb, CSN 56968397000000040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=31 csn=56968397000300040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=db1-arch-cpqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968397000300040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=db1-arch-cpqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968397000300040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968397000300040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid a050c41e-9e2e11e5-b1f1cd78-f19552bb, CSN 56968397000300040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=32 csn=569683a9000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="krbprincipalname=ldap/dc1-ipa-dev-nvan.mydomain.net at mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net" csn=569683a9000000040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="krbprincipalname=ldap/dc1-ipa-dev-nvan.mydomain.net at mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net" csn=569683a9000000040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683a9000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid ba2f2115-ede211e4-bdd5a094-64a60b74, CSN 569683a9000000040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=33 csn=569683ae000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=report1-urs-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ae000000040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=report1-urs-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ae000000040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683ae000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 0481128c-a44311e5-b1f1cd78-f19552bb, CSN 569683ae000000040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=34 csn=569683ae000300040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=report1-urs-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ae000300040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=report1-urs-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ae000300040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683ae000300040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 0481128c-a44311e5-b1f1cd78-f19552bb, CSN 569683ae000300040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=35 csn=569683c3000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-maci1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683c3000000040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-maci1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683c3000000040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683c3000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 64ef0886-4c3611e5-b1f1cd78-f19552bb, CSN 569683c3000000040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=36 csn=569683c5000200040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-maci1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683c5000200040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-maci1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683c5000200040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683c5000200040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 64ef0886-4c3611e5-b1f1cd78-f19552bb, CSN 569683c5000200040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=37 csn=569683c7000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="krbprincipalname=cifs/dc1-ipa-dev-van.mydomain.net at mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net" csn=569683c7000000040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="krbprincipalname=cifs/dc1-ipa-dev-van.mydomain.net at mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net" csn=569683c7000000040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683c7000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid e16b6f0a-f27411e4-bf10cd78-f19552bb, CSN 569683c7000000040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=38 csn=569683cf000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=haproxy1-ngmx-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683cf000000040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=haproxy1-ngmx-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683cf000000040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683cf000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 298a1b2f-aafe11e5-b6d1a094-64a60b74, CSN 569683cf000000040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=39 csn=569683d0000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=haproxy1-ngmx-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d0000000040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=haproxy1-ngmx-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d0000000040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d0000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 298a1b2f-aafe11e5-b6d1a094-64a60b74, CSN 569683d0000000040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=40 csn=569683d2000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=hadoop6-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d2000000040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=hadoop6-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d2000000040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d2000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 07939706-ab0411e5-b6d1a094-64a60b74, CSN 569683d2000000040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=41 csn=569683d2000300040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=hadoop6-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d2000300040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=hadoop6-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d2000300040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d2000300040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 07939706-ab0411e5-b6d1a094-64a60b74, CSN 569683d2000300040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=42 csn=569683d6000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe6-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d6000000040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe6-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d6000000040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d6000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 6968650e-50ff11e5-b1f1cd78-f19552bb, CSN 569683d6000000040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=43 csn=569683d6000300040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe6-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d6000300040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe6-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d6000300040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d6000300040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 6968650e-50ff11e5-b1f1cd78-f19552bb, CSN 569683d6000300040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=44 csn=569683e6000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e6000000040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e6000000040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683e6000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 0eb7a68e-aafe11e5-b1f1cd78-f19552bb, CSN 569683e6000000040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=45 csn=569683e6000200040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e6000200040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e6000200040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683e6000200040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 0eb7a68e-aafe11e5-b1f1cd78-f19552bb, CSN 569683e6000200040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - clcache_load_buffer: rc=-30988 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): No more updates to send (cl5GetNextOperationToReplay) [13/Jan/2016:17:01:34 +0000] - repl5_inc_waitfor_async_results: 0 0 [13/Jan/2016:17:01:34 +0000] - repl5_inc_result_threadmain starting [13/Jan/2016:17:01:34 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683e6000200040000 569682ee [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:34 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - clcache_get_buffer: found thread private buffer cache 7fc71407c6e0 [13/Jan/2016:17:01:34 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - clcache_get_buffer: _pool is 7fc74461e350 _pool->pl_busy_lists is 7fc71406c630 _pool->pl_busy_lists->bl_buffers is 7fc6f5181410 [13/Jan/2016:17:01:34 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - session start: anchorcsn=569683d6000300040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - changelog program - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): CSN 569683d6000300040000 found, position set for replay [13/Jan/2016:17:01:34 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - load=1 rec=1 csn=569683e6000000040000 [13/Jan/2016:17:01:34 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - load=1 rec=2 csn=569683e6000200040000 [13/Jan/2016:17:01:34 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - clcache_load_buffer: rc=-30988 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): No more updates to send (cl5GetNextOperationToReplay) [13/Jan/2016:17:01:34 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - session end: state=5 load=1 sent=2 skipped=0 skipped_new_rid=0 skipped_csn_gt_cons_maxcsn=0 skipped_up_to_date=0 skipped_csn_gt_ruv=0 skipped_csn_covered=0 [13/Jan/2016:17:01:34 +0000] - Calling dirsync search request plugin [13/Jan/2016:17:01:34 +0000] - Sending dirsync search request [13/Jan/2016:17:01:34 +0000] - repl5_inc_result_threadmain exiting [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - session end: state=5 load=1 sent=45 skipped=0 skipped_new_rid=0 skipped_csn_gt_cons_maxcsn=0 skipped_up_to_date=0 skipped_csn_gt_ruv=0 skipped_csn_covered=0 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Successfully released consumer [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: sending_updates -> wait_for_changes [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: wait_for_changes -> ready_to_acquire_replica [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): Beginning linger on the connection [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: sending_updates -> wait_for_changes [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: wait_for_changes -> ready_to_acquire_replica [13/Jan/2016:17:01:34 +0000] - acquire_replica, supplier RUV: [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - supplier: {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - supplier: {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683e6000200040000 569682ee [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - supplier: {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - supplier: {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:34 +0000] - acquire_replica, consumer RUV: [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - consumer: {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - consumer: {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683e6000200040000 569682ee [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - consumer: {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - consumer: {replica 5} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): Cancelling linger on the connection [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - windows sync - windows_acquire_replica returned success (101) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: ready_to_acquire_replica -> sending_updates [13/Jan/2016:17:01:34 +0000] - csngen_adjust_time: gen state before 569683e60006:1452704494:0:248 [13/Jan/2016:17:01:34 +0000] - csngen_adjust_time: gen state after 569683e60006:1452704494:0:248 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replica was successfully acquired. [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: ready_to_acquire_replica -> sending_updates [13/Jan/2016:17:01:35 +0000] - csngen_adjust_time: gen state before 569683e60006:1452704494:0:248 [13/Jan/2016:17:01:35 +0000] - _csngen_adjust_local_time: gen state before 569683e60006:1452704494:0:248 [13/Jan/2016:17:01:35 +0000] - _csngen_adjust_local_time: gen state after 569683e70000:1452704495:0:248 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:35 +0000] - _cl5PositionCursorForReplay (agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389)): Consumer RUV: [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 569683e0000100050000 00000000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 56968370000400040000 00000000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 00000000 [13/Jan/2016:17:01:35 +0000] - _cl5PositionCursorForReplay (agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389)): Supplier RUV: [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683e6000200040000 569682ee [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - clcache_get_buffer: found thread private buffer cache 7fc6f5181410 [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - clcache_get_buffer: _pool is 7fc74461e350 _pool->pl_busy_lists is 7fc71406c630 _pool->pl_busy_lists->bl_buffers is 7fc6f5181410 [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - session start: anchorcsn=56968370000400040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - changelog program - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): CSN 56968370000400040000 found, position set for replay [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=1 csn=56968372000200040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pmdb1-ops-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968372000200040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pmdb1-ops-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968372000200040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968372000200040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 070df70b-ab2a11e5-b6d1a094-64a60b74, CSN 56968372000200040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=2 csn=56968372000400040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pmdb1-ops-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968372000400040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pmdb1-ops-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968372000400040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968372000400040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 070df70b-ab2a11e5-b6d1a094-64a60b74, CSN 56968372000400040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=3 csn=56968372000600040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="uid=convrter,cn=users,cn=accounts,dc=mydomain,dc=net" csn=56968372000600040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="uid=convrter,cn=users,cn=accounts,dc=mydomain,dc=net" csn=56968372000600040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968372000600040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid c449858a-5b1d11e5-b1f1cd78-f19552bb, CSN 56968372000600040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=4 csn=56968373000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe3-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968373000000040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe3-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968373000000040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968373000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 2c014385-0bb311e5-bde8cd78-f19552bb, CSN 56968373000000040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=5 csn=56968373000300040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe3-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968373000300040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe3-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968373000300040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968373000300040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 2c014385-0bb311e5-bde8cd78-f19552bb, CSN 56968373000300040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=6 csn=56968375000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=writer1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968375000000040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=writer1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968375000000040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968375000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 16a0f586-f5c411e4-afbccd78-f19552bb, CSN 56968375000000040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=7 csn=56968375000300040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=writer1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968375000300040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=writer1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968375000300040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968375000300040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 16a0f586-f5c411e4-afbccd78-f19552bb, CSN 56968375000300040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=8 csn=56968378000300040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=jbl1-tools-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968378000300040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=jbl1-tools-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968378000300040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968378000300040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 892ff89a-aaf511e5-b1f1cd78-f19552bb, CSN 56968378000300040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=9 csn=56968379000200040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=jbl1-tools-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000200040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=jbl1-tools-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000200040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968379000200040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 892ff89a-aaf511e5-b1f1cd78-f19552bb, CSN 56968379000200040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=10 csn=56968379000500040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-msg-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000500040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-msg-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000500040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968379000500040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 8f1a8905-1e8611e5-a0c7cd78-f19552bb, CSN 56968379000500040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=11 csn=56968379000800040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-msg-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000800040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-msg-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000800040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968379000800040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 8f1a8905-1e8611e5-a0c7cd78-f19552bb, CSN 56968379000800040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=12 csn=56968379000b00040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=collector1-log-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000b00040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=collector1-log-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000b00040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968379000b00040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 4193771f-569411e5-9215a094-64a60b74, CSN 56968379000b00040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=13 csn=5696837b000200040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=collector1-log-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000200040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=collector1-log-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000200040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837b000200040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 4193771f-569411e5-9215a094-64a60b74, CSN 5696837b000200040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=14 csn=5696837b000500040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-msg-mbqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000500040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-msg-mbqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000500040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837b000500040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 803f2702-aaf511e5-b6d1a094-64a60b74, CSN 5696837b000500040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=15 csn=5696837b000800040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-msg-mbqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000800040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-msg-mbqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000800040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837b000800040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 803f2702-aaf511e5-b6d1a094-64a60b74, CSN 5696837b000800040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=16 csn=5696837d000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-interopperf1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837d000000040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-interopperf1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837d000000040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837d000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 640cb404-4cd411e5-b1f1cd78-f19552bb, CSN 5696837d000000040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=17 csn=5696837f000200040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-interopperf1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000200040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-interopperf1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000200040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000200040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 640cb404-4cd411e5-b1f1cd78-f19552bb, CSN 5696837f000200040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=18 csn=5696837f000300040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pg1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000300040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pg1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000300040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000300040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 1ea56a11-9e1f11e5-b1f1cd78-f19552bb, CSN 5696837f000300040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=19 csn=5696837f000500040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pg1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000500040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pg1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000500040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000500040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 1ea56a11-9e1f11e5-b1f1cd78-f19552bb, CSN 5696837f000500040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=20 csn=5696837f000800040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pg1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000800040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pg1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000800040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000800040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 23489b25-240711e5-a0c7cd78-f19552bb, CSN 5696837f000800040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=21 csn=5696837f000b00040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pg1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000b00040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pg1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000b00040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000b00040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 23489b25-240711e5-a0c7cd78-f19552bb, CSN 5696837f000b00040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=22 csn=56968381000200040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-msgqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968381000200040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-msgqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968381000200040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968381000200040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 15173e07-4c4411e5-b1f1cd78-f19552bb, CSN 56968381000200040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=23 csn=56968381000500040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-msgqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968381000500040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-msgqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968381000500040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968381000500040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 15173e07-4c4411e5-b1f1cd78-f19552bb, CSN 56968381000500040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=24 csn=56968384000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-interopsnap2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968384000000040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-interopsnap2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968384000000040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968384000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid c16f2824-4d0911e5-b1f1cd78-f19552bb, CSN 56968384000000040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=25 csn=56968384000100040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-interopsnap2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968384000100040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-interopsnap2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968384000100040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968384000100040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid c16f2824-4d0911e5-b1f1cd78-f19552bb, CSN 56968384000100040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=26 csn=5696838d000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=proxy3-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696838d000000040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=proxy3-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696838d000000040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696838d000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid e347dd89-58b911e5-b1f1cd78-f19552bb, CSN 5696838d000000040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=27 csn=5696838d000300040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=proxy3-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696838d000300040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=proxy3-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696838d000300040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696838d000300040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid e347dd89-58b911e5-b1f1cd78-f19552bb, CSN 5696838d000300040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=28 csn=56968392000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=logger1-mls-snap12-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968392000000040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=logger1-mls-snap12-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968392000000040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968392000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 89411b12-58ad11e5-9215a094-64a60b74, CSN 56968392000000040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=29 csn=56968392000300040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=logger1-mls-snap12-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968392000300040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=logger1-mls-snap12-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968392000300040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968392000300040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 89411b12-58ad11e5-9215a094-64a60b74, CSN 56968392000300040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=30 csn=56968397000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=db1-arch-cpqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968397000000040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=db1-arch-cpqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968397000000040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968397000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid a050c41e-9e2e11e5-b1f1cd78-f19552bb, CSN 56968397000000040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=31 csn=56968397000300040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=db1-arch-cpqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968397000300040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=db1-arch-cpqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968397000300040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968397000300040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid a050c41e-9e2e11e5-b1f1cd78-f19552bb, CSN 56968397000300040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=32 csn=569683a9000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="krbprincipalname=ldap/dc1-ipa-dev-nvan.mydomain.net at mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net" csn=569683a9000000040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="krbprincipalname=ldap/dc1-ipa-dev-nvan.mydomain.net at mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net" csn=569683a9000000040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683a9000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid ba2f2115-ede211e4-bdd5a094-64a60b74, CSN 569683a9000000040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=33 csn=569683ae000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=report1-urs-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ae000000040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=report1-urs-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ae000000040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683ae000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 0481128c-a44311e5-b1f1cd78-f19552bb, CSN 569683ae000000040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=34 csn=569683ae000300040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=report1-urs-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ae000300040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=report1-urs-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ae000300040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683ae000300040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 0481128c-a44311e5-b1f1cd78-f19552bb, CSN 569683ae000300040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=35 csn=569683c3000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-maci1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683c3000000040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-maci1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683c3000000040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683c3000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 64ef0886-4c3611e5-b1f1cd78-f19552bb, CSN 569683c3000000040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=36 csn=569683c5000200040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-maci1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683c5000200040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-maci1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683c5000200040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683c5000200040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 64ef0886-4c3611e5-b1f1cd78-f19552bb, CSN 569683c5000200040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=37 csn=569683c7000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="krbprincipalname=cifs/dc1-ipa-dev-van.mydomain.net at mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net" csn=569683c7000000040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="krbprincipalname=cifs/dc1-ipa-dev-van.mydomain.net at mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net" csn=569683c7000000040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683c7000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid e16b6f0a-f27411e4-bf10cd78-f19552bb, CSN 569683c7000000040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=38 csn=569683cf000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=haproxy1-ngmx-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683cf000000040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=haproxy1-ngmx-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683cf000000040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683cf000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 298a1b2f-aafe11e5-b6d1a094-64a60b74, CSN 569683cf000000040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=39 csn=569683d0000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=haproxy1-ngmx-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d0000000040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=haproxy1-ngmx-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d0000000040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d0000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 298a1b2f-aafe11e5-b6d1a094-64a60b74, CSN 569683d0000000040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=40 csn=569683d2000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=hadoop6-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d2000000040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=hadoop6-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d2000000040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d2000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 07939706-ab0411e5-b6d1a094-64a60b74, CSN 569683d2000000040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=41 csn=569683d2000300040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=hadoop6-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d2000300040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=hadoop6-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d2000300040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d2000300040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 07939706-ab0411e5-b6d1a094-64a60b74, CSN 569683d2000300040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=42 csn=569683d6000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe6-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d6000000040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe6-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d6000000040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d6000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 6968650e-50ff11e5-b1f1cd78-f19552bb, CSN 569683d6000000040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=43 csn=569683d6000300040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe6-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d6000300040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe6-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d6000300040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d6000300040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 6968650e-50ff11e5-b1f1cd78-f19552bb, CSN 569683d6000300040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=44 csn=569683e6000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e6000000040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e6000000040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683e6000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 0eb7a68e-aafe11e5-b1f1cd78-f19552bb, CSN 569683e6000000040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=45 csn=569683e6000200040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e6000200040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e6000200040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683e6000200040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 0eb7a68e-aafe11e5-b1f1cd78-f19552bb, CSN 569683e6000200040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - clcache_load_buffer: rc=-30988 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): No more updates to send (cl5GetNextOperationToReplay) [13/Jan/2016:17:01:35 +0000] - repl5_inc_waitfor_async_results: 0 0 [13/Jan/2016:17:01:35 +0000] - repl5_inc_result_threadmain starting [13/Jan/2016:17:01:35 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:35 +0000] - _cl5PositionCursorForReplay (agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389)): Consumer RUV: [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683e6000200040000 569682ee [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 5} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:35 +0000] - _cl5PositionCursorForReplay (agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389)): Supplier RUV: [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683e6000200040000 569682ee [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): No changes to send [13/Jan/2016:17:01:35 +0000] - Calling dirsync search request plugin [13/Jan/2016:17:01:35 +0000] - Sending dirsync search request [13/Jan/2016:17:01:35 +0000] - repl5_inc_result_threadmain exiting [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - session end: state=5 load=1 sent=45 skipped=0 skipped_new_rid=0 skipped_csn_gt_cons_maxcsn=0 skipped_up_to_date=0 skipped_csn_gt_ruv=0 skipped_csn_covered=0 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Successfully released consumer [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: sending_updates -> wait_for_changes [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): Beginning linger on the connection [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: sending_updates -> wait_for_changes [13/Jan/2016:17:01:36 +0000] - _csngen_adjust_local_time: gen state before 569683e70000:1452704495:0:248 [13/Jan/2016:17:01:36 +0000] - _csngen_adjust_local_time: gen state after 569683e80000:1452704496:0:248 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569683e8000000040000 into pending list [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=es1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568d4966000200040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569683e8000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: wait_for_changes -> wait_for_changes [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: wait_for_changes -> ready_to_acquire_replica [13/Jan/2016:17:01:36 +0000] - acquire_replica, supplier RUV: [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - supplier: {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - supplier: {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683e8000000040000 569682f0 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - supplier: {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - supplier: {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:36 +0000] - acquire_replica, consumer RUV: [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - consumer: {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - consumer: {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683e6000200040000 569682ee [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - consumer: {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - consumer: {replica 5} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:36 +0000] - acquire_replica, supplier RUV is newer [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): Cancelling linger on the connection [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569683e8000100040000 into pending list [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=es1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568d4968000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: wait_for_changes -> wait_for_changes [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: wait_for_changes -> ready_to_acquire_replica [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569683e8000100040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - windows sync - windows_acquire_replica returned success (101) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: ready_to_acquire_replica -> sending_updates [13/Jan/2016:17:01:36 +0000] - csngen_adjust_time: gen state before 569683e80004:1452704496:0:248 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replica was successfully acquired. [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: ready_to_acquire_replica -> sending_updates [13/Jan/2016:17:01:36 +0000] - csngen_adjust_time: gen state before 569683e80004:1452704496:0:248 [13/Jan/2016:17:01:36 +0000] - csngen_adjust_time: gen state after 569683ea0002:1452704496:2:248 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:36 +0000] - _cl5PositionCursorForReplay (agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389)): Consumer RUV: [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 569683ea000100050000 00000000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 56968370000400040000 00000000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 00000000 [13/Jan/2016:17:01:36 +0000] - _cl5PositionCursorForReplay (agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389)): Supplier RUV: [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683e8000100040000 569682f0 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - clcache_get_buffer: found thread private buffer cache 7fc6f5181410 [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - clcache_get_buffer: _pool is 7fc74461e350 _pool->pl_busy_lists is 7fc71406c630 _pool->pl_busy_lists->bl_buffers is 7fc6f5181410 [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - session start: anchorcsn=56968370000400040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - changelog program - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): CSN 56968370000400040000 found, position set for replay [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=1 csn=56968372000200040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pmdb1-ops-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968372000200040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pmdb1-ops-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968372000200040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968372000200040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 070df70b-ab2a11e5-b6d1a094-64a60b74, CSN 56968372000200040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=2 csn=56968372000400040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pmdb1-ops-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968372000400040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pmdb1-ops-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968372000400040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968372000400040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 070df70b-ab2a11e5-b6d1a094-64a60b74, CSN 56968372000400040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=3 csn=56968372000600040000 [13/Jan/2016:17:01:36 +0000] - repl5_inc_result_threadmain starting [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:36 +0000] - _cl5PositionCursorForReplay (agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389)): Consumer RUV: [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683e6000200040000 569682ee [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 5} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:36 +0000] - _cl5PositionCursorForReplay (agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389)): Supplier RUV: [13/Jan/2016:17:01:36 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="uid=convrter,cn=users,cn=accounts,dc=mydomain,dc=net" csn=56968372000600040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5695fe79000000050000 into pending list [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="uid=convrter,cn=users,cn=accounts,dc=mydomain,dc=net" csn=56968372000600040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968372000600040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid c449858a-5b1d11e5-b1f1cd78-f19552bb, CSN 56968372000600040000): [13/Jan/2016:17:01:36 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683e8000100040000 569682f0 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:36 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - clcache_get_buffer: found thread private buffer cache 7fc71407c6e0 [13/Jan/2016:17:01:36 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - clcache_get_buffer: _pool is 7fc74461e350 _pool->pl_busy_lists is 7fc71406c630 _pool->pl_busy_lists->bl_buffers is 7fc6f5181410 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - conn=5219 op=156077 csn=5695fe79000000050000 process postop: canceling operation csn [13/Jan/2016:17:01:36 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=4 csn=56968373000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe3-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968373000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe3-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968373000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968373000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 2c014385-0bb311e5-bde8cd78-f19552bb, CSN 56968373000000040000): [13/Jan/2016:17:01:36 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:17:01:36 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - session start: anchorcsn=569683e6000200040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - changelog program - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): CSN 569683e6000200040000 found, position set for replay [13/Jan/2016:17:01:36 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - load=1 rec=1 csn=569683e8000000040000 [13/Jan/2016:17:01:36 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - load=1 rec=2 csn=569683e8000100040000 [13/Jan/2016:17:01:36 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - clcache_load_buffer: rc=-30988 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): No more updates to send (cl5GetNextOperationToReplay) [13/Jan/2016:17:01:36 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - session end: state=5 load=1 sent=2 skipped=0 skipped_new_rid=0 skipped_csn_gt_cons_maxcsn=0 skipped_up_to_date=0 skipped_csn_gt_ruv=0 skipped_csn_covered=0 [13/Jan/2016:17:01:36 +0000] - Calling dirsync search request plugin [13/Jan/2016:17:01:36 +0000] - Sending dirsync search request [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=5 csn=56968373000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe3-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968373000300040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe3-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968373000300040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968373000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 2c014385-0bb311e5-bde8cd78-f19552bb, CSN 56968373000300040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=6 csn=56968375000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=writer1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968375000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=writer1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968375000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968375000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 16a0f586-f5c411e4-afbccd78-f19552bb, CSN 56968375000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=7 csn=56968375000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=writer1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968375000300040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=writer1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968375000300040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968375000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 16a0f586-f5c411e4-afbccd78-f19552bb, CSN 56968375000300040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=8 csn=56968378000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=jbl1-tools-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968378000300040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=jbl1-tools-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968378000300040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968378000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 892ff89a-aaf511e5-b1f1cd78-f19552bb, CSN 56968378000300040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=9 csn=56968379000200040000 [13/Jan/2016:17:01:36 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): Beginning linger on the connection [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: sending_updates -> wait_for_changes [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: wait_for_changes -> ready_to_acquire_replica [13/Jan/2016:17:01:36 +0000] - acquire_replica, supplier RUV: [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - supplier: {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - supplier: {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683e8000100040000 569682f0 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - supplier: {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - supplier: {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:36 +0000] - acquire_replica, consumer RUV: [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - consumer: {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - consumer: {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683e8000100040000 569682f0 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - consumer: {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - consumer: {replica 5} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): Cancelling linger on the connection [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - windows sync - windows_acquire_replica returned success (101) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: ready_to_acquire_replica -> sending_updates [13/Jan/2016:17:01:36 +0000] - csngen_adjust_time: gen state before 569683ea0003:1452704496:2:248 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=jbl1-tools-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000200040000) [13/Jan/2016:17:01:36 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=jbl1-tools-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000200040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968379000200040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 892ff89a-aaf511e5-b1f1cd78-f19552bb, CSN 56968379000200040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=10 csn=56968379000500040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-msg-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000500040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-msg-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000500040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968379000500040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 8f1a8905-1e8611e5-a0c7cd78-f19552bb, CSN 56968379000500040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=11 csn=56968379000800040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-msg-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000800040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-msg-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000800040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968379000800040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 8f1a8905-1e8611e5-a0c7cd78-f19552bb, CSN 56968379000800040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=12 csn=56968379000b00040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=collector1-log-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000b00040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=collector1-log-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000b00040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968379000b00040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 4193771f-569411e5-9215a094-64a60b74, CSN 56968379000b00040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=13 csn=5696837b000200040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=collector1-log-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000200040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=collector1-log-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000200040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837b000200040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 4193771f-569411e5-9215a094-64a60b74, CSN 5696837b000200040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=14 csn=5696837b000500040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-msg-mbqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000500040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-msg-mbqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000500040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837b000500040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 803f2702-aaf511e5-b6d1a094-64a60b74, CSN 5696837b000500040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=15 csn=5696837b000800040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-msg-mbqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000800040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-msg-mbqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000800040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837b000800040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 803f2702-aaf511e5-b6d1a094-64a60b74, CSN 5696837b000800040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=16 csn=5696837d000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-interopperf1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837d000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-interopperf1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837d000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837d000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 640cb404-4cd411e5-b1f1cd78-f19552bb, CSN 5696837d000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=17 csn=5696837f000200040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-interopperf1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000200040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-interopperf1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000200040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000200040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 640cb404-4cd411e5-b1f1cd78-f19552bb, CSN 5696837f000200040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=18 csn=5696837f000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pg1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000300040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pg1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000300040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 1ea56a11-9e1f11e5-b1f1cd78-f19552bb, CSN 5696837f000300040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=19 csn=5696837f000500040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pg1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000500040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pg1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000500040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000500040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 1ea56a11-9e1f11e5-b1f1cd78-f19552bb, CSN 5696837f000500040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=20 csn=5696837f000800040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pg1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000800040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pg1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000800040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000800040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 23489b25-240711e5-a0c7cd78-f19552bb, CSN 5696837f000800040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=21 csn=5696837f000b00040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pg1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000b00040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pg1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000b00040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000b00040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 23489b25-240711e5-a0c7cd78-f19552bb, CSN 5696837f000b00040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=22 csn=56968381000200040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-msgqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968381000200040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-msgqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968381000200040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968381000200040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 15173e07-4c4411e5-b1f1cd78-f19552bb, CSN 56968381000200040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=23 csn=56968381000500040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-msgqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968381000500040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-msgqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968381000500040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968381000500040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 15173e07-4c4411e5-b1f1cd78-f19552bb, CSN 56968381000500040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=24 csn=56968384000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-interopsnap2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968384000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-interopsnap2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968384000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968384000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid c16f2824-4d0911e5-b1f1cd78-f19552bb, CSN 56968384000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=25 csn=56968384000100040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-interopsnap2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968384000100040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-interopsnap2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968384000100040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968384000100040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid c16f2824-4d0911e5-b1f1cd78-f19552bb, CSN 56968384000100040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=26 csn=5696838d000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=proxy3-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696838d000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=proxy3-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696838d000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696838d000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid e347dd89-58b911e5-b1f1cd78-f19552bb, CSN 5696838d000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=27 csn=5696838d000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=proxy3-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696838d000300040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=proxy3-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696838d000300040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696838d000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid e347dd89-58b911e5-b1f1cd78-f19552bb, CSN 5696838d000300040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=28 csn=56968392000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=logger1-mls-snap12-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968392000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=logger1-mls-snap12-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968392000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968392000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 89411b12-58ad11e5-9215a094-64a60b74, CSN 56968392000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=29 csn=56968392000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=logger1-mls-snap12-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968392000300040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=logger1-mls-snap12-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968392000300040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968392000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 89411b12-58ad11e5-9215a094-64a60b74, CSN 56968392000300040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=30 csn=56968397000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=db1-arch-cpqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968397000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=db1-arch-cpqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968397000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968397000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid a050c41e-9e2e11e5-b1f1cd78-f19552bb, CSN 56968397000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=31 csn=56968397000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=db1-arch-cpqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968397000300040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=db1-arch-cpqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968397000300040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968397000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid a050c41e-9e2e11e5-b1f1cd78-f19552bb, CSN 56968397000300040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=32 csn=569683a9000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="krbprincipalname=ldap/dc1-ipa-dev-nvan.mydomain.net at mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net" csn=569683a9000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="krbprincipalname=ldap/dc1-ipa-dev-nvan.mydomain.net at mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net" csn=569683a9000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683a9000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid ba2f2115-ede211e4-bdd5a094-64a60b74, CSN 569683a9000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=33 csn=569683ae000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=report1-urs-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ae000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=report1-urs-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ae000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683ae000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 0481128c-a44311e5-b1f1cd78-f19552bb, CSN 569683ae000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=34 csn=569683ae000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=report1-urs-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ae000300040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=report1-urs-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ae000300040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683ae000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 0481128c-a44311e5-b1f1cd78-f19552bb, CSN 569683ae000300040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=35 csn=569683c3000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-maci1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683c3000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-maci1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683c3000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683c3000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 64ef0886-4c3611e5-b1f1cd78-f19552bb, CSN 569683c3000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=36 csn=569683c5000200040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-maci1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683c5000200040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-maci1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683c5000200040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683c5000200040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 64ef0886-4c3611e5-b1f1cd78-f19552bb, CSN 569683c5000200040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=37 csn=569683c7000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="krbprincipalname=cifs/dc1-ipa-dev-van.mydomain.net at mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net" csn=569683c7000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="krbprincipalname=cifs/dc1-ipa-dev-van.mydomain.net at mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net" csn=569683c7000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683c7000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid e16b6f0a-f27411e4-bf10cd78-f19552bb, CSN 569683c7000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=38 csn=569683cf000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=haproxy1-ngmx-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683cf000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=haproxy1-ngmx-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683cf000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683cf000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 298a1b2f-aafe11e5-b6d1a094-64a60b74, CSN 569683cf000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=39 csn=569683d0000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=haproxy1-ngmx-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d0000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=haproxy1-ngmx-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d0000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d0000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 298a1b2f-aafe11e5-b6d1a094-64a60b74, CSN 569683d0000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=40 csn=569683d2000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=hadoop6-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d2000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=hadoop6-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d2000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d2000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 07939706-ab0411e5-b6d1a094-64a60b74, CSN 569683d2000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=41 csn=569683d2000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=hadoop6-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d2000300040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=hadoop6-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d2000300040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d2000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 07939706-ab0411e5-b6d1a094-64a60b74, CSN 569683d2000300040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=42 csn=569683d6000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe6-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d6000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe6-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d6000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d6000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 6968650e-50ff11e5-b1f1cd78-f19552bb, CSN 569683d6000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=43 csn=569683d6000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe6-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d6000300040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe6-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d6000300040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d6000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 6968650e-50ff11e5-b1f1cd78-f19552bb, CSN 569683d6000300040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=44 csn=569683e6000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e6000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e6000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683e6000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 0eb7a68e-aafe11e5-b1f1cd78-f19552bb, CSN 569683e6000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=45 csn=569683e6000200040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e6000200040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e6000200040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683e6000200040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 0eb7a68e-aafe11e5-b1f1cd78-f19552bb, CSN 569683e6000200040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=46 csn=569683e8000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e8000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e8000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683e8000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 9328d984-f5ae11e4-afbccd78-f19552bb, CSN 569683e8000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=47 csn=569683e8000100040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e8000100040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e8000100040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683e8000100040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 9328d984-f5ae11e4-afbccd78-f19552bb, CSN 569683e8000100040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - clcache_load_buffer: rc=-30988 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): No more updates to send (cl5GetNextOperationToReplay) [13/Jan/2016:17:01:36 +0000] - repl5_inc_waitfor_async_results: 0 0 [13/Jan/2016:17:01:36 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:36 +0000] - _cl5PositionCursorForReplay (agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389)): Consumer RUV: [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683e8000100040000 569682f0 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 5} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:36 +0000] - _cl5PositionCursorForReplay (agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389)): Supplier RUV: [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683e8000100040000 569682f0 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): No changes to send [13/Jan/2016:17:01:36 +0000] - Calling dirsync search request plugin [13/Jan/2016:17:01:36 +0000] - Sending dirsync search request [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): Beginning linger on the connection [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: sending_updates -> wait_for_changes [13/Jan/2016:17:01:36 +0000] - repl5_inc_result_threadmain exiting [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - session end: state=5 load=1 sent=47 skipped=0 skipped_new_rid=0 skipped_csn_gt_cons_maxcsn=0 skipped_up_to_date=0 skipped_csn_gt_ruv=0 skipped_csn_covered=0 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Successfully released consumer [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: sending_updates -> wait_for_changes [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: wait_for_changes -> ready_to_acquire_replica [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replica was successfully acquired. [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: ready_to_acquire_replica -> sending_updates [13/Jan/2016:17:01:36 +0000] - csngen_adjust_time: gen state before 569683ea0004:1452704496:2:248 [13/Jan/2016:17:01:36 +0000] - csngen_adjust_time: gen state after 569683ea0004:1452704496:2:248 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:36 +0000] - _cl5PositionCursorForReplay (agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389)): Consumer RUV: [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 569683ea000100050000 00000000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 56968370000400040000 00000000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 00000000 [13/Jan/2016:17:01:36 +0000] - _cl5PositionCursorForReplay (agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389)): Supplier RUV: [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683e8000100040000 569682f0 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - clcache_get_buffer: found thread private buffer cache 7fc6f5181410 [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - clcache_get_buffer: _pool is 7fc74461e350 _pool->pl_busy_lists is 7fc71406c630 _pool->pl_busy_lists->bl_buffers is 7fc6f5181410 [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - session start: anchorcsn=56968370000400040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - changelog program - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): CSN 56968370000400040000 found, position set for replay [13/Jan/2016:17:01:36 +0000] - repl5_inc_result_threadmain starting [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=1 csn=56968372000200040000 [13/Jan/2016:17:01:36 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pmdb1-ops-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968372000200040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pmdb1-ops-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968372000200040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968372000200040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 070df70b-ab2a11e5-b6d1a094-64a60b74, CSN 56968372000200040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=2 csn=56968372000400040000 [13/Jan/2016:17:01:36 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pmdb1-ops-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968372000400040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pmdb1-ops-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968372000400040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968372000400040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 070df70b-ab2a11e5-b6d1a094-64a60b74, CSN 56968372000400040000): [13/Jan/2016:17:01:36 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=3 csn=56968372000600040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="uid=convrter,cn=users,cn=accounts,dc=mydomain,dc=net" csn=56968372000600040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="uid=convrter,cn=users,cn=accounts,dc=mydomain,dc=net" csn=56968372000600040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968372000600040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid c449858a-5b1d11e5-b1f1cd78-f19552bb, CSN 56968372000600040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=4 csn=56968373000000040000 [13/Jan/2016:17:01:36 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe3-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968373000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe3-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968373000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968373000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 2c014385-0bb311e5-bde8cd78-f19552bb, CSN 56968373000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=5 csn=56968373000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe3-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968373000300040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe3-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968373000300040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968373000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 2c014385-0bb311e5-bde8cd78-f19552bb, CSN 56968373000300040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=6 csn=56968375000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=writer1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968375000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=writer1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968375000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968375000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 16a0f586-f5c411e4-afbccd78-f19552bb, CSN 56968375000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=7 csn=56968375000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=writer1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968375000300040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=writer1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968375000300040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968375000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 16a0f586-f5c411e4-afbccd78-f19552bb, CSN 56968375000300040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=8 csn=56968378000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=jbl1-tools-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968378000300040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=jbl1-tools-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968378000300040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968378000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 892ff89a-aaf511e5-b1f1cd78-f19552bb, CSN 56968378000300040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=9 csn=56968379000200040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=jbl1-tools-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000200040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=jbl1-tools-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000200040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968379000200040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 892ff89a-aaf511e5-b1f1cd78-f19552bb, CSN 56968379000200040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=10 csn=56968379000500040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-msg-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000500040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-msg-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000500040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968379000500040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 8f1a8905-1e8611e5-a0c7cd78-f19552bb, CSN 56968379000500040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=11 csn=56968379000800040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-msg-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000800040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-msg-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000800040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968379000800040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 8f1a8905-1e8611e5-a0c7cd78-f19552bb, CSN 56968379000800040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=12 csn=56968379000b00040000 [13/Jan/2016:17:01:36 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=collector1-log-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000b00040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=collector1-log-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000b00040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968379000b00040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 4193771f-569411e5-9215a094-64a60b74, CSN 56968379000b00040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=13 csn=5696837b000200040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=collector1-log-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000200040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=collector1-log-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000200040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837b000200040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 4193771f-569411e5-9215a094-64a60b74, CSN 5696837b000200040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=14 csn=5696837b000500040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-msg-mbqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000500040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-msg-mbqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000500040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837b000500040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 803f2702-aaf511e5-b6d1a094-64a60b74, CSN 5696837b000500040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=15 csn=5696837b000800040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-msg-mbqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000800040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-msg-mbqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000800040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837b000800040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 803f2702-aaf511e5-b6d1a094-64a60b74, CSN 5696837b000800040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=16 csn=5696837d000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-interopperf1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837d000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-interopperf1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837d000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837d000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 640cb404-4cd411e5-b1f1cd78-f19552bb, CSN 5696837d000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=17 csn=5696837f000200040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-interopperf1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000200040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-interopperf1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000200040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000200040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 640cb404-4cd411e5-b1f1cd78-f19552bb, CSN 5696837f000200040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=18 csn=5696837f000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pg1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000300040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pg1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000300040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 1ea56a11-9e1f11e5-b1f1cd78-f19552bb, CSN 5696837f000300040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=19 csn=5696837f000500040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pg1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000500040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pg1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000500040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000500040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 1ea56a11-9e1f11e5-b1f1cd78-f19552bb, CSN 5696837f000500040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=20 csn=5696837f000800040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pg1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000800040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pg1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000800040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000800040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 23489b25-240711e5-a0c7cd78-f19552bb, CSN 5696837f000800040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=21 csn=5696837f000b00040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pg1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000b00040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pg1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000b00040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000b00040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 23489b25-240711e5-a0c7cd78-f19552bb, CSN 5696837f000b00040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=22 csn=56968381000200040000 [13/Jan/2016:17:01:36 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-msgqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968381000200040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-msgqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968381000200040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968381000200040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 15173e07-4c4411e5-b1f1cd78-f19552bb, CSN 56968381000200040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=23 csn=56968381000500040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-msgqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968381000500040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-msgqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968381000500040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968381000500040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 15173e07-4c4411e5-b1f1cd78-f19552bb, CSN 56968381000500040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=24 csn=56968384000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-interopsnap2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968384000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-interopsnap2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968384000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968384000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid c16f2824-4d0911e5-b1f1cd78-f19552bb, CSN 56968384000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=25 csn=56968384000100040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-interopsnap2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968384000100040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-interopsnap2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968384000100040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968384000100040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid c16f2824-4d0911e5-b1f1cd78-f19552bb, CSN 56968384000100040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=26 csn=5696838d000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=proxy3-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696838d000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=proxy3-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696838d000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696838d000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid e347dd89-58b911e5-b1f1cd78-f19552bb, CSN 5696838d000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=27 csn=5696838d000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=proxy3-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696838d000300040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=proxy3-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696838d000300040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696838d000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid e347dd89-58b911e5-b1f1cd78-f19552bb, CSN 5696838d000300040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=28 csn=56968392000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=logger1-mls-snap12-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968392000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=logger1-mls-snap12-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968392000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968392000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 89411b12-58ad11e5-9215a094-64a60b74, CSN 56968392000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=29 csn=56968392000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=logger1-mls-snap12-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968392000300040000) [13/Jan/2016:17:01:36 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=logger1-mls-snap12-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968392000300040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968392000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 89411b12-58ad11e5-9215a094-64a60b74, CSN 56968392000300040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=30 csn=56968397000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=db1-arch-cpqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968397000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=db1-arch-cpqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968397000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968397000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid a050c41e-9e2e11e5-b1f1cd78-f19552bb, CSN 56968397000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=31 csn=56968397000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=db1-arch-cpqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968397000300040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=db1-arch-cpqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968397000300040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968397000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid a050c41e-9e2e11e5-b1f1cd78-f19552bb, CSN 56968397000300040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=32 csn=569683a9000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="krbprincipalname=ldap/dc1-ipa-dev-nvan.mydomain.net at mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net" csn=569683a9000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="krbprincipalname=ldap/dc1-ipa-dev-nvan.mydomain.net at mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net" csn=569683a9000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683a9000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid ba2f2115-ede211e4-bdd5a094-64a60b74, CSN 569683a9000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=33 csn=569683ae000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=report1-urs-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ae000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=report1-urs-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ae000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683ae000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 0481128c-a44311e5-b1f1cd78-f19552bb, CSN 569683ae000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=34 csn=569683ae000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=report1-urs-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ae000300040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=report1-urs-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ae000300040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683ae000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 0481128c-a44311e5-b1f1cd78-f19552bb, CSN 569683ae000300040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=35 csn=569683c3000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-maci1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683c3000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-maci1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683c3000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683c3000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 64ef0886-4c3611e5-b1f1cd78-f19552bb, CSN 569683c3000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=36 csn=569683c5000200040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-maci1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683c5000200040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-maci1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683c5000200040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683c5000200040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 64ef0886-4c3611e5-b1f1cd78-f19552bb, CSN 569683c5000200040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=37 csn=569683c7000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="krbprincipalname=cifs/dc1-ipa-dev-van.mydomain.net at mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net" csn=569683c7000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="krbprincipalname=cifs/dc1-ipa-dev-van.mydomain.net at mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net" csn=569683c7000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683c7000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid e16b6f0a-f27411e4-bf10cd78-f19552bb, CSN 569683c7000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=38 csn=569683cf000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=haproxy1-ngmx-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683cf000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=haproxy1-ngmx-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683cf000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683cf000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 298a1b2f-aafe11e5-b6d1a094-64a60b74, CSN 569683cf000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=39 csn=569683d0000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=haproxy1-ngmx-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d0000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=haproxy1-ngmx-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d0000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d0000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 298a1b2f-aafe11e5-b6d1a094-64a60b74, CSN 569683d0000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=40 csn=569683d2000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=hadoop6-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d2000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=hadoop6-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d2000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d2000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 07939706-ab0411e5-b6d1a094-64a60b74, CSN 569683d2000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=41 csn=569683d2000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=hadoop6-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d2000300040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=hadoop6-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d2000300040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d2000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 07939706-ab0411e5-b6d1a094-64a60b74, CSN 569683d2000300040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=42 csn=569683d6000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe6-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d6000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe6-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d6000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d6000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 6968650e-50ff11e5-b1f1cd78-f19552bb, CSN 569683d6000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=43 csn=569683d6000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe6-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d6000300040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe6-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d6000300040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d6000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 6968650e-50ff11e5-b1f1cd78-f19552bb, CSN 569683d6000300040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=44 csn=569683e6000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e6000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e6000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683e6000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 0eb7a68e-aafe11e5-b1f1cd78-f19552bb, CSN 569683e6000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=45 csn=569683e6000200040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e6000200040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e6000200040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683e6000200040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 0eb7a68e-aafe11e5-b1f1cd78-f19552bb, CSN 569683e6000200040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=46 csn=569683e8000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e8000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e8000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683e8000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 9328d984-f5ae11e4-afbccd78-f19552bb, CSN 569683e8000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=47 csn=569683e8000100040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e8000100040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e8000100040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683e8000100040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 9328d984-f5ae11e4-afbccd78-f19552bb, CSN 569683e8000100040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - clcache_load_buffer: rc=-30988 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): No more updates to send (cl5GetNextOperationToReplay) [13/Jan/2016:17:01:36 +0000] - repl5_inc_waitfor_async_results: 0 0 [13/Jan/2016:17:01:36 +0000] - repl5_inc_result_threadmain exiting [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - session end: state=5 load=1 sent=47 skipped=0 skipped_new_rid=0 skipped_csn_gt_cons_maxcsn=0 skipped_up_to_date=0 skipped_csn_gt_ruv=0 skipped_csn_covered=0 [13/Jan/2016:17:01:37 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Successfully released consumer [13/Jan/2016:17:01:37 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [13/Jan/2016:17:01:37 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: sending_updates -> wait_for_changes [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 56960018000000050000 into pending list [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - conn=5219 op=156078 csn=56960018000000050000 process postop: canceling operation csn [13/Jan/2016:17:01:38 +0000] - _csngen_adjust_local_time: gen state before 569683ea0004:1452704496:2:248 [13/Jan/2016:17:01:38 +0000] - _csngen_adjust_local_time: gen state after 569683ea0004:1452704498:0:248 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569683ea000400040000 into pending list [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=es1-sal-sinci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568d4968000100040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569683ea000400040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: wait_for_changes -> wait_for_changes [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: wait_for_changes -> ready_to_acquire_replica [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: wait_for_changes -> wait_for_changes [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: wait_for_changes -> ready_to_acquire_replica [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [13/Jan/2016:17:01:38 +0000] - acquire_replica, supplier RUV: [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - supplier: {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - supplier: {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683ea000400040000 569682f2 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - supplier: {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - supplier: {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:38 +0000] - acquire_replica, consumer RUV: [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - consumer: {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - consumer: {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683e8000100040000 569682f0 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - consumer: {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - consumer: {replica 5} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:38 +0000] - acquire_replica, supplier RUV is newer [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): Cancelling linger on the connection [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replica was successfully acquired. [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: ready_to_acquire_replica -> sending_updates [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569683ea000600040000 into pending list [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=es1-sal-sinci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568d496a000400040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - windows sync - windows_acquire_replica returned success (101) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: ready_to_acquire_replica -> sending_updates [13/Jan/2016:17:01:38 +0000] - csngen_adjust_time: gen state before 569683ea0008:1452704498:0:248 [13/Jan/2016:17:01:38 +0000] - csngen_adjust_time: gen state after 569683ea0008:1452704498:0:248 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:38 +0000] - csngen_adjust_time: gen state before 569683ea0008:1452704498:0:248 [13/Jan/2016:17:01:38 +0000] - _cl5PositionCursorForReplay (agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389)): Consumer RUV: [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 569683ea000100050000 00000000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 56968370000400040000 00000000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 00000000 [13/Jan/2016:17:01:38 +0000] - _cl5PositionCursorForReplay (agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389)): Supplier RUV: [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683ea000400040000 569682f2 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - clcache_get_buffer: found thread private buffer cache 7fc6f5181410 [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - clcache_get_buffer: _pool is 7fc74461e350 _pool->pl_busy_lists is 7fc71406c630 _pool->pl_busy_lists->bl_buffers is 7fc6f5181410 [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - session start: anchorcsn=56968370000400040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - changelog program - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): CSN 56968370000400040000 found, position set for replay [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=1 csn=56968372000200040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pmdb1-ops-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968372000200040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pmdb1-ops-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968372000200040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968372000200040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 070df70b-ab2a11e5-b6d1a094-64a60b74, CSN 56968372000200040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=2 csn=56968372000400040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pmdb1-ops-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968372000400040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pmdb1-ops-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968372000400040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968372000400040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 070df70b-ab2a11e5-b6d1a094-64a60b74, CSN 56968372000400040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=3 csn=56968372000600040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="uid=convrter,cn=users,cn=accounts,dc=mydomain,dc=net" csn=56968372000600040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="uid=convrter,cn=users,cn=accounts,dc=mydomain,dc=net" csn=56968372000600040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968372000600040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid c449858a-5b1d11e5-b1f1cd78-f19552bb, CSN 56968372000600040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=4 csn=56968373000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe3-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968373000000040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe3-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968373000000040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968373000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 2c014385-0bb311e5-bde8cd78-f19552bb, CSN 56968373000000040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=5 csn=56968373000300040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe3-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968373000300040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe3-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968373000300040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968373000300040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 2c014385-0bb311e5-bde8cd78-f19552bb, CSN 56968373000300040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=6 csn=56968375000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=writer1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968375000000040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=writer1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968375000000040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968375000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 16a0f586-f5c411e4-afbccd78-f19552bb, CSN 56968375000000040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=7 csn=56968375000300040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=writer1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968375000300040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=writer1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968375000300040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968375000300040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 16a0f586-f5c411e4-afbccd78-f19552bb, CSN 56968375000300040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=8 csn=56968378000300040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=jbl1-tools-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968378000300040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=jbl1-tools-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968378000300040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968378000300040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 892ff89a-aaf511e5-b1f1cd78-f19552bb, CSN 56968378000300040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=9 csn=56968379000200040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=jbl1-tools-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000200040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=jbl1-tools-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000200040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968379000200040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 892ff89a-aaf511e5-b1f1cd78-f19552bb, CSN 56968379000200040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=10 csn=56968379000500040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-msg-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000500040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-msg-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000500040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968379000500040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 8f1a8905-1e8611e5-a0c7cd78-f19552bb, CSN 56968379000500040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=11 csn=56968379000800040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-msg-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000800040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-msg-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000800040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968379000800040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 8f1a8905-1e8611e5-a0c7cd78-f19552bb, CSN 56968379000800040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=12 csn=56968379000b00040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=collector1-log-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000b00040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=collector1-log-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000b00040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968379000b00040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 4193771f-569411e5-9215a094-64a60b74, CSN 56968379000b00040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=13 csn=5696837b000200040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=collector1-log-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000200040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=collector1-log-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000200040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837b000200040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 4193771f-569411e5-9215a094-64a60b74, CSN 5696837b000200040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=14 csn=5696837b000500040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-msg-mbqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000500040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-msg-mbqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000500040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837b000500040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 803f2702-aaf511e5-b6d1a094-64a60b74, CSN 5696837b000500040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=15 csn=5696837b000800040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-msg-mbqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000800040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-msg-mbqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000800040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837b000800040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 803f2702-aaf511e5-b6d1a094-64a60b74, CSN 5696837b000800040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=16 csn=5696837d000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-interopperf1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837d000000040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-interopperf1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837d000000040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837d000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 640cb404-4cd411e5-b1f1cd78-f19552bb, CSN 5696837d000000040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=17 csn=5696837f000200040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-interopperf1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000200040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-interopperf1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000200040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000200040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 640cb404-4cd411e5-b1f1cd78-f19552bb, CSN 5696837f000200040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=18 csn=5696837f000300040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pg1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000300040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pg1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000300040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000300040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 1ea56a11-9e1f11e5-b1f1cd78-f19552bb, CSN 5696837f000300040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=19 csn=5696837f000500040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pg1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000500040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pg1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000500040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000500040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 1ea56a11-9e1f11e5-b1f1cd78-f19552bb, CSN 5696837f000500040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=20 csn=5696837f000800040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pg1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000800040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pg1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000800040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000800040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 23489b25-240711e5-a0c7cd78-f19552bb, CSN 5696837f000800040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=21 csn=5696837f000b00040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pg1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000b00040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pg1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000b00040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000b00040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 23489b25-240711e5-a0c7cd78-f19552bb, CSN 5696837f000b00040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=22 csn=56968381000200040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-msgqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968381000200040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-msgqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968381000200040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968381000200040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 15173e07-4c4411e5-b1f1cd78-f19552bb, CSN 56968381000200040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=23 csn=56968381000500040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-msgqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968381000500040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-msgqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968381000500040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968381000500040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 15173e07-4c4411e5-b1f1cd78-f19552bb, CSN 56968381000500040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=24 csn=56968384000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-interopsnap2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968384000000040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-interopsnap2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968384000000040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968384000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid c16f2824-4d0911e5-b1f1cd78-f19552bb, CSN 56968384000000040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=25 csn=56968384000100040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-interopsnap2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968384000100040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-interopsnap2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968384000100040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968384000100040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid c16f2824-4d0911e5-b1f1cd78-f19552bb, CSN 56968384000100040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=26 csn=5696838d000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=proxy3-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696838d000000040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=proxy3-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696838d000000040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696838d000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid e347dd89-58b911e5-b1f1cd78-f19552bb, CSN 5696838d000000040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=27 csn=5696838d000300040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=proxy3-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696838d000300040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=proxy3-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696838d000300040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696838d000300040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid e347dd89-58b911e5-b1f1cd78-f19552bb, CSN 5696838d000300040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=28 csn=56968392000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=logger1-mls-snap12-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968392000000040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=logger1-mls-snap12-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968392000000040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968392000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 89411b12-58ad11e5-9215a094-64a60b74, CSN 56968392000000040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=29 csn=56968392000300040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=logger1-mls-snap12-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968392000300040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=logger1-mls-snap12-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968392000300040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968392000300040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 89411b12-58ad11e5-9215a094-64a60b74, CSN 56968392000300040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=30 csn=56968397000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=db1-arch-cpqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968397000000040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=db1-arch-cpqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968397000000040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968397000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid a050c41e-9e2e11e5-b1f1cd78-f19552bb, CSN 56968397000000040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=31 csn=56968397000300040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=db1-arch-cpqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968397000300040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=db1-arch-cpqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968397000300040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968397000300040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid a050c41e-9e2e11e5-b1f1cd78-f19552bb, CSN 56968397000300040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=32 csn=569683a9000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="krbprincipalname=ldap/dc1-ipa-dev-nvan.mydomain.net at mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net" csn=569683a9000000040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="krbprincipalname=ldap/dc1-ipa-dev-nvan.mydomain.net at mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net" csn=569683a9000000040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683a9000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid ba2f2115-ede211e4-bdd5a094-64a60b74, CSN 569683a9000000040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=33 csn=569683ae000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=report1-urs-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ae000000040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=report1-urs-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ae000000040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683ae000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 0481128c-a44311e5-b1f1cd78-f19552bb, CSN 569683ae000000040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=34 csn=569683ae000300040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=report1-urs-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ae000300040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=report1-urs-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ae000300040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683ae000300040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 0481128c-a44311e5-b1f1cd78-f19552bb, CSN 569683ae000300040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=35 csn=569683c3000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-maci1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683c3000000040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-maci1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683c3000000040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683c3000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 64ef0886-4c3611e5-b1f1cd78-f19552bb, CSN 569683c3000000040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=36 csn=569683c5000200040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-maci1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683c5000200040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-maci1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683c5000200040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683c5000200040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 64ef0886-4c3611e5-b1f1cd78-f19552bb, CSN 569683c5000200040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=37 csn=569683c7000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="krbprincipalname=cifs/dc1-ipa-dev-van.mydomain.net at mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net" csn=569683c7000000040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="krbprincipalname=cifs/dc1-ipa-dev-van.mydomain.net at mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net" csn=569683c7000000040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683c7000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid e16b6f0a-f27411e4-bf10cd78-f19552bb, CSN 569683c7000000040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=38 csn=569683cf000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=haproxy1-ngmx-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683cf000000040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=haproxy1-ngmx-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683cf000000040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683cf000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 298a1b2f-aafe11e5-b6d1a094-64a60b74, CSN 569683cf000000040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=39 csn=569683d0000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=haproxy1-ngmx-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d0000000040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=haproxy1-ngmx-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d0000000040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d0000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 298a1b2f-aafe11e5-b6d1a094-64a60b74, CSN 569683d0000000040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=40 csn=569683d2000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=hadoop6-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d2000000040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=hadoop6-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d2000000040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d2000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 07939706-ab0411e5-b6d1a094-64a60b74, CSN 569683d2000000040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=41 csn=569683d2000300040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=hadoop6-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d2000300040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=hadoop6-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d2000300040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d2000300040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 07939706-ab0411e5-b6d1a094-64a60b74, CSN 569683d2000300040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=42 csn=569683d6000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe6-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d6000000040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe6-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d6000000040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d6000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 6968650e-50ff11e5-b1f1cd78-f19552bb, CSN 569683d6000000040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=43 csn=569683d6000300040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe6-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d6000300040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe6-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d6000300040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d6000300040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 6968650e-50ff11e5-b1f1cd78-f19552bb, CSN 569683d6000300040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=44 csn=569683e6000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e6000000040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e6000000040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683e6000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 0eb7a68e-aafe11e5-b1f1cd78-f19552bb, CSN 569683e6000000040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=45 csn=569683e6000200040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e6000200040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e6000200040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683e6000200040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 0eb7a68e-aafe11e5-b1f1cd78-f19552bb, CSN 569683e6000200040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=46 csn=569683e8000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e8000000040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e8000000040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683e8000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 9328d984-f5ae11e4-afbccd78-f19552bb, CSN 569683e8000000040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=47 csn=569683e8000100040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e8000100040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e8000100040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683e8000100040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 9328d984-f5ae11e4-afbccd78-f19552bb, CSN 569683e8000100040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=48 csn=569683ea000400040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-sal-sinci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ea000400040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-sal-sinci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ea000400040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683ea000400040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 8fa6b5a2-58f411e5-b1f1cd78-f19552bb, CSN 569683ea000400040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - clcache_load_buffer: rc=-30988 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): No more updates to send (cl5GetNextOperationToReplay) [13/Jan/2016:17:01:38 +0000] - repl5_inc_waitfor_async_results: 0 0 [13/Jan/2016:17:01:38 +0000] - repl5_inc_result_threadmain starting [13/Jan/2016:17:01:38 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:38 +0000] - _cl5PositionCursorForReplay (agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389)): Consumer RUV: [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683e8000100040000 569682f0 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 5} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:38 +0000] - _cl5PositionCursorForReplay (agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389)): Supplier RUV: [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683ea000400040000 569682f2 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:38 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - clcache_get_buffer: found thread private buffer cache 7fc71407c6e0 [13/Jan/2016:17:01:38 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - clcache_get_buffer: _pool is 7fc74461e350 _pool->pl_busy_lists is 7fc71406c630 _pool->pl_busy_lists->bl_buffers is 7fc6f5181410 [13/Jan/2016:17:01:38 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - session start: anchorcsn=569683e8000100040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - changelog program - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): CSN 569683e8000100040000 found, position set for replay [13/Jan/2016:17:01:38 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - load=1 rec=1 csn=569683ea000400040000 [13/Jan/2016:17:01:38 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - clcache_load_buffer: rc=-30988 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): No more updates to send (cl5GetNextOperationToReplay) [13/Jan/2016:17:01:38 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - session end: state=5 load=1 sent=1 skipped=0 skipped_new_rid=0 skipped_csn_gt_cons_maxcsn=0 skipped_up_to_date=0 skipped_csn_gt_ruv=0 skipped_csn_covered=0 [13/Jan/2016:17:01:38 +0000] - Calling dirsync search request plugin [13/Jan/2016:17:01:38 +0000] - Sending dirsync search request [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569683ea000600040000 [13/Jan/2016:17:01:38 +0000] - repl5_inc_result_threadmain exiting [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - session end: state=5 load=1 sent=48 skipped=0 skipped_new_rid=0 skipped_csn_gt_cons_maxcsn=0 skipped_up_to_date=0 skipped_csn_gt_ruv=0 skipped_csn_covered=0 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Successfully released consumer [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: sending_updates -> wait_for_changes [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: wait_for_changes -> ready_to_acquire_replica [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): Beginning linger on the connection [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: sending_updates -> wait_for_changes [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: wait_for_changes -> ready_to_acquire_replica [13/Jan/2016:17:01:38 +0000] - acquire_replica, supplier RUV: [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - supplier: {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - supplier: {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683ea000600040000 569682f2 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - supplier: {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - supplier: {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:38 +0000] - acquire_replica, consumer RUV: [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - consumer: {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - consumer: {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683ea000400040000 569682f2 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - consumer: {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - consumer: {replica 5} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:38 +0000] - acquire_replica, supplier RUV is newer [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): Cancelling linger on the connection [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - windows sync - windows_acquire_replica returned success (101) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: ready_to_acquire_replica -> sending_updates [13/Jan/2016:17:01:38 +0000] - csngen_adjust_time: gen state before 569683ea000a:1452704498:0:248 [13/Jan/2016:17:01:38 +0000] - csngen_adjust_time: gen state after 569683ea000a:1452704498:0:248 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replica was successfully acquired. [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: ready_to_acquire_replica -> sending_updates [13/Jan/2016:17:01:38 +0000] - csngen_adjust_time: gen state before 569683ea000a:1452704498:0:248 [13/Jan/2016:17:01:38 +0000] - csngen_adjust_time: gen state after 569683ea000a:1452704498:0:248 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:38 +0000] - _cl5PositionCursorForReplay (agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389)): Consumer RUV: [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 569683ea000100050000 00000000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 56968370000400040000 00000000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 00000000 [13/Jan/2016:17:01:38 +0000] - _cl5PositionCursorForReplay (agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389)): Supplier RUV: [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683ea000600040000 569682f2 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - clcache_get_buffer: found thread private buffer cache 7fc6f5181410 [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - clcache_get_buffer: _pool is 7fc74461e350 _pool->pl_busy_lists is 7fc71406c630 _pool->pl_busy_lists->bl_buffers is 7fc6f5181410 [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - session start: anchorcsn=56968370000400040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - changelog program - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): CSN 56968370000400040000 found, position set for replay [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=1 csn=56968372000200040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pmdb1-ops-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968372000200040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pmdb1-ops-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968372000200040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968372000200040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 070df70b-ab2a11e5-b6d1a094-64a60b74, CSN 56968372000200040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=2 csn=56968372000400040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pmdb1-ops-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968372000400040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pmdb1-ops-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968372000400040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968372000400040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 070df70b-ab2a11e5-b6d1a094-64a60b74, CSN 56968372000400040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=3 csn=56968372000600040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="uid=convrter,cn=users,cn=accounts,dc=mydomain,dc=net" csn=56968372000600040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="uid=convrter,cn=users,cn=accounts,dc=mydomain,dc=net" csn=56968372000600040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968372000600040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid c449858a-5b1d11e5-b1f1cd78-f19552bb, CSN 56968372000600040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=4 csn=56968373000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe3-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968373000000040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe3-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968373000000040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968373000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 2c014385-0bb311e5-bde8cd78-f19552bb, CSN 56968373000000040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=5 csn=56968373000300040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe3-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968373000300040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe3-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968373000300040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968373000300040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 2c014385-0bb311e5-bde8cd78-f19552bb, CSN 56968373000300040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=6 csn=56968375000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=writer1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968375000000040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=writer1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968375000000040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968375000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 16a0f586-f5c411e4-afbccd78-f19552bb, CSN 56968375000000040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=7 csn=56968375000300040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=writer1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968375000300040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=writer1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968375000300040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968375000300040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 16a0f586-f5c411e4-afbccd78-f19552bb, CSN 56968375000300040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=8 csn=56968378000300040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=jbl1-tools-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968378000300040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=jbl1-tools-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968378000300040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968378000300040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 892ff89a-aaf511e5-b1f1cd78-f19552bb, CSN 56968378000300040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=9 csn=56968379000200040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=jbl1-tools-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000200040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=jbl1-tools-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000200040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968379000200040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 892ff89a-aaf511e5-b1f1cd78-f19552bb, CSN 56968379000200040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=10 csn=56968379000500040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-msg-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000500040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-msg-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000500040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968379000500040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 8f1a8905-1e8611e5-a0c7cd78-f19552bb, CSN 56968379000500040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=11 csn=56968379000800040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-msg-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000800040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-msg-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000800040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968379000800040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 8f1a8905-1e8611e5-a0c7cd78-f19552bb, CSN 56968379000800040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=12 csn=56968379000b00040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=collector1-log-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000b00040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=collector1-log-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000b00040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968379000b00040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 4193771f-569411e5-9215a094-64a60b74, CSN 56968379000b00040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=13 csn=5696837b000200040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=collector1-log-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000200040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=collector1-log-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000200040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837b000200040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 4193771f-569411e5-9215a094-64a60b74, CSN 5696837b000200040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=14 csn=5696837b000500040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-msg-mbqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000500040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-msg-mbqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000500040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837b000500040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 803f2702-aaf511e5-b6d1a094-64a60b74, CSN 5696837b000500040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=15 csn=5696837b000800040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-msg-mbqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000800040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-msg-mbqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000800040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837b000800040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 803f2702-aaf511e5-b6d1a094-64a60b74, CSN 5696837b000800040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=16 csn=5696837d000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-interopperf1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837d000000040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-interopperf1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837d000000040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837d000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 640cb404-4cd411e5-b1f1cd78-f19552bb, CSN 5696837d000000040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=17 csn=5696837f000200040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-interopperf1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000200040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-interopperf1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000200040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000200040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 640cb404-4cd411e5-b1f1cd78-f19552bb, CSN 5696837f000200040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=18 csn=5696837f000300040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pg1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000300040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pg1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000300040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000300040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 1ea56a11-9e1f11e5-b1f1cd78-f19552bb, CSN 5696837f000300040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=19 csn=5696837f000500040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pg1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000500040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pg1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000500040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000500040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 1ea56a11-9e1f11e5-b1f1cd78-f19552bb, CSN 5696837f000500040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=20 csn=5696837f000800040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pg1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000800040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pg1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000800040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000800040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 23489b25-240711e5-a0c7cd78-f19552bb, CSN 5696837f000800040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=21 csn=5696837f000b00040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pg1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000b00040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pg1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000b00040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000b00040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 23489b25-240711e5-a0c7cd78-f19552bb, CSN 5696837f000b00040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=22 csn=56968381000200040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-msgqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968381000200040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-msgqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968381000200040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968381000200040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 15173e07-4c4411e5-b1f1cd78-f19552bb, CSN 56968381000200040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=23 csn=56968381000500040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-msgqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968381000500040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-msgqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968381000500040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968381000500040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 15173e07-4c4411e5-b1f1cd78-f19552bb, CSN 56968381000500040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=24 csn=56968384000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-interopsnap2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968384000000040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-interopsnap2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968384000000040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968384000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid c16f2824-4d0911e5-b1f1cd78-f19552bb, CSN 56968384000000040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=25 csn=56968384000100040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-interopsnap2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968384000100040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-interopsnap2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968384000100040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968384000100040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid c16f2824-4d0911e5-b1f1cd78-f19552bb, CSN 56968384000100040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=26 csn=5696838d000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=proxy3-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696838d000000040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=proxy3-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696838d000000040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696838d000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid e347dd89-58b911e5-b1f1cd78-f19552bb, CSN 5696838d000000040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=27 csn=5696838d000300040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=proxy3-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696838d000300040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=proxy3-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696838d000300040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696838d000300040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid e347dd89-58b911e5-b1f1cd78-f19552bb, CSN 5696838d000300040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=28 csn=56968392000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=logger1-mls-snap12-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968392000000040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=logger1-mls-snap12-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968392000000040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968392000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 89411b12-58ad11e5-9215a094-64a60b74, CSN 56968392000000040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=29 csn=56968392000300040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=logger1-mls-snap12-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968392000300040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=logger1-mls-snap12-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968392000300040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968392000300040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 89411b12-58ad11e5-9215a094-64a60b74, CSN 56968392000300040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=30 csn=56968397000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=db1-arch-cpqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968397000000040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=db1-arch-cpqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968397000000040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968397000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid a050c41e-9e2e11e5-b1f1cd78-f19552bb, CSN 56968397000000040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=31 csn=56968397000300040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=db1-arch-cpqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968397000300040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=db1-arch-cpqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968397000300040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968397000300040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid a050c41e-9e2e11e5-b1f1cd78-f19552bb, CSN 56968397000300040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=32 csn=569683a9000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="krbprincipalname=ldap/dc1-ipa-dev-nvan.mydomain.net at mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net" csn=569683a9000000040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="krbprincipalname=ldap/dc1-ipa-dev-nvan.mydomain.net at mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net" csn=569683a9000000040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683a9000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid ba2f2115-ede211e4-bdd5a094-64a60b74, CSN 569683a9000000040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=33 csn=569683ae000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=report1-urs-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ae000000040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=report1-urs-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ae000000040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683ae000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 0481128c-a44311e5-b1f1cd78-f19552bb, CSN 569683ae000000040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=34 csn=569683ae000300040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=report1-urs-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ae000300040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=report1-urs-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ae000300040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683ae000300040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 0481128c-a44311e5-b1f1cd78-f19552bb, CSN 569683ae000300040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=35 csn=569683c3000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-maci1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683c3000000040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-maci1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683c3000000040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683c3000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 64ef0886-4c3611e5-b1f1cd78-f19552bb, CSN 569683c3000000040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=36 csn=569683c5000200040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-maci1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683c5000200040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-maci1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683c5000200040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683c5000200040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 64ef0886-4c3611e5-b1f1cd78-f19552bb, CSN 569683c5000200040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=37 csn=569683c7000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="krbprincipalname=cifs/dc1-ipa-dev-van.mydomain.net at mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net" csn=569683c7000000040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="krbprincipalname=cifs/dc1-ipa-dev-van.mydomain.net at mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net" csn=569683c7000000040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683c7000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid e16b6f0a-f27411e4-bf10cd78-f19552bb, CSN 569683c7000000040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=38 csn=569683cf000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=haproxy1-ngmx-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683cf000000040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=haproxy1-ngmx-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683cf000000040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683cf000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 298a1b2f-aafe11e5-b6d1a094-64a60b74, CSN 569683cf000000040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=39 csn=569683d0000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=haproxy1-ngmx-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d0000000040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=haproxy1-ngmx-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d0000000040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d0000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 298a1b2f-aafe11e5-b6d1a094-64a60b74, CSN 569683d0000000040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=40 csn=569683d2000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=hadoop6-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d2000000040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=hadoop6-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d2000000040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d2000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 07939706-ab0411e5-b6d1a094-64a60b74, CSN 569683d2000000040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=41 csn=569683d2000300040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=hadoop6-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d2000300040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=hadoop6-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d2000300040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d2000300040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 07939706-ab0411e5-b6d1a094-64a60b74, CSN 569683d2000300040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=42 csn=569683d6000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe6-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d6000000040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe6-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d6000000040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d6000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 6968650e-50ff11e5-b1f1cd78-f19552bb, CSN 569683d6000000040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=43 csn=569683d6000300040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe6-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d6000300040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe6-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d6000300040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d6000300040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 6968650e-50ff11e5-b1f1cd78-f19552bb, CSN 569683d6000300040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=44 csn=569683e6000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e6000000040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e6000000040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683e6000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 0eb7a68e-aafe11e5-b1f1cd78-f19552bb, CSN 569683e6000000040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=45 csn=569683e6000200040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e6000200040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e6000200040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683e6000200040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 0eb7a68e-aafe11e5-b1f1cd78-f19552bb, CSN 569683e6000200040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=46 csn=569683e8000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e8000000040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e8000000040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683e8000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 9328d984-f5ae11e4-afbccd78-f19552bb, CSN 569683e8000000040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=47 csn=569683e8000100040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e8000100040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e8000100040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683e8000100040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 9328d984-f5ae11e4-afbccd78-f19552bb, CSN 569683e8000100040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=48 csn=569683ea000400040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-sal-sinci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ea000400040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-sal-sinci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ea000400040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683ea000400040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 8fa6b5a2-58f411e5-b1f1cd78-f19552bb, CSN 569683ea000400040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=49 csn=569683ea000600040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-sal-sinci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ea000600040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-sal-sinci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ea000600040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683ea000600040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 8fa6b5a2-58f411e5-b1f1cd78-f19552bb, CSN 569683ea000600040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - clcache_load_buffer: rc=-30988 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): No more updates to send (cl5GetNextOperationToReplay) [13/Jan/2016:17:01:39 +0000] - repl5_inc_waitfor_async_results: 0 0 [13/Jan/2016:17:01:39 +0000] - repl5_inc_result_threadmain starting [13/Jan/2016:17:01:39 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:39 +0000] - _cl5PositionCursorForReplay (agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389)): Consumer RUV: [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683ea000400040000 569682f2 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 5} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:39 +0000] - _cl5PositionCursorForReplay (agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389)): Supplier RUV: [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683ea000600040000 569682f2 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:39 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - clcache_get_buffer: found thread private buffer cache 7fc71407c6e0 [13/Jan/2016:17:01:39 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - clcache_get_buffer: _pool is 7fc74461e350 _pool->pl_busy_lists is 7fc71406c630 _pool->pl_busy_lists->bl_buffers is 7fc6f5181410 [13/Jan/2016:17:01:39 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - session start: anchorcsn=569683ea000400040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - changelog program - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): CSN 569683ea000400040000 found, position set for replay [13/Jan/2016:17:01:39 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - load=1 rec=1 csn=569683ea000600040000 [13/Jan/2016:17:01:39 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - clcache_load_buffer: rc=-30988 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): No more updates to send (cl5GetNextOperationToReplay) [13/Jan/2016:17:01:39 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - session end: state=5 load=1 sent=1 skipped=0 skipped_new_rid=0 skipped_csn_gt_cons_maxcsn=0 skipped_up_to_date=0 skipped_csn_gt_ruv=0 skipped_csn_covered=0 [13/Jan/2016:17:01:39 +0000] - Calling dirsync search request plugin [13/Jan/2016:17:01:39 +0000] - Sending dirsync search request [13/Jan/2016:17:01:39 +0000] - repl5_inc_result_threadmain exiting [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - session end: state=5 load=1 sent=49 skipped=0 skipped_new_rid=0 skipped_csn_gt_cons_maxcsn=0 skipped_up_to_date=0 skipped_csn_gt_ruv=0 skipped_csn_covered=0 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Successfully released consumer [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: sending_updates -> wait_for_changes [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): Beginning linger on the connection [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: sending_updates -> wait_for_changes [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 56960179000000050000 into pending list [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - conn=5219 op=156079 csn=56960179000000050000 process postop: canceling operation csn [13/Jan/2016:17:01:40 +0000] - _csngen_adjust_local_time: gen state before 569683ea000a:1452704498:0:248 [13/Jan/2016:17:01:40 +0000] - _csngen_adjust_local_time: gen state after 569683ec0000:1452704500:0:248 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569683ec000000040000 into pending list [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=puppet1-sandbox-int-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568d496a000600040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569683ec000000040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: wait_for_changes -> wait_for_changes [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: wait_for_changes -> ready_to_acquire_replica [13/Jan/2016:17:01:40 +0000] - acquire_replica, supplier RUV: [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - supplier: {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - supplier: {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683ec000000040000 569682f4 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - supplier: {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - supplier: {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:40 +0000] - acquire_replica, consumer RUV: [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - consumer: {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - consumer: {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683ea000600040000 569682f3 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - consumer: {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - consumer: {replica 5} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:40 +0000] - acquire_replica, supplier RUV is newer [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): Cancelling linger on the connection [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - windows sync - windows_acquire_replica returned success (101) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: ready_to_acquire_replica -> sending_updates [13/Jan/2016:17:01:40 +0000] - csngen_adjust_time: gen state before 569683ec0002:1452704500:0:248 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: wait_for_changes -> wait_for_changes [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: wait_for_changes -> ready_to_acquire_replica [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replica was successfully acquired. [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: ready_to_acquire_replica -> sending_updates [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569683ec000300040000 into pending list [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=puppet1-sandbox-int-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568d496c000000040000 [13/Jan/2016:17:01:40 +0000] - csngen_adjust_time: gen state before 569683ec0004:1452704500:0:248 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:40 +0000] - _cl5PositionCursorForReplay (agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389)): Consumer RUV: [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 569683ea000100050000 00000000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 56968370000400040000 00000000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 00000000 [13/Jan/2016:17:01:40 +0000] - _cl5PositionCursorForReplay (agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389)): Supplier RUV: [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683ec000000040000 569682f4 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - clcache_get_buffer: found thread private buffer cache 7fc6f5181410 [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - clcache_get_buffer: _pool is 7fc74461e350 _pool->pl_busy_lists is 7fc71406c630 _pool->pl_busy_lists->bl_buffers is 7fc6f5181410 [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - session start: anchorcsn=56968370000400040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - changelog program - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): CSN 56968370000400040000 found, position set for replay [13/Jan/2016:17:01:40 +0000] - repl5_inc_result_threadmain starting [13/Jan/2016:17:01:40 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=1 csn=56968372000200040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pmdb1-ops-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968372000200040000) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pmdb1-ops-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968372000200040000) not sent - empty [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968372000200040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 070df70b-ab2a11e5-b6d1a094-64a60b74, CSN 56968372000200040000): [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=2 csn=56968372000400040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pmdb1-ops-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968372000400040000) [13/Jan/2016:17:01:40 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:40 +0000] - _cl5PositionCursorForReplay (agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389)): Consumer RUV: [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683ea000600040000 569682f3 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 5} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:40 +0000] - _cl5PositionCursorForReplay (agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389)): Supplier RUV: [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683ec000000040000 569682f4 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:40 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - clcache_get_buffer: found thread private buffer cache 7fc71407c6e0 [13/Jan/2016:17:01:40 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - clcache_get_buffer: _pool is 7fc74461e350 _pool->pl_busy_lists is 7fc71406c630 _pool->pl_busy_lists->bl_buffers is 7fc6f5181410 [13/Jan/2016:17:01:40 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - session start: anchorcsn=569683ea000600040000 [13/Jan/2016:17:01:40 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569683ec000300040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pmdb1-ops-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968372000400040000) not sent - empty [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968372000400040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 070df70b-ab2a11e5-b6d1a094-64a60b74, CSN 56968372000400040000): [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=3 csn=56968372000600040000 [13/Jan/2016:17:01:40 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - changelog program - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): CSN 569683ea000600040000 found, position set for replay [13/Jan/2016:17:01:40 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - load=1 rec=1 csn=569683ec000000040000 [13/Jan/2016:17:01:40 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="uid=convrter,cn=users,cn=accounts,dc=mydomain,dc=net" csn=56968372000600040000) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="uid=convrter,cn=users,cn=accounts,dc=mydomain,dc=net" csn=56968372000600040000) not sent - empty [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968372000600040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid c449858a-5b1d11e5-b1f1cd78-f19552bb, CSN 56968372000600040000): [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=4 csn=56968373000000040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe3-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968373000000040000) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe3-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968373000000040000) not sent - empty [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968373000000040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 2c014385-0bb311e5-bde8cd78-f19552bb, CSN 56968373000000040000): [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=5 csn=56968373000300040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe3-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968373000300040000) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe3-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968373000300040000) not sent - empty [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968373000300040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 2c014385-0bb311e5-bde8cd78-f19552bb, CSN 56968373000300040000): [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=6 csn=56968375000000040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=writer1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968375000000040000) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=writer1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968375000000040000) not sent - empty [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968375000000040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 16a0f586-f5c411e4-afbccd78-f19552bb, CSN 56968375000000040000): [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=7 csn=56968375000300040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=writer1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968375000300040000) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=writer1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968375000300040000) not sent - empty [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968375000300040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 16a0f586-f5c411e4-afbccd78-f19552bb, CSN 56968375000300040000): [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=8 csn=56968378000300040000 [13/Jan/2016:17:01:40 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:17:01:40 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - load next: anchorcsn=569683ec000000040000 [13/Jan/2016:17:01:40 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - load=2 rec=2 csn=569683ec000300040000 [13/Jan/2016:17:01:40 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - clcache_load_buffer: rc=-30988 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): No more updates to send (cl5GetNextOperationToReplay) [13/Jan/2016:17:01:40 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - session end: state=5 load=2 sent=2 skipped=0 skipped_new_rid=0 skipped_csn_gt_cons_maxcsn=0 skipped_up_to_date=0 skipped_csn_gt_ruv=0 skipped_csn_covered=0 [13/Jan/2016:17:01:40 +0000] - Calling dirsync search request plugin [13/Jan/2016:17:01:40 +0000] - Sending dirsync search request [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=jbl1-tools-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968378000300040000) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=jbl1-tools-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968378000300040000) not sent - empty [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968378000300040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 892ff89a-aaf511e5-b1f1cd78-f19552bb, CSN 56968378000300040000): [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=9 csn=56968379000200040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=jbl1-tools-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000200040000) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=jbl1-tools-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000200040000) not sent - empty [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968379000200040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 892ff89a-aaf511e5-b1f1cd78-f19552bb, CSN 56968379000200040000): [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=10 csn=56968379000500040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-msg-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000500040000) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-msg-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000500040000) not sent - empty [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968379000500040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 8f1a8905-1e8611e5-a0c7cd78-f19552bb, CSN 56968379000500040000): [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=11 csn=56968379000800040000 [13/Jan/2016:17:01:40 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): Beginning linger on the connection [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: sending_updates -> wait_for_changes [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: wait_for_changes -> ready_to_acquire_replica [13/Jan/2016:17:01:40 +0000] - acquire_replica, supplier RUV: [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - supplier: {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - supplier: {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683ec000300040000 569682f4 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - supplier: {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - supplier: {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:40 +0000] - acquire_replica, consumer RUV: [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - consumer: {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - consumer: {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683ec000300040000 569682f4 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - consumer: {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - consumer: {replica 5} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): Cancelling linger on the connection [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - windows sync - windows_acquire_replica returned success (101) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: ready_to_acquire_replica -> sending_updates [13/Jan/2016:17:01:40 +0000] - csngen_adjust_time: gen state before 569683ec0005:1452704500:0:248 [13/Jan/2016:17:01:40 +0000] - csngen_adjust_time: gen state after 569683ec0005:1452704500:0:248 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-msg-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000800040000) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-msg-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000800040000) not sent - empty [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968379000800040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 8f1a8905-1e8611e5-a0c7cd78-f19552bb, CSN 56968379000800040000): [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=12 csn=56968379000b00040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=collector1-log-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000b00040000) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=collector1-log-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000b00040000) not sent - empty [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968379000b00040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 4193771f-569411e5-9215a094-64a60b74, CSN 56968379000b00040000): [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=13 csn=5696837b000200040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=collector1-log-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000200040000) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=collector1-log-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000200040000) not sent - empty [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837b000200040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 4193771f-569411e5-9215a094-64a60b74, CSN 5696837b000200040000): [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=14 csn=5696837b000500040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-msg-mbqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000500040000) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-msg-mbqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000500040000) not sent - empty [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837b000500040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 803f2702-aaf511e5-b6d1a094-64a60b74, CSN 5696837b000500040000): [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=15 csn=5696837b000800040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-msg-mbqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000800040000) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-msg-mbqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000800040000) not sent - empty [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837b000800040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 803f2702-aaf511e5-b6d1a094-64a60b74, CSN 5696837b000800040000): [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=16 csn=5696837d000000040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-interopperf1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837d000000040000) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-interopperf1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837d000000040000) not sent - empty [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837d000000040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 640cb404-4cd411e5-b1f1cd78-f19552bb, CSN 5696837d000000040000): [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=17 csn=5696837f000200040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-interopperf1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000200040000) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-interopperf1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000200040000) not sent - empty [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000200040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 640cb404-4cd411e5-b1f1cd78-f19552bb, CSN 5696837f000200040000): [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=18 csn=5696837f000300040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pg1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000300040000) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pg1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000300040000) not sent - empty [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000300040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 1ea56a11-9e1f11e5-b1f1cd78-f19552bb, CSN 5696837f000300040000): [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=19 csn=5696837f000500040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pg1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000500040000) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pg1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000500040000) not sent - empty [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000500040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 1ea56a11-9e1f11e5-b1f1cd78-f19552bb, CSN 5696837f000500040000): [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=20 csn=5696837f000800040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pg1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000800040000) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pg1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000800040000) not sent - empty [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000800040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 23489b25-240711e5-a0c7cd78-f19552bb, CSN 5696837f000800040000): [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=21 csn=5696837f000b00040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pg1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000b00040000) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pg1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000b00040000) not sent - empty [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000b00040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 23489b25-240711e5-a0c7cd78-f19552bb, CSN 5696837f000b00040000): [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=22 csn=56968381000200040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-msgqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968381000200040000) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-msgqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968381000200040000) not sent - empty [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968381000200040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 15173e07-4c4411e5-b1f1cd78-f19552bb, CSN 56968381000200040000): [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=23 csn=56968381000500040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-msgqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968381000500040000) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-msgqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968381000500040000) not sent - empty [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968381000500040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 15173e07-4c4411e5-b1f1cd78-f19552bb, CSN 56968381000500040000): [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=24 csn=56968384000000040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-interopsnap2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968384000000040000) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-interopsnap2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968384000000040000) not sent - empty [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968384000000040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid c16f2824-4d0911e5-b1f1cd78-f19552bb, CSN 56968384000000040000): [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=25 csn=56968384000100040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-interopsnap2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968384000100040000) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-interopsnap2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968384000100040000) not sent - empty [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968384000100040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid c16f2824-4d0911e5-b1f1cd78-f19552bb, CSN 56968384000100040000): [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=26 csn=5696838d000000040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=proxy3-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696838d000000040000) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=proxy3-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696838d000000040000) not sent - empty [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696838d000000040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid e347dd89-58b911e5-b1f1cd78-f19552bb, CSN 5696838d000000040000): [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=27 csn=5696838d000300040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=proxy3-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696838d000300040000) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=proxy3-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696838d000300040000) not sent - empty [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696838d000300040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid e347dd89-58b911e5-b1f1cd78-f19552bb, CSN 5696838d000300040000): [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=28 csn=56968392000000040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=logger1-mls-snap12-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968392000000040000) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=logger1-mls-snap12-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968392000000040000) not sent - empty [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968392000000040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 89411b12-58ad11e5-9215a094-64a60b74, CSN 56968392000000040000): [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=29 csn=56968392000300040000 [13/Jan/2016:17:01:41 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=logger1-mls-snap12-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968392000300040000) From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Ludwig Krispenz Sent: January-13-16 2:12 AM To: freeipa-users at redhat.com Subject: Re: [Freeipa-users] Replication failing on FreeIPA 4.2.0 plus ldapmodify freezes up On 01/13/2016 05:19 AM, Nathan Peters wrote: These are the replication agreements: -dc1-van (master) replicates to dc1-nvan -dc1-van (master) replicates to dc2-nvan I do not have an agreement between the 2 other servers at this time so updates from dc1-nvan should go through dc1-van to reach dc2-nvan I did the following test: On each of the 3 domain controllers, create a test host named after itself. After replication, the following hosts existed on the following servers: Dc1-van had entries for testhostdc1van and testhostdc2nvan Dc1-nvan had entries for testhostdc1van, testhostdc1nvan, and testhostdc2nvan Dc2-nvan had entries for testhostdc1van and testhostdc2nvan So replication is working both ways between dc2-nvan and dc1-van Replication is only working one way from dc1-van to dc1-nvan My guess is that a new CSN ending in 3000 was successfully added for the update, but still the same thing is happening and causing it to be ignored ? Is this related to https://fedorahosted.org/389/ticket/48225 ? The description sounds similar. This is fixed by ticket #48266, and you already have seen traces of this fix (about keep alive entry), If so, is there a workaround? Logs from both servers (dc1-van and dc1-nvan) during the update unfortunately the master log only spans 1 second 2016:04:06:32 and the nvan log ands at this second. What is strange in the nvan log is that it always keeps in backoff state. agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff It should try to acquire the replica and only if it fails go into backoff again. Could you: - restartdc1-nvan and provide the error log of the replication startup - make a change on dc1-nvan and provide access and error logs of both dc1-nvan and dc1-van for the same time span (~10sec) around the change -------------- next part -------------- An HTML attachment was scrubbed... URL: From simo at redhat.com Wed Jan 13 18:08:52 2016 From: simo at redhat.com (Simo Sorce) Date: Wed, 13 Jan 2016 13:08:52 -0500 Subject: [Freeipa-users] How to migrate from freeipa distribution to separate components In-Reply-To: References: <1452693538.3356.78.camel@redhat.com> <20160113143325.GH4316@redhat.com> <5696692B.6040101@redhat.com> Message-ID: <1452708532.3356.99.camel@redhat.com> On Wed, 2016-01-13 at 17:10 +0100, bahan w wrote: > Re ! > > Thank both of you again for your answers, guys. > > Simo, I would be very interested in this feature list in fact. > Do you know if there is a way to find it ? > I would really need it, it would help a lot. You can start from here: http://www.freeipa.org/page/Documentation For example under the "by component" part although that does not make you understand all the work behind the installer, which was the first big chunk of work when we started 8 years ago. Simo. > Best regards. > > Bahan > > On Wed, Jan 13, 2016 at 4:11 PM, Martin Kosek wrote: > > > On 01/13/2016 03:57 PM, bahan w wrote: > > > Re. > > > > > > Thanks both of you for your answers. > > > > > > Simo, MIT Kerberos and OpenLDAP can work on their own and provide the > > same > > > kind of service that we want from IPA, even if it is not embedded in > > > integrated solution like IPA. > > > > > > I totally agree that IPA provides a lot of things but I am quite sure the > > > isolated softwares like MIT Kerberos for Kerberos, OpenLDAP for LDAP and > > a > > > cache client like sssd or nscd/nslcd can work. > > > > It "can" work. But home grown solutions like that require non-trivial > > effort to > > even get started. > > > > As soon as you have more requests on such home grown infrastructure, you > > will > > need to implement enhancements (like something cert or DNS related). At > > that > > moment, you may realize you are re-implementing what FreeIPA may support > > already. FreeIPA project was started for a reason :-) > > > > > Alexander, when I mention migration, I think of the following actions : > > > 1. Take the principals that we have for the KDC and recreate them in an > > MIT > > > Kerberos KDC architecture > > > 2. Take the users/groups/pwpolicies in the LDAP and recreate them in an > > > openLDAP architecture > > > > > > Do you know if there is other things necessary to recreate in the LDAP or > > > in the KDC ? > > > > > > Additionnaly, do you have a list of points which could help to convince > > to > > > keep the freeipa architecture ? > > > > > > Best regards. > > > > > > Bahan > > > > > > On Wed, Jan 13, 2016 at 3:33 PM, Alexander Bokovoy > > > wrote: > > > > > >> On Wed, 13 Jan 2016, bahan w wrote: > > >> > > >>> Hello Simo ! > > >>> > > >>> For the reason : > > >>> The production team wants to use only the two components openLDAP and > > MIT > > >>> Kerberos, possibily on different servers. > > >>> > > >>> For the explanation : > > >>> They want to install only MIT Kerberos and openLDAP. > > >>> We already have an existing FreeIPA installation, with users, groups, > > >>> principals, pwpolicies. > > >>> We would like to migrate this to an openLDAP for the users, groups and > > >>> pwpolicies, and to another MIT Kerberos for the principals (hope I'm > > not > > >>> forgetting anything). > > >>> > > >> FreeIPA provides own LDAP driver for MIT Kerberos that relies on IPA > > >> LDAP schema. Standard MIT Kerberos LDAP driver does not support IPA > > >> schema. > > >> > > >> Additionally, 389-ds LDAP server FreeIPA uses is coupled with about two > > >> dozen additional plugins. These plugins either don't exist for OpenLDAP > > >> at all or have different behavior and rely on different LDAP schema. > > >> > > >> In short, if you move the data from 389-ds to OpenLDAP, it wouldn't be > > >> used by MIT Kerberos LDAP driver because it doesn't know about that > > >> data, and OpenLDAP server will not have the same behavior as expected by > > >> IPA clients (SSSD) for IPA-specific mode. > > >> > > >> Whatever your production team is thinking about this move, it is most > > >> certainly not properly thought out. > > >> > > >> -- > > >> / Alexander Bokovoy > > >> > > > > > > > > > > > > > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project -- Simo Sorce * Red Hat, Inc * New York From anthony.wan.cheng at gmail.com Wed Jan 13 19:53:38 2016 From: anthony.wan.cheng at gmail.com (Anthony Cheng) Date: Wed, 13 Jan 2016 19:53:38 +0000 Subject: [Freeipa-users] configure: error: xmlrpc-c/base.h not found Message-ID: Hi all, I am getting an error with make for both freeipa-4.3.0 and freeipa-4.2.0; both errors are the same: checking for xmlrpc-c/base.h... no configure: error: xmlrpc-c/base.h not found make: *** [client-autogen] Error 1 I read from http://www.freeipa.org/page/Releases/4.0.0 that XMLRPC system commands were not implemented; so is it safe to ignore this error? If not would it suffice to install one of the following? xmlrpc-c-c++.x86_64 : C++ libraries for xmlrpc-c xmlrpc-c-client.x86_64 : C client libraries for xmlrpc-c xmlrpc-c-client++.x86_64 : C++ client libraries for xmlrpc-c xmlrpc-c-devel.x86_64 : Development files for xmlrpc-c based programs xmlrpc-c.x86_64 : A lightweight RPC library based on XML and HTTP xmlrpc-c-apps.x86_64 : Sample XML-RPC applications xmlrpc-client.noarch : XML-RPC client implementation xmlrpc-common.noarch : Common classes for XML-RPC client and server implementations -- Thanks, Anthony -------------- next part -------------- An HTML attachment was scrubbed... URL: From pdomineaux at gmail.com Wed Jan 13 19:57:10 2016 From: pdomineaux at gmail.com (philippe domineaux) Date: Wed, 13 Jan 2016 20:57:10 +0100 Subject: [Freeipa-users] Fwd: NetworkError : invalid continuation byte with utf8 codec In-Reply-To: References: <20151222013001.GT23644@dhcp-40-8.bne.redhat.com> <20151223041124.GA16124@dhcp-40-8.bne.redhat.com> <20160106043230.GK31821@dhcp-40-8.bne.redhat.com> Message-ID: <08476117-EF92-4DA5-B68B-6E1AA4FBA96A@gmail.com> Thanks It works like a charm. Btw I switched to en_US.iso Fixed for me. > Le 6 janv. 2016 ? 22:21, Carlos Ra?l Laguna a ?crit : > > Happy new year to all, just to point out that this also affect Fedora23 Free-IPA 4.2.0 and 4.3.0 from corps. locale are set to es_ES.UTF-8. Regards > > 2016-01-05 23:32 GMT-05:00 Fraser Tweedale : >> On Mon, Jan 04, 2016 at 03:13:43PM +0100, Domineaux Philippe wrote: >> > Hello, >> > >> > Happy new year. >> > >> > So the content of my /etc/locale.conf : >> > >> > LANG="fr_FR.UTF-8" >> > >> Happy new year to you too, and thanks for the info. >> >> I reproduced the issue and there is a now a patch awaiting review. >> Ticket: https://fedorahosted.org/freeipa/ticket/5578 >> >> Cheers, >> Fraser >> >> > ---------- Forwarded message ---------- >> > From: Fraser Tweedale >> > Date: 2015-12-23 5:11 GMT+01:00 >> > Subject: Re: [Freeipa-users] NetworkError : invalid continuation byte with >> > utf8 codec >> > To: Gmail >> > Cc: freeipa-users at redhat.com >> > >> > >> > On Tue, Dec 22, 2015 at 08:39:09AM +0100, Gmail wrote: >> > > Here are the files you ask for: >> > > >> > Thank you. I see Tomcat is running in an fr_FR locale. Could you >> > also provide contents of `/etc/locale.conf'? >> > >> > Cheers, >> > Fraser >> > >> > > >> > > >> > > Le 22 d?cembre 2015 ? 02:30:06, Fraser Tweedale (ftweedal at redhat.com) a >> > ?crit: >> > > >> > > On Mon, Dec 21, 2015 at 05:29:01PM +0100, Gmail wrote: >> > > > Hi all, >> > > > >> > > > When trying to install on a fresh new Centos 7 I?ve got this error : >> > > > >> > > > 2015-12-21T16:04:44Z DEBUG The ipa-server-install command failed, >> > exception: NetworkError: cannot connect to ' >> > https://freeipa.ipa.local:8443/ca/rest/profiles/raw': 'utf8' codec can't >> > decode byte 0xea in position 13: invalid continuation byte >> > > > 2015-12-21T16:04:44Z ERROR cannot connect to ' >> > https://freeipa.ipa.local:8443/ca/rest/profiles/raw': 'utf8' codec can't >> > decode byte 0xea in position 13: invalid continuation byte >> > > > >> > > > My freeipa-server version is : 4.2.0 >> > > > I?m running a Centos 3.10.0-327.3.1.el7.x86_64 >> > > > >> > > > Any idea of what goes wrong? >> > > > >> > > Thanks for reporting. I have not seen this error before. Could you >> > > please include the following log files and I will take a closer >> > > look: >> > > >> > > /var/log/ipaserver-install.log >> > > /var/log/pki/pki-tomcat/ca/debug >> > > >> > > Cheers, >> > > Fraser >> >> > -- >> > Manage your subscription for the Freeipa-users mailing list: >> > https://www.redhat.com/mailman/listinfo/freeipa-users >> > Go to http://freeipa.org for more info on the project >> >> -- >> Manage your subscription for the Freeipa-users mailing list: >> https://www.redhat.com/mailman/listinfo/freeipa-users >> Go to http://freeipa.org for more info on the project > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project -------------- next part -------------- An HTML attachment was scrubbed... URL: From rcritten at redhat.com Wed Jan 13 20:14:33 2016 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 13 Jan 2016 15:14:33 -0500 Subject: [Freeipa-users] configure: error: xmlrpc-c/base.h not found In-Reply-To: References: Message-ID: <5696B029.4080703@redhat.com> Anthony Cheng wrote: > Hi all, > > I am getting an error with make for both freeipa-4.3.0 > and freeipa-4.2.0; both errors are the same: > > checking for xmlrpc-c/base.h... no > configure: error: xmlrpc-c/base.h not found > make: *** [client-autogen] Error 1 > > I read from http://www.freeipa.org/page/Releases/4.0.0 that XMLRPC > system commands were not implemented; so is it safe to ignore this error? You can't ignore it, the referenced system commands are introspectives for the XMLRPC protocol itself. > If not would it suffice to install one of the following? > > xmlrpc-c-c++.x86_64 : C++ libraries for xmlrpc-c > xmlrpc-c-client.x86_64 : C client libraries for xmlrpc-c > xmlrpc-c-client++.x86_64 : C++ client libraries for xmlrpc-c > xmlrpc-c-devel.x86_64 : Development files for xmlrpc-c based programs > xmlrpc-c.x86_64 : A lightweight RPC library based on XML and HTTP > xmlrpc-c-apps.x86_64 : Sample XML-RPC applications > xmlrpc-client.noarch : XML-RPC client implementation > xmlrpc-common.noarch : Common classes for XML-RPC client and server > implementations You need xmlrpc-c-devel which will probably pull in most if not all of that. See BUILD.txt in the top level of the source tree for some helpers in getting all the dependencies installed. rob From gnotrica at candeal.com Wed Jan 13 20:37:42 2016 From: gnotrica at candeal.com (Gady Notrica) Date: Wed, 13 Jan 2016 20:37:42 +0000 Subject: [Freeipa-users] IPA-Server installation Message-ID: <0984AB34E553F54B8705D776686863E705F22BD4@cd-exchange01.CD-PRD.candeal.ca> Hi, Trying to install IPA-Server but failing. The file "b0789cdf06109ebe3313dab51585247700dd285b7eb0bc83f9d80a90cf2360f6-primary.sqlite.bz2" is no longer available. It has been replace by "14824767ac8a1b07914066cf2f721b1ba0de7cf93e04662a6f669cb302de61d1-primary.sqlite.bz2" NEW FILE http://mirror.its.sfu.ca/mirror/CentOS/7.2.1511/updates/x86_64/repodata/14824767ac8a1b07914066cf2f721b1ba0de7cf93e04662a6f669cb302de61d1-primary.sqlite.bz2 OLD FILE http://centos.bhs.mirrors.ovh.net/ftp.centos.org/7.2.1511/updates/x86_64/repodata/b0789cdf06109ebe3313dab51585247700dd285b7eb0bc83f9d80a90cf2360f6-primary.sqlite.bz2: [Errno 14] HTTP Error 404 - Not Found http://centos.mirror.netelligent.ca/centos/7.2.1511/updates/x86_64/repodata/b0789cdf06109ebe3313dab51585247700dd285b7eb0bc83f9d80a90cf2360f6-primary.sqlite.bz2: [Errno 14] HTTP Error 404 - Not Found http://mirror.esecuredata.com/centos/7.2.1511/updates/x86_64/repodata/b0789cdf06109ebe3313dab51585247700dd285b7eb0bc83f9d80a90cf2360f6-primary.sqlite.bz2: [Errno 14] HTTP Error 404 - Not Found Gady Notrica | IT Systems Analyst | 416.814.7800 Ext. 7921 | Cell. 416.818.4797 | gnotrica at candeal.com CanDeal | 152 King St. E, 4th Floor, Toronto ON M5A 1J4 | www.candeal.com | Follow us: [Description: Description: cid:image003.jpg at 01CBD419.622CDF90] [Description: Description: Description: cid:image002.jpg at 01CBD419.622CDF90] -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.jpg Type: image/jpeg Size: 11810 bytes Desc: image001.jpg URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image002.jpg Type: image/jpeg Size: 11586 bytes Desc: image002.jpg URL: From abokovoy at redhat.com Wed Jan 13 20:49:56 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Wed, 13 Jan 2016 22:49:56 +0200 Subject: [Freeipa-users] IPA-Server installation In-Reply-To: <0984AB34E553F54B8705D776686863E705F22BD4@cd-exchange01.CD-PRD.candeal.ca> References: <0984AB34E553F54B8705D776686863E705F22BD4@cd-exchange01.CD-PRD.candeal.ca> Message-ID: <20160113204956.GO4316@redhat.com> On Wed, 13 Jan 2016, Gady Notrica wrote: >Hi, > >Trying to install IPA-Server but failing. >The file "b0789cdf06109ebe3313dab51585247700dd285b7eb0bc83f9d80a90cf2360f6-primary.sqlite.bz2" is no longer available. > >It has been replace by "14824767ac8a1b07914066cf2f721b1ba0de7cf93e04662a6f669cb302de61d1-primary.sqlite.bz2" > >NEW FILE >http://mirror.its.sfu.ca/mirror/CentOS/7.2.1511/updates/x86_64/repodata/14824767ac8a1b07914066cf2f721b1ba0de7cf93e04662a6f669cb302de61d1-primary.sqlite.bz2 > >OLD FILE >http://centos.bhs.mirrors.ovh.net/ftp.centos.org/7.2.1511/updates/x86_64/repodata/b0789cdf06109ebe3313dab51585247700dd285b7eb0bc83f9d80a90cf2360f6-primary.sqlite.bz2: [Errno 14] HTTP Error 404 - Not Found >http://centos.mirror.netelligent.ca/centos/7.2.1511/updates/x86_64/repodata/b0789cdf06109ebe3313dab51585247700dd285b7eb0bc83f9d80a90cf2360f6-primary.sqlite.bz2: [Errno 14] HTTP Error 404 - Not Found >http://mirror.esecuredata.com/centos/7.2.1511/updates/x86_64/repodata/b0789cdf06109ebe3313dab51585247700dd285b7eb0bc83f9d80a90cf2360f6-primary.sqlite.bz2: [Errno 14] HTTP Error 404 - Not Found > I'm not sure what you are trying to achieve by this post. There are many mirrors for CentOS project and they may have non-synchronized state. It may take several hours or days to get new content synchronized. If some mirror does not work, other mirror would be selected by yum until the working data set is obtained. FreeIPA team has no influence over CentOS project and their mirrors. If you see constant issues with some of CentOS mirrors, report these issues to CentOS project IT people. -- / Alexander Bokovoy From akaczka86 at gmail.com Wed Jan 13 20:49:55 2016 From: akaczka86 at gmail.com (Adam Kaczka) Date: Wed, 13 Jan 2016 20:49:55 +0000 Subject: [Freeipa-users] py.test is missing Message-ID: Hi, I am trying to run make-test in 4.0.2 after make and I see that it is trying to run py.test but I don't see py.test anywhere in the directory? For some reason it is simply missing. -------------- next part -------------- An HTML attachment was scrubbed... URL: From prasun.gera at gmail.com Wed Jan 13 20:53:26 2016 From: prasun.gera at gmail.com (Prasun Gera) Date: Wed, 13 Jan 2016 15:53:26 -0500 Subject: [Freeipa-users] IPA users not visible in NIS passwd map In-Reply-To: References: <20160111212125.GC4316@redhat.com> Message-ID: I think I've solved this. I don't know what or who enabled it, but for some reason the original NIS service (ypserv) was running on the server. That was taking precedence over ipa's fake NIS, and causing problems. I have now deleted the maps and commented them out in the Makefile so that it doesn't get enabled accidentally again. I do see another problem though. In an attempt to clean up a lot of old users, I have disabled them in the webui. This works for ipa clients and access is denied, but the users can still log in on the old NIS clients. Is this a known limitation ? On Mon, Jan 11, 2016 at 9:21 PM, Prasun Gera wrote: > This is the output of the command: > > ldapsearch -LLL -H $(cat /etc/ipa/default.conf | grep ldap_uri|cut -d= > -f2) -b cn=config '(nis-domain=*)' dn CreateTimestamp ModifyTimestamp > SASL/EXTERNAL authentication started > SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth > SASL SSF: 0 > dn: nis-domain=domain.edu+nis-map=auto.home,cn=NIS > Server,cn=plugins,cn=config > CreateTimestamp: 20150321091139Z > ModifyTimestamp: 20150321091139Z > > dn: nis-domain=domain.edu+nis-map=auto.local,cn=NIS > Server,cn=plugins,cn=confi > g > CreateTimestamp: 20150321091209Z > ModifyTimestamp: 20150321091209Z > > dn: nis-domain=domain.edu+nis-map=auto.master,cn=NIS > Server,cn=plugins,cn=conf > ig > CreateTimestamp: 20150321091201Z > ModifyTimestamp: 20150321091201Z > > dn: nis-domain=domain.edu+nis-map=ethers.byaddr,cn=NIS > Server,cn=plugins,cn=co > nfig > CreateTimestamp: 20150320220124Z > ModifyTimestamp: 20150320220124Z > > dn: nis-domain=domain.edu+nis-map=ethers.byname,cn=NIS > Server,cn=plugins,cn=co > nfig > CreateTimestamp: 20150320220124Z > ModifyTimestamp: 20150320220124Z > > dn: nis-domain=domain.edu+nis-map=group.bygid,cn=NIS > Server,cn=plugins,cn=conf > ig > CreateTimestamp: 20150320220124Z > ModifyTimestamp: 20150320220124Z > > dn: nis-domain=domain.edu+nis-map=group.byname,cn=NIS > Server,cn=plugins,cn=con > fig > CreateTimestamp: 20150320220124Z > ModifyTimestamp: 20150320220124Z > > dn: nis-domain=domain.edu+nis-map=netgroup,cn=NIS > Server,cn=plugins,cn=config > CreateTimestamp: 20150320220124Z > ModifyTimestamp: 20150320220124Z > > dn: nis-domain=domain.edu+nis-map=netid.byname,cn=NIS > Server,cn=plugins,cn=con > fig > CreateTimestamp: 20150320220124Z > ModifyTimestamp: 20150320220124Z > > dn: nis-domain=domain.edu+nis-map=passwd.byname,cn=NIS > Server,cn=plugins,cn=co > nfig > CreateTimestamp: 20150320220124Z > ModifyTimestamp: 20150320220124Z > > dn: nis-domain=domain.edu+nis-map=passwd.byuid,cn=NIS > Server,cn=plugins,cn=con > fig > CreateTimestamp: 20150320220124Z > ModifyTimestamp: 20150320220124Z > > > All the maps are listed from what I can tell. passwd is the one that is > not working as expected. Autofs maps are working all right on nis clients. > > On Mon, Jan 11, 2016 at 4:21 PM, Alexander Bokovoy > wrote: > >> On Mon, 11 Jan 2016, Prasun Gera wrote: >> >>> I upgraded ipa to 4.2 on my rhel 7.2 servers a few weeks ago. One of the >>> users reported that he is not able to log in to certain systems any more. >>> It turns out that there is some change in behaviour w.r.t NIS clients >>> after >>> this upgrade. I see that his username is not visible in "ypcat passwd" on >>> the old clients that are using NIS. This user was added natively through >>> ipa. The old users that were migrated from NIS still work as expected on >>> the NIS clients. I can also confirm that if I add a new user now in ipa, >>> it >>> is not visible in NIS maps. Until we phase out the NIS clients >>> completely, >>> I would like all users to be able to log into them. This used to be the >>> case, but a recent update seems to have changed that. I don't know if >>> this >>> is intentional. How do i revert to the old behaviour ? >>> >> Do you see all the maps configured? >> >> # ldapsearch -LLL -H $(cat /etc/ipa/default.conf | grep ldap_uri|cut -d= >> -f2) -b cn=config '(nis-domain=*)' dn CreateTimestamp ModifyTimestamp >> >> We have a bug in the upgrade script that was fixed this morning >> https://www.redhat.com/archives/freeipa-devel/2016-January/msg00154.html >> >> -- >> / Alexander Bokovoy >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From abokovoy at redhat.com Wed Jan 13 20:58:49 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Wed, 13 Jan 2016 22:58:49 +0200 Subject: [Freeipa-users] py.test is missing In-Reply-To: References: Message-ID: <20160113205849.GP4316@redhat.com> On Wed, 13 Jan 2016, Adam Kaczka wrote: >Hi, > >I am trying to run make-test in 4.0.2 after make and I see that it is >trying to run py.test but I don't see py.test anywhere in the directory? >For some reason it is simply missing. pytest is a separate package which you need to install. -- / Alexander Bokovoy From abokovoy at redhat.com Wed Jan 13 21:17:28 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Wed, 13 Jan 2016 23:17:28 +0200 Subject: [Freeipa-users] IPA users not visible in NIS passwd map In-Reply-To: References: <20160111212125.GC4316@redhat.com> Message-ID: <20160113211728.GQ4316@redhat.com> On Wed, 13 Jan 2016, Prasun Gera wrote: >I think I've solved this. I don't know what or who enabled it, but for some >reason the original NIS service (ypserv) was running on the server. That >was taking precedence over ipa's fake NIS, and causing problems. I have now >deleted the maps and commented them out in the Makefile so that it doesn't >get enabled accidentally again. > >I do see another problem though. In an attempt to clean up a lot of old >users, I have disabled them in the webui. This works for ipa clients and >access is denied, but the users can still log in on the old NIS clients. Is >this a known limitation ? How they are authenticated on the NIS clients? FreeIPA does not provide shadow map. -- / Alexander Bokovoy From prasun.gera at gmail.com Wed Jan 13 21:20:30 2016 From: prasun.gera at gmail.com (Prasun Gera) Date: Wed, 13 Jan 2016 16:20:30 -0500 Subject: [Freeipa-users] IPA users not visible in NIS passwd map In-Reply-To: <20160113211728.GQ4316@redhat.com> References: <20160111212125.GC4316@redhat.com> <20160113211728.GQ4316@redhat.com> Message-ID: They are authenticated using CRYPT passwords. i.e. Even after a user is disabled in ipa, it's entry is still visible in ypcat passwd on the clients. On Wed, Jan 13, 2016 at 4:17 PM, Alexander Bokovoy wrote: > On Wed, 13 Jan 2016, Prasun Gera wrote: > >> I think I've solved this. I don't know what or who enabled it, but for >> some >> reason the original NIS service (ypserv) was running on the server. That >> was taking precedence over ipa's fake NIS, and causing problems. I have >> now >> deleted the maps and commented them out in the Makefile so that it doesn't >> get enabled accidentally again. >> >> I do see another problem though. In an attempt to clean up a lot of old >> users, I have disabled them in the webui. This works for ipa clients and >> access is denied, but the users can still log in on the old NIS clients. >> Is >> this a known limitation ? >> > How they are authenticated on the NIS clients? FreeIPA does not provide > shadow map. > -- > / Alexander Bokovoy > -------------- next part -------------- An HTML attachment was scrubbed... URL: From abokovoy at redhat.com Wed Jan 13 21:27:34 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Wed, 13 Jan 2016 23:27:34 +0200 Subject: [Freeipa-users] IPA users not visible in NIS passwd map In-Reply-To: References: <20160111212125.GC4316@redhat.com> <20160113211728.GQ4316@redhat.com> Message-ID: <20160113212734.GR4316@redhat.com> On Wed, 13 Jan 2016, Prasun Gera wrote: >They are authenticated using CRYPT passwords. i.e. Even after a user is >disabled in ipa, it's entry is still visible in ypcat passwd on the >clients. https://fedorahosted.org/slapi-nis/ticket/10 The definition is unfortunately in the C code, so it would require recompile of slapi-nis. For Fedora I plan to do new release next week or so as there are enough patches ready to go to new release. -- / Alexander Bokovoy From prasun.gera at gmail.com Wed Jan 13 21:31:37 2016 From: prasun.gera at gmail.com (Prasun Gera) Date: Wed, 13 Jan 2016 16:31:37 -0500 Subject: [Freeipa-users] IPA users not visible in NIS passwd map In-Reply-To: <20160113212734.GR4316@redhat.com> References: <20160111212125.GC4316@redhat.com> <20160113211728.GQ4316@redhat.com> <20160113212734.GR4316@redhat.com> Message-ID: Great! I hope it makes it downstream to RHEL. On Wed, Jan 13, 2016 at 4:27 PM, Alexander Bokovoy wrote: > On Wed, 13 Jan 2016, Prasun Gera wrote: > >> They are authenticated using CRYPT passwords. i.e. Even after a user is >> disabled in ipa, it's entry is still visible in ypcat passwd on the >> clients. >> > https://fedorahosted.org/slapi-nis/ticket/10 > > The definition is unfortunately in the C code, so it would require > recompile of slapi-nis. For Fedora I plan to do new release next week or > so as there are enough patches ready to go to new release. > > > -- > / Alexander Bokovoy > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jkinney at emory.edu Wed Jan 13 23:10:40 2016 From: jkinney at emory.edu (James Kinney) Date: Wed, 13 Jan 2016 18:10:40 -0500 Subject: [Freeipa-users] replica install failing with : "Clone does not have all the required certificates" Message-ID: <1452726640.21411.32.camel@emory.edu> I need to upgrade from IPA3.0 to IPA4.2 (from centos 6.7 to 7.2) and the replica process is failing to install on the new system: 2016-01-13T17:27:46Z DEBUG Starting external process 2016-01-13T17:27:46Z DEBUG args='/usr/sbin/pkispawn' '-s' 'CA' '-f' '/tmp/tmpjklK4o' 2016-01-13T17:28:19Z DEBUG Process finished, return code=1 2016-01-13T17:28:19Z DEBUG stdout=Log file: /var/log/pki/pki-ca- spawn.20160113122746.log Loading deployment configuration from /tmp/tmpjklK4o. Installing CA into /var/lib/pki/pki-tomcat. Storing deployment configuration into /etc/sysconfig/pki/tomcat/pki- tomcat/ca/deployment.cfg. Installation failed. 2016-01-13T17:28:19Z DEBUG stderr=/usr/lib/python2.7/site- packages/urllib3/connectionpool.py:769: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certifi cate verification is strongly advised. See: https://urllib3.readthedocs .org/en/latest/security.html ? InsecureRequestWarning) pkispawn????: WARNING??....... unable to validate security domain user/password through REST interface. Interface not available pkispawn????: ERROR????....... Exception from Java Configuration Servlet: 500 Server Error: Internal Server Error pkispawn????: ERROR????....... ParseError: not well-formed (invalid token): line 1, column 0: {"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.P KIException ","Code":500,"Message":"Clone does not have all the required certificates"}? 2016-01-13T17:28:19Z CRITICAL Failed to configure CA instance: Command ''/usr/sbin/pkispawn' '-s' 'CA' '-f' '/tmp/tmpjklK4o'' returned non- zero exit status 1 2016-01-13T17:28:19Z CRITICAL See the installation logs and the following files/directories for more information: 2016-01-13T17:28:19Z CRITICAL???/var/log/pki-ca-install.log 2016-01-13T17:28:19Z CRITICAL???/var/log/pki/pki-tomcat 2016-01-13T17:28:19Z DEBUG Traceback (most recent call last): ? File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 418, in start_creation ????run_step(full_msg, method) ? File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 408, in run_step ????method() ? File "/usr/lib/python2.7/site- packages/ipaserver/install/cainstance.py", line 620, in __spawn_instance ????DogtagInstance.spawn_instance(self, cfg_file) ? File "/usr/lib/python2.7/site- packages/ipaserver/install/dogtaginstance.py", line 201, in spawn_instance ????self.handle_setup_error(e) ? File "/usr/lib/python2.7/site- packages/ipaserver/install/dogtaginstance.py", line 465, in handle_setup_error ????raise RuntimeError("%s configuration failed." % self.subsystem) RuntimeError: CA configuration failed. 2016-01-13T17:28:19Z DEBUG???[error] RuntimeError: CA configuration failed. 2016-01-13T17:28:19Z DEBUG???File "/usr/lib/python2.7/site- packages/ipapython/admintool.py", line 171, in execute ????return_value = self.run() ? File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 311, in run It looks to me that the original, first install version 3.0 system is generating a bad gpg file. ?Will a reinstall of the orginal cert file solve this? If so, where and what is the best procedure? Is there a way to add CA capability to an existing master replicant by reusing it's original replica.gpg file? Background: the old v3.0 system runs on a virtual machine (ovirt). The physical host had a series of "bad days" that involved multiple crashes and lock-ups that were ultimately attributed to insufficient cooling of the RAID card. It is suspected that the data was scrambled on the drive. The original cert is backed up but the remaining machine backups are of dubious quality (long story - bad week at the datacenter). This is the last system on old hardware that was hit when the datacenter cooling totally failed and erased all the backups. Some days your're the pigeon, some days you're the statue. --? Jim Kinney Senior System Administrator 36 Eagle Row Suite 588 Department of Biomedical Informatics Emory University School of Medicine jkinney at emory.edu 404-712-0300 -------------- next part -------------- An HTML attachment was scrubbed... URL: From prasun.gera at gmail.com Thu Jan 14 00:40:31 2016 From: prasun.gera at gmail.com (Prasun Gera) Date: Wed, 13 Jan 2016 19:40:31 -0500 Subject: [Freeipa-users] GID, groups and ipa group-show In-Reply-To: <55DADD5D.60809@redhat.com> References: <55DADD5D.60809@redhat.com> Message-ID: This is an old thread, but I can confirm that this is still an issue on RHEL 7.2 + 4.2. This creates problems when there are roles associated with groups, but group membership through GID is broken. I had migrated all old NIS accounts into ipa. I then added the host enrollment role to a particular group. Now, unless I add the users to the group explicitly, they won't get the role, even if their gid is the same as the gid of the group. On Mon, Aug 24, 2015 at 5:01 AM, David Kupka wrote: > On 21/08/15 15:21, bahan w wrote: > >> Hello ! >> >> I contact you because I notice something strange with IPA environment. >> >> I created a group : >> ipa group-add g1 --desc="my first group" >> >> Then I created a user with the GID of g1 >> GID1=`ipa group-show g1 | awk '/GID/ {printf("%s",$2)}'` >> ipa user-add --first=u1 --last=u1 --homedir=/home/u1 --shell=/bin/bash >> --gidnumber=${GID1} u1 >> >> Then when I perform ipa group-show g1 command, I got the following result >> : >> ### >> Group name: g1 >> Description: my first group >> GID: >> ### >> >> Same for ipa user-show u1 : >> ### >> User login: u1 >> First name: u1 >> Last name: u1 >> Home directory: /home/u1 >> Login shell: /bin/bash >> Email address: u1@ >> UID: >> GID: >> Account disabled: False >> Password: False >> Member of groups: ipausers >> Kerberos keys available: False >> ### >> >> These 2 commands does not see u1 as a member of g1. >> When I try the command id u1, I can see the group : >> >> ### >> id u1 >> uid=(u1) gid=(g1) groups=(g1) >> ### >> >> Is it the normal behaviour of these IPA commands ? >> >> Best regards. >> >> Bahan >> >> >> > Hello! > > I'm not sure if this is intended and/or correct behavior or not. > Looking at /etc/passwd and /etc/group I see it behaves similarly in a way. > > You can have following entries in the aforementioned files > > [/etc/group] > ... > g1:x:: > ... > > [/etc/passwd] > ... > u1:x::::/home/u1:/bin/bash > ... > > Looking in /etc/group you can't see user 'u1' is member of group 'g1' but > tools like id, groups, getent shows this information. > > On the other hand it would be useful to show these "implicit" members in > group-show output. > Could you please file a ticket (https://fedorahosted.org/freeipa/newticket > )? > > -- > David Kupka > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jkinney at emory.edu Thu Jan 14 00:44:44 2016 From: jkinney at emory.edu (James Kinney) Date: Wed, 13 Jan 2016 19:44:44 -0500 Subject: [Freeipa-users] replica install failing with : "Clone does not have all the required certificates" In-Reply-To: <1452726640.21411.32.camel@emory.edu> References: <1452726640.21411.32.camel@emory.edu> Message-ID: <1452732284.21411.84.camel@emory.edu> Followup: ?I also tested converting an existing 4.2 system to be a CA by running ipa-ca-install and got the same error. So it seems the original system had a failure point prior to the heating issues. The 4.2 system has been running for quite a while (with regular updates from an early 4.0). On Wed, 2016-01-13 at 18:10 -0500, James Kinney wrote: > I need to upgrade from IPA3.0 to IPA4.2 (from centos 6.7 to 7.2) and > the replica process is failing to install on the new system: > > 2016-01-13T17:27:46Z DEBUG Starting external process > 2016-01-13T17:27:46Z DEBUG args='/usr/sbin/pkispawn' '-s' 'CA' '-f' > '/tmp/tmpjklK4o' > 2016-01-13T17:28:19Z DEBUG Process finished, return code=1 > 2016-01-13T17:28:19Z DEBUG stdout=Log file: /var/log/pki/pki-ca- > spawn.20160113122746.log > Loading deployment configuration from /tmp/tmpjklK4o. > Installing CA into /var/lib/pki/pki-tomcat. > Storing deployment configuration into /etc/sysconfig/pki/tomcat/pki- > tomcat/ca/deployment.cfg. > > Installation failed. > > > 2016-01-13T17:28:19Z DEBUG stderr=/usr/lib/python2.7/site- > packages/urllib3/connectionpool.py:769: InsecureRequestWarning: > Unverified HTTPS request is being made. Adding certifi > cate verification is strongly advised. See: https://urllib3.readthedo > cs.org/en/latest/security.html > ? InsecureRequestWarning) > pkispawn????: WARNING??....... unable to validate security domain > user/password through REST interface. Interface not available > pkispawn????: ERROR????....... Exception from Java Configuration > Servlet: 500 Server Error: Internal Server Error > pkispawn????: ERROR????....... ParseError: not well-formed (invalid > token): line 1, column 0: > {"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base > .PKIException > ","Code":500,"Message":"Clone does not have all the required > certificates"}? > > 2016-01-13T17:28:19Z CRITICAL Failed to configure CA instance: > Command ''/usr/sbin/pkispawn' '-s' 'CA' '-f' '/tmp/tmpjklK4o'' > returned non-zero exit status 1 > 2016-01-13T17:28:19Z CRITICAL See the installation logs and the > following files/directories for more information: > 2016-01-13T17:28:19Z CRITICAL???/var/log/pki-ca-install.log > 2016-01-13T17:28:19Z CRITICAL???/var/log/pki/pki-tomcat > 2016-01-13T17:28:19Z DEBUG Traceback (most recent call last): > ? File "/usr/lib/python2.7/site- > packages/ipaserver/install/service.py", line 418, in start_creation > ????run_step(full_msg, method) > ? File "/usr/lib/python2.7/site- > packages/ipaserver/install/service.py", line 408, in run_step > ????method() > ? File "/usr/lib/python2.7/site- > packages/ipaserver/install/cainstance.py", line 620, in > __spawn_instance > ????DogtagInstance.spawn_instance(self, cfg_file) > ? File "/usr/lib/python2.7/site- > packages/ipaserver/install/dogtaginstance.py", line 201, in > spawn_instance > ????self.handle_setup_error(e) > ? File "/usr/lib/python2.7/site- > packages/ipaserver/install/dogtaginstance.py", line 465, in > handle_setup_error > ????raise RuntimeError("%s configuration failed." % self.subsystem) > RuntimeError: CA configuration failed. > > 2016-01-13T17:28:19Z DEBUG???[error] RuntimeError: CA configuration > failed. > 2016-01-13T17:28:19Z DEBUG???File "/usr/lib/python2.7/site- > packages/ipapython/admintool.py", line 171, in execute > ????return_value = self.run() > ? File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", > line 311, in run > > > > It looks to me that the original, first install version 3.0 system is > generating a bad gpg file. ?Will a reinstall of the orginal cert file > solve this? If so, where and what is the best procedure? Is there a > way to add CA capability to an existing master replicant by reusing > it's original replica.gpg file? > > Background: the old v3.0 system runs on a virtual machine (ovirt). > The physical host had a series of "bad days" that involved multiple > crashes and lock-ups that were ultimately attributed to insufficient > cooling of the RAID card. It is suspected that the data was scrambled > on the drive. The original cert is backed up but the remaining > machine backups are of dubious quality (long story - bad week at the > datacenter). > > This is the last system on old hardware that was hit when the > datacenter cooling totally failed and erased all the backups. Some > days your're the pigeon, some days you're the statue. > > > --? > > > > Jim Kinney > Senior System Administrator > 36 Eagle Row Suite 588 > Department of Biomedical Informatics > Emory University School of Medicine > jkinney at emory.edu > 404-712-0300 > --? > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project -- Jim Kinney Senior System Administrator 36 Eagle Row Suite 588 Department of Biomedical Informatics Emory University School of Medicine jkinney at emory.edu 404-712-0300 -------------- next part -------------- An HTML attachment was scrubbed... URL: From jeff.hallyburton at bloomip.com Thu Jan 14 01:04:36 2016 From: jeff.hallyburton at bloomip.com (Jeff Hallyburton) Date: Wed, 13 Jan 2016 20:04:36 -0500 Subject: [Freeipa-users] FreeIPA Replica / HA Issues Message-ID: We've deployed a FreeIPA server in a client infrastructure and now we're working on making that setup HA. We've created a replica and I can verify that the replica has connectivity to the existing master and ensured that the auto-discovery DNS records are set up for LDAP / Kerberos / etc, but I'm having a couple of issues with clients: 1. ipa-client-install fails with the following error whenever a server is not explicitly specified (though explicitly specifying either the original master OR the replica works fine): trying https://ipa1.west-2.production.example.com/ipa/json Cannot connect to the server due to Kerberos error: Kerberos error: Kerberos error: ('Unspecified GSS failure. Minor code may provide more information', 851968)/('Cannot find KDC for realm "EXAMPLE.COM"', -1765328230)/. Trying with delegate=True trying https://ipa1.west-2.production.example.com/ipa/json Second connect with delegate=True also failed: Kerberos error: Kerberos error: ('Unspecified GSS failure. Minor code may provide more information', 851968)/('Cannot find KDC for realm "EXAMPLE.COM"', -1765328230)/ Cannot connect to the IPA server RPC interface: Kerberos error: Kerberos error: ('Unspecified GSS failure. Minor code may provide more information', 851968)/('Cannot find KDC for realm "EXAMPLE.COM"', -1765328230)/ Installation failed. Rolling back changes. Failed to list certificates in /etc/ipa/nssdb: Command ''/usr/bin/certutil' '-d' '/etc/ipa/nssdb' '-L'' returned non-zero exit status 255 Unenrolling client from IPA server Unenrolling host failed: Error obtaining initial credentials: Cannot find KDC for requested realm. What we see in the install logs is: 2016-01-14T00:45:39Z INFO Configured /etc/krb5.conf for IPA realm EXAMPLE.COM 2016-01-14T00:45:39Z DEBUG Starting external process 2016-01-14T00:45:39Z DEBUG args='keyctl' 'search' '@s' 'user' 'ipa_session_cookie:host/test.west-2.production.example.com at EXAMPLE.COM' 2016-01-14T00:45:39Z DEBUG Process finished, return code=1 2016-01-14T00:45:39Z DEBUG stdout= 2016-01-14T00:45:39Z DEBUG stderr=keyctl_search: Required key not available 2016-01-14T00:45:39Z DEBUG Starting external process 2016-01-14T00:45:39Z DEBUG args='/usr/bin/certutil' '-d' '/tmp/tmpCJNEzU' '-N' '-f' '/tmp/tmpPN7H8R' 2016-01-14T00:45:39Z DEBUG Process finished, return code=0 2016-01-14T00:45:39Z DEBUG stdout= 2016-01-14T00:45:39Z DEBUG stderr= 2016-01-14T00:45:39Z DEBUG Starting external process 2016-01-14T00:45:39Z DEBUG args='/usr/bin/certutil' '-d' '/tmp/tmpCJNEzU' '-A' '-n' 'CA certificate 1' '-t' 'C,,' 2016-01-14T00:45:39Z DEBUG Process finished, return code=0 2016-01-14T00:45:39Z DEBUG stdout= 2016-01-14T00:45:39Z DEBUG stderr= 2016-01-14T00:45:39Z DEBUG Starting external process 2016-01-14T00:45:39Z DEBUG args='keyctl' 'search' '@s' 'user' 'ipa_session_cookie:host/test.west-2.production.example.com at EXAMPLE.COM' 2016-01-14T00:45:39Z DEBUG Process finished, return code=1 2016-01-14T00:45:39Z DEBUG stdout= 2016-01-14T00:45:39Z DEBUG stderr=keyctl_search: Required key not available 2016-01-14T00:45:39Z DEBUG failed to find session_cookie in persistent storage for principal 'host/test.west-2.production.example.com at EXAMPLE.COM' 2016-01-14T00:45:39Z INFO trying https://ipa1.west-2.production.example.com/ipa/json 2016-01-14T00:45:39Z INFO Cannot connect to the server due to Kerberos error: Kerberos error: Kerberos error: ('Unspecified GSS failure. Minor code may provide more information', 851968)/('Cannot find KDC for realm " EXAMPLE.COM"', -1765328230)/. Trying with delegate=True 2016-01-14T00:45:39Z INFO trying https://ipa1.west-2.production.example.com/ipa/json 2016-01-14T00:45:39Z WARNING Second connect with delegate=True also failed: Kerberos error: Kerberos error: ('Unspecified GSS failure. Minor code may provide more information', 851968)/('Cannot find KDC for realm "EXAMPLE.COM"', -1765328230)/ 2016-01-14T00:45:39Z ERROR Cannot connect to the IPA server RPC interface: Kerberos error: Kerberos error: ('Unspecified GSS failure. Minor code may provide more information', 851968)/('Cannot find KDC for realm "EXAMPLE.COM"', -1765328230)/ 2016-01-14T00:45:39Z ERROR Installation failed. Rolling back changes. 2016-01-14T00:45:39Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2016-01-14T00:45:39Z DEBUG Starting external process 2016-01-14T00:45:39Z DEBUG args='ipa-client-automount' '--uninstall' '--debug' 2016-01-14T00:45:40Z DEBUG Process finished, return code=0 2016-01-14T00:45:40Z DEBUG stdout=Restoring configuration 2. Related to this, all of our existing clients have been configured with explicit server= statements, meaning that they don't pick up the replica either. Is there any way to manually fix this post installation, or will we simply have to uninstall and reinstall the ipa client? Thanks, Jeff Jeff Hallyburton Strategic Systems Engineer Bloomip Inc. Web: http://www.bloomip.com Engineering Support: support at bloomip.com Billing Support: billing at bloomip.com Customer Support Portal: https://my.bloomip.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From rcritten at redhat.com Thu Jan 14 01:35:44 2016 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 13 Jan 2016 20:35:44 -0500 Subject: [Freeipa-users] FreeIPA Replica / HA Issues In-Reply-To: References: Message-ID: <5696FB70.1090205@redhat.com> Jeff Hallyburton wrote: > We've deployed a FreeIPA server in a client infrastructure and now we're > working on making that setup HA. We've created a replica and I can > verify that the replica has connectivity to the existing master and > ensured that the auto-discovery DNS records are set up for LDAP / > Kerberos / etc, but I'm having a couple of issues with clients: > > 1. ipa-client-install fails with the following error whenever a server > is not explicitly specified (though explicitly specifying either the > original master OR the replica works fine): > > trying https://ipa1.west-2.production.example.com/ipa/json > > Cannot connect to the server due to Kerberos error: Kerberos error: > Kerberos error: ('Unspecified GSS failure. Minor code may provide more > information', 851968)/('Cannot find KDC for realm "EXAMPLE.COM > "', -1765328230)/. Trying with delegate=True > > trying https://ipa1.west-2.production.example.com/ipa/json > > Second connect with delegate=True also failed: Kerberos error: Kerberos > error: ('Unspecified GSS failure. Minor code may provide more > information', 851968)/('Cannot find KDC for realm "EXAMPLE.COM > "', -1765328230)/ > > Cannot connect to the IPA server RPC interface: Kerberos error: Kerberos > error: ('Unspecified GSS failure. Minor code may provide more > information', 851968)/('Cannot find KDC for realm "EXAMPLE.COM > "', -1765328230)/ > > Installation failed. Rolling back changes. > > Failed to list certificates in /etc/ipa/nssdb: Command > ''/usr/bin/certutil' '-d' '/etc/ipa/nssdb' '-L'' returned non-zero exit > status 255 > > Unenrolling client from IPA server > > Unenrolling host failed: Error obtaining initial credentials: Cannot > find KDC for requested realm. > > > What we see in the install logs is: > > 2016-01-14T00:45:39Z INFO Configured /etc/krb5.conf for IPA realm > EXAMPLE.COM > > 2016-01-14T00:45:39Z DEBUG Starting external process > > 2016-01-14T00:45:39Z DEBUG args='keyctl' 'search' '@s' 'user' > 'ipa_session_cookie:host/test.west-2.production.example.com at EXAMPLE.COM > ' > > 2016-01-14T00:45:39Z DEBUG Process finished, return code=1 > > 2016-01-14T00:45:39Z DEBUG stdout= > > 2016-01-14T00:45:39Z DEBUG stderr=keyctl_search: Required key not available > > > 2016-01-14T00:45:39Z DEBUG Starting external process > > 2016-01-14T00:45:39Z DEBUG args='/usr/bin/certutil' '-d' > '/tmp/tmpCJNEzU' '-N' '-f' '/tmp/tmpPN7H8R' > > 2016-01-14T00:45:39Z DEBUG Process finished, return code=0 > > 2016-01-14T00:45:39Z DEBUG stdout= > > 2016-01-14T00:45:39Z DEBUG stderr= > > 2016-01-14T00:45:39Z DEBUG Starting external process > > 2016-01-14T00:45:39Z DEBUG args='/usr/bin/certutil' '-d' > '/tmp/tmpCJNEzU' '-A' '-n' 'CA certificate 1' '-t' 'C,,' > > 2016-01-14T00:45:39Z DEBUG Process finished, return code=0 > > 2016-01-14T00:45:39Z DEBUG stdout= > > 2016-01-14T00:45:39Z DEBUG stderr= > > 2016-01-14T00:45:39Z DEBUG Starting external process > > 2016-01-14T00:45:39Z DEBUG args='keyctl' 'search' '@s' 'user' > 'ipa_session_cookie:host/test.west-2.production.example.com at EXAMPLE.COM > ' > > 2016-01-14T00:45:39Z DEBUG Process finished, return code=1 > > 2016-01-14T00:45:39Z DEBUG stdout= > > 2016-01-14T00:45:39Z DEBUG stderr=keyctl_search: Required key not available > > > 2016-01-14T00:45:39Z DEBUG failed to find session_cookie in persistent > storage for principal > 'host/test.west-2.production.example.com at EXAMPLE.COM > ' > > 2016-01-14T00:45:39Z INFO trying > https://ipa1.west-2.production.example.com/ipa/json > > 2016-01-14T00:45:39Z INFO Cannot connect to the server due to Kerberos > error: Kerberos error: Kerberos error: ('Unspecified GSS failure. Minor > code may provide more information', 851968)/('Cannot find KDC for realm > "EXAMPLE.COM "', -1765328230)/. Trying with > delegate=True > > 2016-01-14T00:45:39Z INFO trying > https://ipa1.west-2.production.example.com/ipa/json > > 2016-01-14T00:45:39Z WARNING Second connect with delegate=True also > failed: Kerberos error: Kerberos error: ('Unspecified GSS failure. > Minor code may provide more information', 851968)/('Cannot find KDC for > realm "EXAMPLE.COM "', -1765328230)/ > > 2016-01-14T00:45:39Z ERROR Cannot connect to the IPA server RPC > interface: Kerberos error: Kerberos error: ('Unspecified GSS failure. > Minor code may provide more information', 851968)/('Cannot find KDC for > realm "EXAMPLE.COM "', -1765328230)/ > > 2016-01-14T00:45:39Z ERROR Installation failed. Rolling back changes. > > 2016-01-14T00:45:39Z DEBUG Loading Index file from > '/var/lib/ipa/sysrestore/sysrestore.index' > > 2016-01-14T00:45:39Z DEBUG Starting external process > > 2016-01-14T00:45:39Z DEBUG args='ipa-client-automount' '--uninstall' > '--debug' > > 2016-01-14T00:45:40Z DEBUG Process finished, return code=0 > > 2016-01-14T00:45:40Z DEBUG stdout=Restoring configuration > > > 2. Related to this, all of our existing clients have been configured > with explicit server= statements, meaning that they don't pick up the > replica either. Is there any way to manually fix this post > installation, or will we simply have to uninstall and reinstall the ipa > client? It would be easier to see what is going on by looking at the full /var/log/ipaclient-install.log. What we need to see is how discovery went and what the contents of various configuration files, temporary and permanent, are. rob From jeff.hallyburton at bloomip.com Thu Jan 14 02:02:39 2016 From: jeff.hallyburton at bloomip.com (Jeff Hallyburton) Date: Wed, 13 Jan 2016 21:02:39 -0500 Subject: [Freeipa-users] FreeIPA Replica / HA Issues In-Reply-To: <5696FB70.1090205@redhat.com> References: <5696FB70.1090205@redhat.com> Message-ID: Rob, Full log is attached. Jeff Jeff Hallyburton Strategic Systems Engineer Bloomip Inc. Web: http://www.bloomip.com Engineering Support: support at bloomip.com Billing Support: billing at bloomip.com Customer Support Portal: https://my.bloomip.com On Wed, Jan 13, 2016 at 8:35 PM, Rob Crittenden wrote: > Jeff Hallyburton wrote: > > We've deployed a FreeIPA server in a client infrastructure and now we're > > working on making that setup HA. We've created a replica and I can > > verify that the replica has connectivity to the existing master and > > ensured that the auto-discovery DNS records are set up for LDAP / > > Kerberos / etc, but I'm having a couple of issues with clients: > > > > 1. ipa-client-install fails with the following error whenever a server > > is not explicitly specified (though explicitly specifying either the > > original master OR the replica works fine): > > > > trying https://ipa1.west-2.production.example.com/ipa/json > > > > Cannot connect to the server due to Kerberos error: Kerberos error: > > Kerberos error: ('Unspecified GSS failure. Minor code may provide more > > information', 851968)/('Cannot find KDC for realm "EXAMPLE.COM > > "', -1765328230)/. Trying with delegate=True > > > > trying https://ipa1.west-2.production.example.com/ipa/json > > > > Second connect with delegate=True also failed: Kerberos error: Kerberos > > error: ('Unspecified GSS failure. Minor code may provide more > > information', 851968)/('Cannot find KDC for realm "EXAMPLE.COM > > "', -1765328230)/ > > > > Cannot connect to the IPA server RPC interface: Kerberos error: Kerberos > > error: ('Unspecified GSS failure. Minor code may provide more > > information', 851968)/('Cannot find KDC for realm "EXAMPLE.COM > > "', -1765328230)/ > > > > Installation failed. Rolling back changes. > > > > Failed to list certificates in /etc/ipa/nssdb: Command > > ''/usr/bin/certutil' '-d' '/etc/ipa/nssdb' '-L'' returned non-zero exit > > status 255 > > > > Unenrolling client from IPA server > > > > Unenrolling host failed: Error obtaining initial credentials: Cannot > > find KDC for requested realm. > > > > > > What we see in the install logs is: > > > > 2016-01-14T00:45:39Z INFO Configured /etc/krb5.conf for IPA realm > > EXAMPLE.COM > > > > 2016-01-14T00:45:39Z DEBUG Starting external process > > > > 2016-01-14T00:45:39Z DEBUG args='keyctl' 'search' '@s' 'user' > > 'ipa_session_cookie:host/test.west-2.production.example.com at EXAMPLE.COM > > ' > > > > 2016-01-14T00:45:39Z DEBUG Process finished, return code=1 > > > > 2016-01-14T00:45:39Z DEBUG stdout= > > > > 2016-01-14T00:45:39Z DEBUG stderr=keyctl_search: Required key not > available > > > > > > 2016-01-14T00:45:39Z DEBUG Starting external process > > > > 2016-01-14T00:45:39Z DEBUG args='/usr/bin/certutil' '-d' > > '/tmp/tmpCJNEzU' '-N' '-f' '/tmp/tmpPN7H8R' > > > > 2016-01-14T00:45:39Z DEBUG Process finished, return code=0 > > > > 2016-01-14T00:45:39Z DEBUG stdout= > > > > 2016-01-14T00:45:39Z DEBUG stderr= > > > > 2016-01-14T00:45:39Z DEBUG Starting external process > > > > 2016-01-14T00:45:39Z DEBUG args='/usr/bin/certutil' '-d' > > '/tmp/tmpCJNEzU' '-A' '-n' 'CA certificate 1' '-t' 'C,,' > > > > 2016-01-14T00:45:39Z DEBUG Process finished, return code=0 > > > > 2016-01-14T00:45:39Z DEBUG stdout= > > > > 2016-01-14T00:45:39Z DEBUG stderr= > > > > 2016-01-14T00:45:39Z DEBUG Starting external process > > > > 2016-01-14T00:45:39Z DEBUG args='keyctl' 'search' '@s' 'user' > > 'ipa_session_cookie:host/test.west-2.production.example.com at EXAMPLE.COM > > ' > > > > 2016-01-14T00:45:39Z DEBUG Process finished, return code=1 > > > > 2016-01-14T00:45:39Z DEBUG stdout= > > > > 2016-01-14T00:45:39Z DEBUG stderr=keyctl_search: Required key not > available > > > > > > 2016-01-14T00:45:39Z DEBUG failed to find session_cookie in persistent > > storage for principal > > 'host/test.west-2.production.example.com at EXAMPLE.COM > > ' > > > > 2016-01-14T00:45:39Z INFO trying > > https://ipa1.west-2.production.example.com/ipa/json > > > > 2016-01-14T00:45:39Z INFO Cannot connect to the server due to Kerberos > > error: Kerberos error: Kerberos error: ('Unspecified GSS failure. Minor > > code may provide more information', 851968)/('Cannot find KDC for realm > > "EXAMPLE.COM "', -1765328230)/. Trying with > > delegate=True > > > > 2016-01-14T00:45:39Z INFO trying > > https://ipa1.west-2.production.example.com/ipa/json > > > > 2016-01-14T00:45:39Z WARNING Second connect with delegate=True also > > failed: Kerberos error: Kerberos error: ('Unspecified GSS failure. > > Minor code may provide more information', 851968)/('Cannot find KDC for > > realm "EXAMPLE.COM "', -1765328230)/ > > > > 2016-01-14T00:45:39Z ERROR Cannot connect to the IPA server RPC > > interface: Kerberos error: Kerberos error: ('Unspecified GSS failure. > > Minor code may provide more information', 851968)/('Cannot find KDC for > > realm "EXAMPLE.COM "', -1765328230)/ > > > > 2016-01-14T00:45:39Z ERROR Installation failed. Rolling back changes. > > > > 2016-01-14T00:45:39Z DEBUG Loading Index file from > > '/var/lib/ipa/sysrestore/sysrestore.index' > > > > 2016-01-14T00:45:39Z DEBUG Starting external process > > > > 2016-01-14T00:45:39Z DEBUG args='ipa-client-automount' '--uninstall' > > '--debug' > > > > 2016-01-14T00:45:40Z DEBUG Process finished, return code=0 > > > > 2016-01-14T00:45:40Z DEBUG stdout=Restoring configuration > > > > > > 2. Related to this, all of our existing clients have been configured > > with explicit server= statements, meaning that they don't pick up the > > replica either. Is there any way to manually fix this post > > installation, or will we simply have to uninstall and reinstall the ipa > > client? > > It would be easier to see what is going on by looking at the full > /var/log/ipaclient-install.log. What we need to see is how discovery > went and what the contents of various configuration files, temporary and > permanent, are. > > rob > > -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: ipaclient-install.log Type: application/octet-stream Size: 54958 bytes Desc: not available URL: From Nathan.Peters at globalrelay.net Thu Jan 14 06:18:47 2016 From: Nathan.Peters at globalrelay.net (Nathan Peters) Date: Thu, 14 Jan 2016 06:18:47 +0000 Subject: [Freeipa-users] Replication failing on FreeIPA 4.2.0 Message-ID: This just keeps on getting better and better. I need this replication working properly because it has caused about 7 or 8 builds to fail today alone so I decided to just be done with troubleshooting and remove the server from the domain and re-initialize it. I deleted it with 'ipa-replica-manage del dc1-ipa-dev-nvan.mydomain.net' and then removed then ran an ipa-server uninstall. I then made a new gpg file for it on dc1-van and added it back as a replica. After I did that, I wanted to connect all 3 servers together and when I run ipa-replica-manage connect on dc2-nvan I get this now. I'm not sure how troubleshoot that. dc1-ipa-dev-nvan.mydomain.net is an IPA Server, but it might be unknown, foreign or previously deleted one. From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Nathan Peters Sent: January-13-16 9:56 AM To: Ludwig Krispenz; freeipa-users at redhat.com Subject: Re: [Freeipa-users] Replication failing on FreeIPA 4.2.0 plus ldapmodify freezes up There were a lot of log entries from that first time and I wasn't sure if there was a limit to the size of the posts to this list. Here are some fuller logs as requested. Logs from around 10 seconds during the changeon both, and logs from reboot on dc1-nvan ===================================== startup logs of dc1-nvan after reboot ===================================== [13/Jan/2016:16:48:40 +0000] - slapd stopped. [13/Jan/2016:16:49:35 +0000] - SSL alert: Configured NSS Ciphers [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_RSA_WITH_AES_256_GCM_SHA384: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_RSA_WITH_AES_256_CBC_SHA: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_RSA_WITH_AES_256_CBC_SHA256: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_RSA_WITH_AES_128_GCM_SHA256: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_RSA_WITH_AES_128_CBC_SHA: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_RSA_WITH_AES_128_CBC_SHA256: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled [13/Jan/2016:16:49:35 +0000] - SSL alert: TLS_RSA_WITH_SEED_CBC_SHA: enabled [13/Jan/2016:16:49:35 +0000] SSL Initialization - Configured SSL version range: min: TLS1.0, max: TLS1.2 [13/Jan/2016:16:49:35 +0000] - 389-Directory/1.3.4.0 B2015.343.1254 starting up [13/Jan/2016:16:49:36 +0000] - WARNING: userRoot: entry cache size 512000B is less than db size 16547840B; We recommend to increase the entry cache size nsslapd-cachememsize. [13/Jan/2016:16:49:36 +0000] - WARNING: changelog: entry cache size 512000B is less than db size 158687232B; We recommend to increase the entry cache size nsslapd-cachememsize. [13/Jan/2016:16:49:36 +0000] schema-compat-plugin - warning: no entries set up under cn=computers, cn=compat,dc=mydomain,dc=net [13/Jan/2016:16:49:39 +0000] NSACLPlugin - The ACL target cn=groups,cn=compat,dc=mydomain,dc=net does not exist [13/Jan/2016:16:49:39 +0000] NSACLPlugin - The ACL target cn=computers,cn=compat,dc=mydomain,dc=net does not exist [13/Jan/2016:16:49:39 +0000] NSACLPlugin - The ACL target cn=ng,cn=compat,dc=mydomain,dc=net does not exist [13/Jan/2016:16:49:39 +0000] NSACLPlugin - The ACL target ou=sudoers,dc=mydomain,dc=net does not exist [13/Jan/2016:16:49:39 +0000] NSACLPlugin - The ACL target cn=users,cn=compat,dc=mydomain,dc=net does not exist [13/Jan/2016:16:49:39 +0000] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=mydomain,dc=net does not exist [13/Jan/2016:16:49:39 +0000] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=mydomain,dc=net does not exist [13/Jan/2016:16:49:39 +0000] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=mydomain,dc=net does not exist [13/Jan/2016:16:49:39 +0000] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=mydomain,dc=net does not exist [13/Jan/2016:16:49:39 +0000] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=mydomain,dc=net does not exist [13/Jan/2016:16:49:39 +0000] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=mydomain,dc=net does not exist [13/Jan/2016:16:49:39 +0000] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=mydomain,dc=net does not exist [13/Jan/2016:16:49:39 +0000] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=mydomain,dc=net does not exist [13/Jan/2016:16:49:39 +0000] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=mydomain,dc=net does not exist [13/Jan/2016:16:49:39 +0000] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=mydomain,dc=net does not exist [13/Jan/2016:16:49:39 +0000] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=mydomain,dc=net does not exist [13/Jan/2016:16:49:39 +0000] NSACLPlugin - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=mydomain,dc=net does not exist [13/Jan/2016:16:49:39 +0000] NSACLPlugin - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=mydomain,dc=net does not exist [13/Jan/2016:16:49:39 +0000] NSACLPlugin - The ACL target cn=automember rebuild membership,cn=tasks,cn=config does not exist [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - changelog program - _cl5AppInit: fetched backend dbEnv (7f3647916fb0) [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - changelog program - _cl5NewDBFile: semaphore /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74.sema [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - changelog program - _cl5NewDBFile: maxConcurrentWrites=2 [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - changelog program - _cl5GetEntryCount: 44298 changes for replica b26f7c93-ede211e4-bdd5a094-64a60b74 [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - changelog program - _cl5AddDBFile: Added new DB object 7f364812a790 [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - changelog program - _cl5DBOpenFileByReplicaName: created new DB object 7f364812a790 [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - changelog program - _cl5DBOpen: opened 1 existing databases in /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - Found replication agreement named "cn=meTodc1-ipa-dev-van.mydomain.net,cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config". [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - agmtlist_config_init: found 1 replication agreements in DIT [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): No linger to cancel on the connection [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): Disconnected from the consumer [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: start -> ready_to_acquire_replica [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): Trying non-secure slapi_ldap_init_ext [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - changelog max RUV: {replicageneration} 553fe9bb000000040000 [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - changelog max RUV: {replica 5} 56947ab7000200050000 5695cad2000400050000 00000000 [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - changelog max RUV: {replica 3} 56947d1f000400030000 569680da000200030000 00000000 [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - changelog max RUV: {replica 4} 56947d77000200040000 5696802b000100040000 00000000 [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - database RUV: {replicageneration} 553fe9bb000000040000 [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - database RUV: {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 569680da000200030000 00000000 [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - database RUV: {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 5696802b000100040000 00000000 [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - database RUV: {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 5695cad2000400050000 00000000 [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - ruv_compare_ruv: the max CSN [569680da000200030000] from RUV [database RUV] is less than or equal to the max CSN [569680da000200030000] from RUV [changelog max RUV] for element [{replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 569680da000200030000] [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - ruv_compare_ruv: the max CSN [5696802b000100040000] from RUV [database RUV] is less than or equal to the max CSN [5696802b000100040000] from RUV [changelog max RUV] for element [{replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 5696802b000100040000] [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - ruv_compare_ruv: the max CSN [5695cad2000400050000] from RUV [database RUV] is less than or equal to the max CSN [5695cad2000400050000] from RUV [changelog max RUV] for element [{replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 5695cad2000400050000] [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - ruv_compare_ruv: the max CSN [5695cad2000400050000] from RUV [changelog max RUV] is less than or equal to the max CSN [5695cad2000400050000] from RUV [database RUV] for element [{replica 5} 56947ab7000200050000 5695cad2000400050000] [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - ruv_compare_ruv: the max CSN [569680da000200030000] from RUV [changelog max RUV] is less than or equal to the max CSN [569680da000200030000] from RUV [database RUV] for element [{replica 3} 56947d1f000400030000 569680da000200030000] [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - ruv_compare_ruv: the max CSN [5696802b000100040000] from RUV [changelog max RUV] is less than or equal to the max CSN [5696802b000100040000] from RUV [database RUV] for element [{replica 4} 56947d77000200040000 5696802b000100040000] [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): binddn = , passwd = [13/Jan/2016:16:49:39 +0000] set_krb5_creds - Could not get initial credentials for principal [ldap/dc1-ipa-dev-nvan.mydomain.net at mydomain.NET] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328228 (Cannot contact any KDC for requested realm) [13/Jan/2016:16:49:39 +0000] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 0 (Success) [13/Jan/2016:16:49:39 +0000] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -1 (Can't contact LDAP server) [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): Replication bind with GSSAPI auth failed: LDAP error -1 (Can't contact LDAP server) () [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): Disconnected from the consumer [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): Beginning linger on the connection [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): No linger on the closed conn [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: ready_to_acquire_replica -> start_backoff [13/Jan/2016:16:49:39 +0000] - _csngen_adjust_local_time: gen state before 569680da0005:1452703718:118:126 [13/Jan/2016:16:49:39 +0000] - _csngen_adjust_local_time: gen state after 569680da0005:1452703779:57:126 [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569680da000500030000 into pending list [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - Purged state information from entry dc=mydomain,dc=net up to CSN 568d465a000200030000 [13/Jan/2016:16:49:39 +0000] NSMMReplicationPlugin - csn=569680da000500030000 process postop: canceling operation csn [13/Jan/2016:16:49:40 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3093210 (rc: 32) [13/Jan/2016:16:49:40 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3093211 (rc: 32) [13/Jan/2016:16:49:40 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3093212 (rc: 32) [13/Jan/2016:16:49:40 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3093213 (rc: 32) [13/Jan/2016:16:49:40 +0000] - slapd started. Listening on All Interfaces port 389 for LDAP requests [13/Jan/2016:16:49:40 +0000] - Listening on All Interfaces port 636 for LDAPS requests [13/Jan/2016:16:49:40 +0000] - Listening on /var/run/slapd-MYDOMAIN-NET.socket for LDAPI requests [13/Jan/2016:16:49:40 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3093214 (rc: 32) ---LINES OMMITTED FOR BREVITY--- [13/Jan/2016:16:49:41 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3096277 (rc: 32) [13/Jan/2016:16:49:41 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:41 +0000] NSMMReplicationPlugin - changelog program - cl5GetOperationCount: found DB object 7f364812a790 [13/Jan/2016:16:49:41 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3096278 (rc: 32) [13/Jan/2016:16:49:41 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:41 +0000] NSMMReplicationPlugin - changelog program - cl5GetOperationCount: found DB object 7f364812a790 [13/Jan/2016:16:49:41 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3096279 (rc: 32) ---LINES OMMITTED FOR BREVITY--- [13/Jan/2016:16:49:42 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3097819 (rc: 32) [13/Jan/2016:16:49:42 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: start_backoff -> backoff [13/Jan/2016:16:49:42 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): Trying non-secure slapi_ldap_init_ext [13/Jan/2016:16:49:42 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3097820 (rc: 32) [13/Jan/2016:16:49:42 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): binddn = , passwd = [13/Jan/2016:16:49:42 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3097821 (rc: 32) ---LINES OMMITTED FOR BREVITY--- [13/Jan/2016:16:49:42 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3097937 (rc: 32) [13/Jan/2016:16:49:42 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:42 +0000] - dn2entry_ext: Failed to get id for changenumber=3097938,cn=changelog from entryrdn index (-30993) [13/Jan/2016:16:49:42 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3097938 (rc: 1) [13/Jan/2016:16:49:42 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:42 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569680da000600030000 [13/Jan/2016:16:49:42 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3097939 (rc: 32) [13/Jan/2016:16:49:42 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3097940 (rc: 32) [13/Jan/2016:16:49:42 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3097941 (rc: 32) [13/Jan/2016:16:49:42 +0000] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 0 (Success) [13/Jan/2016:16:49:42 +0000] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -1 (Can't contact LDAP server) [13/Jan/2016:16:49:42 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): Replication bind with GSSAPI auth failed: LDAP error -1 (Can't contact LDAP server) () [13/Jan/2016:16:49:42 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): Disconnected from the consumer [13/Jan/2016:16:49:42 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): Beginning linger on the connection [13/Jan/2016:16:49:42 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): No linger on the closed conn [13/Jan/2016:16:49:42 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): Replication session backing off for 6 seconds [13/Jan/2016:16:49:42 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): Incremental protocol: can't go to sleep: event bits - 4 [13/Jan/2016:16:49:42 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:16:49:42 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3097942 (rc: 32) ---LINES OMMITTED FOR BREVITY--- [13/Jan/2016:16:49:42 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3098351 (rc: 32) [13/Jan/2016:16:49:42 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569680da000700030000 into pending list [13/Jan/2016:16:49:42 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3098352 (rc: 32) [13/Jan/2016:16:49:42 +0000] NSMMReplicationPlugin - Purged state information from entry krbprincipalname=DNS/dc1-ipa-dev-nvan.mydomain.net at mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net up to CSN 568d465a000600030000 [13/Jan/2016:16:49:42 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3098353 (rc: 32) [13/Jan/2016:16:49:42 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3098354 (rc: 32) [13/Jan/2016:16:49:42 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3098355 (rc: 32) [13/Jan/2016:16:49:42 +0000] - dn2entry_ext: Failed to get id for changenumber=3098356,cn=changelog from entryrdn index (-30993) [13/Jan/2016:16:49:42 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:42 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3098356 (rc: 1) [13/Jan/2016:16:49:42 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:42 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569680da000700030000 [13/Jan/2016:16:49:42 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3098357 (rc: 32) [13/Jan/2016:16:49:42 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3098358 (rc: 32) [13/Jan/2016:16:49:42 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3098359 (rc: 32) [13/Jan/2016:16:49:42 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3098360 (rc: 32) [13/Jan/2016:16:49:42 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3098361 (rc: 32) [13/Jan/2016:16:49:42 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3098362 (rc: 32) [13/Jan/2016:16:49:42 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3098363 (rc: 32) [13/Jan/2016:16:49:42 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3098364 (rc: 32) [13/Jan/2016:16:49:42 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3098365 (rc: 32) [13/Jan/2016:16:49:42 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:16:49:42 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3098366 (rc: 32) ---LINES OMMITTED FOR BREVITY--- [13/Jan/2016:16:49:44 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3100443 (rc: 32) [13/Jan/2016:16:49:44 +0000] - _csngen_adjust_local_time: gen state before 569680da000b:1452703783:53:126 [13/Jan/2016:16:49:44 +0000] - _csngen_adjust_local_time: gen state after 569680da000b:1452703784:52:126 [13/Jan/2016:16:49:44 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3100444 (rc: 32) [13/Jan/2016:16:49:44 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569680da000b00030000 into pending list [13/Jan/2016:16:49:44 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3100445 (rc: 32) [13/Jan/2016:16:49:44 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3100446 (rc: 32) [13/Jan/2016:16:49:44 +0000] NSMMReplicationPlugin - Purged state information from entry idnsname=login.mydomain.net.,cn=dns,dc=mydomain,dc=net up to CSN 568d465a000a00030000 [13/Jan/2016:16:49:44 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3100447 (rc: 32) [13/Jan/2016:16:49:44 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3100448 (rc: 32) [13/Jan/2016:16:49:44 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3100449 (rc: 32) [13/Jan/2016:16:49:44 +0000] - dn2entry_ext: Failed to get id for changenumber=3100450,cn=changelog from entryrdn index (-30993) [13/Jan/2016:16:49:44 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:44 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3100450 (rc: 1) [13/Jan/2016:16:49:44 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:44 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569680da000b00030000 [13/Jan/2016:16:49:44 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3100451 (rc: 32) ---LINES OMMITTED FOR BREVITY--- [13/Jan/2016:16:49:45 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3100711 (rc: 32) [13/Jan/2016:16:49:45 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:16:49:45 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3100712 (rc: 32) ---LINES OMMITTED FOR BREVITY--- [13/Jan/2016:16:49:47 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3101060 (rc: 32) [13/Jan/2016:16:49:47 +0000] - _csngen_adjust_local_time: gen state before 569680da000c:1452703784:52:126 [13/Jan/2016:16:49:47 +0000] - _csngen_adjust_local_time: gen state after 569680da000c:1452703787:49:126 [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569680da000c00030000 into pending list [13/Jan/2016:16:49:47 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3101061 (rc: 32) [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - Purged state information from entry idnsname=33.148.10.in-addr.arpa.,cn=dns,dc=mydomain,dc=net up to CSN 568d465a000b00030000 [13/Jan/2016:16:49:47 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3101062 (rc: 32) [13/Jan/2016:16:49:47 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3101063 (rc: 32) [13/Jan/2016:16:49:47 +0000] - dn2entry_ext: Failed to get id for changenumber=3101064,cn=changelog from entryrdn index (-30993) [13/Jan/2016:16:49:47 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3101064 (rc: 1) [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569680da000c00030000 [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:16:49:47 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3101065 (rc: 32) [13/Jan/2016:16:49:47 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3101066 (rc: 32) [13/Jan/2016:16:49:47 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3101067 (rc: 32) [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569680da000d00030000 into pending list [13/Jan/2016:16:49:47 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3101068 (rc: 32) [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - Purged state information from entry idnsname=37.158.10.in-addr.arpa.,cn=dns,dc=mydomain,dc=net up to CSN 568d465a000c00030000 [13/Jan/2016:16:49:47 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3101069 (rc: 32) [13/Jan/2016:16:49:47 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3101070 (rc: 32) [13/Jan/2016:16:49:47 +0000] - dn2entry_ext: Failed to get id for changenumber=3101071,cn=changelog from entryrdn index (-30993) [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:47 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3101071 (rc: 1) [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569680da000d00030000 [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569680da000e00030000 into pending list [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=hadoopcoord-log-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568d465a000d00030000 [13/Jan/2016:16:49:47 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3101072 (rc: 32) [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569680da000e00030000 [13/Jan/2016:16:49:47 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3101073 (rc: 32) [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569680da000f00030000 into pending list [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - Purged state information from entry idnsname=48.158.10.in-addr.arpa.,cn=dns,dc=mydomain,dc=net up to CSN 568d465a000e00030000 [13/Jan/2016:16:49:47 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3101074 (rc: 32) [13/Jan/2016:16:49:47 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3101075 (rc: 32) [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:16:49:47 +0000] - dn2entry_ext: Failed to get id for changenumber=3101076,cn=changelog from entryrdn index (-30993) [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:47 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3101076 (rc: 1) [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569680da000f00030000 [13/Jan/2016:16:49:47 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3101077 (rc: 32) [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:16:49:47 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3101078 (rc: 32) ---LINES OMMITTED FOR BREVITY--- [13/Jan/2016:16:49:47 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3101411 (rc: 32) [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569680da001000030000 into pending list [13/Jan/2016:16:49:47 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3101412 (rc: 32) [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - Purged state information from entry krbprincipalname=cifs/dc1-ipa-dev-nvan.mydomain.net at mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net up to CSN 568d465a000f00030000 [13/Jan/2016:16:49:47 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3101413 (rc: 32) [13/Jan/2016:16:49:47 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3101414 (rc: 32) [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569680da001000030000 [13/Jan/2016:16:49:47 +0000] - dn2entry_ext: Failed to get id for changenumber=3101415,cn=changelog from entryrdn index (-30993) [13/Jan/2016:16:49:47 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3101415 (rc: 1) [13/Jan/2016:16:49:47 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3101416 (rc: 32) ---LINES OMMITTED FOR BREVITY--- [13/Jan/2016:16:49:47 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3101455 (rc: 32) [13/Jan/2016:16:49:47 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:16:49:47 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3101456 (rc: 32) ---LINES OMMITTED FOR BREVITY--- [13/Jan/2016:16:49:48 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3102134 (rc: 32) [13/Jan/2016:16:49:48 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:16:49:48 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3102135 (rc: 32) [13/Jan/2016:16:49:48 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): Trying non-secure slapi_ldap_init_ext [13/Jan/2016:16:49:48 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3102136 (rc: 32) [13/Jan/2016:16:49:48 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): binddn = , passwd = [13/Jan/2016:16:49:48 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3102137 (rc: 32) ---LINES OMMITTED FOR BREVITY--- [13/Jan/2016:16:49:48 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3102398 (rc: 32) [13/Jan/2016:16:49:48 +0000] - _csngen_adjust_local_time: gen state before 569680da0011:1452703787:49:126 [13/Jan/2016:16:49:48 +0000] - _csngen_adjust_local_time: gen state after 569680da0011:1452703788:48:126 [13/Jan/2016:16:49:48 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3102399 (rc: 32) [13/Jan/2016:16:49:48 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569680da001100030000 into pending list [13/Jan/2016:16:49:48 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3102400 (rc: 32) [13/Jan/2016:16:49:48 +0000] NSMMReplicationPlugin - Purged state information from entry idnsname=37.160.10.in-addr.arpa.,cn=dns,dc=mydomain,dc=net up to CSN 568d465a001000030000 [13/Jan/2016:16:49:48 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3102401 (rc: 32) [13/Jan/2016:16:49:48 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3102402 (rc: 32) [13/Jan/2016:16:49:48 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3102403 (rc: 32) [13/Jan/2016:16:49:48 +0000] - dn2entry_ext: Failed to get id for changenumber=3102404,cn=changelog from entryrdn index (-30993) [13/Jan/2016:16:49:48 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:48 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3102404 (rc: 1) [13/Jan/2016:16:49:48 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:48 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569680da001100030000 [13/Jan/2016:16:49:48 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3102405 (rc: 32) ---LINES OMMITTED FOR BREVITY--- [13/Jan/2016:16:49:49 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3102676 (rc: 32) [13/Jan/2016:16:49:49 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569680da001200030000 into pending list [13/Jan/2016:16:49:49 +0000] NSMMReplicationPlugin - Purged state information from entry idnsname=12.40.10.in-addr.arpa.,cn=dns,dc=mydomain,dc=net up to CSN 568d465a001100030000 [13/Jan/2016:16:49:49 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3102677 (rc: 32) [13/Jan/2016:16:49:49 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:49 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:49 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569680da001200030000 [13/Jan/2016:16:49:49 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3102678 (rc: 32) [13/Jan/2016:16:49:49 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3102679 (rc: 32) [13/Jan/2016:16:49:49 +0000] - _csngen_adjust_local_time: gen state before 569680da0013:1452703788:48:126 [13/Jan/2016:16:49:49 +0000] - _csngen_adjust_local_time: gen state after 569680da0013:1452703789:47:126 [13/Jan/2016:16:49:49 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3102680 (rc: 32) [13/Jan/2016:16:49:49 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569680da001300030000 into pending list [13/Jan/2016:16:49:49 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3102681 (rc: 32) [13/Jan/2016:16:49:49 +0000] NSMMReplicationPlugin - Purged state information from entry krbprincipalname=cifs/dc1-ipa-dev-nvan.mydomain.net at mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net up to CSN 568d465a001200030000 [13/Jan/2016:16:49:49 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3102682 (rc: 32) [13/Jan/2016:16:49:49 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3102683 (rc: 32) [13/Jan/2016:16:49:49 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:49 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:49 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569680da001300030000 [13/Jan/2016:16:49:49 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569680da001400030000 into pending list [13/Jan/2016:16:49:49 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=hadoopcoord-log-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568d465a001300030000 [13/Jan/2016:16:49:49 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3102684 (rc: 32) [13/Jan/2016:16:49:49 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:49 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:49 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569680da001400030000 [13/Jan/2016:16:49:49 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3102685 (rc: 32) [13/Jan/2016:16:49:49 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569680da001500030000 into pending list [13/Jan/2016:16:49:49 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3102686 (rc: 32) [13/Jan/2016:16:49:49 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=indexer1-log-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568d465a001400030000 [13/Jan/2016:16:49:49 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3102687 (rc: 32) [13/Jan/2016:16:49:49 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3102688 (rc: 32) [13/Jan/2016:16:49:49 +0000] - dn2entry_ext: Failed to get id for changenumber=3102689,cn=changelog from entryrdn index (-30993) [13/Jan/2016:16:49:49 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:49 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3102689 (rc: 1) [13/Jan/2016:16:49:49 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:49:49 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569680da001500030000 [13/Jan/2016:16:49:49 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3102690 (rc: 32) ---3 THOUSAND LINES OMITTED FOR BREVITY--- [13/Jan/2016:16:49:51 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3105368 (rc: 32) [13/Jan/2016:16:50:09 +0000] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Cannot contact any KDC for realm 'mydomain.NET')) errno 115 (Operation now in progress) [13/Jan/2016:16:50:09 +0000] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local error) [13/Jan/2016:16:50:09 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Cannot contact any KDC for realm 'mydomain.NET')) [13/Jan/2016:16:50:09 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): Disconnected from the consumer [13/Jan/2016:16:50:09 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): Beginning linger on the connection [13/Jan/2016:16:50:09 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): No linger on the closed conn [13/Jan/2016:16:50:09 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): Replication session backing off for -9 seconds [13/Jan/2016:16:50:09 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): Incremental protocol: can't go to sleep: event bits - 4 [13/Jan/2016:16:50:09 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:16:50:09 +0000] - _csngen_adjust_local_time: gen state before 569680da0016:1452703789:47:126 [13/Jan/2016:16:50:09 +0000] - _csngen_adjust_local_time: gen state after 569680da0016:1452703809:27:126 [13/Jan/2016:16:50:09 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569680da001600030000 into pending list [13/Jan/2016:16:50:09 +0000] NSMMReplicationPlugin - Purged state information from entry idnsname=18.30.10.in-addr.arpa.,cn=dns,dc=mydomain,dc=net up to CSN 568d465a001500030000 [13/Jan/2016:16:50:09 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:50:09 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:50:09 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569680da001600030000 [13/Jan/2016:16:50:09 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569680da001700030000 into pending list [13/Jan/2016:16:50:09 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:16:50:09 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:50:09 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:50:09 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569680da001700030000 [13/Jan/2016:16:50:09 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:16:50:09 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569680da001800030000 into pending list [13/Jan/2016:16:50:11 +0000] - Retry count exceeded in delete [13/Jan/2016:16:50:11 +0000] DSRetroclPlugin - delete_changerecord: could not delete change record 3110876 (rc: 51) [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569680da001800030000 [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:16:50:11 +0000] - _csngen_adjust_local_time: gen state before 569680da0019:1452703809:27:126 [13/Jan/2016:16:50:11 +0000] - _csngen_adjust_local_time: gen state after 569680da0019:1452703811:25:126 [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569680da001900030000 into pending list [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - Purged state information from entry idnsname=5.30.10.in-addr.arpa.,cn=dns,dc=mydomain,dc=net up to CSN 568d465a001800030000 [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): Trying non-secure slapi_ldap_init_ext [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): binddn = , passwd = [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - changelog program - cl5GetOperationCount: found DB object 7f364812a790 [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - changelog program - cl5GetOperationCount: found DB object 7f364812a790 [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569680da001900030000 [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569680da001a00030000 into pending list [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=terrafin.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568d465a001900030000 [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569680da001a00030000 [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569680da001b00030000 into pending list [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=conv2-mc-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568d465a001a00030000 [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569680da001b00030000 [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569680da001c00030000 into pending list [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=kafka1-msg-mbsnap1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568d465a001b00030000 [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569680da001c00030000 [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569680da001d00030000 into pending list [13/Jan/2016:16:50:11 +0000] NSMMReplicationPlugin - Purged state information from entry idnsname=0.20.10.in-addr.arpa.,cn=dns,dc=mydomain,dc=net up to CSN 568d465a001c00030000 [13/Jan/2016:16:50:12 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:50:12 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:50:12 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569680da001d00030000 [13/Jan/2016:16:50:12 +0000] - _csngen_adjust_local_time: gen state before 569680da001e:1452703811:25:126 [13/Jan/2016:16:50:12 +0000] - _csngen_adjust_local_time: gen state after 569680da001e:1452703812:24:126 [13/Jan/2016:16:50:12 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569680da001e00030000 into pending list [13/Jan/2016:16:50:12 +0000] NSMMReplicationPlugin - Purged state information from entry idnsname=4.20.10.in-addr.arpa.,cn=dns,dc=mydomain,dc=net up to CSN 568d465a001d00030000 [13/Jan/2016:16:50:12 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:50:12 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:50:12 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569680da001e00030000 [13/Jan/2016:16:50:15 +0000] - _csngen_adjust_local_time: gen state before 569680da001f:1452703812:24:126 [13/Jan/2016:16:50:15 +0000] - _csngen_adjust_local_time: gen state after 569680da001f:1452703815:21:126 [13/Jan/2016:16:50:15 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569680da001f00030000 into pending list [13/Jan/2016:16:50:15 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=es1-log-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568d465a001e00030000 [13/Jan/2016:16:50:15 +0000] NSMMReplicationPlugin - conn=31 op=5 Acquired consumer connection extension [13/Jan/2016:16:50:15 +0000] NSMMReplicationPlugin - conn=31 op=5 repl="dc=mydomain,dc=net": Begin incremental protocol [13/Jan/2016:16:50:15 +0000] - csngen_adjust_time: gen state before 569680da0020:1452703815:21:126 [13/Jan/2016:16:50:15 +0000] - csngen_adjust_time: gen state after 5696813e0004:1452703815:121:126 [13/Jan/2016:16:50:15 +0000] NSMMReplicationPlugin - conn=31 op=5 repl="dc=mydomain,dc=net": Acquired replica [13/Jan/2016:16:50:15 +0000] NSMMReplicationPlugin - conn=31 op=5 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=0 rc=0 [13/Jan/2016:16:50:15 +0000] NSMMReplicationPlugin - conn=31 op=5 Relinquishing consumer connection extension [13/Jan/2016:16:50:15 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:50:15 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:50:15 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569680da001f00030000 [13/Jan/2016:16:50:15 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5696813e000400030000 into pending list [13/Jan/2016:16:50:15 +0000] NSMMReplicationPlugin - Purged state information from entry krbprincipalname=ldap/dc1-ipa-dev-van.mydomain.net at mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net up to CSN 568d465a001f00030000 [13/Jan/2016:16:50:16 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:50:16 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:50:16 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 5696813e000400030000 [13/Jan/2016:16:50:16 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5696812d000300040000 into pending list [13/Jan/2016:16:50:16 +0000] NSMMReplicationPlugin - Purged state information from entry cn=repl keep alive 4,dc=mydomain,dc=net up to CSN 568d46be000400030000 [13/Jan/2016:16:50:16 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:50:16 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f364812a790 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:50:16 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 5696812d000300040000 [13/Jan/2016:16:50:16 +0000] NSMMReplicationPlugin - conn=31 op=7 Acquired consumer connection extension [13/Jan/2016:16:50:16 +0000] NSMMReplicationPlugin - conn=31 op=7 repl="dc=mydomain,dc=net": Released replica held by locking_purl=conn=31 id=5 [13/Jan/2016:16:50:16 +0000] NSMMReplicationPlugin - conn=31 op=7 Relinquishing consumer connection extension [13/Jan/2016:16:50:16 +0000] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 0 (Success) [13/Jan/2016:16:50:16 +0000] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -1 (Can't contact LDAP server) [13/Jan/2016:16:50:16 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): Replication bind with GSSAPI auth failed: LDAP error -1 (Can't contact LDAP server) () [13/Jan/2016:16:50:16 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): Disconnected from the consumer [13/Jan/2016:16:50:16 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): Beginning linger on the connection [13/Jan/2016:16:50:16 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): No linger on the closed conn [13/Jan/2016:16:50:16 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): Replication session backing off for 8 seconds [13/Jan/2016:16:50:16 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): Incremental protocol: can't go to sleep: event bits - 4 [13/Jan/2016:16:50:16 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:16:50:17 +0000] - slapd shutting down - signaling operation threads - op stack size 20 max work q size 17 max work q stack size 17 [13/Jan/2016:16:50:17 +0000] - slapd shutting down - waiting for 29 threads to terminate [13/Jan/2016:16:50:17 +0000] - slapd shutting down - closing down internal subsystems and plugins [13/Jan/2016:16:50:17 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:16:50:17 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:16:50:17 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): No linger to cancel on the connection [13/Jan/2016:16:50:17 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): Disconnected from the consumer [13/Jan/2016:16:50:17 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): repl5_inc_stop: protocol stopped after 0 seconds [13/Jan/2016:16:50:17 +0000] NSMMReplicationPlugin - Database RUV: {replicageneration} 553fe9bb000000040000 [13/Jan/2016:16:50:17 +0000] NSMMReplicationPlugin - Database RUV: {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 5696813e000400030000 56968048 [13/Jan/2016:16:50:17 +0000] NSMMReplicationPlugin - Database RUV: {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 5696812d000300040000 56968048 [13/Jan/2016:16:50:17 +0000] NSMMReplicationPlugin - Database RUV: {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 5695cad2000400050000 00000000 [13/Jan/2016:16:50:17 +0000] NSMMReplicationPlugin - changelog program - _cl5Close: waiting for threads to exit: 1 thread(s) still active [13/Jan/2016:16:50:17 +0000] NSMMReplicationPlugin - changelog program - _cl5TrimMain: exiting [13/Jan/2016:16:50:17 +0000] NSMMReplicationPlugin - changelog program - _cl5DBClose: deleting DB object 7f364812a790 [13/Jan/2016:16:50:17 +0000] NSMMReplicationPlugin - changelog program - _cl5DBClose: closing databases in /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb [13/Jan/2016:16:50:17 +0000] NSMMReplicationPlugin - changelog program - _cl5DBCloseFile: Closing database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:16:50:17 +0000] NSMMReplicationPlugin - changelog program - _cl5DBCloseFile: Closed the changelog database handle for /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db (rc: 0) [13/Jan/2016:16:50:17 +0000] - Waiting for 4 database threads to stop [13/Jan/2016:16:50:18 +0000] - All database threads now stopped [13/Jan/2016:16:50:18 +0000] - slapd shutting down - freed 17 work q stack objects - freed 21 op stack objects [13/Jan/2016:16:50:18 +0000] - slapd stopped. ===================================== logs of dc1-nvan during change description on one machine (testhostdc1nvan) ===================================== [13/Jan/2016:17:01:12 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): Replication session backing off for 47 seconds [13/Jan/2016:17:01:28 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7faccec70180 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:17:01:28 +0000] NSMMReplicationPlugin - changelog program - cl5GetOperationCount: found DB object 7faccec70180 [13/Jan/2016:17:01:28 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7faccec70180 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:17:01:28 +0000] NSMMReplicationPlugin - changelog program - cl5GetOperationCount: found DB object 7faccec70180 [13/Jan/2016:17:01:29 +0000] - _csngen_adjust_local_time: gen state before 569683560001:1452704472:0:126 [13/Jan/2016:17:01:29 +0000] - _csngen_adjust_local_time: gen state after 569683670000:1452704489:0:126 [13/Jan/2016:17:01:29 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 56968367000000030000 into pending list [13/Jan/2016:17:01:29 +0000] NSMMReplicationPlugin - Purged state information from entry uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net up to CSN 568d48d3000300030000 [13/Jan/2016:17:01:29 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7faccec70180 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:17:01:29 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7faccec70180 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:17:01:29 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 56968367000000030000 [13/Jan/2016:17:01:29 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 56968367000100030000 into pending list [13/Jan/2016:17:01:29 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:17:01:29 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=testhostdc1nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568d48e7000000030000 [13/Jan/2016:17:01:29 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7faccec70180 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:17:01:29 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7faccec70180 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:17:01:29 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 56968367000100030000 [13/Jan/2016:17:01:29 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:17:01:29 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 56968367000200030000 into pending list [13/Jan/2016:17:01:29 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=cass1-msg-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568d48e7000100030000 [13/Jan/2016:17:01:29 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7faccec70180 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:17:01:29 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7faccec70180 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:17:01:29 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 56968367000200030000 [13/Jan/2016:17:01:29 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:17:01:29 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 56968367000300030000 into pending list [13/Jan/2016:17:01:29 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=cass1-msg-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568d48e7000200030000 [13/Jan/2016:17:01:29 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7faccec70180 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:17:01:29 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7faccec70180 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:17:01:29 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 56968367000300030000 [13/Jan/2016:17:01:29 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:17:01:30 +0000] - _csngen_adjust_local_time: gen state before 569683670004:1452704489:0:126 [13/Jan/2016:17:01:30 +0000] - _csngen_adjust_local_time: gen state after 569683680000:1452704490:0:126 [13/Jan/2016:17:01:30 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 56968368000000030000 into pending list [13/Jan/2016:17:01:30 +0000] NSMMReplicationPlugin - Purged state information from entry uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net up to CSN 568d48e7000300030000 [13/Jan/2016:17:01:30 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7faccec70180 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:17:01:30 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7faccec70180 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:17:01:30 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 56968368000000030000 [13/Jan/2016:17:01:30 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 56968368000100030000 into pending list [13/Jan/2016:17:01:30 +0000] NSMMReplicationPlugin - Purged state information from entry uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net up to CSN 568d48e8000000030000 [13/Jan/2016:17:01:30 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:17:01:30 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7faccec70180 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:17:01:30 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7faccec70180 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:17:01:30 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 56968368000100030000 [13/Jan/2016:17:01:30 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:17:01:36 +0000] - _csngen_adjust_local_time: gen state before 569683680002:1452704490:0:126 [13/Jan/2016:17:01:36 +0000] - _csngen_adjust_local_time: gen state after 5696836e0000:1452704496:0:126 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5696836e000000030000 into pending list [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=db1-urs-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568d48e8000100030000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7faccec70180 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7faccec70180 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 5696836e000000030000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:17:01:38 +0000] - _csngen_adjust_local_time: gen state before 5696836e0001:1452704496:0:126 [13/Jan/2016:17:01:38 +0000] - _csngen_adjust_local_time: gen state after 569683700000:1452704498:0:126 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 56968370000000030000 into pending list [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=db1-urs-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568d48ee000000030000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7faccec70180 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7faccec70180 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 56968370000000030000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 56968370000100030000 into pending list [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=fe2-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568d48f0000000030000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7faccec70180 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7faccec70180 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 56968370000100030000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff [13/Jan/2016:17:01:40 +0000] - _csngen_adjust_local_time: gen state before 569683700002:1452704498:0:126 [13/Jan/2016:17:01:40 +0000] - _csngen_adjust_local_time: gen state after 569683720000:1452704500:0:126 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 56968372000000030000 into pending list [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=fe2-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568d48f0000100030000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7faccec70180 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7faccec70180 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/b26f7c93-ede211e4-bdd5a094-64a60b74_553fe9bb000000040000.db [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 56968372000000030000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff ===================================== logs of dc1-van during change description on one machine (testhostdc1nvan) ===================================== [root at dc1-ipa-dev-van slapd-MYDOMAIN-NET]# tail -f errors [13/Jan/2016:17:01:19 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): Beginning linger on the connection [13/Jan/2016:17:01:19 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: sending_updates -> wait_for_changes [13/Jan/2016:17:01:19 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:17:01:19 +0000] - repl5_inc_result_threadmain exiting [13/Jan/2016:17:01:19 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - session end: state=5 load=1 sent=43 skipped=0 skipped_new_rid=0 skipped_csn_gt_cons_maxcsn=0 skipped_up_to_date=0 skipped_csn_gt_ruv=0 skipped_csn_covered=0 [13/Jan/2016:17:01:19 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Successfully released consumer [13/Jan/2016:17:01:19 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [13/Jan/2016:17:01:19 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: sending_updates -> wait_for_changes [13/Jan/2016:17:01:20 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5695f232000000050000 into pending list [13/Jan/2016:17:01:20 +0000] NSMMReplicationPlugin - conn=5219 op=156069 csn=5695f232000000050000 process postop: canceling operation csn [13/Jan/2016:17:01:22 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5695f3a1000000050000 into pending list [13/Jan/2016:17:01:22 +0000] NSMMReplicationPlugin - conn=5219 op=156070 csn=5695f3a1000000050000 process postop: canceling operation csn [13/Jan/2016:17:01:24 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5695f550000000050000 into pending list [13/Jan/2016:17:01:24 +0000] NSMMReplicationPlugin - conn=5219 op=156071 csn=5695f550000000050000 process postop: canceling operation csn [13/Jan/2016:17:01:26 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5695f6db000000050000 into pending list [13/Jan/2016:17:01:26 +0000] NSMMReplicationPlugin - conn=5219 op=156072 csn=5695f6db000000050000 process postop: canceling operation csn [13/Jan/2016:17:01:28 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5695f877000000050000 into pending list [13/Jan/2016:17:01:28 +0000] NSMMReplicationPlugin - conn=5219 op=156073 csn=5695f877000000050000 process postop: canceling operation csn [13/Jan/2016:17:01:30 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5695fa22000000050000 into pending list [13/Jan/2016:17:01:30 +0000] NSMMReplicationPlugin - conn=5219 op=156074 csn=5695fa22000000050000 process postop: canceling operation csn [13/Jan/2016:17:01:32 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5695fba5000000050000 into pending list [13/Jan/2016:17:01:32 +0000] NSMMReplicationPlugin - conn=5219 op=156075 csn=5695fba5000000050000 process postop: canceling operation csn [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5695fce9000000050000 into pending list [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - conn=5219 op=156076 csn=5695fce9000000050000 process postop: canceling operation csn [13/Jan/2016:17:01:34 +0000] - _csngen_adjust_local_time: gen state before 569683d70002:1452704479:0:248 [13/Jan/2016:17:01:34 +0000] - _csngen_adjust_local_time: gen state after 569683e60000:1452704494:0:248 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569683e6000000040000 into pending list [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568d4956000300040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569683e6000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: wait_for_changes -> wait_for_changes [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: wait_for_changes -> ready_to_acquire_replica [13/Jan/2016:17:01:34 +0000] - acquire_replica, supplier RUV: [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - supplier: {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - supplier: {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683e6000000040000 569682ee [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - supplier: {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - supplier: {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:34 +0000] - acquire_replica, consumer RUV: [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - consumer: {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - consumer: {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683d6000300040000 569682df [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - consumer: {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - consumer: {replica 5} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:34 +0000] - acquire_replica, supplier RUV is newer [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): Cancelling linger on the connection [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - windows sync - windows_acquire_replica returned success (101) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: ready_to_acquire_replica -> sending_updates [13/Jan/2016:17:01:34 +0000] - csngen_adjust_time: gen state before 569683e60002:1452704494:0:248 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569683e6000200040000 into pending list [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568d4966000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: wait_for_changes -> wait_for_changes [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: wait_for_changes -> ready_to_acquire_replica [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:34 +0000] - _cl5PositionCursorForReplay (agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389)): Consumer RUV: [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683d6000300040000 569682df [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 5} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:34 +0000] - _cl5PositionCursorForReplay (agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389)): Supplier RUV: [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569683e6000200040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replica was successfully acquired. [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: ready_to_acquire_replica -> sending_updates [13/Jan/2016:17:01:34 +0000] - csngen_adjust_time: gen state before 569683e60004:1452704494:0:248 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:34 +0000] - _cl5PositionCursorForReplay (agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389)): Consumer RUV: [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 569683e0000100050000 00000000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 56968370000400040000 00000000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 00000000 [13/Jan/2016:17:01:34 +0000] - _cl5PositionCursorForReplay (agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389)): Supplier RUV: [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683e6000200040000 569682ee [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - clcache_get_buffer: found thread private buffer cache 7fc6f5181410 [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - clcache_get_buffer: _pool is 7fc74461e350 _pool->pl_busy_lists is 7fc71406c630 _pool->pl_busy_lists->bl_buffers is 7fc6f5181410 [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - session start: anchorcsn=56968370000400040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - changelog program - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): CSN 56968370000400040000 found, position set for replay [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=1 csn=56968372000200040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pmdb1-ops-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968372000200040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pmdb1-ops-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968372000200040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968372000200040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 070df70b-ab2a11e5-b6d1a094-64a60b74, CSN 56968372000200040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=2 csn=56968372000400040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pmdb1-ops-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968372000400040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pmdb1-ops-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968372000400040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968372000400040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 070df70b-ab2a11e5-b6d1a094-64a60b74, CSN 56968372000400040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=3 csn=56968372000600040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="uid=convrter,cn=users,cn=accounts,dc=mydomain,dc=net" csn=56968372000600040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="uid=convrter,cn=users,cn=accounts,dc=mydomain,dc=net" csn=56968372000600040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968372000600040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid c449858a-5b1d11e5-b1f1cd78-f19552bb, CSN 56968372000600040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=4 csn=56968373000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe3-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968373000000040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe3-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968373000000040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968373000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 2c014385-0bb311e5-bde8cd78-f19552bb, CSN 56968373000000040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=5 csn=56968373000300040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe3-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968373000300040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe3-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968373000300040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968373000300040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 2c014385-0bb311e5-bde8cd78-f19552bb, CSN 56968373000300040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=6 csn=56968375000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=writer1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968375000000040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=writer1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968375000000040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968375000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 16a0f586-f5c411e4-afbccd78-f19552bb, CSN 56968375000000040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=7 csn=56968375000300040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=writer1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968375000300040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=writer1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968375000300040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968375000300040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 16a0f586-f5c411e4-afbccd78-f19552bb, CSN 56968375000300040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=8 csn=56968378000300040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=jbl1-tools-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968378000300040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=jbl1-tools-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968378000300040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968378000300040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 892ff89a-aaf511e5-b1f1cd78-f19552bb, CSN 56968378000300040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=9 csn=56968379000200040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=jbl1-tools-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000200040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=jbl1-tools-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000200040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968379000200040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 892ff89a-aaf511e5-b1f1cd78-f19552bb, CSN 56968379000200040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=10 csn=56968379000500040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-msg-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000500040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-msg-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000500040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968379000500040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 8f1a8905-1e8611e5-a0c7cd78-f19552bb, CSN 56968379000500040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=11 csn=56968379000800040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-msg-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000800040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-msg-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000800040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968379000800040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 8f1a8905-1e8611e5-a0c7cd78-f19552bb, CSN 56968379000800040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=12 csn=56968379000b00040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=collector1-log-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000b00040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=collector1-log-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000b00040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968379000b00040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 4193771f-569411e5-9215a094-64a60b74, CSN 56968379000b00040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=13 csn=5696837b000200040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=collector1-log-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000200040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=collector1-log-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000200040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837b000200040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 4193771f-569411e5-9215a094-64a60b74, CSN 5696837b000200040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=14 csn=5696837b000500040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-msg-mbqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000500040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-msg-mbqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000500040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837b000500040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 803f2702-aaf511e5-b6d1a094-64a60b74, CSN 5696837b000500040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=15 csn=5696837b000800040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-msg-mbqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000800040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-msg-mbqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000800040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837b000800040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 803f2702-aaf511e5-b6d1a094-64a60b74, CSN 5696837b000800040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=16 csn=5696837d000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-interopperf1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837d000000040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-interopperf1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837d000000040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837d000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 640cb404-4cd411e5-b1f1cd78-f19552bb, CSN 5696837d000000040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=17 csn=5696837f000200040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-interopperf1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000200040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-interopperf1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000200040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000200040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 640cb404-4cd411e5-b1f1cd78-f19552bb, CSN 5696837f000200040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=18 csn=5696837f000300040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pg1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000300040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pg1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000300040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000300040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 1ea56a11-9e1f11e5-b1f1cd78-f19552bb, CSN 5696837f000300040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=19 csn=5696837f000500040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pg1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000500040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pg1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000500040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000500040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 1ea56a11-9e1f11e5-b1f1cd78-f19552bb, CSN 5696837f000500040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=20 csn=5696837f000800040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pg1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000800040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pg1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000800040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000800040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 23489b25-240711e5-a0c7cd78-f19552bb, CSN 5696837f000800040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=21 csn=5696837f000b00040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pg1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000b00040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pg1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000b00040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000b00040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 23489b25-240711e5-a0c7cd78-f19552bb, CSN 5696837f000b00040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=22 csn=56968381000200040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-msgqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968381000200040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-msgqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968381000200040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968381000200040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 15173e07-4c4411e5-b1f1cd78-f19552bb, CSN 56968381000200040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=23 csn=56968381000500040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-msgqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968381000500040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-msgqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968381000500040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968381000500040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 15173e07-4c4411e5-b1f1cd78-f19552bb, CSN 56968381000500040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=24 csn=56968384000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-interopsnap2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968384000000040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-interopsnap2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968384000000040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968384000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid c16f2824-4d0911e5-b1f1cd78-f19552bb, CSN 56968384000000040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=25 csn=56968384000100040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-interopsnap2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968384000100040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-interopsnap2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968384000100040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968384000100040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid c16f2824-4d0911e5-b1f1cd78-f19552bb, CSN 56968384000100040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=26 csn=5696838d000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=proxy3-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696838d000000040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=proxy3-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696838d000000040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696838d000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid e347dd89-58b911e5-b1f1cd78-f19552bb, CSN 5696838d000000040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=27 csn=5696838d000300040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=proxy3-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696838d000300040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=proxy3-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696838d000300040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696838d000300040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid e347dd89-58b911e5-b1f1cd78-f19552bb, CSN 5696838d000300040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=28 csn=56968392000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=logger1-mls-snap12-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968392000000040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=logger1-mls-snap12-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968392000000040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968392000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 89411b12-58ad11e5-9215a094-64a60b74, CSN 56968392000000040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=29 csn=56968392000300040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=logger1-mls-snap12-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968392000300040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=logger1-mls-snap12-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968392000300040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968392000300040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 89411b12-58ad11e5-9215a094-64a60b74, CSN 56968392000300040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=30 csn=56968397000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=db1-arch-cpqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968397000000040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=db1-arch-cpqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968397000000040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968397000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid a050c41e-9e2e11e5-b1f1cd78-f19552bb, CSN 56968397000000040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=31 csn=56968397000300040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=db1-arch-cpqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968397000300040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=db1-arch-cpqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968397000300040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968397000300040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid a050c41e-9e2e11e5-b1f1cd78-f19552bb, CSN 56968397000300040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=32 csn=569683a9000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="krbprincipalname=ldap/dc1-ipa-dev-nvan.mydomain.net at mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net" csn=569683a9000000040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="krbprincipalname=ldap/dc1-ipa-dev-nvan.mydomain.net at mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net" csn=569683a9000000040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683a9000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid ba2f2115-ede211e4-bdd5a094-64a60b74, CSN 569683a9000000040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=33 csn=569683ae000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=report1-urs-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ae000000040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=report1-urs-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ae000000040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683ae000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 0481128c-a44311e5-b1f1cd78-f19552bb, CSN 569683ae000000040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=34 csn=569683ae000300040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=report1-urs-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ae000300040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=report1-urs-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ae000300040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683ae000300040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 0481128c-a44311e5-b1f1cd78-f19552bb, CSN 569683ae000300040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=35 csn=569683c3000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-maci1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683c3000000040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-maci1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683c3000000040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683c3000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 64ef0886-4c3611e5-b1f1cd78-f19552bb, CSN 569683c3000000040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=36 csn=569683c5000200040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-maci1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683c5000200040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-maci1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683c5000200040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683c5000200040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 64ef0886-4c3611e5-b1f1cd78-f19552bb, CSN 569683c5000200040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=37 csn=569683c7000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="krbprincipalname=cifs/dc1-ipa-dev-van.mydomain.net at mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net" csn=569683c7000000040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="krbprincipalname=cifs/dc1-ipa-dev-van.mydomain.net at mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net" csn=569683c7000000040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683c7000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid e16b6f0a-f27411e4-bf10cd78-f19552bb, CSN 569683c7000000040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=38 csn=569683cf000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=haproxy1-ngmx-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683cf000000040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=haproxy1-ngmx-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683cf000000040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683cf000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 298a1b2f-aafe11e5-b6d1a094-64a60b74, CSN 569683cf000000040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=39 csn=569683d0000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=haproxy1-ngmx-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d0000000040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=haproxy1-ngmx-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d0000000040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d0000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 298a1b2f-aafe11e5-b6d1a094-64a60b74, CSN 569683d0000000040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=40 csn=569683d2000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=hadoop6-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d2000000040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=hadoop6-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d2000000040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d2000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 07939706-ab0411e5-b6d1a094-64a60b74, CSN 569683d2000000040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=41 csn=569683d2000300040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=hadoop6-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d2000300040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=hadoop6-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d2000300040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d2000300040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 07939706-ab0411e5-b6d1a094-64a60b74, CSN 569683d2000300040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=42 csn=569683d6000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe6-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d6000000040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe6-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d6000000040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d6000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 6968650e-50ff11e5-b1f1cd78-f19552bb, CSN 569683d6000000040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=43 csn=569683d6000300040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe6-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d6000300040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe6-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d6000300040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d6000300040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 6968650e-50ff11e5-b1f1cd78-f19552bb, CSN 569683d6000300040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=44 csn=569683e6000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e6000000040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e6000000040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683e6000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 0eb7a68e-aafe11e5-b1f1cd78-f19552bb, CSN 569683e6000000040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=45 csn=569683e6000200040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e6000200040000) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e6000200040000) not sent - empty [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683e6000200040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 0eb7a68e-aafe11e5-b1f1cd78-f19552bb, CSN 569683e6000200040000): [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - clcache_load_buffer: rc=-30988 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): No more updates to send (cl5GetNextOperationToReplay) [13/Jan/2016:17:01:34 +0000] - repl5_inc_waitfor_async_results: 0 0 [13/Jan/2016:17:01:34 +0000] - repl5_inc_result_threadmain starting [13/Jan/2016:17:01:34 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683e6000200040000 569682ee [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:34 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - clcache_get_buffer: found thread private buffer cache 7fc71407c6e0 [13/Jan/2016:17:01:34 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - clcache_get_buffer: _pool is 7fc74461e350 _pool->pl_busy_lists is 7fc71406c630 _pool->pl_busy_lists->bl_buffers is 7fc6f5181410 [13/Jan/2016:17:01:34 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - session start: anchorcsn=569683d6000300040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - changelog program - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): CSN 569683d6000300040000 found, position set for replay [13/Jan/2016:17:01:34 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - load=1 rec=1 csn=569683e6000000040000 [13/Jan/2016:17:01:34 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - load=1 rec=2 csn=569683e6000200040000 [13/Jan/2016:17:01:34 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - clcache_load_buffer: rc=-30988 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): No more updates to send (cl5GetNextOperationToReplay) [13/Jan/2016:17:01:34 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - session end: state=5 load=1 sent=2 skipped=0 skipped_new_rid=0 skipped_csn_gt_cons_maxcsn=0 skipped_up_to_date=0 skipped_csn_gt_ruv=0 skipped_csn_covered=0 [13/Jan/2016:17:01:34 +0000] - Calling dirsync search request plugin [13/Jan/2016:17:01:34 +0000] - Sending dirsync search request [13/Jan/2016:17:01:34 +0000] - repl5_inc_result_threadmain exiting [13/Jan/2016:17:01:34 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - session end: state=5 load=1 sent=45 skipped=0 skipped_new_rid=0 skipped_csn_gt_cons_maxcsn=0 skipped_up_to_date=0 skipped_csn_gt_ruv=0 skipped_csn_covered=0 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Successfully released consumer [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: sending_updates -> wait_for_changes [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: wait_for_changes -> ready_to_acquire_replica [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): Beginning linger on the connection [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: sending_updates -> wait_for_changes [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: wait_for_changes -> ready_to_acquire_replica [13/Jan/2016:17:01:34 +0000] - acquire_replica, supplier RUV: [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - supplier: {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - supplier: {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683e6000200040000 569682ee [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - supplier: {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - supplier: {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:34 +0000] - acquire_replica, consumer RUV: [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - consumer: {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - consumer: {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683e6000200040000 569682ee [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - consumer: {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - consumer: {replica 5} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): Cancelling linger on the connection [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - windows sync - windows_acquire_replica returned success (101) [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: ready_to_acquire_replica -> sending_updates [13/Jan/2016:17:01:34 +0000] - csngen_adjust_time: gen state before 569683e60006:1452704494:0:248 [13/Jan/2016:17:01:34 +0000] - csngen_adjust_time: gen state after 569683e60006:1452704494:0:248 [13/Jan/2016:17:01:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replica was successfully acquired. [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: ready_to_acquire_replica -> sending_updates [13/Jan/2016:17:01:35 +0000] - csngen_adjust_time: gen state before 569683e60006:1452704494:0:248 [13/Jan/2016:17:01:35 +0000] - _csngen_adjust_local_time: gen state before 569683e60006:1452704494:0:248 [13/Jan/2016:17:01:35 +0000] - _csngen_adjust_local_time: gen state after 569683e70000:1452704495:0:248 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:35 +0000] - _cl5PositionCursorForReplay (agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389)): Consumer RUV: [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 569683e0000100050000 00000000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 56968370000400040000 00000000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 00000000 [13/Jan/2016:17:01:35 +0000] - _cl5PositionCursorForReplay (agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389)): Supplier RUV: [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683e6000200040000 569682ee [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - clcache_get_buffer: found thread private buffer cache 7fc6f5181410 [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - clcache_get_buffer: _pool is 7fc74461e350 _pool->pl_busy_lists is 7fc71406c630 _pool->pl_busy_lists->bl_buffers is 7fc6f5181410 [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - session start: anchorcsn=56968370000400040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - changelog program - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): CSN 56968370000400040000 found, position set for replay [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=1 csn=56968372000200040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pmdb1-ops-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968372000200040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pmdb1-ops-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968372000200040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968372000200040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 070df70b-ab2a11e5-b6d1a094-64a60b74, CSN 56968372000200040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=2 csn=56968372000400040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pmdb1-ops-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968372000400040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pmdb1-ops-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968372000400040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968372000400040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 070df70b-ab2a11e5-b6d1a094-64a60b74, CSN 56968372000400040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=3 csn=56968372000600040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="uid=convrter,cn=users,cn=accounts,dc=mydomain,dc=net" csn=56968372000600040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="uid=convrter,cn=users,cn=accounts,dc=mydomain,dc=net" csn=56968372000600040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968372000600040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid c449858a-5b1d11e5-b1f1cd78-f19552bb, CSN 56968372000600040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=4 csn=56968373000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe3-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968373000000040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe3-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968373000000040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968373000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 2c014385-0bb311e5-bde8cd78-f19552bb, CSN 56968373000000040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=5 csn=56968373000300040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe3-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968373000300040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe3-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968373000300040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968373000300040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 2c014385-0bb311e5-bde8cd78-f19552bb, CSN 56968373000300040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=6 csn=56968375000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=writer1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968375000000040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=writer1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968375000000040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968375000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 16a0f586-f5c411e4-afbccd78-f19552bb, CSN 56968375000000040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=7 csn=56968375000300040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=writer1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968375000300040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=writer1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968375000300040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968375000300040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 16a0f586-f5c411e4-afbccd78-f19552bb, CSN 56968375000300040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=8 csn=56968378000300040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=jbl1-tools-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968378000300040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=jbl1-tools-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968378000300040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968378000300040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 892ff89a-aaf511e5-b1f1cd78-f19552bb, CSN 56968378000300040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=9 csn=56968379000200040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=jbl1-tools-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000200040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=jbl1-tools-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000200040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968379000200040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 892ff89a-aaf511e5-b1f1cd78-f19552bb, CSN 56968379000200040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=10 csn=56968379000500040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-msg-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000500040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-msg-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000500040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968379000500040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 8f1a8905-1e8611e5-a0c7cd78-f19552bb, CSN 56968379000500040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=11 csn=56968379000800040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-msg-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000800040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-msg-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000800040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968379000800040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 8f1a8905-1e8611e5-a0c7cd78-f19552bb, CSN 56968379000800040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=12 csn=56968379000b00040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=collector1-log-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000b00040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=collector1-log-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000b00040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968379000b00040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 4193771f-569411e5-9215a094-64a60b74, CSN 56968379000b00040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=13 csn=5696837b000200040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=collector1-log-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000200040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=collector1-log-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000200040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837b000200040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 4193771f-569411e5-9215a094-64a60b74, CSN 5696837b000200040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=14 csn=5696837b000500040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-msg-mbqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000500040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-msg-mbqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000500040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837b000500040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 803f2702-aaf511e5-b6d1a094-64a60b74, CSN 5696837b000500040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=15 csn=5696837b000800040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-msg-mbqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000800040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-msg-mbqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000800040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837b000800040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 803f2702-aaf511e5-b6d1a094-64a60b74, CSN 5696837b000800040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=16 csn=5696837d000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-interopperf1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837d000000040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-interopperf1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837d000000040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837d000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 640cb404-4cd411e5-b1f1cd78-f19552bb, CSN 5696837d000000040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=17 csn=5696837f000200040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-interopperf1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000200040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-interopperf1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000200040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000200040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 640cb404-4cd411e5-b1f1cd78-f19552bb, CSN 5696837f000200040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=18 csn=5696837f000300040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pg1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000300040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pg1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000300040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000300040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 1ea56a11-9e1f11e5-b1f1cd78-f19552bb, CSN 5696837f000300040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=19 csn=5696837f000500040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pg1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000500040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pg1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000500040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000500040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 1ea56a11-9e1f11e5-b1f1cd78-f19552bb, CSN 5696837f000500040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=20 csn=5696837f000800040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pg1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000800040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pg1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000800040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000800040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 23489b25-240711e5-a0c7cd78-f19552bb, CSN 5696837f000800040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=21 csn=5696837f000b00040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pg1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000b00040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pg1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000b00040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000b00040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 23489b25-240711e5-a0c7cd78-f19552bb, CSN 5696837f000b00040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=22 csn=56968381000200040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-msgqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968381000200040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-msgqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968381000200040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968381000200040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 15173e07-4c4411e5-b1f1cd78-f19552bb, CSN 56968381000200040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=23 csn=56968381000500040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-msgqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968381000500040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-msgqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968381000500040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968381000500040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 15173e07-4c4411e5-b1f1cd78-f19552bb, CSN 56968381000500040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=24 csn=56968384000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-interopsnap2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968384000000040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-interopsnap2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968384000000040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968384000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid c16f2824-4d0911e5-b1f1cd78-f19552bb, CSN 56968384000000040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=25 csn=56968384000100040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-interopsnap2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968384000100040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-interopsnap2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968384000100040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968384000100040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid c16f2824-4d0911e5-b1f1cd78-f19552bb, CSN 56968384000100040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=26 csn=5696838d000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=proxy3-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696838d000000040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=proxy3-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696838d000000040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696838d000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid e347dd89-58b911e5-b1f1cd78-f19552bb, CSN 5696838d000000040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=27 csn=5696838d000300040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=proxy3-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696838d000300040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=proxy3-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696838d000300040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696838d000300040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid e347dd89-58b911e5-b1f1cd78-f19552bb, CSN 5696838d000300040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=28 csn=56968392000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=logger1-mls-snap12-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968392000000040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=logger1-mls-snap12-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968392000000040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968392000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 89411b12-58ad11e5-9215a094-64a60b74, CSN 56968392000000040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=29 csn=56968392000300040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=logger1-mls-snap12-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968392000300040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=logger1-mls-snap12-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968392000300040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968392000300040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 89411b12-58ad11e5-9215a094-64a60b74, CSN 56968392000300040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=30 csn=56968397000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=db1-arch-cpqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968397000000040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=db1-arch-cpqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968397000000040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968397000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid a050c41e-9e2e11e5-b1f1cd78-f19552bb, CSN 56968397000000040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=31 csn=56968397000300040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=db1-arch-cpqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968397000300040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=db1-arch-cpqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968397000300040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968397000300040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid a050c41e-9e2e11e5-b1f1cd78-f19552bb, CSN 56968397000300040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=32 csn=569683a9000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="krbprincipalname=ldap/dc1-ipa-dev-nvan.mydomain.net at mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net" csn=569683a9000000040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="krbprincipalname=ldap/dc1-ipa-dev-nvan.mydomain.net at mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net" csn=569683a9000000040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683a9000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid ba2f2115-ede211e4-bdd5a094-64a60b74, CSN 569683a9000000040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=33 csn=569683ae000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=report1-urs-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ae000000040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=report1-urs-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ae000000040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683ae000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 0481128c-a44311e5-b1f1cd78-f19552bb, CSN 569683ae000000040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=34 csn=569683ae000300040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=report1-urs-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ae000300040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=report1-urs-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ae000300040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683ae000300040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 0481128c-a44311e5-b1f1cd78-f19552bb, CSN 569683ae000300040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=35 csn=569683c3000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-maci1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683c3000000040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-maci1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683c3000000040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683c3000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 64ef0886-4c3611e5-b1f1cd78-f19552bb, CSN 569683c3000000040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=36 csn=569683c5000200040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-maci1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683c5000200040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-maci1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683c5000200040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683c5000200040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 64ef0886-4c3611e5-b1f1cd78-f19552bb, CSN 569683c5000200040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=37 csn=569683c7000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="krbprincipalname=cifs/dc1-ipa-dev-van.mydomain.net at mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net" csn=569683c7000000040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="krbprincipalname=cifs/dc1-ipa-dev-van.mydomain.net at mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net" csn=569683c7000000040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683c7000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid e16b6f0a-f27411e4-bf10cd78-f19552bb, CSN 569683c7000000040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=38 csn=569683cf000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=haproxy1-ngmx-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683cf000000040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=haproxy1-ngmx-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683cf000000040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683cf000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 298a1b2f-aafe11e5-b6d1a094-64a60b74, CSN 569683cf000000040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=39 csn=569683d0000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=haproxy1-ngmx-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d0000000040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=haproxy1-ngmx-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d0000000040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d0000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 298a1b2f-aafe11e5-b6d1a094-64a60b74, CSN 569683d0000000040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=40 csn=569683d2000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=hadoop6-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d2000000040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=hadoop6-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d2000000040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d2000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 07939706-ab0411e5-b6d1a094-64a60b74, CSN 569683d2000000040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=41 csn=569683d2000300040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=hadoop6-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d2000300040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=hadoop6-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d2000300040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d2000300040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 07939706-ab0411e5-b6d1a094-64a60b74, CSN 569683d2000300040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=42 csn=569683d6000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe6-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d6000000040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe6-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d6000000040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d6000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 6968650e-50ff11e5-b1f1cd78-f19552bb, CSN 569683d6000000040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=43 csn=569683d6000300040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe6-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d6000300040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe6-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d6000300040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d6000300040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 6968650e-50ff11e5-b1f1cd78-f19552bb, CSN 569683d6000300040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=44 csn=569683e6000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e6000000040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e6000000040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683e6000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 0eb7a68e-aafe11e5-b1f1cd78-f19552bb, CSN 569683e6000000040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=45 csn=569683e6000200040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e6000200040000) [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e6000200040000) not sent - empty [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683e6000200040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 0eb7a68e-aafe11e5-b1f1cd78-f19552bb, CSN 569683e6000200040000): [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - clcache_load_buffer: rc=-30988 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): No more updates to send (cl5GetNextOperationToReplay) [13/Jan/2016:17:01:35 +0000] - repl5_inc_waitfor_async_results: 0 0 [13/Jan/2016:17:01:35 +0000] - repl5_inc_result_threadmain starting [13/Jan/2016:17:01:35 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:35 +0000] - _cl5PositionCursorForReplay (agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389)): Consumer RUV: [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683e6000200040000 569682ee [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 5} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:35 +0000] - _cl5PositionCursorForReplay (agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389)): Supplier RUV: [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683e6000200040000 569682ee [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): No changes to send [13/Jan/2016:17:01:35 +0000] - Calling dirsync search request plugin [13/Jan/2016:17:01:35 +0000] - Sending dirsync search request [13/Jan/2016:17:01:35 +0000] - repl5_inc_result_threadmain exiting [13/Jan/2016:17:01:35 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - session end: state=5 load=1 sent=45 skipped=0 skipped_new_rid=0 skipped_csn_gt_cons_maxcsn=0 skipped_up_to_date=0 skipped_csn_gt_ruv=0 skipped_csn_covered=0 [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Successfully released consumer [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: sending_updates -> wait_for_changes [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): Beginning linger on the connection [13/Jan/2016:17:01:35 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: sending_updates -> wait_for_changes [13/Jan/2016:17:01:36 +0000] - _csngen_adjust_local_time: gen state before 569683e70000:1452704495:0:248 [13/Jan/2016:17:01:36 +0000] - _csngen_adjust_local_time: gen state after 569683e80000:1452704496:0:248 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569683e8000000040000 into pending list [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=es1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568d4966000200040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569683e8000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: wait_for_changes -> wait_for_changes [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: wait_for_changes -> ready_to_acquire_replica [13/Jan/2016:17:01:36 +0000] - acquire_replica, supplier RUV: [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - supplier: {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - supplier: {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683e8000000040000 569682f0 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - supplier: {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - supplier: {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:36 +0000] - acquire_replica, consumer RUV: [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - consumer: {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - consumer: {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683e6000200040000 569682ee [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - consumer: {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - consumer: {replica 5} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:36 +0000] - acquire_replica, supplier RUV is newer [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): Cancelling linger on the connection [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569683e8000100040000 into pending list [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=es1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568d4968000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: wait_for_changes -> wait_for_changes [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: wait_for_changes -> ready_to_acquire_replica [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569683e8000100040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - windows sync - windows_acquire_replica returned success (101) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: ready_to_acquire_replica -> sending_updates [13/Jan/2016:17:01:36 +0000] - csngen_adjust_time: gen state before 569683e80004:1452704496:0:248 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replica was successfully acquired. [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: ready_to_acquire_replica -> sending_updates [13/Jan/2016:17:01:36 +0000] - csngen_adjust_time: gen state before 569683e80004:1452704496:0:248 [13/Jan/2016:17:01:36 +0000] - csngen_adjust_time: gen state after 569683ea0002:1452704496:2:248 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:36 +0000] - _cl5PositionCursorForReplay (agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389)): Consumer RUV: [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 569683ea000100050000 00000000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 56968370000400040000 00000000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 00000000 [13/Jan/2016:17:01:36 +0000] - _cl5PositionCursorForReplay (agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389)): Supplier RUV: [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683e8000100040000 569682f0 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - clcache_get_buffer: found thread private buffer cache 7fc6f5181410 [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - clcache_get_buffer: _pool is 7fc74461e350 _pool->pl_busy_lists is 7fc71406c630 _pool->pl_busy_lists->bl_buffers is 7fc6f5181410 [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - session start: anchorcsn=56968370000400040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - changelog program - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): CSN 56968370000400040000 found, position set for replay [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=1 csn=56968372000200040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pmdb1-ops-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968372000200040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pmdb1-ops-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968372000200040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968372000200040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 070df70b-ab2a11e5-b6d1a094-64a60b74, CSN 56968372000200040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=2 csn=56968372000400040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pmdb1-ops-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968372000400040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pmdb1-ops-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968372000400040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968372000400040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 070df70b-ab2a11e5-b6d1a094-64a60b74, CSN 56968372000400040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=3 csn=56968372000600040000 [13/Jan/2016:17:01:36 +0000] - repl5_inc_result_threadmain starting [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:36 +0000] - _cl5PositionCursorForReplay (agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389)): Consumer RUV: [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683e6000200040000 569682ee [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 5} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:36 +0000] - _cl5PositionCursorForReplay (agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389)): Supplier RUV: [13/Jan/2016:17:01:36 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="uid=convrter,cn=users,cn=accounts,dc=mydomain,dc=net" csn=56968372000600040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5695fe79000000050000 into pending list [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="uid=convrter,cn=users,cn=accounts,dc=mydomain,dc=net" csn=56968372000600040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968372000600040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid c449858a-5b1d11e5-b1f1cd78-f19552bb, CSN 56968372000600040000): [13/Jan/2016:17:01:36 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683e8000100040000 569682f0 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:36 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - clcache_get_buffer: found thread private buffer cache 7fc71407c6e0 [13/Jan/2016:17:01:36 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - clcache_get_buffer: _pool is 7fc74461e350 _pool->pl_busy_lists is 7fc71406c630 _pool->pl_busy_lists->bl_buffers is 7fc6f5181410 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - conn=5219 op=156077 csn=5695fe79000000050000 process postop: canceling operation csn [13/Jan/2016:17:01:36 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=4 csn=56968373000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe3-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968373000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe3-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968373000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968373000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 2c014385-0bb311e5-bde8cd78-f19552bb, CSN 56968373000000040000): [13/Jan/2016:17:01:36 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:17:01:36 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - session start: anchorcsn=569683e6000200040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - changelog program - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): CSN 569683e6000200040000 found, position set for replay [13/Jan/2016:17:01:36 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - load=1 rec=1 csn=569683e8000000040000 [13/Jan/2016:17:01:36 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - load=1 rec=2 csn=569683e8000100040000 [13/Jan/2016:17:01:36 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - clcache_load_buffer: rc=-30988 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): No more updates to send (cl5GetNextOperationToReplay) [13/Jan/2016:17:01:36 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - session end: state=5 load=1 sent=2 skipped=0 skipped_new_rid=0 skipped_csn_gt_cons_maxcsn=0 skipped_up_to_date=0 skipped_csn_gt_ruv=0 skipped_csn_covered=0 [13/Jan/2016:17:01:36 +0000] - Calling dirsync search request plugin [13/Jan/2016:17:01:36 +0000] - Sending dirsync search request [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=5 csn=56968373000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe3-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968373000300040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe3-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968373000300040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968373000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 2c014385-0bb311e5-bde8cd78-f19552bb, CSN 56968373000300040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=6 csn=56968375000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=writer1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968375000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=writer1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968375000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968375000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 16a0f586-f5c411e4-afbccd78-f19552bb, CSN 56968375000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=7 csn=56968375000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=writer1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968375000300040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=writer1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968375000300040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968375000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 16a0f586-f5c411e4-afbccd78-f19552bb, CSN 56968375000300040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=8 csn=56968378000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=jbl1-tools-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968378000300040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=jbl1-tools-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968378000300040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968378000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 892ff89a-aaf511e5-b1f1cd78-f19552bb, CSN 56968378000300040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=9 csn=56968379000200040000 [13/Jan/2016:17:01:36 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): Beginning linger on the connection [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: sending_updates -> wait_for_changes [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: wait_for_changes -> ready_to_acquire_replica [13/Jan/2016:17:01:36 +0000] - acquire_replica, supplier RUV: [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - supplier: {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - supplier: {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683e8000100040000 569682f0 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - supplier: {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - supplier: {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:36 +0000] - acquire_replica, consumer RUV: [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - consumer: {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - consumer: {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683e8000100040000 569682f0 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - consumer: {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - consumer: {replica 5} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): Cancelling linger on the connection [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - windows sync - windows_acquire_replica returned success (101) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: ready_to_acquire_replica -> sending_updates [13/Jan/2016:17:01:36 +0000] - csngen_adjust_time: gen state before 569683ea0003:1452704496:2:248 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=jbl1-tools-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000200040000) [13/Jan/2016:17:01:36 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=jbl1-tools-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000200040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968379000200040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 892ff89a-aaf511e5-b1f1cd78-f19552bb, CSN 56968379000200040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=10 csn=56968379000500040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-msg-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000500040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-msg-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000500040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968379000500040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 8f1a8905-1e8611e5-a0c7cd78-f19552bb, CSN 56968379000500040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=11 csn=56968379000800040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-msg-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000800040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-msg-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000800040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968379000800040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 8f1a8905-1e8611e5-a0c7cd78-f19552bb, CSN 56968379000800040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=12 csn=56968379000b00040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=collector1-log-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000b00040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=collector1-log-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000b00040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968379000b00040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 4193771f-569411e5-9215a094-64a60b74, CSN 56968379000b00040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=13 csn=5696837b000200040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=collector1-log-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000200040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=collector1-log-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000200040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837b000200040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 4193771f-569411e5-9215a094-64a60b74, CSN 5696837b000200040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=14 csn=5696837b000500040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-msg-mbqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000500040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-msg-mbqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000500040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837b000500040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 803f2702-aaf511e5-b6d1a094-64a60b74, CSN 5696837b000500040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=15 csn=5696837b000800040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-msg-mbqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000800040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-msg-mbqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000800040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837b000800040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 803f2702-aaf511e5-b6d1a094-64a60b74, CSN 5696837b000800040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=16 csn=5696837d000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-interopperf1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837d000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-interopperf1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837d000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837d000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 640cb404-4cd411e5-b1f1cd78-f19552bb, CSN 5696837d000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=17 csn=5696837f000200040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-interopperf1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000200040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-interopperf1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000200040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000200040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 640cb404-4cd411e5-b1f1cd78-f19552bb, CSN 5696837f000200040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=18 csn=5696837f000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pg1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000300040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pg1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000300040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 1ea56a11-9e1f11e5-b1f1cd78-f19552bb, CSN 5696837f000300040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=19 csn=5696837f000500040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pg1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000500040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pg1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000500040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000500040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 1ea56a11-9e1f11e5-b1f1cd78-f19552bb, CSN 5696837f000500040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=20 csn=5696837f000800040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pg1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000800040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pg1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000800040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000800040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 23489b25-240711e5-a0c7cd78-f19552bb, CSN 5696837f000800040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=21 csn=5696837f000b00040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pg1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000b00040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pg1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000b00040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000b00040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 23489b25-240711e5-a0c7cd78-f19552bb, CSN 5696837f000b00040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=22 csn=56968381000200040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-msgqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968381000200040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-msgqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968381000200040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968381000200040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 15173e07-4c4411e5-b1f1cd78-f19552bb, CSN 56968381000200040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=23 csn=56968381000500040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-msgqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968381000500040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-msgqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968381000500040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968381000500040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 15173e07-4c4411e5-b1f1cd78-f19552bb, CSN 56968381000500040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=24 csn=56968384000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-interopsnap2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968384000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-interopsnap2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968384000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968384000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid c16f2824-4d0911e5-b1f1cd78-f19552bb, CSN 56968384000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=25 csn=56968384000100040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-interopsnap2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968384000100040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-interopsnap2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968384000100040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968384000100040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid c16f2824-4d0911e5-b1f1cd78-f19552bb, CSN 56968384000100040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=26 csn=5696838d000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=proxy3-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696838d000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=proxy3-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696838d000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696838d000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid e347dd89-58b911e5-b1f1cd78-f19552bb, CSN 5696838d000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=27 csn=5696838d000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=proxy3-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696838d000300040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=proxy3-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696838d000300040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696838d000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid e347dd89-58b911e5-b1f1cd78-f19552bb, CSN 5696838d000300040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=28 csn=56968392000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=logger1-mls-snap12-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968392000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=logger1-mls-snap12-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968392000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968392000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 89411b12-58ad11e5-9215a094-64a60b74, CSN 56968392000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=29 csn=56968392000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=logger1-mls-snap12-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968392000300040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=logger1-mls-snap12-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968392000300040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968392000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 89411b12-58ad11e5-9215a094-64a60b74, CSN 56968392000300040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=30 csn=56968397000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=db1-arch-cpqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968397000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=db1-arch-cpqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968397000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968397000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid a050c41e-9e2e11e5-b1f1cd78-f19552bb, CSN 56968397000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=31 csn=56968397000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=db1-arch-cpqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968397000300040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=db1-arch-cpqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968397000300040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968397000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid a050c41e-9e2e11e5-b1f1cd78-f19552bb, CSN 56968397000300040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=32 csn=569683a9000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="krbprincipalname=ldap/dc1-ipa-dev-nvan.mydomain.net at mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net" csn=569683a9000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="krbprincipalname=ldap/dc1-ipa-dev-nvan.mydomain.net at mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net" csn=569683a9000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683a9000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid ba2f2115-ede211e4-bdd5a094-64a60b74, CSN 569683a9000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=33 csn=569683ae000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=report1-urs-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ae000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=report1-urs-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ae000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683ae000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 0481128c-a44311e5-b1f1cd78-f19552bb, CSN 569683ae000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=34 csn=569683ae000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=report1-urs-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ae000300040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=report1-urs-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ae000300040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683ae000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 0481128c-a44311e5-b1f1cd78-f19552bb, CSN 569683ae000300040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=35 csn=569683c3000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-maci1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683c3000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-maci1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683c3000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683c3000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 64ef0886-4c3611e5-b1f1cd78-f19552bb, CSN 569683c3000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=36 csn=569683c5000200040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-maci1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683c5000200040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-maci1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683c5000200040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683c5000200040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 64ef0886-4c3611e5-b1f1cd78-f19552bb, CSN 569683c5000200040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=37 csn=569683c7000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="krbprincipalname=cifs/dc1-ipa-dev-van.mydomain.net at mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net" csn=569683c7000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="krbprincipalname=cifs/dc1-ipa-dev-van.mydomain.net at mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net" csn=569683c7000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683c7000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid e16b6f0a-f27411e4-bf10cd78-f19552bb, CSN 569683c7000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=38 csn=569683cf000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=haproxy1-ngmx-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683cf000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=haproxy1-ngmx-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683cf000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683cf000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 298a1b2f-aafe11e5-b6d1a094-64a60b74, CSN 569683cf000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=39 csn=569683d0000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=haproxy1-ngmx-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d0000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=haproxy1-ngmx-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d0000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d0000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 298a1b2f-aafe11e5-b6d1a094-64a60b74, CSN 569683d0000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=40 csn=569683d2000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=hadoop6-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d2000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=hadoop6-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d2000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d2000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 07939706-ab0411e5-b6d1a094-64a60b74, CSN 569683d2000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=41 csn=569683d2000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=hadoop6-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d2000300040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=hadoop6-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d2000300040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d2000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 07939706-ab0411e5-b6d1a094-64a60b74, CSN 569683d2000300040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=42 csn=569683d6000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe6-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d6000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe6-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d6000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d6000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 6968650e-50ff11e5-b1f1cd78-f19552bb, CSN 569683d6000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=43 csn=569683d6000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe6-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d6000300040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe6-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d6000300040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d6000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 6968650e-50ff11e5-b1f1cd78-f19552bb, CSN 569683d6000300040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=44 csn=569683e6000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e6000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e6000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683e6000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 0eb7a68e-aafe11e5-b1f1cd78-f19552bb, CSN 569683e6000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=45 csn=569683e6000200040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e6000200040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e6000200040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683e6000200040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 0eb7a68e-aafe11e5-b1f1cd78-f19552bb, CSN 569683e6000200040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=46 csn=569683e8000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e8000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e8000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683e8000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 9328d984-f5ae11e4-afbccd78-f19552bb, CSN 569683e8000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=47 csn=569683e8000100040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e8000100040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e8000100040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683e8000100040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 9328d984-f5ae11e4-afbccd78-f19552bb, CSN 569683e8000100040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - clcache_load_buffer: rc=-30988 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): No more updates to send (cl5GetNextOperationToReplay) [13/Jan/2016:17:01:36 +0000] - repl5_inc_waitfor_async_results: 0 0 [13/Jan/2016:17:01:36 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:36 +0000] - _cl5PositionCursorForReplay (agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389)): Consumer RUV: [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683e8000100040000 569682f0 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 5} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:36 +0000] - _cl5PositionCursorForReplay (agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389)): Supplier RUV: [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683e8000100040000 569682f0 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): No changes to send [13/Jan/2016:17:01:36 +0000] - Calling dirsync search request plugin [13/Jan/2016:17:01:36 +0000] - Sending dirsync search request [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): Beginning linger on the connection [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: sending_updates -> wait_for_changes [13/Jan/2016:17:01:36 +0000] - repl5_inc_result_threadmain exiting [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - session end: state=5 load=1 sent=47 skipped=0 skipped_new_rid=0 skipped_csn_gt_cons_maxcsn=0 skipped_up_to_date=0 skipped_csn_gt_ruv=0 skipped_csn_covered=0 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Successfully released consumer [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: sending_updates -> wait_for_changes [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: wait_for_changes -> ready_to_acquire_replica [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replica was successfully acquired. [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: ready_to_acquire_replica -> sending_updates [13/Jan/2016:17:01:36 +0000] - csngen_adjust_time: gen state before 569683ea0004:1452704496:2:248 [13/Jan/2016:17:01:36 +0000] - csngen_adjust_time: gen state after 569683ea0004:1452704496:2:248 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:36 +0000] - _cl5PositionCursorForReplay (agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389)): Consumer RUV: [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 569683ea000100050000 00000000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 56968370000400040000 00000000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 00000000 [13/Jan/2016:17:01:36 +0000] - _cl5PositionCursorForReplay (agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389)): Supplier RUV: [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683e8000100040000 569682f0 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - clcache_get_buffer: found thread private buffer cache 7fc6f5181410 [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - clcache_get_buffer: _pool is 7fc74461e350 _pool->pl_busy_lists is 7fc71406c630 _pool->pl_busy_lists->bl_buffers is 7fc6f5181410 [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - session start: anchorcsn=56968370000400040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - changelog program - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): CSN 56968370000400040000 found, position set for replay [13/Jan/2016:17:01:36 +0000] - repl5_inc_result_threadmain starting [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=1 csn=56968372000200040000 [13/Jan/2016:17:01:36 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pmdb1-ops-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968372000200040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pmdb1-ops-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968372000200040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968372000200040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 070df70b-ab2a11e5-b6d1a094-64a60b74, CSN 56968372000200040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=2 csn=56968372000400040000 [13/Jan/2016:17:01:36 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pmdb1-ops-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968372000400040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pmdb1-ops-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968372000400040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968372000400040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 070df70b-ab2a11e5-b6d1a094-64a60b74, CSN 56968372000400040000): [13/Jan/2016:17:01:36 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=3 csn=56968372000600040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="uid=convrter,cn=users,cn=accounts,dc=mydomain,dc=net" csn=56968372000600040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="uid=convrter,cn=users,cn=accounts,dc=mydomain,dc=net" csn=56968372000600040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968372000600040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid c449858a-5b1d11e5-b1f1cd78-f19552bb, CSN 56968372000600040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=4 csn=56968373000000040000 [13/Jan/2016:17:01:36 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe3-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968373000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe3-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968373000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968373000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 2c014385-0bb311e5-bde8cd78-f19552bb, CSN 56968373000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=5 csn=56968373000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe3-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968373000300040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe3-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968373000300040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968373000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 2c014385-0bb311e5-bde8cd78-f19552bb, CSN 56968373000300040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=6 csn=56968375000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=writer1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968375000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=writer1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968375000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968375000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 16a0f586-f5c411e4-afbccd78-f19552bb, CSN 56968375000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=7 csn=56968375000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=writer1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968375000300040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=writer1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968375000300040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968375000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 16a0f586-f5c411e4-afbccd78-f19552bb, CSN 56968375000300040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=8 csn=56968378000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=jbl1-tools-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968378000300040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=jbl1-tools-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968378000300040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968378000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 892ff89a-aaf511e5-b1f1cd78-f19552bb, CSN 56968378000300040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=9 csn=56968379000200040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=jbl1-tools-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000200040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=jbl1-tools-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000200040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968379000200040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 892ff89a-aaf511e5-b1f1cd78-f19552bb, CSN 56968379000200040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=10 csn=56968379000500040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-msg-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000500040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-msg-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000500040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968379000500040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 8f1a8905-1e8611e5-a0c7cd78-f19552bb, CSN 56968379000500040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=11 csn=56968379000800040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-msg-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000800040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-msg-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000800040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968379000800040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 8f1a8905-1e8611e5-a0c7cd78-f19552bb, CSN 56968379000800040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=12 csn=56968379000b00040000 [13/Jan/2016:17:01:36 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=collector1-log-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000b00040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=collector1-log-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000b00040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968379000b00040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 4193771f-569411e5-9215a094-64a60b74, CSN 56968379000b00040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=13 csn=5696837b000200040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=collector1-log-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000200040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=collector1-log-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000200040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837b000200040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 4193771f-569411e5-9215a094-64a60b74, CSN 5696837b000200040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=14 csn=5696837b000500040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-msg-mbqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000500040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-msg-mbqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000500040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837b000500040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 803f2702-aaf511e5-b6d1a094-64a60b74, CSN 5696837b000500040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=15 csn=5696837b000800040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-msg-mbqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000800040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-msg-mbqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000800040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837b000800040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 803f2702-aaf511e5-b6d1a094-64a60b74, CSN 5696837b000800040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=16 csn=5696837d000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-interopperf1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837d000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-interopperf1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837d000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837d000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 640cb404-4cd411e5-b1f1cd78-f19552bb, CSN 5696837d000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=17 csn=5696837f000200040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-interopperf1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000200040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-interopperf1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000200040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000200040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 640cb404-4cd411e5-b1f1cd78-f19552bb, CSN 5696837f000200040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=18 csn=5696837f000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pg1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000300040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pg1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000300040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 1ea56a11-9e1f11e5-b1f1cd78-f19552bb, CSN 5696837f000300040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=19 csn=5696837f000500040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pg1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000500040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pg1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000500040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000500040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 1ea56a11-9e1f11e5-b1f1cd78-f19552bb, CSN 5696837f000500040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=20 csn=5696837f000800040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pg1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000800040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pg1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000800040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000800040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 23489b25-240711e5-a0c7cd78-f19552bb, CSN 5696837f000800040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=21 csn=5696837f000b00040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pg1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000b00040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pg1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000b00040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000b00040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 23489b25-240711e5-a0c7cd78-f19552bb, CSN 5696837f000b00040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=22 csn=56968381000200040000 [13/Jan/2016:17:01:36 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-msgqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968381000200040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-msgqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968381000200040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968381000200040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 15173e07-4c4411e5-b1f1cd78-f19552bb, CSN 56968381000200040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=23 csn=56968381000500040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-msgqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968381000500040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-msgqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968381000500040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968381000500040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 15173e07-4c4411e5-b1f1cd78-f19552bb, CSN 56968381000500040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=24 csn=56968384000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-interopsnap2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968384000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-interopsnap2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968384000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968384000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid c16f2824-4d0911e5-b1f1cd78-f19552bb, CSN 56968384000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=25 csn=56968384000100040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-interopsnap2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968384000100040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-interopsnap2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968384000100040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968384000100040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid c16f2824-4d0911e5-b1f1cd78-f19552bb, CSN 56968384000100040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=26 csn=5696838d000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=proxy3-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696838d000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=proxy3-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696838d000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696838d000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid e347dd89-58b911e5-b1f1cd78-f19552bb, CSN 5696838d000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=27 csn=5696838d000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=proxy3-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696838d000300040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=proxy3-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696838d000300040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696838d000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid e347dd89-58b911e5-b1f1cd78-f19552bb, CSN 5696838d000300040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=28 csn=56968392000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=logger1-mls-snap12-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968392000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=logger1-mls-snap12-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968392000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968392000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 89411b12-58ad11e5-9215a094-64a60b74, CSN 56968392000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=29 csn=56968392000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=logger1-mls-snap12-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968392000300040000) [13/Jan/2016:17:01:36 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=logger1-mls-snap12-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968392000300040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968392000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 89411b12-58ad11e5-9215a094-64a60b74, CSN 56968392000300040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=30 csn=56968397000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=db1-arch-cpqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968397000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=db1-arch-cpqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968397000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968397000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid a050c41e-9e2e11e5-b1f1cd78-f19552bb, CSN 56968397000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=31 csn=56968397000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=db1-arch-cpqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968397000300040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=db1-arch-cpqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968397000300040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968397000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid a050c41e-9e2e11e5-b1f1cd78-f19552bb, CSN 56968397000300040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=32 csn=569683a9000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="krbprincipalname=ldap/dc1-ipa-dev-nvan.mydomain.net at mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net" csn=569683a9000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="krbprincipalname=ldap/dc1-ipa-dev-nvan.mydomain.net at mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net" csn=569683a9000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683a9000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid ba2f2115-ede211e4-bdd5a094-64a60b74, CSN 569683a9000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=33 csn=569683ae000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=report1-urs-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ae000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=report1-urs-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ae000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683ae000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 0481128c-a44311e5-b1f1cd78-f19552bb, CSN 569683ae000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=34 csn=569683ae000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=report1-urs-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ae000300040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=report1-urs-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ae000300040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683ae000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 0481128c-a44311e5-b1f1cd78-f19552bb, CSN 569683ae000300040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=35 csn=569683c3000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-maci1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683c3000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-maci1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683c3000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683c3000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 64ef0886-4c3611e5-b1f1cd78-f19552bb, CSN 569683c3000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=36 csn=569683c5000200040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-maci1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683c5000200040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-maci1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683c5000200040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683c5000200040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 64ef0886-4c3611e5-b1f1cd78-f19552bb, CSN 569683c5000200040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=37 csn=569683c7000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="krbprincipalname=cifs/dc1-ipa-dev-van.mydomain.net at mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net" csn=569683c7000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="krbprincipalname=cifs/dc1-ipa-dev-van.mydomain.net at mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net" csn=569683c7000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683c7000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid e16b6f0a-f27411e4-bf10cd78-f19552bb, CSN 569683c7000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=38 csn=569683cf000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=haproxy1-ngmx-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683cf000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=haproxy1-ngmx-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683cf000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683cf000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 298a1b2f-aafe11e5-b6d1a094-64a60b74, CSN 569683cf000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=39 csn=569683d0000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=haproxy1-ngmx-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d0000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=haproxy1-ngmx-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d0000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d0000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 298a1b2f-aafe11e5-b6d1a094-64a60b74, CSN 569683d0000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=40 csn=569683d2000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=hadoop6-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d2000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=hadoop6-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d2000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d2000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 07939706-ab0411e5-b6d1a094-64a60b74, CSN 569683d2000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=41 csn=569683d2000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=hadoop6-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d2000300040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=hadoop6-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d2000300040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d2000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 07939706-ab0411e5-b6d1a094-64a60b74, CSN 569683d2000300040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=42 csn=569683d6000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe6-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d6000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe6-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d6000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d6000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 6968650e-50ff11e5-b1f1cd78-f19552bb, CSN 569683d6000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=43 csn=569683d6000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe6-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d6000300040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe6-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d6000300040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d6000300040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 6968650e-50ff11e5-b1f1cd78-f19552bb, CSN 569683d6000300040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=44 csn=569683e6000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e6000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e6000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683e6000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 0eb7a68e-aafe11e5-b1f1cd78-f19552bb, CSN 569683e6000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=45 csn=569683e6000200040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e6000200040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e6000200040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683e6000200040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 0eb7a68e-aafe11e5-b1f1cd78-f19552bb, CSN 569683e6000200040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=46 csn=569683e8000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e8000000040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e8000000040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683e8000000040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 9328d984-f5ae11e4-afbccd78-f19552bb, CSN 569683e8000000040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=47 csn=569683e8000100040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e8000100040000) [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e8000100040000) not sent - empty [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683e8000100040000 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 9328d984-f5ae11e4-afbccd78-f19552bb, CSN 569683e8000100040000): [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - clcache_load_buffer: rc=-30988 [13/Jan/2016:17:01:36 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): No more updates to send (cl5GetNextOperationToReplay) [13/Jan/2016:17:01:36 +0000] - repl5_inc_waitfor_async_results: 0 0 [13/Jan/2016:17:01:36 +0000] - repl5_inc_result_threadmain exiting [13/Jan/2016:17:01:36 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - session end: state=5 load=1 sent=47 skipped=0 skipped_new_rid=0 skipped_csn_gt_cons_maxcsn=0 skipped_up_to_date=0 skipped_csn_gt_ruv=0 skipped_csn_covered=0 [13/Jan/2016:17:01:37 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Successfully released consumer [13/Jan/2016:17:01:37 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [13/Jan/2016:17:01:37 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: sending_updates -> wait_for_changes [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 56960018000000050000 into pending list [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - conn=5219 op=156078 csn=56960018000000050000 process postop: canceling operation csn [13/Jan/2016:17:01:38 +0000] - _csngen_adjust_local_time: gen state before 569683ea0004:1452704496:2:248 [13/Jan/2016:17:01:38 +0000] - _csngen_adjust_local_time: gen state after 569683ea0004:1452704498:0:248 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569683ea000400040000 into pending list [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=es1-sal-sinci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568d4968000100040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569683ea000400040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: wait_for_changes -> wait_for_changes [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: wait_for_changes -> ready_to_acquire_replica [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: wait_for_changes -> wait_for_changes [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: wait_for_changes -> ready_to_acquire_replica [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [13/Jan/2016:17:01:38 +0000] - acquire_replica, supplier RUV: [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - supplier: {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - supplier: {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683ea000400040000 569682f2 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - supplier: {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - supplier: {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:38 +0000] - acquire_replica, consumer RUV: [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - consumer: {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - consumer: {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683e8000100040000 569682f0 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - consumer: {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - consumer: {replica 5} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:38 +0000] - acquire_replica, supplier RUV is newer [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): Cancelling linger on the connection [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replica was successfully acquired. [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: ready_to_acquire_replica -> sending_updates [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569683ea000600040000 into pending list [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=es1-sal-sinci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568d496a000400040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - windows sync - windows_acquire_replica returned success (101) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: ready_to_acquire_replica -> sending_updates [13/Jan/2016:17:01:38 +0000] - csngen_adjust_time: gen state before 569683ea0008:1452704498:0:248 [13/Jan/2016:17:01:38 +0000] - csngen_adjust_time: gen state after 569683ea0008:1452704498:0:248 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:38 +0000] - csngen_adjust_time: gen state before 569683ea0008:1452704498:0:248 [13/Jan/2016:17:01:38 +0000] - _cl5PositionCursorForReplay (agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389)): Consumer RUV: [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 569683ea000100050000 00000000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 56968370000400040000 00000000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 00000000 [13/Jan/2016:17:01:38 +0000] - _cl5PositionCursorForReplay (agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389)): Supplier RUV: [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683ea000400040000 569682f2 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - clcache_get_buffer: found thread private buffer cache 7fc6f5181410 [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - clcache_get_buffer: _pool is 7fc74461e350 _pool->pl_busy_lists is 7fc71406c630 _pool->pl_busy_lists->bl_buffers is 7fc6f5181410 [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - session start: anchorcsn=56968370000400040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - changelog program - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): CSN 56968370000400040000 found, position set for replay [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=1 csn=56968372000200040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pmdb1-ops-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968372000200040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pmdb1-ops-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968372000200040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968372000200040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 070df70b-ab2a11e5-b6d1a094-64a60b74, CSN 56968372000200040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=2 csn=56968372000400040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pmdb1-ops-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968372000400040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pmdb1-ops-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968372000400040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968372000400040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 070df70b-ab2a11e5-b6d1a094-64a60b74, CSN 56968372000400040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=3 csn=56968372000600040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="uid=convrter,cn=users,cn=accounts,dc=mydomain,dc=net" csn=56968372000600040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="uid=convrter,cn=users,cn=accounts,dc=mydomain,dc=net" csn=56968372000600040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968372000600040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid c449858a-5b1d11e5-b1f1cd78-f19552bb, CSN 56968372000600040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=4 csn=56968373000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe3-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968373000000040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe3-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968373000000040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968373000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 2c014385-0bb311e5-bde8cd78-f19552bb, CSN 56968373000000040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=5 csn=56968373000300040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe3-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968373000300040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe3-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968373000300040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968373000300040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 2c014385-0bb311e5-bde8cd78-f19552bb, CSN 56968373000300040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=6 csn=56968375000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=writer1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968375000000040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=writer1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968375000000040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968375000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 16a0f586-f5c411e4-afbccd78-f19552bb, CSN 56968375000000040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=7 csn=56968375000300040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=writer1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968375000300040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=writer1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968375000300040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968375000300040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 16a0f586-f5c411e4-afbccd78-f19552bb, CSN 56968375000300040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=8 csn=56968378000300040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=jbl1-tools-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968378000300040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=jbl1-tools-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968378000300040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968378000300040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 892ff89a-aaf511e5-b1f1cd78-f19552bb, CSN 56968378000300040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=9 csn=56968379000200040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=jbl1-tools-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000200040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=jbl1-tools-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000200040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968379000200040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 892ff89a-aaf511e5-b1f1cd78-f19552bb, CSN 56968379000200040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=10 csn=56968379000500040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-msg-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000500040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-msg-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000500040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968379000500040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 8f1a8905-1e8611e5-a0c7cd78-f19552bb, CSN 56968379000500040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=11 csn=56968379000800040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-msg-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000800040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-msg-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000800040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968379000800040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 8f1a8905-1e8611e5-a0c7cd78-f19552bb, CSN 56968379000800040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=12 csn=56968379000b00040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=collector1-log-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000b00040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=collector1-log-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000b00040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968379000b00040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 4193771f-569411e5-9215a094-64a60b74, CSN 56968379000b00040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=13 csn=5696837b000200040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=collector1-log-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000200040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=collector1-log-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000200040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837b000200040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 4193771f-569411e5-9215a094-64a60b74, CSN 5696837b000200040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=14 csn=5696837b000500040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-msg-mbqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000500040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-msg-mbqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000500040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837b000500040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 803f2702-aaf511e5-b6d1a094-64a60b74, CSN 5696837b000500040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=15 csn=5696837b000800040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-msg-mbqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000800040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-msg-mbqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000800040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837b000800040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 803f2702-aaf511e5-b6d1a094-64a60b74, CSN 5696837b000800040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=16 csn=5696837d000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-interopperf1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837d000000040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-interopperf1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837d000000040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837d000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 640cb404-4cd411e5-b1f1cd78-f19552bb, CSN 5696837d000000040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=17 csn=5696837f000200040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-interopperf1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000200040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-interopperf1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000200040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000200040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 640cb404-4cd411e5-b1f1cd78-f19552bb, CSN 5696837f000200040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=18 csn=5696837f000300040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pg1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000300040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pg1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000300040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000300040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 1ea56a11-9e1f11e5-b1f1cd78-f19552bb, CSN 5696837f000300040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=19 csn=5696837f000500040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pg1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000500040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pg1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000500040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000500040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 1ea56a11-9e1f11e5-b1f1cd78-f19552bb, CSN 5696837f000500040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=20 csn=5696837f000800040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pg1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000800040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pg1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000800040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000800040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 23489b25-240711e5-a0c7cd78-f19552bb, CSN 5696837f000800040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=21 csn=5696837f000b00040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pg1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000b00040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pg1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000b00040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000b00040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 23489b25-240711e5-a0c7cd78-f19552bb, CSN 5696837f000b00040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=22 csn=56968381000200040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-msgqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968381000200040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-msgqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968381000200040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968381000200040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 15173e07-4c4411e5-b1f1cd78-f19552bb, CSN 56968381000200040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=23 csn=56968381000500040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-msgqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968381000500040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-msgqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968381000500040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968381000500040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 15173e07-4c4411e5-b1f1cd78-f19552bb, CSN 56968381000500040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=24 csn=56968384000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-interopsnap2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968384000000040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-interopsnap2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968384000000040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968384000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid c16f2824-4d0911e5-b1f1cd78-f19552bb, CSN 56968384000000040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=25 csn=56968384000100040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-interopsnap2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968384000100040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-interopsnap2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968384000100040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968384000100040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid c16f2824-4d0911e5-b1f1cd78-f19552bb, CSN 56968384000100040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=26 csn=5696838d000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=proxy3-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696838d000000040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=proxy3-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696838d000000040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696838d000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid e347dd89-58b911e5-b1f1cd78-f19552bb, CSN 5696838d000000040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=27 csn=5696838d000300040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=proxy3-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696838d000300040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=proxy3-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696838d000300040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696838d000300040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid e347dd89-58b911e5-b1f1cd78-f19552bb, CSN 5696838d000300040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=28 csn=56968392000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=logger1-mls-snap12-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968392000000040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=logger1-mls-snap12-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968392000000040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968392000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 89411b12-58ad11e5-9215a094-64a60b74, CSN 56968392000000040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=29 csn=56968392000300040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=logger1-mls-snap12-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968392000300040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=logger1-mls-snap12-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968392000300040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968392000300040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 89411b12-58ad11e5-9215a094-64a60b74, CSN 56968392000300040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=30 csn=56968397000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=db1-arch-cpqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968397000000040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=db1-arch-cpqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968397000000040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968397000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid a050c41e-9e2e11e5-b1f1cd78-f19552bb, CSN 56968397000000040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=31 csn=56968397000300040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=db1-arch-cpqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968397000300040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=db1-arch-cpqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968397000300040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968397000300040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid a050c41e-9e2e11e5-b1f1cd78-f19552bb, CSN 56968397000300040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=32 csn=569683a9000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="krbprincipalname=ldap/dc1-ipa-dev-nvan.mydomain.net at mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net" csn=569683a9000000040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="krbprincipalname=ldap/dc1-ipa-dev-nvan.mydomain.net at mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net" csn=569683a9000000040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683a9000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid ba2f2115-ede211e4-bdd5a094-64a60b74, CSN 569683a9000000040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=33 csn=569683ae000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=report1-urs-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ae000000040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=report1-urs-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ae000000040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683ae000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 0481128c-a44311e5-b1f1cd78-f19552bb, CSN 569683ae000000040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=34 csn=569683ae000300040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=report1-urs-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ae000300040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=report1-urs-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ae000300040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683ae000300040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 0481128c-a44311e5-b1f1cd78-f19552bb, CSN 569683ae000300040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=35 csn=569683c3000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-maci1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683c3000000040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-maci1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683c3000000040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683c3000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 64ef0886-4c3611e5-b1f1cd78-f19552bb, CSN 569683c3000000040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=36 csn=569683c5000200040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-maci1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683c5000200040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-maci1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683c5000200040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683c5000200040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 64ef0886-4c3611e5-b1f1cd78-f19552bb, CSN 569683c5000200040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=37 csn=569683c7000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="krbprincipalname=cifs/dc1-ipa-dev-van.mydomain.net at mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net" csn=569683c7000000040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="krbprincipalname=cifs/dc1-ipa-dev-van.mydomain.net at mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net" csn=569683c7000000040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683c7000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid e16b6f0a-f27411e4-bf10cd78-f19552bb, CSN 569683c7000000040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=38 csn=569683cf000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=haproxy1-ngmx-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683cf000000040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=haproxy1-ngmx-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683cf000000040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683cf000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 298a1b2f-aafe11e5-b6d1a094-64a60b74, CSN 569683cf000000040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=39 csn=569683d0000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=haproxy1-ngmx-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d0000000040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=haproxy1-ngmx-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d0000000040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d0000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 298a1b2f-aafe11e5-b6d1a094-64a60b74, CSN 569683d0000000040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=40 csn=569683d2000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=hadoop6-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d2000000040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=hadoop6-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d2000000040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d2000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 07939706-ab0411e5-b6d1a094-64a60b74, CSN 569683d2000000040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=41 csn=569683d2000300040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=hadoop6-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d2000300040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=hadoop6-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d2000300040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d2000300040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 07939706-ab0411e5-b6d1a094-64a60b74, CSN 569683d2000300040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=42 csn=569683d6000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe6-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d6000000040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe6-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d6000000040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d6000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 6968650e-50ff11e5-b1f1cd78-f19552bb, CSN 569683d6000000040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=43 csn=569683d6000300040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe6-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d6000300040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe6-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d6000300040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d6000300040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 6968650e-50ff11e5-b1f1cd78-f19552bb, CSN 569683d6000300040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=44 csn=569683e6000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e6000000040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e6000000040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683e6000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 0eb7a68e-aafe11e5-b1f1cd78-f19552bb, CSN 569683e6000000040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=45 csn=569683e6000200040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e6000200040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e6000200040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683e6000200040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 0eb7a68e-aafe11e5-b1f1cd78-f19552bb, CSN 569683e6000200040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=46 csn=569683e8000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e8000000040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e8000000040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683e8000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 9328d984-f5ae11e4-afbccd78-f19552bb, CSN 569683e8000000040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=47 csn=569683e8000100040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e8000100040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e8000100040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683e8000100040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 9328d984-f5ae11e4-afbccd78-f19552bb, CSN 569683e8000100040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=48 csn=569683ea000400040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-sal-sinci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ea000400040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-sal-sinci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ea000400040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683ea000400040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 8fa6b5a2-58f411e5-b1f1cd78-f19552bb, CSN 569683ea000400040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - clcache_load_buffer: rc=-30988 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): No more updates to send (cl5GetNextOperationToReplay) [13/Jan/2016:17:01:38 +0000] - repl5_inc_waitfor_async_results: 0 0 [13/Jan/2016:17:01:38 +0000] - repl5_inc_result_threadmain starting [13/Jan/2016:17:01:38 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:38 +0000] - _cl5PositionCursorForReplay (agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389)): Consumer RUV: [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683e8000100040000 569682f0 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 5} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:38 +0000] - _cl5PositionCursorForReplay (agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389)): Supplier RUV: [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683ea000400040000 569682f2 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:38 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - clcache_get_buffer: found thread private buffer cache 7fc71407c6e0 [13/Jan/2016:17:01:38 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - clcache_get_buffer: _pool is 7fc74461e350 _pool->pl_busy_lists is 7fc71406c630 _pool->pl_busy_lists->bl_buffers is 7fc6f5181410 [13/Jan/2016:17:01:38 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - session start: anchorcsn=569683e8000100040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - changelog program - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): CSN 569683e8000100040000 found, position set for replay [13/Jan/2016:17:01:38 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - load=1 rec=1 csn=569683ea000400040000 [13/Jan/2016:17:01:38 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - clcache_load_buffer: rc=-30988 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): No more updates to send (cl5GetNextOperationToReplay) [13/Jan/2016:17:01:38 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - session end: state=5 load=1 sent=1 skipped=0 skipped_new_rid=0 skipped_csn_gt_cons_maxcsn=0 skipped_up_to_date=0 skipped_csn_gt_ruv=0 skipped_csn_covered=0 [13/Jan/2016:17:01:38 +0000] - Calling dirsync search request plugin [13/Jan/2016:17:01:38 +0000] - Sending dirsync search request [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569683ea000600040000 [13/Jan/2016:17:01:38 +0000] - repl5_inc_result_threadmain exiting [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - session end: state=5 load=1 sent=48 skipped=0 skipped_new_rid=0 skipped_csn_gt_cons_maxcsn=0 skipped_up_to_date=0 skipped_csn_gt_ruv=0 skipped_csn_covered=0 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Successfully released consumer [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: sending_updates -> wait_for_changes [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: wait_for_changes -> ready_to_acquire_replica [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): Beginning linger on the connection [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: sending_updates -> wait_for_changes [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: wait_for_changes -> ready_to_acquire_replica [13/Jan/2016:17:01:38 +0000] - acquire_replica, supplier RUV: [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - supplier: {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - supplier: {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683ea000600040000 569682f2 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - supplier: {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - supplier: {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:38 +0000] - acquire_replica, consumer RUV: [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - consumer: {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - consumer: {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683ea000400040000 569682f2 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - consumer: {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - consumer: {replica 5} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:38 +0000] - acquire_replica, supplier RUV is newer [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): Cancelling linger on the connection [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - windows sync - windows_acquire_replica returned success (101) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: ready_to_acquire_replica -> sending_updates [13/Jan/2016:17:01:38 +0000] - csngen_adjust_time: gen state before 569683ea000a:1452704498:0:248 [13/Jan/2016:17:01:38 +0000] - csngen_adjust_time: gen state after 569683ea000a:1452704498:0:248 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replica was successfully acquired. [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: ready_to_acquire_replica -> sending_updates [13/Jan/2016:17:01:38 +0000] - csngen_adjust_time: gen state before 569683ea000a:1452704498:0:248 [13/Jan/2016:17:01:38 +0000] - csngen_adjust_time: gen state after 569683ea000a:1452704498:0:248 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:38 +0000] - _cl5PositionCursorForReplay (agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389)): Consumer RUV: [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 569683ea000100050000 00000000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 56968370000400040000 00000000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 00000000 [13/Jan/2016:17:01:38 +0000] - _cl5PositionCursorForReplay (agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389)): Supplier RUV: [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683ea000600040000 569682f2 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - clcache_get_buffer: found thread private buffer cache 7fc6f5181410 [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - clcache_get_buffer: _pool is 7fc74461e350 _pool->pl_busy_lists is 7fc71406c630 _pool->pl_busy_lists->bl_buffers is 7fc6f5181410 [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - session start: anchorcsn=56968370000400040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - changelog program - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): CSN 56968370000400040000 found, position set for replay [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=1 csn=56968372000200040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pmdb1-ops-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968372000200040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pmdb1-ops-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968372000200040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968372000200040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 070df70b-ab2a11e5-b6d1a094-64a60b74, CSN 56968372000200040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=2 csn=56968372000400040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pmdb1-ops-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968372000400040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pmdb1-ops-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968372000400040000) not sent - empty [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968372000400040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 070df70b-ab2a11e5-b6d1a094-64a60b74, CSN 56968372000400040000): [13/Jan/2016:17:01:38 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=3 csn=56968372000600040000 [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="uid=convrter,cn=users,cn=accounts,dc=mydomain,dc=net" csn=56968372000600040000) [13/Jan/2016:17:01:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="uid=convrter,cn=users,cn=accounts,dc=mydomain,dc=net" csn=56968372000600040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968372000600040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid c449858a-5b1d11e5-b1f1cd78-f19552bb, CSN 56968372000600040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=4 csn=56968373000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe3-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968373000000040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe3-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968373000000040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968373000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 2c014385-0bb311e5-bde8cd78-f19552bb, CSN 56968373000000040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=5 csn=56968373000300040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe3-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968373000300040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe3-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968373000300040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968373000300040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 2c014385-0bb311e5-bde8cd78-f19552bb, CSN 56968373000300040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=6 csn=56968375000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=writer1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968375000000040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=writer1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968375000000040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968375000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 16a0f586-f5c411e4-afbccd78-f19552bb, CSN 56968375000000040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=7 csn=56968375000300040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=writer1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968375000300040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=writer1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968375000300040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968375000300040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 16a0f586-f5c411e4-afbccd78-f19552bb, CSN 56968375000300040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=8 csn=56968378000300040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=jbl1-tools-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968378000300040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=jbl1-tools-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968378000300040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968378000300040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 892ff89a-aaf511e5-b1f1cd78-f19552bb, CSN 56968378000300040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=9 csn=56968379000200040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=jbl1-tools-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000200040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=jbl1-tools-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000200040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968379000200040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 892ff89a-aaf511e5-b1f1cd78-f19552bb, CSN 56968379000200040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=10 csn=56968379000500040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-msg-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000500040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-msg-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000500040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968379000500040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 8f1a8905-1e8611e5-a0c7cd78-f19552bb, CSN 56968379000500040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=11 csn=56968379000800040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-msg-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000800040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-msg-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000800040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968379000800040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 8f1a8905-1e8611e5-a0c7cd78-f19552bb, CSN 56968379000800040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=12 csn=56968379000b00040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=collector1-log-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000b00040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=collector1-log-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000b00040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968379000b00040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 4193771f-569411e5-9215a094-64a60b74, CSN 56968379000b00040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=13 csn=5696837b000200040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=collector1-log-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000200040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=collector1-log-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000200040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837b000200040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 4193771f-569411e5-9215a094-64a60b74, CSN 5696837b000200040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=14 csn=5696837b000500040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-msg-mbqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000500040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-msg-mbqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000500040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837b000500040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 803f2702-aaf511e5-b6d1a094-64a60b74, CSN 5696837b000500040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=15 csn=5696837b000800040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-msg-mbqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000800040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-msg-mbqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000800040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837b000800040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 803f2702-aaf511e5-b6d1a094-64a60b74, CSN 5696837b000800040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=16 csn=5696837d000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-interopperf1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837d000000040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-interopperf1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837d000000040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837d000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 640cb404-4cd411e5-b1f1cd78-f19552bb, CSN 5696837d000000040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=17 csn=5696837f000200040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-interopperf1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000200040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-interopperf1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000200040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000200040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 640cb404-4cd411e5-b1f1cd78-f19552bb, CSN 5696837f000200040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=18 csn=5696837f000300040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pg1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000300040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pg1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000300040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000300040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 1ea56a11-9e1f11e5-b1f1cd78-f19552bb, CSN 5696837f000300040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=19 csn=5696837f000500040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pg1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000500040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pg1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000500040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000500040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 1ea56a11-9e1f11e5-b1f1cd78-f19552bb, CSN 5696837f000500040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=20 csn=5696837f000800040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pg1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000800040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pg1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000800040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000800040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 23489b25-240711e5-a0c7cd78-f19552bb, CSN 5696837f000800040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=21 csn=5696837f000b00040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pg1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000b00040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pg1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000b00040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000b00040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 23489b25-240711e5-a0c7cd78-f19552bb, CSN 5696837f000b00040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=22 csn=56968381000200040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-msgqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968381000200040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-msgqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968381000200040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968381000200040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 15173e07-4c4411e5-b1f1cd78-f19552bb, CSN 56968381000200040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=23 csn=56968381000500040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-msgqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968381000500040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-msgqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968381000500040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968381000500040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 15173e07-4c4411e5-b1f1cd78-f19552bb, CSN 56968381000500040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=24 csn=56968384000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-interopsnap2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968384000000040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-interopsnap2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968384000000040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968384000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid c16f2824-4d0911e5-b1f1cd78-f19552bb, CSN 56968384000000040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=25 csn=56968384000100040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-interopsnap2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968384000100040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-interopsnap2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968384000100040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968384000100040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid c16f2824-4d0911e5-b1f1cd78-f19552bb, CSN 56968384000100040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=26 csn=5696838d000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=proxy3-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696838d000000040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=proxy3-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696838d000000040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696838d000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid e347dd89-58b911e5-b1f1cd78-f19552bb, CSN 5696838d000000040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=27 csn=5696838d000300040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=proxy3-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696838d000300040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=proxy3-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696838d000300040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696838d000300040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid e347dd89-58b911e5-b1f1cd78-f19552bb, CSN 5696838d000300040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=28 csn=56968392000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=logger1-mls-snap12-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968392000000040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=logger1-mls-snap12-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968392000000040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968392000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 89411b12-58ad11e5-9215a094-64a60b74, CSN 56968392000000040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=29 csn=56968392000300040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=logger1-mls-snap12-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968392000300040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=logger1-mls-snap12-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968392000300040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968392000300040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 89411b12-58ad11e5-9215a094-64a60b74, CSN 56968392000300040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=30 csn=56968397000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=db1-arch-cpqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968397000000040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=db1-arch-cpqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968397000000040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968397000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid a050c41e-9e2e11e5-b1f1cd78-f19552bb, CSN 56968397000000040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=31 csn=56968397000300040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=db1-arch-cpqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968397000300040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=db1-arch-cpqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968397000300040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968397000300040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid a050c41e-9e2e11e5-b1f1cd78-f19552bb, CSN 56968397000300040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=32 csn=569683a9000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="krbprincipalname=ldap/dc1-ipa-dev-nvan.mydomain.net at mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net" csn=569683a9000000040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="krbprincipalname=ldap/dc1-ipa-dev-nvan.mydomain.net at mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net" csn=569683a9000000040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683a9000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid ba2f2115-ede211e4-bdd5a094-64a60b74, CSN 569683a9000000040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=33 csn=569683ae000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=report1-urs-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ae000000040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=report1-urs-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ae000000040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683ae000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 0481128c-a44311e5-b1f1cd78-f19552bb, CSN 569683ae000000040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=34 csn=569683ae000300040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=report1-urs-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ae000300040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=report1-urs-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ae000300040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683ae000300040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 0481128c-a44311e5-b1f1cd78-f19552bb, CSN 569683ae000300040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=35 csn=569683c3000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-maci1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683c3000000040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-maci1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683c3000000040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683c3000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 64ef0886-4c3611e5-b1f1cd78-f19552bb, CSN 569683c3000000040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=36 csn=569683c5000200040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-maci1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683c5000200040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-maci1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683c5000200040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683c5000200040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 64ef0886-4c3611e5-b1f1cd78-f19552bb, CSN 569683c5000200040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=37 csn=569683c7000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="krbprincipalname=cifs/dc1-ipa-dev-van.mydomain.net at mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net" csn=569683c7000000040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="krbprincipalname=cifs/dc1-ipa-dev-van.mydomain.net at mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net" csn=569683c7000000040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683c7000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid e16b6f0a-f27411e4-bf10cd78-f19552bb, CSN 569683c7000000040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=38 csn=569683cf000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=haproxy1-ngmx-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683cf000000040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=haproxy1-ngmx-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683cf000000040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683cf000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 298a1b2f-aafe11e5-b6d1a094-64a60b74, CSN 569683cf000000040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=39 csn=569683d0000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=haproxy1-ngmx-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d0000000040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=haproxy1-ngmx-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d0000000040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d0000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 298a1b2f-aafe11e5-b6d1a094-64a60b74, CSN 569683d0000000040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=40 csn=569683d2000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=hadoop6-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d2000000040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=hadoop6-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d2000000040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d2000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 07939706-ab0411e5-b6d1a094-64a60b74, CSN 569683d2000000040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=41 csn=569683d2000300040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=hadoop6-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d2000300040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=hadoop6-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d2000300040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d2000300040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 07939706-ab0411e5-b6d1a094-64a60b74, CSN 569683d2000300040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=42 csn=569683d6000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe6-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d6000000040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe6-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d6000000040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d6000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 6968650e-50ff11e5-b1f1cd78-f19552bb, CSN 569683d6000000040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=43 csn=569683d6000300040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe6-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d6000300040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe6-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683d6000300040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683d6000300040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 6968650e-50ff11e5-b1f1cd78-f19552bb, CSN 569683d6000300040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=44 csn=569683e6000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e6000000040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e6000000040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683e6000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 0eb7a68e-aafe11e5-b1f1cd78-f19552bb, CSN 569683e6000000040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=45 csn=569683e6000200040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e6000200040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e6000200040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683e6000200040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 0eb7a68e-aafe11e5-b1f1cd78-f19552bb, CSN 569683e6000200040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=46 csn=569683e8000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e8000000040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e8000000040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683e8000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 9328d984-f5ae11e4-afbccd78-f19552bb, CSN 569683e8000000040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=47 csn=569683e8000100040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e8000100040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683e8000100040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683e8000100040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 9328d984-f5ae11e4-afbccd78-f19552bb, CSN 569683e8000100040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=48 csn=569683ea000400040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-sal-sinci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ea000400040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-sal-sinci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ea000400040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683ea000400040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 8fa6b5a2-58f411e5-b1f1cd78-f19552bb, CSN 569683ea000400040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=49 csn=569683ea000600040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-sal-sinci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ea000600040000) [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-sal-sinci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=569683ea000600040000) not sent - empty [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 569683ea000600040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 8fa6b5a2-58f411e5-b1f1cd78-f19552bb, CSN 569683ea000600040000): [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - clcache_load_buffer: rc=-30988 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): No more updates to send (cl5GetNextOperationToReplay) [13/Jan/2016:17:01:39 +0000] - repl5_inc_waitfor_async_results: 0 0 [13/Jan/2016:17:01:39 +0000] - repl5_inc_result_threadmain starting [13/Jan/2016:17:01:39 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:39 +0000] - _cl5PositionCursorForReplay (agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389)): Consumer RUV: [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683ea000400040000 569682f2 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 5} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:39 +0000] - _cl5PositionCursorForReplay (agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389)): Supplier RUV: [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683ea000600040000 569682f2 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:39 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - clcache_get_buffer: found thread private buffer cache 7fc71407c6e0 [13/Jan/2016:17:01:39 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - clcache_get_buffer: _pool is 7fc74461e350 _pool->pl_busy_lists is 7fc71406c630 _pool->pl_busy_lists->bl_buffers is 7fc6f5181410 [13/Jan/2016:17:01:39 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - session start: anchorcsn=569683ea000400040000 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - changelog program - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): CSN 569683ea000400040000 found, position set for replay [13/Jan/2016:17:01:39 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - load=1 rec=1 csn=569683ea000600040000 [13/Jan/2016:17:01:39 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - clcache_load_buffer: rc=-30988 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): No more updates to send (cl5GetNextOperationToReplay) [13/Jan/2016:17:01:39 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - session end: state=5 load=1 sent=1 skipped=0 skipped_new_rid=0 skipped_csn_gt_cons_maxcsn=0 skipped_up_to_date=0 skipped_csn_gt_ruv=0 skipped_csn_covered=0 [13/Jan/2016:17:01:39 +0000] - Calling dirsync search request plugin [13/Jan/2016:17:01:39 +0000] - Sending dirsync search request [13/Jan/2016:17:01:39 +0000] - repl5_inc_result_threadmain exiting [13/Jan/2016:17:01:39 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - session end: state=5 load=1 sent=49 skipped=0 skipped_new_rid=0 skipped_csn_gt_cons_maxcsn=0 skipped_up_to_date=0 skipped_csn_gt_ruv=0 skipped_csn_covered=0 [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Successfully released consumer [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: sending_updates -> wait_for_changes [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): Beginning linger on the connection [13/Jan/2016:17:01:39 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: sending_updates -> wait_for_changes [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 56960179000000050000 into pending list [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - conn=5219 op=156079 csn=56960179000000050000 process postop: canceling operation csn [13/Jan/2016:17:01:40 +0000] - _csngen_adjust_local_time: gen state before 569683ea000a:1452704498:0:248 [13/Jan/2016:17:01:40 +0000] - _csngen_adjust_local_time: gen state after 569683ec0000:1452704500:0:248 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569683ec000000040000 into pending list [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=puppet1-sandbox-int-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568d496a000600040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569683ec000000040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: wait_for_changes -> wait_for_changes [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: wait_for_changes -> ready_to_acquire_replica [13/Jan/2016:17:01:40 +0000] - acquire_replica, supplier RUV: [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - supplier: {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - supplier: {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683ec000000040000 569682f4 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - supplier: {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - supplier: {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:40 +0000] - acquire_replica, consumer RUV: [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - consumer: {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - consumer: {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683ea000600040000 569682f3 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - consumer: {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - consumer: {replica 5} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:40 +0000] - acquire_replica, supplier RUV is newer [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): Cancelling linger on the connection [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - windows sync - windows_acquire_replica returned success (101) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: ready_to_acquire_replica -> sending_updates [13/Jan/2016:17:01:40 +0000] - csngen_adjust_time: gen state before 569683ec0002:1452704500:0:248 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: wait_for_changes -> wait_for_changes [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: wait_for_changes -> ready_to_acquire_replica [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replica was successfully acquired. [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: ready_to_acquire_replica -> sending_updates [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569683ec000300040000 into pending list [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=puppet1-sandbox-int-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568d496c000000040000 [13/Jan/2016:17:01:40 +0000] - csngen_adjust_time: gen state before 569683ec0004:1452704500:0:248 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:40 +0000] - _cl5PositionCursorForReplay (agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389)): Consumer RUV: [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 569683ea000100050000 00000000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 56968370000400040000 00000000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 00000000 [13/Jan/2016:17:01:40 +0000] - _cl5PositionCursorForReplay (agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389)): Supplier RUV: [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683ec000000040000 569682f4 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - clcache_get_buffer: found thread private buffer cache 7fc6f5181410 [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - clcache_get_buffer: _pool is 7fc74461e350 _pool->pl_busy_lists is 7fc71406c630 _pool->pl_busy_lists->bl_buffers is 7fc6f5181410 [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - session start: anchorcsn=56968370000400040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - changelog program - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): CSN 56968370000400040000 found, position set for replay [13/Jan/2016:17:01:40 +0000] - repl5_inc_result_threadmain starting [13/Jan/2016:17:01:40 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=1 csn=56968372000200040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pmdb1-ops-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968372000200040000) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pmdb1-ops-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968372000200040000) not sent - empty [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968372000200040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 070df70b-ab2a11e5-b6d1a094-64a60b74, CSN 56968372000200040000): [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=2 csn=56968372000400040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pmdb1-ops-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968372000400040000) [13/Jan/2016:17:01:40 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:40 +0000] - _cl5PositionCursorForReplay (agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389)): Consumer RUV: [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683ea000600040000 569682f3 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 5} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:40 +0000] - _cl5PositionCursorForReplay (agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389)): Supplier RUV: [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683ec000000040000 569682f4 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:40 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - clcache_get_buffer: found thread private buffer cache 7fc71407c6e0 [13/Jan/2016:17:01:40 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - clcache_get_buffer: _pool is 7fc74461e350 _pool->pl_busy_lists is 7fc71406c630 _pool->pl_busy_lists->bl_buffers is 7fc6f5181410 [13/Jan/2016:17:01:40 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - session start: anchorcsn=569683ea000600040000 [13/Jan/2016:17:01:40 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7fc743a5f4c0 for database /var/lib/dirsrv/slapd-MYDOMAIN-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569683ec000300040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pmdb1-ops-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968372000400040000) not sent - empty [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968372000400040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 070df70b-ab2a11e5-b6d1a094-64a60b74, CSN 56968372000400040000): [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=3 csn=56968372000600040000 [13/Jan/2016:17:01:40 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - changelog program - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): CSN 569683ea000600040000 found, position set for replay [13/Jan/2016:17:01:40 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - load=1 rec=1 csn=569683ec000000040000 [13/Jan/2016:17:01:40 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="uid=convrter,cn=users,cn=accounts,dc=mydomain,dc=net" csn=56968372000600040000) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="uid=convrter,cn=users,cn=accounts,dc=mydomain,dc=net" csn=56968372000600040000) not sent - empty [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968372000600040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid c449858a-5b1d11e5-b1f1cd78-f19552bb, CSN 56968372000600040000): [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=4 csn=56968373000000040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe3-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968373000000040000) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe3-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968373000000040000) not sent - empty [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968373000000040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 2c014385-0bb311e5-bde8cd78-f19552bb, CSN 56968373000000040000): [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=5 csn=56968373000300040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe3-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968373000300040000) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe3-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968373000300040000) not sent - empty [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968373000300040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 2c014385-0bb311e5-bde8cd78-f19552bb, CSN 56968373000300040000): [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=6 csn=56968375000000040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=writer1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968375000000040000) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=writer1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968375000000040000) not sent - empty [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968375000000040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 16a0f586-f5c411e4-afbccd78-f19552bb, CSN 56968375000000040000): [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=7 csn=56968375000300040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=writer1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968375000300040000) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=writer1-sal-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968375000300040000) not sent - empty [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968375000300040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 16a0f586-f5c411e4-afbccd78-f19552bb, CSN 56968375000300040000): [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=8 csn=56968378000300040000 [13/Jan/2016:17:01:40 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:17:01:40 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - load next: anchorcsn=569683ec000000040000 [13/Jan/2016:17:01:40 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - load=2 rec=2 csn=569683ec000300040000 [13/Jan/2016:17:01:40 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - clcache_load_buffer: rc=-30988 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): No more updates to send (cl5GetNextOperationToReplay) [13/Jan/2016:17:01:40 +0000] agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389) - session end: state=5 load=2 sent=2 skipped=0 skipped_new_rid=0 skipped_csn_gt_cons_maxcsn=0 skipped_up_to_date=0 skipped_csn_gt_ruv=0 skipped_csn_covered=0 [13/Jan/2016:17:01:40 +0000] - Calling dirsync search request plugin [13/Jan/2016:17:01:40 +0000] - Sending dirsync search request [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=jbl1-tools-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968378000300040000) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=jbl1-tools-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968378000300040000) not sent - empty [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968378000300040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 892ff89a-aaf511e5-b1f1cd78-f19552bb, CSN 56968378000300040000): [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=9 csn=56968379000200040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=jbl1-tools-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000200040000) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=jbl1-tools-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000200040000) not sent - empty [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968379000200040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 892ff89a-aaf511e5-b1f1cd78-f19552bb, CSN 56968379000200040000): [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=10 csn=56968379000500040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-msg-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000500040000) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-msg-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000500040000) not sent - empty [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968379000500040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 8f1a8905-1e8611e5-a0c7cd78-f19552bb, CSN 56968379000500040000): [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=11 csn=56968379000800040000 [13/Jan/2016:17:01:40 +0000] - repl5_inc_result_threadmain: read result for message_id 0 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): Beginning linger on the connection [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: sending_updates -> wait_for_changes [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: wait_for_changes -> ready_to_acquire_replica [13/Jan/2016:17:01:40 +0000] - acquire_replica, supplier RUV: [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - supplier: {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - supplier: {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683ec000300040000 569682f4 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - supplier: {replica 5 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - supplier: {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:40 +0000] - acquire_replica, consumer RUV: [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - consumer: {replicageneration} 553fe9bb000000040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - consumer: {replica 4 ldap://dc1-ipa-dev-van.mydomain.net:389} 553fe9c9000000040000 569683ec000300040000 569682f4 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - consumer: {replica 3 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 553fe9c4000000030000 56966fba000200030000 56966ec7 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - consumer: {replica 5} 56921205000100050000 5695cad2000400050000 5695ca7c [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): Cancelling linger on the connection [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - windows sync - windows_acquire_replica returned success (101) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: ready_to_acquire_replica -> sending_updates [13/Jan/2016:17:01:40 +0000] - csngen_adjust_time: gen state before 569683ec0005:1452704500:0:248 [13/Jan/2016:17:01:40 +0000] - csngen_adjust_time: gen state after 569683ec0005:1452704500:0:248 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=es1-msg-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000800040000) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=es1-msg-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000800040000) not sent - empty [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968379000800040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 8f1a8905-1e8611e5-a0c7cd78-f19552bb, CSN 56968379000800040000): [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=12 csn=56968379000b00040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=collector1-log-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000b00040000) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=collector1-log-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968379000b00040000) not sent - empty [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968379000b00040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 4193771f-569411e5-9215a094-64a60b74, CSN 56968379000b00040000): [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=13 csn=5696837b000200040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=collector1-log-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000200040000) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=collector1-log-salqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000200040000) not sent - empty [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837b000200040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 4193771f-569411e5-9215a094-64a60b74, CSN 5696837b000200040000): [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=14 csn=5696837b000500040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-msg-mbqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000500040000) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-msg-mbqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000500040000) not sent - empty [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837b000500040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 803f2702-aaf511e5-b6d1a094-64a60b74, CSN 5696837b000500040000): [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=15 csn=5696837b000800040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-msg-mbqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000800040000) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-msg-mbqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837b000800040000) not sent - empty [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837b000800040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 803f2702-aaf511e5-b6d1a094-64a60b74, CSN 5696837b000800040000): [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=16 csn=5696837d000000040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-interopperf1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837d000000040000) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-interopperf1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837d000000040000) not sent - empty [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837d000000040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 640cb404-4cd411e5-b1f1cd78-f19552bb, CSN 5696837d000000040000): [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=17 csn=5696837f000200040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-interopperf1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000200040000) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-interopperf1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000200040000) not sent - empty [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000200040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 640cb404-4cd411e5-b1f1cd78-f19552bb, CSN 5696837f000200040000): [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=18 csn=5696837f000300040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pg1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000300040000) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pg1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000300040000) not sent - empty [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000300040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 1ea56a11-9e1f11e5-b1f1cd78-f19552bb, CSN 5696837f000300040000): [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=19 csn=5696837f000500040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pg1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000500040000) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pg1-msg-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000500040000) not sent - empty [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000500040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 1ea56a11-9e1f11e5-b1f1cd78-f19552bb, CSN 5696837f000500040000): [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=20 csn=5696837f000800040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pg1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000800040000) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pg1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000800040000) not sent - empty [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000800040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 23489b25-240711e5-a0c7cd78-f19552bb, CSN 5696837f000800040000): [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=21 csn=5696837f000b00040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=pg1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000b00040000) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=pg1-msg-cpqa2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696837f000b00040000) not sent - empty [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696837f000b00040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 23489b25-240711e5-a0c7cd78-f19552bb, CSN 5696837f000b00040000): [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=22 csn=56968381000200040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-msgqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968381000200040000) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-msgqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968381000200040000) not sent - empty [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968381000200040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 15173e07-4c4411e5-b1f1cd78-f19552bb, CSN 56968381000200040000): [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=23 csn=56968381000500040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-msgqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968381000500040000) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-msgqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968381000500040000) not sent - empty [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968381000500040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 15173e07-4c4411e5-b1f1cd78-f19552bb, CSN 56968381000500040000): [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=24 csn=56968384000000040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-interopsnap2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968384000000040000) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-interopsnap2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968384000000040000) not sent - empty [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968384000000040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid c16f2824-4d0911e5-b1f1cd78-f19552bb, CSN 56968384000000040000): [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=25 csn=56968384000100040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=fe1-gas-interopsnap2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968384000100040000) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=fe1-gas-interopsnap2-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968384000100040000) not sent - empty [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968384000100040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid c16f2824-4d0911e5-b1f1cd78-f19552bb, CSN 56968384000100040000): [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=26 csn=5696838d000000040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=proxy3-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696838d000000040000) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=proxy3-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696838d000000040000) not sent - empty [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696838d000000040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid e347dd89-58b911e5-b1f1cd78-f19552bb, CSN 5696838d000000040000): [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=27 csn=5696838d000300040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=proxy3-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696838d000300040000) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=proxy3-pr-lsqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=5696838d000300040000) not sent - empty [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 5696838d000300040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid e347dd89-58b911e5-b1f1cd78-f19552bb, CSN 5696838d000300040000): [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=28 csn=56968392000000040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=logger1-mls-snap12-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968392000000040000) [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: modifys operation (dn="fqdn=logger1-mls-snap12-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968392000000040000) not sent - empty [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Consumer successfully sent operation with csn 56968392000000040000 [13/Jan/2016:17:01:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 89411b12-58ad11e5-9215a094-64a60b74, CSN 56968392000000040000): [13/Jan/2016:17:01:40 +0000] agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389) - load=1 rec=29 csn=56968392000300040000 [13/Jan/2016:17:01:41 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): replay_update: Sending modify operation (dn="fqdn=logger1-mls-snap12-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" csn=56968392000300040000) From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Ludwig Krispenz Sent: January-13-16 2:12 AM To: freeipa-users at redhat.com Subject: Re: [Freeipa-users] Replication failing on FreeIPA 4.2.0 plus ldapmodify freezes up On 01/13/2016 05:19 AM, Nathan Peters wrote: These are the replication agreements: -dc1-van (master) replicates to dc1-nvan -dc1-van (master) replicates to dc2-nvan I do not have an agreement between the 2 other servers at this time so updates from dc1-nvan should go through dc1-van to reach dc2-nvan I did the following test: On each of the 3 domain controllers, create a test host named after itself. After replication, the following hosts existed on the following servers: Dc1-van had entries for testhostdc1van and testhostdc2nvan Dc1-nvan had entries for testhostdc1van, testhostdc1nvan, and testhostdc2nvan Dc2-nvan had entries for testhostdc1van and testhostdc2nvan So replication is working both ways between dc2-nvan and dc1-van Replication is only working one way from dc1-van to dc1-nvan My guess is that a new CSN ending in 3000 was successfully added for the update, but still the same thing is happening and causing it to be ignored ? Is this related to https://fedorahosted.org/389/ticket/48225 ? The description sounds similar. This is fixed by ticket #48266, and you already have seen traces of this fix (about keep alive entry), If so, is there a workaround? Logs from both servers (dc1-van and dc1-nvan) during the update unfortunately the master log only spans 1 second 2016:04:06:32 and the nvan log ands at this second. What is strange in the nvan log is that it always keeps in backoff state. agmt="cn=meTodc1-ipa-dev-van.mydomain.net" (dc1-ipa-dev-van:389): State: backoff -> backoff It should try to acquire the replica and only if it fails go into backoff again. Could you: - restartdc1-nvan and provide the error log of the replication startup - make a change on dc1-nvan and provide access and error logs of both dc1-nvan and dc1-van for the same time span (~10sec) around the change -------------- next part -------------- An HTML attachment was scrubbed... URL: From pspacek at redhat.com Thu Jan 14 07:06:19 2016 From: pspacek at redhat.com (Petr Spacek) Date: Thu, 14 Jan 2016 08:06:19 +0100 Subject: [Freeipa-users] FreeIPA Replica / HA Issues In-Reply-To: References: <5696FB70.1090205@redhat.com> Message-ID: <569748EB.6040900@redhat.com> Hello, this log is weird: On 14.1.2016 03:02, Jeff Hallyburton wrote: >> 2016-01-14T00:45:35Z DEBUG [IPA Discovery] >> 2016-01-14T00:45:35Z DEBUG Starting IPA discovery with domain=west-2.production.example.com, servers=None, hostname=test.west-2.production.example.com >> 2016-01-14T00:45:35Z DEBUG Search for LDAP SRV record in west-2.production.example.com >> 2016-01-14T00:45:35Z DEBUG Search DNS for SRV record of _ldap._tcp.west-2.production.example.com >> 2016-01-14T00:45:35Z DEBUG DNS record found: 0 100 389 ipa1.west-2.production.example.com. >> 2016-01-14T00:45:35Z DEBUG DNS record found: 10 100 389 ipa2.west-2.production.example.com. >> 2016-01-14T00:45:35Z DEBUG [Kerberos realm search] >> 2016-01-14T00:45:35Z DEBUG Search DNS for TXT record of _kerberos.west-2.production.example.com >> 2016-01-14T00:45:35Z DEBUG DNS record found: "EXAMPLE.COM" >> 2016-01-14T00:45:35Z DEBUG Search DNS for SRV record of _kerberos._udp.west-2.production.example.com >> 2016-01-14T00:45:35Z DEBUG DNS record found: 10 100 88 ipa2.west-2.production.example.com. >> 2016-01-14T00:45:35Z DEBUG DNS record found: 0 100 88 ipa1.west-2.production.example.com. >> 2016-01-14T00:45:35Z DEBUG [LDAP server check] >> 2016-01-14T00:45:35Z DEBUG Verifying that ipa1.west-2.production.example.com (realm EXAMPLE.COM) is an IPA server >> 2016-01-14T00:45:35Z DEBUG Init LDAP connection to: ipa1.west-2.production.example.com >> 2016-01-14T00:45:35Z DEBUG Search LDAP server for IPA base DN >> 2016-01-14T00:45:35Z DEBUG Check if naming context 'dc=example,dc=com' is for IPA >> 2016-01-14T00:45:35Z DEBUG Naming context 'dc=example,dc=com' is a valid IPA context >> 2016-01-14T00:45:35Z DEBUG Search for (objectClass=krbRealmContainer) in dc=example,dc=com (sub) >> 2016-01-14T00:45:35Z DEBUG Found: cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com >> 2016-01-14T00:45:35Z DEBUG Discovery result: Success; server=ipa1.west-2.production.example.com, domain=west-2.production.example.com, kdc=ipa2.west-2.production.example.com,ipa1.west-2.production.example.com, basedn=dc=example,dc=com >> 2016-01-14T00:45:35Z DEBUG Validated servers: ipa1.west-2.production.example.com >> 2016-01-14T00:45:35Z DEBUG will use discovered domain: west-2.production.example.com It looks that your IPA domain & realm is "example.com" and "EXAMPLE.COM", is that correct? Looking further ... > 2016-01-14T00:45:39Z DEBUG Writing Kerberos configuration to /etc/krb5.conf: > 2016-01-14T00:45:39Z DEBUG #File modified by ipa-client-install > > includedir /var/lib/sss/pubconf/krb5.include.d/ > > [libdefaults] > default_realm = EXAMPLE.COM > dns_lookup_realm = true > dns_lookup_kdc = true > rdns = false > ticket_lifetime = 24h > forwardable = yes > udp_preference_limit = 0 > default_ccache_name = KEYRING:persistent:%{uid} > > > [realms] > EXAMPLE.COM = { > pkinit_anchors = FILE:/etc/ipa/ca.crt > > } > > > [domain_realm] > .west-2.production.example.com = EXAMPLE.COM > west-2.production.example.com = EXAMPLE.COM Hmm, this is going to be wild guess, but let's try it: Do you have DNS SRV records in domain west-2.production.example.com but not in DNS domain example.com? That would probably cause this kind of problem. Generally it is necessary to put _kerberos TXT + SRV records into the (primary) DNS domain specified during IPA installation. Then use --domain option during ipa-client-install. --server is generally discouraged as it disables DNS SRV lookup and makes failover hard or impossible. --domain is just a hint for the installer where to start looking for DNS SRV records and allows full automatic failover. The autodiscovery is quite messy and needs to be imporoved in next versions. https://fedorahosted.org/freeipa/ticket/5270 should avoid the need to specify --domain when Kerberos TXT record is in DNS ... Stay tuned :-) -- Petr^2 Spacek From abokovoy at redhat.com Thu Jan 14 08:51:55 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Thu, 14 Jan 2016 10:51:55 +0200 Subject: [Freeipa-users] IPA users not visible in NIS passwd map In-Reply-To: References: <20160111212125.GC4316@redhat.com> <20160113211728.GQ4316@redhat.com> <20160113212734.GR4316@redhat.com> Message-ID: <20160114085155.GU4316@redhat.com> On Wed, 13 Jan 2016, Prasun Gera wrote: >Great! I hope it makes it downstream to RHEL. Please open a case with GSS to facilitate the backport. > >On Wed, Jan 13, 2016 at 4:27 PM, Alexander Bokovoy >wrote: > >> On Wed, 13 Jan 2016, Prasun Gera wrote: >> >>> They are authenticated using CRYPT passwords. i.e. Even after a user is >>> disabled in ipa, it's entry is still visible in ypcat passwd on the >>> clients. >>> >> https://fedorahosted.org/slapi-nis/ticket/10 >> >> The definition is unfortunately in the C code, so it would require >> recompile of slapi-nis. For Fedora I plan to do new release next week or >> so as there are enough patches ready to go to new release. >> >> >> -- >> / Alexander Bokovoy >> -- / Alexander Bokovoy From mkosek at redhat.com Thu Jan 14 08:58:39 2016 From: mkosek at redhat.com (Martin Kosek) Date: Thu, 14 Jan 2016 09:58:39 +0100 Subject: [Freeipa-users] IPA users not visible in NIS passwd map In-Reply-To: <20160114085155.GU4316@redhat.com> References: <20160111212125.GC4316@redhat.com> <20160113211728.GQ4316@redhat.com> <20160113212734.GR4316@redhat.com> <20160114085155.GU4316@redhat.com> Message-ID: <5697633F.6080508@redhat.com> On 01/14/2016 09:51 AM, Alexander Bokovoy wrote: > On Wed, 13 Jan 2016, Prasun Gera wrote: >> Great! I hope it makes it downstream to RHEL. > Please open a case with GSS to facilitate the backport. +1. These are the Bug numbers to link to: RHEL-6.x: https://bugzilla.redhat.com/show_bug.cgi?id=1298478 RHEL-7.x: https://bugzilla.redhat.com/show_bug.cgi?id=1298481 >> On Wed, Jan 13, 2016 at 4:27 PM, Alexander Bokovoy >> wrote: >> >>> On Wed, 13 Jan 2016, Prasun Gera wrote: >>> >>>> They are authenticated using CRYPT passwords. i.e. Even after a user is >>>> disabled in ipa, it's entry is still visible in ypcat passwd on the >>>> clients. >>>> >>> https://fedorahosted.org/slapi-nis/ticket/10 >>> >>> The definition is unfortunately in the C code, so it would require >>> recompile of slapi-nis. For Fedora I plan to do new release next week or >>> so as there are enough patches ready to go to new release. >>> >>> >>> -- >>> / Alexander Bokovoy >>> > From karl.forner at gmail.com Thu Jan 14 10:42:00 2016 From: karl.forner at gmail.com (Karl Forner) Date: Thu, 14 Jan 2016 11:42:00 +0100 Subject: [Freeipa-users] UnicodeEncodeError using ipa user-find Message-ID: Hello, When I do: ipa user-find --login=$login I get: ipa: ERROR: UnicodeEncodeError: 'ascii' codec can't encode character u'\xf1' in position 25: ordinal not in range(128) Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ipalib/cli.py", line 1340, in run sys.exit(api.Backend.cli.run(argv)) File "/usr/lib/python2.7/site-packages/ipalib/cli.py", line 1105, in run rv = cmd.output_for_cli(self.api.Backend.textui, result, *args, **options) File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 1030, in output_for_cli textui.print_entries(result, order, labels, flags, print_all) File "/usr/lib/python2.7/site-packages/ipalib/cli.py", line 355, in print_entries self.print_entry(entry, order, labels, flags, print_all, format, indent) File "/usr/lib/python2.7/site-packages/ipalib/cli.py", line 395, in print_entry label, value, format, indent, one_value_per_line File "/usr/lib/python2.7/site-packages/ipalib/cli.py", line 318, in print_attribute self.print_indented(format % (attr, text[0]), indent) File "/usr/lib/python2.7/site-packages/ipalib/cli.py", line 241, in print_indented print (CLI_TAB * indent + text) UnicodeEncodeError: 'ascii' codec can't encode character u'\xf1' in position 25: ordinal not in range(128) ipa: ERROR: an internal error has occurred I checked that the last name of this user has a n with tilde (spanish for "gn" sound). Is this a system configuration error, or a freeIPA problem ? Thanks, Karl -------------- next part -------------- An HTML attachment was scrubbed... URL: From yamakasi.014 at gmail.com Thu Jan 14 12:00:28 2016 From: yamakasi.014 at gmail.com (Matt .) Date: Thu, 14 Jan 2016 13:00:28 +0100 Subject: [Freeipa-users] User Lockout even with special password Policy Message-ID: Hi Guys, I'm having an issue that a user which I use for the API is getting locked out from time to time. I have created a specific password policy for this user with: Lockout duration (seconds) 0 But this doesn't help much. Anyone an idea how I can make sure a user is not locked out in any way by lots of logins or tries, etc and be able to test it functions allright ? Thanks. Matt From karl.forner at gmail.com Thu Jan 14 12:16:12 2016 From: karl.forner at gmail.com (Karl Forner) Date: Thu, 14 Jan 2016 13:16:12 +0100 Subject: [Freeipa-users] how to list only enabled users using ipa user-find Message-ID: Hello, I just realized that "ipa user-find" would list all matching users, disregarding their status, i.e. if they are enabled or disabled. I could not find a suitable option in "ipa help user-find". Is there a way ? Thanks Karl -------------- next part -------------- An HTML attachment was scrubbed... URL: From rcritten at redhat.com Thu Jan 14 14:12:17 2016 From: rcritten at redhat.com (Rob Crittenden) Date: Thu, 14 Jan 2016 09:12:17 -0500 Subject: [Freeipa-users] how to list only enabled users using ipa user-find In-Reply-To: References: Message-ID: <5697ACC1.8010703@redhat.com> Karl Forner wrote: > Hello, > > I just realized that "ipa user-find" would list all matching users, > disregarding their status, i.e. if they are enabled or disabled. > I could not find a suitable option in "ipa help user-find". > Is there a way ? > I don't recall a way to search for this using IPA tools. You can use ldapsearch though: $ ldapsearch -LLL -Y GSSAPI -b cn=users,cn=accounts,dc=example,dc=com '(nsAccountLock=TRUE)' dn rob From rcritten at redhat.com Thu Jan 14 14:16:08 2016 From: rcritten at redhat.com (Rob Crittenden) Date: Thu, 14 Jan 2016 09:16:08 -0500 Subject: [Freeipa-users] User Lockout even with special password Policy In-Reply-To: References: Message-ID: <5697ADA8.5090409@redhat.com> Matt . wrote: > Hi Guys, > > I'm having an issue that a user which I use for the API is getting > locked out from time to time. > > I have created a specific password policy for this user with: > > Lockout duration (seconds) 0 > > But this doesn't help much. > > Anyone an idea how I can make sure a user is not locked out in any way > by lots of logins or tries, etc and be able to test it functions > allright ? Setting maxfail to 0 should do it. As for testing, be creative, but be sure to test both LDAP bind and kinit. rob From karl.forner at gmail.com Thu Jan 14 14:17:03 2016 From: karl.forner at gmail.com (Karl Forner) Date: Thu, 14 Jan 2016 15:17:03 +0100 Subject: [Freeipa-users] how to list only enabled users using ipa user-find In-Reply-To: <5697ACC1.8010703@redhat.com> References: <5697ACC1.8010703@redhat.com> Message-ID: On Thu, Jan 14, 2016 at 3:12 PM, Rob Crittenden wrote: > '(nsAccountLock=TRUE)' dn thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: From rcritten at redhat.com Thu Jan 14 14:32:46 2016 From: rcritten at redhat.com (Rob Crittenden) Date: Thu, 14 Jan 2016 09:32:46 -0500 Subject: [Freeipa-users] Replication failing on FreeIPA 4.2.0 In-Reply-To: References: Message-ID: <5697B18E.2070809@redhat.com> Nathan Peters wrote: > This just keeps on getting better and better. > > > > I need this replication working properly because it has caused about 7 > or 8 builds to fail today alone so I decided to just be done with > troubleshooting and remove the server from the domain and re-initialize it. > > > > I deleted it with ?ipa-replica-manage del dc1-ipa-dev-nvan.mydomain.net? > and then removed then ran an ipa-server uninstall. I then made a new > gpg file for it on dc1-van and added it back as a replica. > > > > After I did that, I wanted to connect all 3 servers together and when I > run ipa-replica-manage connect on dc2-nvan I get this now. I?m not sure > how troubleshoot that. > > > > > > dc1-ipa-dev-nvan.mydomain.net is an IPA Server, but it might be unknown, > foreign or previously deleted one. It means that the new server isn't showing up in the list of masters on dc2-nvan which points to continuing replication issues. rob From mbasti at redhat.com Thu Jan 14 14:43:53 2016 From: mbasti at redhat.com (Martin Basti) Date: Thu, 14 Jan 2016 15:43:53 +0100 Subject: [Freeipa-users] UnicodeEncodeError using ipa user-find In-Reply-To: References: Message-ID: <5697B429.4020709@redhat.com> On 14.01.2016 11:42, Karl Forner wrote: > Hello, > > When I do: > ipa user-find --login=$login > I get: > > ipa: ERROR: UnicodeEncodeError: 'ascii' codec can't encode character > u'\xf1' in position 25: ordinal not in range(128) > Traceback (most recent call last): > File "/usr/lib/python2.7/site-packages/ipalib/cli.py", line 1340, in run > sys.exit(api.Backend.cli.run(argv)) > File "/usr/lib/python2.7/site-packages/ipalib/cli.py", line 1105, in run > rv = cmd.output_for_cli(self.api.Backend.textui, result, *args, > **options) > File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line > 1030, in output_for_cli > textui.print_entries(result, order, labels, flags, print_all) > File "/usr/lib/python2.7/site-packages/ipalib/cli.py", line 355, in > print_entries > self.print_entry(entry, order, labels, flags, print_all, format, > indent) > File "/usr/lib/python2.7/site-packages/ipalib/cli.py", line 395, in > print_entry > label, value, format, indent, one_value_per_line > File "/usr/lib/python2.7/site-packages/ipalib/cli.py", line 318, in > print_attribute > self.print_indented(format % (attr, text[0]), indent) > File "/usr/lib/python2.7/site-packages/ipalib/cli.py", line 241, in > print_indented > print (CLI_TAB * indent + text) > UnicodeEncodeError: 'ascii' codec can't encode character u'\xf1' in > position 25: ordinal not in range(128) > ipa: ERROR: an internal error has occurred > > I checked that the last name of this user has a n with tilde (spanish > for "gn" sound). > Is this a system configuration error, or a freeIPA problem ? > > Thanks, > Karl > > > > Hello, what is your lang settings? $ locale It works for me with utf-8, I was able to reproduce this only with LC_ALL=C, what is somehow expected -------------- next part -------------- An HTML attachment was scrubbed... URL: From yamakasi.014 at gmail.com Thu Jan 14 15:34:17 2016 From: yamakasi.014 at gmail.com (Matt .) Date: Thu, 14 Jan 2016 16:34:17 +0100 Subject: [Freeipa-users] User Lockout even with special password Policy In-Reply-To: <5697ADA8.5090409@redhat.com> References: <5697ADA8.5090409@redhat.com> Message-ID: OK, nice,but this user failed on kinit but is in the group where the policy is set to 0. Can I check on the commandline if it applies to that setting by querying ldap in some way ? It could be that some other group overrules in some way ? What about sysaccounts ? They seem to be locked also with too many logins, and this concerns me as they are not POSIX. 2016-01-14 15:16 GMT+01:00 Rob Crittenden : > Matt . wrote: >> Hi Guys, >> >> I'm having an issue that a user which I use for the API is getting >> locked out from time to time. >> >> I have created a specific password policy for this user with: >> >> Lockout duration (seconds) 0 >> >> But this doesn't help much. >> >> Anyone an idea how I can make sure a user is not locked out in any way >> by lots of logins or tries, etc and be able to test it functions >> allright ? > > Setting maxfail to 0 should do it. As for testing, be creative, but be > sure to test both LDAP bind and kinit. > > rob > From akaczka86 at gmail.com Thu Jan 14 15:36:25 2016 From: akaczka86 at gmail.com (Adam Kaczka) Date: Thu, 14 Jan 2016 10:36:25 -0500 Subject: [Freeipa-users] Test Case for RHEL/Centos Message-ID: Hi, I see that there are very detailed test cases written for fedora https://fedoraproject.org/wiki/Category:FreeIPA_Test_Cases (at least for v3) Is there an equivalent and preferably updated version written for RHEL? Although the Red Hat Enterprise Linux 7 Linux Domain Identity, Authentication, and Policy Guide is very detailed it doesn't devoted much to testing (at least nowhere near the details that is available on the Fedora wiki). -------------- next part -------------- An HTML attachment was scrubbed... URL: From rcritten at redhat.com Thu Jan 14 15:58:29 2016 From: rcritten at redhat.com (Rob Crittenden) Date: Thu, 14 Jan 2016 10:58:29 -0500 Subject: [Freeipa-users] User Lockout even with special password Policy In-Reply-To: References: <5697ADA8.5090409@redhat.com> Message-ID: <5697C5A5.4080900@redhat.com> Matt . wrote: > OK, nice,but this user failed on kinit but is in the group where the > policy is set to 0. > > Can I check on the commandline if it applies to that setting by > querying ldap in some way ? It could be that some other group > overrules in some way ? $ ipa pwpolicy-show --user > What about sysaccounts ? They seem to be locked also with too many > logins, and this concerns me as they are not POSIX. They may be getting the global policy applied. rob > > > > 2016-01-14 15:16 GMT+01:00 Rob Crittenden : >> Matt . wrote: >>> Hi Guys, >>> >>> I'm having an issue that a user which I use for the API is getting >>> locked out from time to time. >>> >>> I have created a specific password policy for this user with: >>> >>> Lockout duration (seconds) 0 >>> >>> But this doesn't help much. >>> >>> Anyone an idea how I can make sure a user is not locked out in any way >>> by lots of logins or tries, etc and be able to test it functions >>> allright ? >> >> Setting maxfail to 0 should do it. As for testing, be creative, but be >> sure to test both LDAP bind and kinit. >> >> rob >> > From karl.forner at gmail.com Thu Jan 14 17:03:59 2016 From: karl.forner at gmail.com (Karl Forner) Date: Thu, 14 Jan 2016 18:03:59 +0100 Subject: [Freeipa-users] UnicodeEncodeError using ipa user-find In-Reply-To: <5697B429.4020709@redhat.com> References: <5697B429.4020709@redhat.com> Message-ID: # locale LANG=C LC_CTYPE="C" LC_NUMERIC="C" LC_TIME="C" LC_COLLATE="C" LC_MONETARY="C" LC_MESSAGES="C" LC_PAPER="C" LC_NAME="C" LC_ADDRESS="C" LC_TELEPHONE="C" LC_MEASUREMENT="C" LC_IDENTIFICATION="C" LC_ALL= I confirm it works using LC_ALL=en_US.utf8 ipa user-find --login=$login I'm using the adelton docker. Maybe the default locale should be set to en_US.utf8 ? Are there any expected downsides ? Thanks. On Thu, Jan 14, 2016 at 3:43 PM, Martin Basti wrote: > > > On 14.01.2016 11:42, Karl Forner wrote: > > Hello, > > When I do: > ipa user-find --login=$login > I get: > > ipa: ERROR: UnicodeEncodeError: 'ascii' codec can't encode character > u'\xf1' in position 25: ordinal not in range(128) > Traceback (most recent call last): > File "/usr/lib/python2.7/site-packages/ipalib/cli.py", line 1340, in run > sys.exit(api.Backend.cli.run(argv)) > File "/usr/lib/python2.7/site-packages/ipalib/cli.py", line 1105, in run > rv = cmd.output_for_cli(self.api.Backend.textui, result, *args, > **options) > File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 1030, > in output_for_cli > textui.print_entries(result, order, labels, flags, print_all) > File "/usr/lib/python2.7/site-packages/ipalib/cli.py", line 355, in > print_entries > self.print_entry(entry, order, labels, flags, print_all, format, > indent) > File "/usr/lib/python2.7/site-packages/ipalib/cli.py", line 395, in > print_entry > label, value, format, indent, one_value_per_line > File "/usr/lib/python2.7/site-packages/ipalib/cli.py", line 318, in > print_attribute > self.print_indented(format % (attr, text[0]), indent) > File "/usr/lib/python2.7/site-packages/ipalib/cli.py", line 241, in > print_indented > print (CLI_TAB * indent + text) > UnicodeEncodeError: 'ascii' codec can't encode character u'\xf1' in > position 25: ordinal not in range(128) > ipa: ERROR: an internal error has occurred > > I checked that the last name of this user has a n with tilde (spanish for > "gn" sound). > Is this a system configuration error, or a freeIPA problem ? > > Thanks, > Karl > > > > > > Hello, > > what is your lang settings? > > $ locale > > It works for me with utf-8, I was able to reproduce this only with > LC_ALL=C, what is somehow expected > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From yamakasi.014 at gmail.com Thu Jan 14 17:06:19 2016 From: yamakasi.014 at gmail.com (Matt .) Date: Thu, 14 Jan 2016 18:06:19 +0100 Subject: [Freeipa-users] User Lockout even with special password Policy In-Reply-To: <5697C5A5.4080900@redhat.com> References: <5697ADA8.5090409@redhat.com> <5697C5A5.4080900@redhat.com> Message-ID: OK, this looks good, but keeps the user locked from time to time: # ipa pwpolicy-show --user kinit-user Group: service_accounts Max lifetime (days): 1024 Min lifetime (hours): 0 Lockout duration: 0 Can we make sure we apply a policy to the sysaccounts users or is that undoable ? 2016-01-14 16:58 GMT+01:00 Rob Crittenden : > Matt . wrote: >> OK, nice,but this user failed on kinit but is in the group where the >> policy is set to 0. >> >> Can I check on the commandline if it applies to that setting by >> querying ldap in some way ? It could be that some other group >> overrules in some way ? > > $ ipa pwpolicy-show --user > >> What about sysaccounts ? They seem to be locked also with too many >> logins, and this concerns me as they are not POSIX. > > They may be getting the global policy applied. > > rob > >> >> >> >> 2016-01-14 15:16 GMT+01:00 Rob Crittenden : >>> Matt . wrote: >>>> Hi Guys, >>>> >>>> I'm having an issue that a user which I use for the API is getting >>>> locked out from time to time. >>>> >>>> I have created a specific password policy for this user with: >>>> >>>> Lockout duration (seconds) 0 >>>> >>>> But this doesn't help much. >>>> >>>> Anyone an idea how I can make sure a user is not locked out in any way >>>> by lots of logins or tries, etc and be able to test it functions >>>> allright ? >>> >>> Setting maxfail to 0 should do it. As for testing, be creative, but be >>> sure to test both LDAP bind and kinit. >>> >>> rob >>> >> > From mkosek at redhat.com Thu Jan 14 17:28:44 2016 From: mkosek at redhat.com (Martin Kosek) Date: Thu, 14 Jan 2016 18:28:44 +0100 Subject: [Freeipa-users] Test Case for RHEL/Centos In-Reply-To: References: Message-ID: <5697DACC.6020405@redhat.com> On 01/14/2016 04:36 PM, Adam Kaczka wrote: > Hi, > > I see that there are very detailed test cases written for fedora > https://fedoraproject.org/wiki/Category:FreeIPA_Test_Cases (at least for v3) > > Is there an equivalent and preferably updated version written for RHEL? > Although the Red Hat Enterprise Linux 7 Linux Domain Identity, > Authentication, and Policy Guide is very detailed it doesn't devoted much > to testing (at least nowhere near the details that is available on the > Fedora wiki). I think the best we have on top of the documentation guide are the following KB articles that are pointing to other documentation sources, including testing instructions in design pages: * RHEL-7.0: https://access.redhat.com/solutions/630443 * RHEL-7.1: https://access.redhat.com/solutions/1281783 * RHEL-7.2: https://access.redhat.com/solutions/1986213 Does that help? Martin From rcritten at redhat.com Thu Jan 14 18:06:35 2016 From: rcritten at redhat.com (Rob Crittenden) Date: Thu, 14 Jan 2016 13:06:35 -0500 Subject: [Freeipa-users] User Lockout even with special password Policy In-Reply-To: References: <5697ADA8.5090409@redhat.com> <5697C5A5.4080900@redhat.com> Message-ID: <5697E3AB.90502@redhat.com> Matt . wrote: > OK, this looks good, but keeps the user locked from time to time: > > # ipa pwpolicy-show --user kinit-user > Group: service_accounts > Max lifetime (days): 1024 > Min lifetime (hours): 0 > Lockout duration: 0 As I said before, you need maxfail = 0 to disable lockout. > Can we make sure we apply a policy to the sysaccounts users or is that > undoable ? You'd have to set krbPwdPolicyReference to the dn of the policy you want to use for that sysaccount user. That requires the objectclass krbPrincipalAux. rob > > 2016-01-14 16:58 GMT+01:00 Rob Crittenden : >> Matt . wrote: >>> OK, nice,but this user failed on kinit but is in the group where the >>> policy is set to 0. >>> >>> Can I check on the commandline if it applies to that setting by >>> querying ldap in some way ? It could be that some other group >>> overrules in some way ? >> >> $ ipa pwpolicy-show --user >> >>> What about sysaccounts ? They seem to be locked also with too many >>> logins, and this concerns me as they are not POSIX. >> >> They may be getting the global policy applied. >> >> rob >> >>> >>> >>> >>> 2016-01-14 15:16 GMT+01:00 Rob Crittenden : >>>> Matt . wrote: >>>>> Hi Guys, >>>>> >>>>> I'm having an issue that a user which I use for the API is getting >>>>> locked out from time to time. >>>>> >>>>> I have created a specific password policy for this user with: >>>>> >>>>> Lockout duration (seconds) 0 >>>>> >>>>> But this doesn't help much. >>>>> >>>>> Anyone an idea how I can make sure a user is not locked out in any way >>>>> by lots of logins or tries, etc and be able to test it functions >>>>> allright ? >>>> >>>> Setting maxfail to 0 should do it. As for testing, be creative, but be >>>> sure to test both LDAP bind and kinit. >>>> >>>> rob >>>> >>> >> > From peter at pakos.pl Thu Jan 14 18:09:40 2016 From: peter at pakos.pl (Peter Pakos) Date: Thu, 14 Jan 2016 18:09:40 +0000 Subject: [Freeipa-users] Using 3rd party certificates for HTTP/LDAP In-Reply-To: <568A6921.6000708@redhat.com> References: <56782C27.3000102@pakos.pl> <568A6921.6000708@redhat.com> Message-ID: <5697E464.5040907@pakos.pl> On 04/01/2016 12:44, Jan Cholasta wrote: > 1. Install the CA certificate chain of the issuer of the 3rd party > certificate to IPA using "ipa-cacert-manage install" I have a wildcard SSL certificate from Gandi, the whole certificate chain looks like this: AddTrust.pem -> USERTrustRSAAddTrustCA.pem -> GandiStandardSSLCA2.pem -> star.ipa.wandisco.com.crt I can validate this chain by running: $ openssl verify -verbose -CAfile <(cat AddTrust.pem USERTrustRSAAddTrustCA.pem GandiStandardSSLCA2.pem) star.ipa.wandisco.com.crt star.ipa.wandisco.com.crt: OK I've installed those CA certificates using the following commands (due to a known bug with ipa-cacert-manage, as per Jan's recommendation, I had to comment out few lines in /usr/lib/python2.7/site-packages/ipaserver/install/ipa_cacert_manage.py for this to work): $ ipa-cacert-manage install AddTrust.pem -n AddTrust -t ,, $ ipa-cacert-manage install USERTrustRSAAddTrustCA.pem -n USERTrustRSAAddTrustCA -t ,, $ ipa-cacert-manage install GandiStandardSSLCA2.pem -n GandiStandardSSLCA2 -t ,, Then I created a PKCS12 certificate out of Wildcard certificate and private key: $ openssl pkcs12 -export -out star.ipa.wandisco.com.p12 -inkey star.ipa.wandisco.com.key -in star.ipa.wandisco.com.crt -name 'GandiWildcardIPA' and then installed it in both NSS databases: $ pk12util -d /etc/dirsrv/slapd-IPA-WANDISCO-COM/ -i star.ipa.wandisco.com.p12 $ pk12util -d /etc/httpd/alias/ -i star.ipa.wandisco.com.p12 I could see the certificates being installed by running: $ certutil -d /etc/dirsrv/slapd-IPA-WANDISCO-COM/ -L $ certutil -d /etc/httpd/alias/ -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI ipaCert u,u,u Server-Cert u,u,u IPA.WANDISCO.COM IPA CA CT,C,C AddTrust ,, USERTrustRSAAddTrustCA ,, GandiWildcardIPA u,u,u Signing-Cert u,u,u GandiStandardSSLCA2 ,, > 2. Run "ipa-certupdate" to update CA certificate related IPA configuration. Done. > 3. Manually import the server certificate into the > /etc/dirsrv/slapd-REALM NSS database, configure the correct nickname in > LDAP in the nsSSLPersonalitySSL attribute of > cn=RSA,cn=encryption,cn=config and restart DS. I've stopped IPA (ipactl stop) and edited /etc/dirsrv/slapd-IPA-WANDISCO-COM/dse.ldif to replace: nsSSLPersonalitySSL: Server-Cert for: nsSSLPersonalitySSL: GandiWildcardIPA > 4. Manually import the server certificate into the /etc/httpd/alias NSS > database, configure the correct nickname in /etc/httpd/conf.d/nss.conf > using the NSSNickname directive and restart httpd. I've edited /etc/httpd/conf.d/nss.conf and replaced: NSSNickname Server-Cert for: NSSNickname GandiWildcardIPA Next, I've tried to start IPA (ipactl start) but this failed: ipactl start Starting Directory Service Starting krb5kdc Service Starting kadmin Service Starting named Service Starting ipa_memcached Service Starting httpd Service Starting pki-tomcatd Service Failed to start pki-tomcatd Service Shutting down Aborting ipactl It seems that pki-tomcatd did not start, so I looked in /var/log/pki/pki-tomcat/catalina.log and noticed this (not sure how relevant this is): http://fpaste.org/310861/14527938/ /var/log/pki/pki-tomcat/ca/system log shows: 0.localhost-startStop-1 - [14/Jan/2016:17:47:49 UTC] [8] [3] In Ldap (bound) connection pool to host node01.ipa.wandisco.com port 636, Cannot connect to LDAP server. Error: netscape.ldap.LDAPException: IO Error creating JSS SSL Socket (-1) At this stage I can revert LDAP/HTTPS certs' nickname to Server-Cert and successfully start IPA. Using 3rd party certificates for both LDAP and HTTPS is one of the requirements of FreeIPA POC I'm working on at the moment and without this ironed out we won't be able to take FreeIPA servers into full production. I hope it's just a minor mistake on my behalf and I would appreciate if anyone could glance through the above and let me know how I could progress this. Many thanks in advance. spako @ #freeipa -- Kind regards, Peter Pakos From rcritten at redhat.com Thu Jan 14 18:51:04 2016 From: rcritten at redhat.com (Rob Crittenden) Date: Thu, 14 Jan 2016 13:51:04 -0500 Subject: [Freeipa-users] Using 3rd party certificates for HTTP/LDAP In-Reply-To: <5697E464.5040907@pakos.pl> References: <56782C27.3000102@pakos.pl> <568A6921.6000708@redhat.com> <5697E464.5040907@pakos.pl> Message-ID: <5697EE18.1090406@redhat.com> Peter Pakos wrote: > On 04/01/2016 12:44, Jan Cholasta wrote: >> 1. Install the CA certificate chain of the issuer of the 3rd party >> certificate to IPA using "ipa-cacert-manage install" > > I have a wildcard SSL certificate from Gandi, the whole certificate > chain looks like this: > > AddTrust.pem -> USERTrustRSAAddTrustCA.pem -> GandiStandardSSLCA2.pem -> > star.ipa.wandisco.com.crt > > I can validate this chain by running: > > $ openssl verify -verbose -CAfile <(cat AddTrust.pem > USERTrustRSAAddTrustCA.pem GandiStandardSSLCA2.pem) > star.ipa.wandisco.com.crt > star.ipa.wandisco.com.crt: OK > > I've installed those CA certificates using the following commands (due > to a known bug with ipa-cacert-manage, as per Jan's recommendation, I > had to comment out few lines in > /usr/lib/python2.7/site-packages/ipaserver/install/ipa_cacert_manage.py > for this to work): > > $ ipa-cacert-manage install AddTrust.pem -n AddTrust -t ,, > $ ipa-cacert-manage install USERTrustRSAAddTrustCA.pem -n > USERTrustRSAAddTrustCA -t ,, > $ ipa-cacert-manage install GandiStandardSSLCA2.pem -n > GandiStandardSSLCA2 -t ,, > > Then I created a PKCS12 certificate out of Wildcard certificate and > private key: > > $ openssl pkcs12 -export -out star.ipa.wandisco.com.p12 -inkey > star.ipa.wandisco.com.key -in star.ipa.wandisco.com.crt -name > 'GandiWildcardIPA' > > and then installed it in both NSS databases: > > $ pk12util -d /etc/dirsrv/slapd-IPA-WANDISCO-COM/ -i > star.ipa.wandisco.com.p12 > $ pk12util -d /etc/httpd/alias/ -i star.ipa.wandisco.com.p12 > > I could see the certificates being installed by running: > > $ certutil -d /etc/dirsrv/slapd-IPA-WANDISCO-COM/ -L > $ certutil -d /etc/httpd/alias/ -L > > Certificate Nickname Trust > Attributes > > SSL,S/MIME,JAR/XPI > > ipaCert u,u,u > Server-Cert u,u,u > IPA.WANDISCO.COM IPA CA CT,C,C > AddTrust ,, > USERTrustRSAAddTrustCA ,, > GandiWildcardIPA u,u,u > Signing-Cert u,u,u > GandiStandardSSLCA2 ,, > >> 2. Run "ipa-certupdate" to update CA certificate related IPA >> configuration. > > Done. > >> 3. Manually import the server certificate into the >> /etc/dirsrv/slapd-REALM NSS database, configure the correct nickname in >> LDAP in the nsSSLPersonalitySSL attribute of >> cn=RSA,cn=encryption,cn=config and restart DS. > > I've stopped IPA (ipactl stop) and edited > /etc/dirsrv/slapd-IPA-WANDISCO-COM/dse.ldif to replace: > > nsSSLPersonalitySSL: Server-Cert > > for: > > nsSSLPersonalitySSL: GandiWildcardIPA > >> 4. Manually import the server certificate into the /etc/httpd/alias NSS >> database, configure the correct nickname in /etc/httpd/conf.d/nss.conf >> using the NSSNickname directive and restart httpd. > > I've edited /etc/httpd/conf.d/nss.conf and replaced: > > NSSNickname Server-Cert > > for: > > NSSNickname GandiWildcardIPA > > > Next, I've tried to start IPA (ipactl start) but this failed: > > ipactl start > Starting Directory Service > Starting krb5kdc Service > Starting kadmin Service > Starting named Service > Starting ipa_memcached Service > Starting httpd Service > Starting pki-tomcatd Service > Failed to start pki-tomcatd Service > Shutting down > Aborting ipactl > > It seems that pki-tomcatd did not start, so I looked in > /var/log/pki/pki-tomcat/catalina.log and noticed this (not sure how > relevant this is): http://fpaste.org/310861/14527938/ > > /var/log/pki/pki-tomcat/ca/system log shows: > > 0.localhost-startStop-1 - [14/Jan/2016:17:47:49 UTC] [8] [3] In Ldap > (bound) connection pool to host node01.ipa.wandisco.com port 636, Cannot > connect to LDAP server. Error: netscape.ldap.LDAPException: IO Error > creating JSS SSL Socket (-1) > > At this stage I can revert LDAP/HTTPS certs' nickname to Server-Cert and > successfully start IPA. > > Using 3rd party certificates for both LDAP and HTTPS is one of the > requirements of FreeIPA POC I'm working on at the moment and without > this ironed out we won't be able to take FreeIPA servers into full > production. > > I hope it's just a minor mistake on my behalf and I would appreciate if > anyone could glance through the above and let me know how I could > progress this. > > Many thanks in advance. You need to add the new root certs to the pki NSS database. rob From yamakasi.014 at gmail.com Thu Jan 14 18:52:40 2016 From: yamakasi.014 at gmail.com (Matt .) Date: Thu, 14 Jan 2016 19:52:40 +0100 Subject: [Freeipa-users] User Lockout even with special password Policy In-Reply-To: <5697E3AB.90502@redhat.com> References: <5697ADA8.5090409@redhat.com> <5697C5A5.4080900@redhat.com> <5697E3AB.90502@redhat.com> Message-ID: My fault from the maxfail, I was referencing some doc from side_control and mixed it up. For the sysaccount part sounds doable. I will report back for that! thanks a lot! 2016-01-14 19:06 GMT+01:00 Rob Crittenden : > Matt . wrote: >> OK, this looks good, but keeps the user locked from time to time: >> >> # ipa pwpolicy-show --user kinit-user >> Group: service_accounts >> Max lifetime (days): 1024 >> Min lifetime (hours): 0 >> Lockout duration: 0 > > As I said before, you need maxfail = 0 to disable lockout. > >> Can we make sure we apply a policy to the sysaccounts users or is that >> undoable ? > > You'd have to set krbPwdPolicyReference to the dn of the policy you want > to use for that sysaccount user. That requires the objectclass > krbPrincipalAux. > > rob > >> >> 2016-01-14 16:58 GMT+01:00 Rob Crittenden : >>> Matt . wrote: >>>> OK, nice,but this user failed on kinit but is in the group where the >>>> policy is set to 0. >>>> >>>> Can I check on the commandline if it applies to that setting by >>>> querying ldap in some way ? It could be that some other group >>>> overrules in some way ? >>> >>> $ ipa pwpolicy-show --user >>> >>>> What about sysaccounts ? They seem to be locked also with too many >>>> logins, and this concerns me as they are not POSIX. >>> >>> They may be getting the global policy applied. >>> >>> rob >>> >>>> >>>> >>>> >>>> 2016-01-14 15:16 GMT+01:00 Rob Crittenden : >>>>> Matt . wrote: >>>>>> Hi Guys, >>>>>> >>>>>> I'm having an issue that a user which I use for the API is getting >>>>>> locked out from time to time. >>>>>> >>>>>> I have created a specific password policy for this user with: >>>>>> >>>>>> Lockout duration (seconds) 0 >>>>>> >>>>>> But this doesn't help much. >>>>>> >>>>>> Anyone an idea how I can make sure a user is not locked out in any way >>>>>> by lots of logins or tries, etc and be able to test it functions >>>>>> allright ? >>>>> >>>>> Setting maxfail to 0 should do it. As for testing, be creative, but be >>>>> sure to test both LDAP bind and kinit. >>>>> >>>>> rob >>>>> >>>> >>> >> > From Nathan.Peters at globalrelay.net Thu Jan 14 20:45:37 2016 From: Nathan.Peters at globalrelay.net (Nathan Peters) Date: Thu, 14 Jan 2016 20:45:37 +0000 Subject: [Freeipa-users] Replication failing on FreeIPA 4.2.0 In-Reply-To: <5697B18E.2070809@redhat.com> References: <5697B18E.2070809@redhat.com> Message-ID: I'm beginning to suspect there may be something wrong with my ldap database. I actually completed deleted dc1-nvan and dc2-nvan last night, leaving only dc1-van. I then re-provosioned dc1-nvan and dc2-nvan from scratch (os install and everything). After re-provisioning I was finally able to make a 3 way replication agreement so each server was replicating with 2 others. When I left, all servers were reporting successful output similar to this : [root at dc2-ipa-dev-nvan ~]# ipa-replica-manage list -v `hostname` p11-kit: ipa.p11-kit: x-public-key-info: invalid or unsupported attribute dc1-ipa-dev-nvan.mydomain.net: replica last init status: None last init ended: 1970-01-01 00:00:00+00:00 last update status: 0 Replica acquired successfully: Incremental update started last update ended: 1970-01-01 00:00:00+00:00 dc1-ipa-dev-van.mydomain.net: replica last init status: None last init ended: 1970-01-01 00:00:00+00:00 last update status: 0 Replica acquired successfully: Incremental update started last update ended: 1970-01-01 00:00:00+00:00 When I came in this morning 8 hours later the logs are full of errors again: So I have a few questions: 1)Is there any way to effectively 'clean' an ldap database? 2)Are there any commands I can run to find out if it is something in my database that is causing issues? -for troubleshooting this one I tried doing ruv-clean after I deleted my replicas but it claimed their IDs no longer existed, so it thought they were deleted properly. 3)Why even with successful replication are they still showing 1970 dates? I never understand why they keep going back to that. They were at 2016 dates last night... Here are the error logs from each server : =========== Errors in dc1-nvan =========== [14/Jan/2016:20:19:52 +0000] attrlist_replace - attr_replace (nsslapd-referral, ldap://dc1-ipa-dev-van.mydomain.net:389/o%3Dipaca) failed. [14/Jan/2016:20:19:52 +0000] attrlist_replace - attr_replace (nsslapd-referral, ldap://dc1-ipa-dev-van.mydomain.net:389/o%3Dipaca) failed. [14/Jan/2016:20:27:36 +0000] NSMMReplicationPlugin - replication keep alive entry already exists [14/Jan/2016:20:29:51 +0000] attrlist_replace - attr_replace (nsslapd-referral, ldap://dc1-ipa-dev-van.mydomain.net:389/o%3Dipaca) failed. [14/Jan/2016:20:29:51 +0000] attrlist_replace - attr_replace (nsslapd-referral, ldap://dc1-ipa-dev-van.mydomain.net:389/o%3Dipaca) failed. [14/Jan/2016:20:29:51 +0000] attrlist_replace - attr_replace (nsslapd-referral, ldap://dc1-ipa-dev-van.mydomain.net:389/o%3Dipaca) failed. [14/Jan/2016:20:33:43 +0000] NSMMReplicationPlugin - replication keep alive entry already exists [14/Jan/2016:20:34:51 +0000] attrlist_replace - attr_replace (nsslapd-referral, ldap://dc1-ipa-dev-van.mydomain.net:389/o%3Dipaca) failed. [14/Jan/2016:20:34:51 +0000] attrlist_replace - attr_replace (nsslapd-referral, ldap://dc1-ipa-dev-van.mydomain.net:389/o%3Dipaca) failed. [14/Jan/2016:20:34:51 +0000] attrlist_replace - attr_replace (nsslapd-referral, ldap://dc1-ipa-dev-van.mydomain.net:389/o%3Dipaca) failed. =========== Errors in dc2-nvan =========== [14/Jan/2016:20:19:52 +0000] attrlist_replace - attr_replace (nsslapd-referral, ldap://dc1-ipa-dev-van.mydomain.net:389/o%3Dipaca) failed. [14/Jan/2016:20:19:52 +0000] attrlist_replace - attr_replace (nsslapd-referral, ldap://dc1-ipa-dev-van.mydomain.net:389/o%3Dipaca) failed. [14/Jan/2016:20:26:11 +0000] NSMMReplicationPlugin - replication keep alive entry already exists [14/Jan/2016:20:29:52 +0000] attrlist_replace - attr_replace (nsslapd-referral, ldap://dc1-ipa-dev-van.mydomain.net:389/o%3Dipaca) failed. [14/Jan/2016:20:29:52 +0000] attrlist_replace - attr_replace (nsslapd-referral, ldap://dc1-ipa-dev-van.mydomain.net:389/o%3Dipaca) failed. [14/Jan/2016:20:29:52 +0000] attrlist_replace - attr_replace (nsslapd-referral, ldap://dc1-ipa-dev-van.mydomain.net:389/o%3Dipaca) failed. [14/Jan/2016:20:31:46 +0000] NSMMReplicationPlugin - replication keep alive entry already exists [14/Jan/2016:20:34:52 +0000] attrlist_replace - attr_replace (nsslapd-referral, ldap://dc1-ipa-dev-van.mydomain.net:389/o%3Dipaca) failed. [14/Jan/2016:20:34:52 +0000] attrlist_replace - attr_replace (nsslapd-referral, ldap://dc1-ipa-dev-van.mydomain.net:389/o%3Dipaca) failed. [14/Jan/2016:20:34:52 +0000] attrlist_replace - attr_replace (nsslapd-referral, ldap://dc1-ipa-dev-van.mydomain.net:389/o%3Dipaca) failed. =========== Errors in dc1-van =========== [14/Jan/2016:20:31:45 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:31:45 +0000] NSMMReplicationPlugin - changelog program - cl5GetOperationCount: found DB object 7f5595d590d0 [14/Jan/2016:20:31:45 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:31:45 +0000] NSMMReplicationPlugin - changelog program - cl5GetOperationCount: found DB object 7f5595d590d0 [14/Jan/2016:20:31:45 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 56979f620001000a0000 into pending list [14/Jan/2016:20:31:45 +0000] NSMMReplicationPlugin - conn=14281 op=11117 csn=56979f620001000a0000 process postop: canceling operation csn [14/Jan/2016:20:31:46 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:31:46 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:31:46 +0000] - _csngen_adjust_local_time: gen state before 569806a80004:1452803504:0:248 [14/Jan/2016:20:31:46 +0000] - _csngen_adjust_local_time: gen state after 569806aa0000:1452803506:0:248 [14/Jan/2016:20:31:46 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:31:46 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:31:46 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:31:46 +0000] NSMMReplicationPlugin - conn=11725 op=16246 Acquired consumer connection extension [14/Jan/2016:20:31:46 +0000] NSMMReplicationPlugin - conn=11725 op=16246 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:31:46 +0000] - csngen_adjust_time: gen state before 569806aa0001:1452803506:0:248 [14/Jan/2016:20:31:46 +0000] - csngen_adjust_time: gen state after 569806ab0001:1452803506:1:248 [14/Jan/2016:20:31:46 +0000] NSMMReplicationPlugin - conn=11725 op=16246 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:31:46 +0000] NSMMReplicationPlugin - conn=11725 op=16246 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:31:46 +0000] NSMMReplicationPlugin - conn=11725 op=16246 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:31:46 +0000] NSMMReplicationPlugin - conn=11725 op=16246 Relinquishing consumer connection extension [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:31:47 +0000] - _csngen_adjust_local_time: gen state before 569806ab0001:1452803506:1:248 [14/Jan/2016:20:31:47 +0000] - _csngen_adjust_local_time: gen state after 569806ab0001:1452803507:0:248 [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569806ab000200040000 into pending list [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=hadoop6-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568ecc27000100040000 [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569806ab000200040000 [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: stop_fatal_error -> stop_fatal_error [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569806ab000300040000 into pending list [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=hadoop6-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568ecc2b000200040000 [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569806ab000300040000 [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: stop_fatal_error -> stop_fatal_error [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697a13d0005000a0000 into pending list [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - conn=14281 op=11118 csn=5697a13d0005000a0000 process postop: canceling operation csn [14/Jan/2016:20:31:49 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:31:49 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:31:49 +0000] - _csngen_adjust_local_time: gen state before 569806ab0004:1452803507:0:248 [14/Jan/2016:20:31:49 +0000] - _csngen_adjust_local_time: gen state after 569806ad0000:1452803509:0:248 [14/Jan/2016:20:31:49 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:31:49 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:31:49 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:31:49 +0000] NSMMReplicationPlugin - conn=11725 op=16247 Acquired consumer connection extension [14/Jan/2016:20:31:49 +0000] NSMMReplicationPlugin - conn=11725 op=16247 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:31:49 +0000] - csngen_adjust_time: gen state before 569806ad0001:1452803509:0:248 [14/Jan/2016:20:31:49 +0000] - csngen_adjust_time: gen state after 569806ae0001:1452803509:1:248 [14/Jan/2016:20:31:49 +0000] NSMMReplicationPlugin - conn=11725 op=16247 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:31:49 +0000] NSMMReplicationPlugin - conn=11725 op=16247 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:31:49 +0000] NSMMReplicationPlugin - conn=11725 op=16247 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:31:49 +0000] NSMMReplicationPlugin - conn=11725 op=16247 Relinquishing consumer connection extension [14/Jan/2016:20:31:49 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697a2fd0001000a0000 into pending list [14/Jan/2016:20:31:49 +0000] NSMMReplicationPlugin - conn=14281 op=11119 csn=5697a2fd0001000a0000 process postop: canceling operation csn [14/Jan/2016:20:31:50 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:31:50 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:31:50 +0000] - _csngen_adjust_local_time: gen state before 569806ae0001:1452803509:1:248 [14/Jan/2016:20:31:50 +0000] - _csngen_adjust_local_time: gen state after 569806ae0001:1452803510:0:248 [14/Jan/2016:20:31:50 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:31:50 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:31:50 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:31:51 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697a4ce0001000a0000 into pending list [14/Jan/2016:20:31:51 +0000] NSMMReplicationPlugin - conn=14281 op=11120 csn=5697a4ce0001000a0000 process postop: canceling operation csn [14/Jan/2016:20:31:52 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:31:52 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:31:52 +0000] - _csngen_adjust_local_time: gen state before 569806ae0002:1452803510:0:248 [14/Jan/2016:20:31:52 +0000] - _csngen_adjust_local_time: gen state after 569806b00000:1452803512:0:248 [14/Jan/2016:20:31:52 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:31:52 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:31:52 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:31:52 +0000] NSMMReplicationPlugin - conn=11725 op=16248 Acquired consumer connection extension [14/Jan/2016:20:31:52 +0000] NSMMReplicationPlugin - conn=11725 op=16248 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:31:52 +0000] - csngen_adjust_time: gen state before 569806b00001:1452803512:0:248 [14/Jan/2016:20:31:52 +0000] - csngen_adjust_time: gen state after 569806b10001:1452803512:1:248 [14/Jan/2016:20:31:52 +0000] NSMMReplicationPlugin - conn=11725 op=16248 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:31:52 +0000] NSMMReplicationPlugin - conn=11725 op=16248 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:31:52 +0000] NSMMReplicationPlugin - conn=11725 op=16248 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:31:52 +0000] NSMMReplicationPlugin - conn=11725 op=16248 Relinquishing consumer connection extension [14/Jan/2016:20:31:53 +0000] - _csngen_adjust_local_time: gen state before 569806b10001:1452803512:1:248 [14/Jan/2016:20:31:53 +0000] - _csngen_adjust_local_time: gen state after 569806b10001:1452803513:0:248 [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569806b1000100040000 into pending list [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=van-test-conv2.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568ecc2b000300040000 [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569806b1000100040000 [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: stop_fatal_error -> stop_fatal_error [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569806b1000200040000 into pending list [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=van-test-conv2.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568ecc31000100040000 [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569806b1000200040000 [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: stop_fatal_error -> stop_fatal_error [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697a6650002000a0000 into pending list [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - conn=14281 op=11121 csn=5697a6650002000a0000 process postop: canceling operation csn [14/Jan/2016:20:31:55 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:31:55 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:31:55 +0000] - _csngen_adjust_local_time: gen state before 569806b10004:1452803513:0:248 [14/Jan/2016:20:31:55 +0000] - _csngen_adjust_local_time: gen state after 569806b30000:1452803515:0:248 [14/Jan/2016:20:31:55 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:31:55 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:31:55 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:31:55 +0000] NSMMReplicationPlugin - conn=11725 op=16249 Acquired consumer connection extension [14/Jan/2016:20:31:55 +0000] NSMMReplicationPlugin - conn=11725 op=16249 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:31:55 +0000] - csngen_adjust_time: gen state before 569806b30001:1452803515:0:248 [14/Jan/2016:20:31:55 +0000] - csngen_adjust_time: gen state after 569806b40001:1452803515:1:248 [14/Jan/2016:20:31:55 +0000] NSMMReplicationPlugin - conn=11725 op=16249 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:31:55 +0000] NSMMReplicationPlugin - conn=11725 op=16249 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:31:55 +0000] NSMMReplicationPlugin - conn=11725 op=16249 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:31:55 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697a7e80000000a0000 into pending list [14/Jan/2016:20:31:55 +0000] NSMMReplicationPlugin - conn=11725 op=16249 Relinquishing consumer connection extension [14/Jan/2016:20:31:55 +0000] NSMMReplicationPlugin - conn=14281 op=11122 csn=5697a7e80000000a0000 process postop: canceling operation csn [14/Jan/2016:20:31:56 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:31:56 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:31:56 +0000] - _csngen_adjust_local_time: gen state before 569806b40001:1452803515:1:248 [14/Jan/2016:20:31:56 +0000] - _csngen_adjust_local_time: gen state after 569806b40001:1452803516:0:248 [14/Jan/2016:20:31:56 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:31:56 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:31:56 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:31:57 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697a93c0000000a0000 into pending list [14/Jan/2016:20:31:57 +0000] NSMMReplicationPlugin - conn=14281 op=11123 csn=5697a93c0000000a0000 process postop: canceling operation csn [14/Jan/2016:20:31:58 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:31:58 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:31:58 +0000] - _csngen_adjust_local_time: gen state before 569806b40002:1452803516:0:248 [14/Jan/2016:20:31:58 +0000] - _csngen_adjust_local_time: gen state after 569806b60000:1452803518:0:248 [14/Jan/2016:20:31:58 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:31:58 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:31:58 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:31:58 +0000] NSMMReplicationPlugin - conn=11725 op=16250 Acquired consumer connection extension [14/Jan/2016:20:31:58 +0000] NSMMReplicationPlugin - conn=11725 op=16250 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:31:58 +0000] - csngen_adjust_time: gen state before 569806b60001:1452803518:0:248 [14/Jan/2016:20:31:58 +0000] - csngen_adjust_time: gen state after 569806b70001:1452803518:1:248 [14/Jan/2016:20:31:58 +0000] NSMMReplicationPlugin - conn=11725 op=16250 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:31:58 +0000] NSMMReplicationPlugin - conn=11725 op=16250 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:31:58 +0000] NSMMReplicationPlugin - conn=11725 op=16250 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:31:58 +0000] NSMMReplicationPlugin - conn=11725 op=16250 Relinquishing consumer connection extension [14/Jan/2016:20:31:59 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:31:59 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:31:59 +0000] - _csngen_adjust_local_time: gen state before 569806b70001:1452803518:1:248 [14/Jan/2016:20:31:59 +0000] - _csngen_adjust_local_time: gen state after 569806b70001:1452803519:0:248 [14/Jan/2016:20:31:59 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:31:59 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:31:59 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:31:59 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697ab4b0000000a0000 into pending list [14/Jan/2016:20:31:59 +0000] NSMMReplicationPlugin - conn=14281 op=11124 csn=5697ab4b0000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:01 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:01 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:01 +0000] - _csngen_adjust_local_time: gen state before 569806b70002:1452803519:0:248 [14/Jan/2016:20:32:01 +0000] - _csngen_adjust_local_time: gen state after 569806b90000:1452803521:0:248 [14/Jan/2016:20:32:01 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:01 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:01 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:01 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697acb30000000a0000 into pending list [14/Jan/2016:20:32:01 +0000] NSMMReplicationPlugin - conn=14281 op=11125 csn=5697acb30000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:01 +0000] NSMMReplicationPlugin - conn=11725 op=16251 Acquired consumer connection extension [14/Jan/2016:20:32:01 +0000] NSMMReplicationPlugin - conn=11725 op=16251 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:32:01 +0000] - csngen_adjust_time: gen state before 569806b90001:1452803521:0:248 [14/Jan/2016:20:32:01 +0000] - csngen_adjust_time: gen state after 569806ba0001:1452803521:1:248 [14/Jan/2016:20:32:01 +0000] NSMMReplicationPlugin - conn=11725 op=16251 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:32:01 +0000] NSMMReplicationPlugin - conn=11725 op=16251 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:32:01 +0000] NSMMReplicationPlugin - conn=11725 op=16251 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:32:01 +0000] NSMMReplicationPlugin - conn=11725 op=16251 Relinquishing consumer connection extension [14/Jan/2016:20:32:02 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:02 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:02 +0000] - _csngen_adjust_local_time: gen state before 569806ba0001:1452803521:1:248 [14/Jan/2016:20:32:02 +0000] - _csngen_adjust_local_time: gen state after 569806ba0001:1452803522:0:248 [14/Jan/2016:20:32:02 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:02 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:02 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:03 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697ae970000000a0000 into pending list [14/Jan/2016:20:32:03 +0000] NSMMReplicationPlugin - conn=14281 op=11126 csn=5697ae970000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:04 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:04 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:04 +0000] - _csngen_adjust_local_time: gen state before 569806ba0002:1452803522:0:248 [14/Jan/2016:20:32:04 +0000] - _csngen_adjust_local_time: gen state after 569806bc0000:1452803524:0:248 [14/Jan/2016:20:32:04 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:04 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:04 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:04 +0000] NSMMReplicationPlugin - conn=11725 op=16252 Acquired consumer connection extension [14/Jan/2016:20:32:04 +0000] NSMMReplicationPlugin - conn=11725 op=16252 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:32:04 +0000] - csngen_adjust_time: gen state before 569806bc0001:1452803524:0:248 [14/Jan/2016:20:32:04 +0000] - csngen_adjust_time: gen state after 569806bd0001:1452803524:1:248 [14/Jan/2016:20:32:04 +0000] NSMMReplicationPlugin - conn=11725 op=16252 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:32:04 +0000] NSMMReplicationPlugin - conn=11725 op=16252 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:32:04 +0000] NSMMReplicationPlugin - conn=11725 op=16252 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:32:04 +0000] NSMMReplicationPlugin - conn=11725 op=16252 Relinquishing consumer connection extension [14/Jan/2016:20:32:05 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:05 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:05 +0000] - _csngen_adjust_local_time: gen state before 569806bd0001:1452803524:1:248 [14/Jan/2016:20:32:05 +0000] - _csngen_adjust_local_time: gen state after 569806bd0001:1452803525:0:248 [14/Jan/2016:20:32:05 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:05 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:05 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:05 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697b0100000000a0000 into pending list [14/Jan/2016:20:32:05 +0000] NSMMReplicationPlugin - conn=14281 op=11127 csn=5697b0100000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:06 +0000] - _csngen_adjust_local_time: gen state before 569806bd0002:1452803525:0:248 [14/Jan/2016:20:32:06 +0000] - _csngen_adjust_local_time: gen state after 569806be0000:1452803526:0:248 [14/Jan/2016:20:32:06 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569806be000000040000 into pending list [14/Jan/2016:20:32:06 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568ecc31000200040000 [14/Jan/2016:20:32:06 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:06 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:06 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569806be000000040000 [14/Jan/2016:20:32:06 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: stop_fatal_error -> stop_fatal_error [14/Jan/2016:20:32:06 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:06 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:06 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569806be000100040000 into pending list [14/Jan/2016:20:32:06 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568ecc3e000000040000 [14/Jan/2016:20:32:06 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:06 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:06 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569806be000100040000 [14/Jan/2016:20:32:06 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: stop_fatal_error -> stop_fatal_error [14/Jan/2016:20:32:06 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:06 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:07 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:07 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:07 +0000] - _csngen_adjust_local_time: gen state before 569806be0002:1452803526:0:248 [14/Jan/2016:20:32:07 +0000] - _csngen_adjust_local_time: gen state after 569806bf0000:1452803527:0:248 [14/Jan/2016:20:32:07 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:07 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:07 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:07 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697b1dc0001000a0000 into pending list [14/Jan/2016:20:32:07 +0000] NSMMReplicationPlugin - conn=14281 op=11128 csn=5697b1dc0001000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:07 +0000] NSMMReplicationPlugin - conn=11725 op=16253 Acquired consumer connection extension [14/Jan/2016:20:32:07 +0000] NSMMReplicationPlugin - conn=11725 op=16253 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:32:07 +0000] - csngen_adjust_time: gen state before 569806bf0001:1452803527:0:248 [14/Jan/2016:20:32:07 +0000] - csngen_adjust_time: gen state after 569806c00001:1452803527:1:248 [14/Jan/2016:20:32:07 +0000] NSMMReplicationPlugin - conn=11725 op=16253 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:32:07 +0000] NSMMReplicationPlugin - conn=11725 op=16253 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:32:07 +0000] NSMMReplicationPlugin - conn=11725 op=16253 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:32:07 +0000] NSMMReplicationPlugin - conn=11725 op=16253 Relinquishing consumer connection extension [14/Jan/2016:20:32:08 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:08 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:08 +0000] - _csngen_adjust_local_time: gen state before 569806c00001:1452803527:1:248 [14/Jan/2016:20:32:08 +0000] - _csngen_adjust_local_time: gen state after 569806c00001:1452803528:0:248 [14/Jan/2016:20:32:08 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:08 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:08 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:09 +0000] - _csngen_adjust_local_time: gen state before 569806c00002:1452803528:0:248 [14/Jan/2016:20:32:09 +0000] - _csngen_adjust_local_time: gen state after 569806c10000:1452803529:0:248 [14/Jan/2016:20:32:09 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569806c1000000040000 into pending list [14/Jan/2016:20:32:09 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=es1-sal-sinci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568ecc3e000100040000 [14/Jan/2016:20:32:09 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:09 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:09 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569806c1000000040000 [14/Jan/2016:20:32:09 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: stop_fatal_error -> stop_fatal_error [14/Jan/2016:20:32:09 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:09 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:09 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569806c1000100040000 into pending list [14/Jan/2016:20:32:09 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=es1-sal-sinci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568ecc41000000040000 [14/Jan/2016:20:32:09 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:09 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:09 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569806c1000100040000 [14/Jan/2016:20:32:09 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: stop_fatal_error -> stop_fatal_error [14/Jan/2016:20:32:09 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:09 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:09 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697b3850000000a0000 into pending list [14/Jan/2016:20:32:09 +0000] NSMMReplicationPlugin - conn=14281 op=11129 csn=5697b3850000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:10 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:10 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:10 +0000] - _csngen_adjust_local_time: gen state before 569806c10002:1452803529:0:248 [14/Jan/2016:20:32:10 +0000] - _csngen_adjust_local_time: gen state after 569806c20000:1452803530:0:248 [14/Jan/2016:20:32:10 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:10 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:10 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:10 +0000] NSMMReplicationPlugin - conn=11725 op=16254 Acquired consumer connection extension [14/Jan/2016:20:32:10 +0000] NSMMReplicationPlugin - conn=11725 op=16254 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:32:10 +0000] - csngen_adjust_time: gen state before 569806c20001:1452803530:0:248 [14/Jan/2016:20:32:10 +0000] - csngen_adjust_time: gen state after 569806c30001:1452803530:1:248 [14/Jan/2016:20:32:10 +0000] NSMMReplicationPlugin - conn=11725 op=16254 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:32:10 +0000] NSMMReplicationPlugin - conn=11725 op=16254 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:32:10 +0000] NSMMReplicationPlugin - conn=11725 op=16254 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:32:10 +0000] NSMMReplicationPlugin - conn=11725 op=16254 Relinquishing consumer connection extension [14/Jan/2016:20:32:11 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:11 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:11 +0000] - _csngen_adjust_local_time: gen state before 569806c30001:1452803530:1:248 [14/Jan/2016:20:32:11 +0000] - _csngen_adjust_local_time: gen state after 569806c30001:1452803531:0:248 [14/Jan/2016:20:32:11 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:11 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:11 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:11 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697b5360000000a0000 into pending list [14/Jan/2016:20:32:11 +0000] NSMMReplicationPlugin - conn=14281 op=11130 csn=5697b5360000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:13 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:13 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:13 +0000] - _csngen_adjust_local_time: gen state before 569806c30002:1452803531:0:248 [14/Jan/2016:20:32:13 +0000] - _csngen_adjust_local_time: gen state after 569806c50000:1452803533:0:248 [14/Jan/2016:20:32:13 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:13 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:13 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:13 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697b6fa0000000a0000 into pending list [14/Jan/2016:20:32:13 +0000] NSMMReplicationPlugin - conn=14281 op=11131 csn=5697b6fa0000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:13 +0000] NSMMReplicationPlugin - conn=11725 op=16255 Acquired consumer connection extension [14/Jan/2016:20:32:13 +0000] NSMMReplicationPlugin - conn=11725 op=16255 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:32:13 +0000] - csngen_adjust_time: gen state before 569806c50001:1452803533:0:248 [14/Jan/2016:20:32:13 +0000] - csngen_adjust_time: gen state after 569806c60001:1452803533:1:248 [14/Jan/2016:20:32:13 +0000] NSMMReplicationPlugin - conn=11725 op=16255 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:32:13 +0000] NSMMReplicationPlugin - conn=11725 op=16255 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:32:13 +0000] NSMMReplicationPlugin - conn=11725 op=16255 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:32:13 +0000] NSMMReplicationPlugin - conn=11725 op=16255 Relinquishing consumer connection extension [14/Jan/2016:20:32:14 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:14 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:14 +0000] - _csngen_adjust_local_time: gen state before 569806c60001:1452803533:1:248 [14/Jan/2016:20:32:14 +0000] - _csngen_adjust_local_time: gen state after 569806c60001:1452803534:0:248 [14/Jan/2016:20:32:14 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:14 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:14 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:15 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:15 +0000] NSMMReplicationPlugin - changelog program - cl5GetOperationCount: found DB object 7f5595d590d0 [14/Jan/2016:20:32:15 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697b8c00000000a0000 into pending list [14/Jan/2016:20:32:15 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:15 +0000] NSMMReplicationPlugin - changelog program - cl5GetOperationCount: found DB object 7f5595d590d0 [14/Jan/2016:20:32:15 +0000] NSMMReplicationPlugin - conn=14281 op=11132 csn=5697b8c00000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:16 +0000] NSMMReplicationPlugin - conn=11725 op=16256 Acquired consumer connection extension [14/Jan/2016:20:32:16 +0000] NSMMReplicationPlugin - conn=11725 op=16256 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:32:16 +0000] - csngen_adjust_time: gen state before 569806c60002:1452803534:0:248 [14/Jan/2016:20:32:16 +0000] - _csngen_adjust_local_time: gen state before 569806c60002:1452803534:0:248 [14/Jan/2016:20:32:16 +0000] - _csngen_adjust_local_time: gen state after 569806c80000:1452803536:0:248 [14/Jan/2016:20:32:16 +0000] - csngen_adjust_time: gen state after 569806c90001:1452803536:1:248 [14/Jan/2016:20:32:16 +0000] NSMMReplicationPlugin - conn=11725 op=16256 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:32:16 +0000] NSMMReplicationPlugin - conn=11725 op=16256 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:32:16 +0000] NSMMReplicationPlugin - conn=11725 op=16256 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:32:16 +0000] NSMMReplicationPlugin - conn=11725 op=16256 Relinquishing consumer connection extension [14/Jan/2016:20:32:16 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:16 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:16 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:16 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:16 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:17 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697ba710000000a0000 into pending list [14/Jan/2016:20:32:17 +0000] NSMMReplicationPlugin - conn=14281 op=11133 csn=5697ba710000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:17 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:17 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:17 +0000] - _csngen_adjust_local_time: gen state before 569806c90002:1452803536:1:248 [14/Jan/2016:20:32:17 +0000] - _csngen_adjust_local_time: gen state after 569806c90002:1452803537:0:248 [14/Jan/2016:20:32:17 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:17 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:17 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:18 +0000] - _csngen_adjust_local_time: gen state before 569806c90003:1452803537:0:248 [14/Jan/2016:20:32:18 +0000] - _csngen_adjust_local_time: gen state after 569806ca0000:1452803538:0:248 [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569806ca000000040000 into pending list [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=cass1-msg-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568ecc41000100040000 [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569806ca000000040000 [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: stop_fatal_error -> stop_fatal_error [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569806ca000100040000 into pending list [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=cass1-msg-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568ecc4a000000040000 [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569806ca000100040000 [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: stop_fatal_error -> stop_fatal_error [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569806ca000200040000 into pending list [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=fe2-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568ecc4a000100040000 [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569806ca000200040000 [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: stop_fatal_error -> stop_fatal_error [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569806ca000300040000 into pending list [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=fe2-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568ecc4a000200040000 [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569806ca000300040000 [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: stop_fatal_error -> stop_fatal_error [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:19 +0000] NSMMReplicationPlugin - conn=11725 op=16257 Acquired consumer connection extension [14/Jan/2016:20:32:19 +0000] NSMMReplicationPlugin - conn=11725 op=16257 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:32:19 +0000] - csngen_adjust_time: gen state before 569806ca0004:1452803538:0:248 [14/Jan/2016:20:32:19 +0000] - _csngen_adjust_local_time: gen state before 569806ca0004:1452803538:0:248 [14/Jan/2016:20:32:19 +0000] - _csngen_adjust_local_time: gen state after 569806cb0000:1452803539:0:248 [14/Jan/2016:20:32:19 +0000] - csngen_adjust_time: gen state after 569806cc0001:1452803539:1:248 [14/Jan/2016:20:32:19 +0000] NSMMReplicationPlugin - conn=11725 op=16257 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:32:19 +0000] NSMMReplicationPlugin - conn=11725 op=16257 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:32:19 +0000] NSMMReplicationPlugin - conn=11725 op=16257 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:32:19 +0000] NSMMReplicationPlugin - conn=11725 op=16257 Relinquishing consumer connection extension [14/Jan/2016:20:32:19 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697bc340000000a0000 into pending list [14/Jan/2016:20:32:19 +0000] NSMMReplicationPlugin - conn=14281 op=11134 csn=5697bc340000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:19 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:19 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:19 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:19 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:19 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:20 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:20 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:20 +0000] - _csngen_adjust_local_time: gen state before 569806cc0002:1452803539:1:248 [14/Jan/2016:20:32:20 +0000] - _csngen_adjust_local_time: gen state after 569806cc0002:1452803540:0:248 [14/Jan/2016:20:32:20 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:20 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:20 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:21 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697bdcb0000000a0000 into pending list [14/Jan/2016:20:32:21 +0000] NSMMReplicationPlugin - conn=14281 op=11135 csn=5697bdcb0000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:22 +0000] NSMMReplicationPlugin - conn=11725 op=16258 Acquired consumer connection extension [14/Jan/2016:20:32:22 +0000] NSMMReplicationPlugin - conn=11725 op=16258 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:32:22 +0000] - csngen_adjust_time: gen state before 569806cc0003:1452803540:0:248 [14/Jan/2016:20:32:22 +0000] - _csngen_adjust_local_time: gen state before 569806cc0003:1452803540:0:248 [14/Jan/2016:20:32:22 +0000] - _csngen_adjust_local_time: gen state after 569806ce0000:1452803542:0:248 [14/Jan/2016:20:32:22 +0000] - csngen_adjust_time: gen state after 569806cf0001:1452803542:1:248 [14/Jan/2016:20:32:22 +0000] NSMMReplicationPlugin - conn=11725 op=16258 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:32:22 +0000] NSMMReplicationPlugin - conn=11725 op=16258 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:32:22 +0000] NSMMReplicationPlugin - conn=11725 op=16258 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:32:22 +0000] NSMMReplicationPlugin - conn=11725 op=16258 Relinquishing consumer connection extension [14/Jan/2016:20:32:22 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:22 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:22 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:22 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:22 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:23 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697bf710000000a0000 into pending list [14/Jan/2016:20:32:23 +0000] NSMMReplicationPlugin - conn=14281 op=11136 csn=5697bf710000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:23 +0000] - _csngen_adjust_local_time: gen state before 569806cf0002:1452803542:1:248 [14/Jan/2016:20:32:23 +0000] - _csngen_adjust_local_time: gen state after 569806cf0002:1452803543:0:248 [14/Jan/2016:20:32:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:24 +0000] - _csngen_adjust_local_time: gen state before 569806cf0003:1452803543:0:248 [14/Jan/2016:20:32:24 +0000] - _csngen_adjust_local_time: gen state after 569806d00000:1452803544:0:248 [14/Jan/2016:20:32:24 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569806d0000000040000 into pending list [14/Jan/2016:20:32:24 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=feedspool1-arch-flex-nvan.mydomain.net+nsuniqueid=ae37be91-b97111e5-b1f1cd78-f19552bb,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568ecc4a000300040000 [14/Jan/2016:20:32:24 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:24 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:24 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569806d0000000040000 [14/Jan/2016:20:32:24 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: stop_fatal_error -> stop_fatal_error [14/Jan/2016:20:32:24 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:24 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:24 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569806d0000100040000 into pending list [14/Jan/2016:20:32:24 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=feedspool1-arch-flex-nvan.mydomain.net+nsuniqueid=ae37be91-b97111e5-b1f1cd78-f19552bb,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568ecc50000000040000 [14/Jan/2016:20:32:24 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:24 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:24 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569806d0000100040000 [14/Jan/2016:20:32:24 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: stop_fatal_error -> stop_fatal_error [14/Jan/2016:20:32:24 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:24 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:25 +0000] NSMMReplicationPlugin - conn=11725 op=16259 Acquired consumer connection extension [14/Jan/2016:20:32:25 +0000] NSMMReplicationPlugin - conn=11725 op=16259 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:32:25 +0000] - csngen_adjust_time: gen state before 569806d00002:1452803544:0:248 [14/Jan/2016:20:32:25 +0000] - _csngen_adjust_local_time: gen state before 569806d00002:1452803544:0:248 [14/Jan/2016:20:32:25 +0000] - _csngen_adjust_local_time: gen state after 569806d10000:1452803545:0:248 [14/Jan/2016:20:32:25 +0000] - csngen_adjust_time: gen state after 569806d20001:1452803545:1:248 [14/Jan/2016:20:32:25 +0000] NSMMReplicationPlugin - conn=11725 op=16259 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:32:25 +0000] NSMMReplicationPlugin - conn=11725 op=16259 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:32:25 +0000] NSMMReplicationPlugin - conn=11725 op=16259 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:32:25 +0000] NSMMReplicationPlugin - conn=11725 op=16259 Relinquishing consumer connection extension [14/Jan/2016:20:32:25 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697c13d0001000a0000 into pending list [14/Jan/2016:20:32:25 +0000] NSMMReplicationPlugin - conn=14281 op=11137 csn=5697c13d0001000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:25 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:25 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:26 +0000] - _csngen_adjust_local_time: gen state before 569806d20001:1452803545:1:248 [14/Jan/2016:20:32:26 +0000] - _csngen_adjust_local_time: gen state after 569806d20001:1452803546:0:248 [14/Jan/2016:20:32:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 3 seconds [14/Jan/2016:20:32:27 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697c2ff0000000a0000 into pending list [14/Jan/2016:20:32:27 +0000] NSMMReplicationPlugin - conn=14281 op=11138 csn=5697c2ff0000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:28 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:28 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:28 +0000] - _csngen_adjust_local_time: gen state before 569806d20003:1452803546:0:248 [14/Jan/2016:20:32:28 +0000] - _csngen_adjust_local_time: gen state after 569806d40000:1452803548:0:248 [14/Jan/2016:20:32:28 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:28 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:28 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 3 seconds [14/Jan/2016:20:32:28 +0000] NSMMReplicationPlugin - conn=11725 op=16260 Acquired consumer connection extension [14/Jan/2016:20:32:28 +0000] NSMMReplicationPlugin - conn=11725 op=16260 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:32:28 +0000] - csngen_adjust_time: gen state before 569806d40001:1452803548:0:248 [14/Jan/2016:20:32:28 +0000] - csngen_adjust_time: gen state after 569806d50001:1452803548:1:248 [14/Jan/2016:20:32:28 +0000] NSMMReplicationPlugin - conn=11725 op=16260 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:32:28 +0000] NSMMReplicationPlugin - conn=11725 op=16260 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:32:28 +0000] NSMMReplicationPlugin - conn=11725 op=16260 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:32:28 +0000] NSMMReplicationPlugin - conn=11725 op=16260 Relinquishing consumer connection extension [14/Jan/2016:20:32:29 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:29 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:29 +0000] - _csngen_adjust_local_time: gen state before 569806d50001:1452803548:1:248 [14/Jan/2016:20:32:29 +0000] - _csngen_adjust_local_time: gen state after 569806d50001:1452803549:0:248 [14/Jan/2016:20:32:29 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:29 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:29 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 3 seconds [14/Jan/2016:20:32:29 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697c4ce0000000a0000 into pending list [14/Jan/2016:20:32:29 +0000] NSMMReplicationPlugin - conn=14281 op=11139 csn=5697c4ce0000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:31 +0000] - _csngen_adjust_local_time: gen state before 569806d50002:1452803549:0:248 [14/Jan/2016:20:32:31 +0000] - _csngen_adjust_local_time: gen state after 569806d70000:1452803551:0:248 [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 3 seconds [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - conn=11725 op=16261 Acquired consumer connection extension [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - conn=11725 op=16261 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:32:31 +0000] - csngen_adjust_time: gen state before 569806d70001:1452803551:0:248 [14/Jan/2016:20:32:31 +0000] - csngen_adjust_time: gen state after 569806d80001:1452803551:1:248 [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - conn=11725 op=16261 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - conn=11725 op=16261 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - conn=11725 op=16261 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - conn=11725 op=16261 Relinquishing consumer connection extension [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569806d8000100040000 into pending list [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=hadoop3-mc-mcci1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568ecc50000100040000 [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569806d8000100040000 [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697c6970000000a0000 into pending list [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - conn=14281 op=11140 csn=5697c6970000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: stop_fatal_error -> stop_fatal_error [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569806d8000200040000 into pending list [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=hadoop3-mc-mcci1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568ecc58000100040000 [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569806d8000200040000 [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: stop_fatal_error -> stop_fatal_error [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:32 +0000] - _csngen_adjust_local_time: gen state before 569806d80003:1452803551:1:248 [14/Jan/2016:20:32:32 +0000] - _csngen_adjust_local_time: gen state after 569806d80003:1452803552:0:248 [14/Jan/2016:20:32:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 3 seconds [14/Jan/2016:20:32:33 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697c81b0003000a0000 into pending list [14/Jan/2016:20:32:33 +0000] NSMMReplicationPlugin - conn=14281 op=11141 csn=5697c81b0003000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:34 +0000] NSMMReplicationPlugin - conn=11725 op=16262 Acquired consumer connection extension [14/Jan/2016:20:32:34 +0000] NSMMReplicationPlugin - conn=11725 op=16262 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:32:34 +0000] - csngen_adjust_time: gen state before 569806d80004:1452803552:0:248 [14/Jan/2016:20:32:34 +0000] - _csngen_adjust_local_time: gen state before 569806d80004:1452803552:0:248 [14/Jan/2016:20:32:34 +0000] - _csngen_adjust_local_time: gen state after 569806da0000:1452803554:0:248 [14/Jan/2016:20:32:34 +0000] - csngen_adjust_time: gen state after 569806db0002:1452803554:1:248 [14/Jan/2016:20:32:34 +0000] NSMMReplicationPlugin - conn=11725 op=16262 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:32:34 +0000] NSMMReplicationPlugin - conn=11725 op=16262 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:32:34 +0000] NSMMReplicationPlugin - conn=11725 op=16262 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:32:34 +0000] NSMMReplicationPlugin - conn=11725 op=16262 Relinquishing consumer connection extension [14/Jan/2016:20:32:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 3 seconds [14/Jan/2016:20:32:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:35 +0000] - _csngen_adjust_local_time: gen state before 569806db0003:1452803554:1:248 [14/Jan/2016:20:32:35 +0000] - _csngen_adjust_local_time: gen state after 569806db0003:1452803555:0:248 [14/Jan/2016:20:32:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:35 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697c9d20000000a0000 into pending list [14/Jan/2016:20:32:35 +0000] NSMMReplicationPlugin - conn=14281 op=11142 csn=5697c9d20000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:37 +0000] NSMMReplicationPlugin - conn=11725 op=16263 Acquired consumer connection extension [14/Jan/2016:20:32:37 +0000] NSMMReplicationPlugin - conn=11725 op=16263 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:32:37 +0000] - csngen_adjust_time: gen state before 569806db0004:1452803555:0:248 [14/Jan/2016:20:32:37 +0000] - _csngen_adjust_local_time: gen state before 569806db0004:1452803555:0:248 [14/Jan/2016:20:32:37 +0000] - _csngen_adjust_local_time: gen state after 569806dd0000:1452803557:0:248 [14/Jan/2016:20:32:37 +0000] - csngen_adjust_time: gen state after 569806de0001:1452803557:1:248 [14/Jan/2016:20:32:37 +0000] NSMMReplicationPlugin - conn=11725 op=16263 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:32:37 +0000] NSMMReplicationPlugin - conn=11725 op=16263 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:32:37 +0000] NSMMReplicationPlugin - conn=11725 op=16263 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:32:37 +0000] NSMMReplicationPlugin - conn=11725 op=16263 Relinquishing consumer connection extension [14/Jan/2016:20:32:37 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:37 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:37 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:37 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:37 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:37 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697cb920000000a0000 into pending list [14/Jan/2016:20:32:37 +0000] NSMMReplicationPlugin - conn=14281 op=11143 csn=5697cb920000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:38 +0000] - _csngen_adjust_local_time: gen state before 569806de0002:1452803557:1:248 [14/Jan/2016:20:32:38 +0000] - _csngen_adjust_local_time: gen state after 569806de0002:1452803558:0:248 [14/Jan/2016:20:32:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:39 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697cd0f0000000a0000 into pending list [14/Jan/2016:20:32:39 +0000] NSMMReplicationPlugin - conn=14281 op=11144 csn=5697cd0f0000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:40 +0000] NSMMReplicationPlugin - conn=11725 op=16264 Acquired consumer connection extension [14/Jan/2016:20:32:40 +0000] NSMMReplicationPlugin - conn=11725 op=16264 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:32:40 +0000] - csngen_adjust_time: gen state before 569806de0003:1452803558:0:248 [14/Jan/2016:20:32:40 +0000] - _csngen_adjust_local_time: gen state before 569806de0003:1452803558:0:248 [14/Jan/2016:20:32:40 +0000] - _csngen_adjust_local_time: gen state after 569806e00000:1452803560:0:248 [14/Jan/2016:20:32:40 +0000] - csngen_adjust_time: gen state after 569806e10001:1452803560:1:248 [14/Jan/2016:20:32:40 +0000] NSMMReplicationPlugin - conn=11725 op=16264 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:32:40 +0000] NSMMReplicationPlugin - conn=11725 op=16264 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:32:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:40 +0000] NSMMReplicationPlugin - conn=11725 op=16264 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:32:40 +0000] NSMMReplicationPlugin - conn=11725 op=16264 Relinquishing consumer connection extension [14/Jan/2016:20:32:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:41 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:41 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:41 +0000] - _csngen_adjust_local_time: gen state before 569806e10002:1452803560:1:248 [14/Jan/2016:20:32:41 +0000] - _csngen_adjust_local_time: gen state after 569806e10002:1452803561:0:248 [14/Jan/2016:20:32:41 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:41 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:41 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:41 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697cee40000000a0000 into pending list [14/Jan/2016:20:32:41 +0000] NSMMReplicationPlugin - conn=14281 op=11145 csn=5697cee40000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:43 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:43 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:43 +0000] - _csngen_adjust_local_time: gen state before 569806e10003:1452803561:0:248 [14/Jan/2016:20:32:43 +0000] - _csngen_adjust_local_time: gen state after 569806e30000:1452803563:0:248 [14/Jan/2016:20:32:43 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:43 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:43 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:43 +0000] NSMMReplicationPlugin - conn=11725 op=16265 Acquired consumer connection extension [14/Jan/2016:20:32:43 +0000] NSMMReplicationPlugin - conn=11725 op=16265 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:32:43 +0000] - csngen_adjust_time: gen state before 569806e30001:1452803563:0:248 [14/Jan/2016:20:32:43 +0000] - csngen_adjust_time: gen state after 569806e40001:1452803563:1:248 [14/Jan/2016:20:32:43 +0000] NSMMReplicationPlugin - conn=11725 op=16265 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:32:43 +0000] NSMMReplicationPlugin - conn=11725 op=16265 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:32:43 +0000] NSMMReplicationPlugin - conn=11725 op=16265 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:32:43 +0000] NSMMReplicationPlugin - conn=11725 op=16265 Relinquishing consumer connection extension [14/Jan/2016:20:32:43 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697d0250001000a0000 into pending list [14/Jan/2016:20:32:43 +0000] NSMMReplicationPlugin - conn=14281 op=11146 csn=5697d0250001000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:44 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:44 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:44 +0000] - _csngen_adjust_local_time: gen state before 569806e40001:1452803563:1:248 [14/Jan/2016:20:32:44 +0000] - _csngen_adjust_local_time: gen state after 569806e40001:1452803564:0:248 [14/Jan/2016:20:32:44 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:44 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:44 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:45 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:45 +0000] NSMMReplicationPlugin - changelog program - cl5GetOperationCount: found DB object 7f5595d590d0 [14/Jan/2016:20:32:45 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:45 +0000] NSMMReplicationPlugin - changelog program - cl5GetOperationCount: found DB object 7f5595d590d0 [14/Jan/2016:20:32:45 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697d2120000000a0000 into pending list [14/Jan/2016:20:32:45 +0000] NSMMReplicationPlugin - conn=14281 op=11147 csn=5697d2120000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:46 +0000] NSMMReplicationPlugin - conn=11725 op=16266 Acquired consumer connection extension [14/Jan/2016:20:32:46 +0000] NSMMReplicationPlugin - conn=11725 op=16266 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:32:46 +0000] - csngen_adjust_time: gen state before 569806e40002:1452803564:0:248 [14/Jan/2016:20:32:46 +0000] - _csngen_adjust_local_time: gen state before 569806e40002:1452803564:0:248 [14/Jan/2016:20:32:46 +0000] - _csngen_adjust_local_time: gen state after 569806e60000:1452803566:0:248 [14/Jan/2016:20:32:46 +0000] - csngen_adjust_time: gen state after 569806e70001:1452803566:1:248 [14/Jan/2016:20:32:46 +0000] NSMMReplicationPlugin - conn=11725 op=16266 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:32:46 +0000] NSMMReplicationPlugin - conn=11725 op=16266 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:32:46 +0000] NSMMReplicationPlugin - conn=11725 op=16266 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:32:46 +0000] NSMMReplicationPlugin - conn=11725 op=16266 Relinquishing consumer connection extension [14/Jan/2016:20:32:46 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:46 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:46 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:46 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:46 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:47 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:47 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:47 +0000] - _csngen_adjust_local_time: gen state before 569806e70002:1452803566:1:248 [14/Jan/2016:20:32:47 +0000] - _csngen_adjust_local_time: gen state after 569806e70002:1452803567:0:248 [14/Jan/2016:20:32:47 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:47 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:47 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:47 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697d3630000000a0000 into pending list [14/Jan/2016:20:32:47 +0000] NSMMReplicationPlugin - conn=14281 op=11148 csn=5697d3630000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:49 +0000] NSMMReplicationPlugin - conn=11725 op=16267 Acquired consumer connection extension [14/Jan/2016:20:32:49 +0000] NSMMReplicationPlugin - conn=11725 op=16267 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:32:49 +0000] - csngen_adjust_time: gen state before 569806e70003:1452803567:0:248 [14/Jan/2016:20:32:49 +0000] - _csngen_adjust_local_time: gen state before 569806e70003:1452803567:0:248 [14/Jan/2016:20:32:49 +0000] - _csngen_adjust_local_time: gen state after 569806e90000:1452803569:0:248 [14/Jan/2016:20:32:49 +0000] - csngen_adjust_time: gen state after 569806ea0001:1452803569:1:248 [14/Jan/2016:20:32:49 +0000] NSMMReplicationPlugin - conn=11725 op=16267 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:32:49 +0000] NSMMReplicationPlugin - conn=11725 op=16267 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:32:49 +0000] NSMMReplicationPlugin - conn=11725 op=16267 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:32:49 +0000] NSMMReplicationPlugin - conn=11725 op=16267 Relinquishing consumer connection extension [14/Jan/2016:20:32:49 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:49 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:49 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:49 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:49 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:49 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697d5690000000a0000 into pending list [14/Jan/2016:20:32:49 +0000] NSMMReplicationPlugin - conn=14281 op=11149 csn=5697d5690000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:50 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:50 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:50 +0000] - _csngen_adjust_local_time: gen state before 569806ea0002:1452803569:1:248 [14/Jan/2016:20:32:50 +0000] - _csngen_adjust_local_time: gen state after 569806ea0002:1452803570:0:248 [14/Jan/2016:20:32:50 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:50 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:50 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:51 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697d6c90000000a0000 into pending list [14/Jan/2016:20:32:51 +0000] NSMMReplicationPlugin - conn=14281 op=11150 csn=5697d6c90000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:52 +0000] NSMMReplicationPlugin - conn=11725 op=16268 Acquired consumer connection extension [14/Jan/2016:20:32:52 +0000] NSMMReplicationPlugin - conn=11725 op=16268 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:32:52 +0000] - csngen_adjust_time: gen state before 569806ea0003:1452803570:0:248 [14/Jan/2016:20:32:52 +0000] - _csngen_adjust_local_time: gen state before 569806ea0003:1452803570:0:248 [14/Jan/2016:20:32:52 +0000] - _csngen_adjust_local_time: gen state after 569806ec0000:1452803572:0:248 [14/Jan/2016:20:32:52 +0000] - csngen_adjust_time: gen state after 569806ed0001:1452803572:1:248 [14/Jan/2016:20:32:52 +0000] NSMMReplicationPlugin - conn=11725 op=16268 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:32:52 +0000] NSMMReplicationPlugin - conn=11725 op=16268 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:32:52 +0000] NSMMReplicationPlugin - conn=11725 op=16268 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:32:52 +0000] NSMMReplicationPlugin - conn=11725 op=16268 Relinquishing consumer connection extension [14/Jan/2016:20:32:52 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:52 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:52 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:52 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:52 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:53 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:53 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:53 +0000] - _csngen_adjust_local_time: gen state before 569806ed0002:1452803572:1:248 [14/Jan/2016:20:32:53 +0000] - _csngen_adjust_local_time: gen state after 569806ed0002:1452803573:0:248 [14/Jan/2016:20:32:53 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:53 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:53 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:53 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697d8e70000000a0000 into pending list [14/Jan/2016:20:32:53 +0000] NSMMReplicationPlugin - conn=14281 op=11151 csn=5697d8e70000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:55 +0000] NSMMReplicationPlugin - conn=11725 op=16269 Acquired consumer connection extension [14/Jan/2016:20:32:55 +0000] NSMMReplicationPlugin - conn=11725 op=16269 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:32:55 +0000] - csngen_adjust_time: gen state before 569806ed0003:1452803573:0:248 [14/Jan/2016:20:32:55 +0000] - _csngen_adjust_local_time: gen state before 569806ed0003:1452803573:0:248 [14/Jan/2016:20:32:55 +0000] - _csngen_adjust_local_time: gen state after 569806ef0000:1452803575:0:248 [14/Jan/2016:20:32:55 +0000] - csngen_adjust_time: gen state after 569806f00001:1452803575:1:248 [14/Jan/2016:20:32:55 +0000] NSMMReplicationPlugin - conn=11725 op=16269 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:32:55 +0000] NSMMReplicationPlugin - conn=11725 op=16269 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:32:55 +0000] NSMMReplicationPlugin - conn=11725 op=16269 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:32:55 +0000] NSMMReplicationPlugin - conn=11725 op=16269 Relinquishing consumer connection extension -----Original Message----- From: Rob Crittenden [mailto:rcritten at redhat.com] Sent: January-14-16 6:33 AM To: Nathan Peters; Ludwig Krispenz; freeipa-users at redhat.com Subject: Re: [Freeipa-users] Replication failing on FreeIPA 4.2.0 Nathan Peters wrote: > This just keeps on getting better and better. > > > > I need this replication working properly because it has caused about 7 > or 8 builds to fail today alone so I decided to just be done with > troubleshooting and remove the server from the domain and re-initialize it. > > > > I deleted it with 'ipa-replica-manage del dc1-ipa-dev-nvan.mydomain.net' > and then removed then ran an ipa-server uninstall. I then made a new > gpg file for it on dc1-van and added it back as a replica. > > > > After I did that, I wanted to connect all 3 servers together and when > I run ipa-replica-manage connect on dc2-nvan I get this now. I'm not > sure how troubleshoot that. > > > > > > dc1-ipa-dev-nvan.mydomain.net is an IPA Server, but it might be > unknown, foreign or previously deleted one. It means that the new server isn't showing up in the list of masters on dc2-nvan which points to continuing replication issues. rob From rcritten at redhat.com Thu Jan 14 21:09:55 2016 From: rcritten at redhat.com (Rob Crittenden) Date: Thu, 14 Jan 2016 16:09:55 -0500 Subject: [Freeipa-users] GID, groups and ipa group-show In-Reply-To: References: <55DADD5D.60809@redhat.com> Message-ID: <56980EA3.9050001@redhat.com> Prasun Gera wrote: > This is an old thread, but I can confirm that this is still an issue on > RHEL 7.2 + 4.2. This creates problems when there are roles associated > with groups, but group membership through GID is broken. I had migrated > all old NIS accounts into ipa. I then added the host enrollment role to > a particular group. Now, unless I add the users to the group explicitly, > they won't get the role, even if their gid is the same as the gid of the > group. The user GIDNumber just sets the default group for POSIX. If you do groups on the user I'll bet it shows correctly. For the purposes of IPA access control, as you've seen, the user must have a memberOf for a given group, either directly or indirectly. rob > On Mon, Aug 24, 2015 at 5:01 AM, David Kupka > wrote: > > On 21/08/15 15:21, bahan w wrote: > > Hello ! > > I contact you because I notice something strange with IPA > environment. > > I created a group : > ipa group-add g1 --desc="my first group" > > Then I created a user with the GID of g1 > GID1=`ipa group-show g1 | awk '/GID/ {printf("%s",$2)}'` > ipa user-add --first=u1 --last=u1 --homedir=/home/u1 > --shell=/bin/bash > --gidnumber=${GID1} u1 > > Then when I perform ipa group-show g1 command, I got the > following result : > ### > Group name: g1 > Description: my first group > GID: > ### > > Same for ipa user-show u1 : > ### > User login: u1 > First name: u1 > Last name: u1 > Home directory: /home/u1 > Login shell: /bin/bash > Email address: u1@ > UID: > GID: > Account disabled: False > Password: False > Member of groups: ipausers > Kerberos keys available: False > ### > > These 2 commands does not see u1 as a member of g1. > When I try the command id u1, I can see the group : > > ### > id u1 > uid=(u1) gid=(g1) groups=(g1) > ### > > Is it the normal behaviour of these IPA commands ? > > Best regards. > > Bahan > > > > Hello! > > I'm not sure if this is intended and/or correct behavior or not. > Looking at /etc/passwd and /etc/group I see it behaves similarly in > a way. > > You can have following entries in the aforementioned files > > [/etc/group] > ... > g1:x:: > ... > > [/etc/passwd] > ... > u1:x::::/home/u1:/bin/bash > ... > > Looking in /etc/group you can't see user 'u1' is member of group > 'g1' but tools like id, groups, getent shows this information. > > On the other hand it would be useful to show these "implicit" > members in group-show output. > Could you please file a ticket > (https://fedorahosted.org/freeipa/newticket)? > > -- > David Kupka > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project > > > > From peter at pakos.pl Thu Jan 14 21:18:15 2016 From: peter at pakos.pl (Peter Pakos) Date: Thu, 14 Jan 2016 21:18:15 +0000 Subject: [Freeipa-users] Using 3rd party certificates for HTTP/LDAP In-Reply-To: <5697EE18.1090406@redhat.com> References: <56782C27.3000102@pakos.pl> <568A6921.6000708@redhat.com> <5697E464.5040907@pakos.pl> <5697EE18.1090406@redhat.com> Message-ID: <56981097.4070501@pakos.pl> On 14/01/2016 18:51, Rob Crittenden wrote: > You need to add the new root certs to the pki NSS database. As far as I can see those 3 new CA certs are already in the database (unless you're talking about a different db): $ certutil -d /etc/pki/nssdb/ -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI IPA.WANDISCO.COM IPA CA CT,C,C AddTrust ,, USERTrustRSAAddTrustCA ,, GandiStandardSSLCA2 ,, Please advise. -- Kind regards, Peter Pakos From Nathan.Peters at globalrelay.net Thu Jan 14 21:25:49 2016 From: Nathan.Peters at globalrelay.net (Nathan Peters) Date: Thu, 14 Jan 2016 21:25:49 +0000 Subject: [Freeipa-users] Replication failing on FreeIPA 4.2.0 In-Reply-To: References: <5697B18E.2070809@redhat.com> Message-ID: So after some more forum searching I found a command that searches your ldap database for RUVs. The output does not seems to match the list-ruv command for each server. Is this where the issue lies in the database? I see 6 ruvs for each host in the ldapsearch but only 3 in the ipa-replica-manage list-ruv command DC1-IPA-DEV-VAN OUTPUT ====================== [root at dc1-ipa-dev-van slapd-mydomain-NET]# ldapsearch -D "cn=directory manager" -W -b "o=ipaca" "(&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff))" nscpentrywsi Enter LDAP Password: # extended LDIF # # LDAPv3 # base with scope subtree # filter: (&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff)) # requesting: nscpentrywsi # # replica, o\3Dipaca, mapping tree, config dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config nscpentrywsi: dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config nscpentrywsi: objectClass: top nscpentrywsi: objectClass: nsDS5Replica nscpentrywsi: objectClass: extensibleobject nscpentrywsi: nsDS5ReplicaRoot: o=ipaca nscpentrywsi: nsDS5ReplicaType: 3 nscpentrywsi: nsDS5ReplicaBindDN: cn=Replication Manager masterAgreement1-dc1-ipa-dev-nvan.mydomain.net-pki-tomcat,ou=csusers,cn=config nscpentrywsi: nsDS5ReplicaBindDN: cn=Replication Manager masterAgreement1-dc2-ipa-dev-nvan.mydomain.net-pki-tomcat,ou=csusers,cn=config nscpentrywsi: cn: replica nscpentrywsi: nsDS5ReplicaId: 96 nscpentrywsi: nsDS5Flags: 1 nscpentrywsi: creatorsName: uid=pkidbuser,ou=people,o=ipaca nscpentrywsi: modifiersName: cn=Multimaster Replication Plugin,cn=plugins,cn=config nscpentrywsi: createTimestamp: 20160114034427Z nscpentrywsi: modifyTimestamp: 20160114210015Z nscpentrywsi: nsState:: YAAAAAAAAABPDJhWAAAAAAAAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA== nscpentrywsi: nsDS5ReplicaName: 0c97968e-ba7111e5-b1f1cd78-f19552bb nscpentrywsi: numSubordinates: 2 nscpentrywsi: nsds50ruv: {replicageneration} 5697199b000000600000 nscpentrywsi: nsds50ruv: {replica 96 ldap://dc1-ipa-dev-van.mydomain.net:389} 569719a0000000600000 56980c51000000600000 nscpentrywsi: nsds50ruv: {replica 76 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56976b310000004c0000 56976b5c0002004c0000 nscpentrywsi: nsds50ruv: {replica 81 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 5697661a000000510000 5697f1f4000300510000 nscpentrywsi: nsds50ruv: {replica 86 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 569761d2000000560000 5697620b000500560000 nscpentrywsi: nsds50ruv: {replica 91 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 569738560000005b0000 569738790004005b0000 nscpentrywsi: nsds50ruv: {replica 97 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 569719a4000000610000 569719e6001100610000 nscpentrywsi: nsds5agmtmaxcsn: o=ipaca;masterAgreement1-dc1-ipa-dev-nvan.mydomain.net-pki-tomcat;dc1-ipa-dev-nvan.mydomain.net;389;81;56980c5 1000000600000 nscpentrywsi: nsds5agmtmaxcsn: o=ipaca;masterAgreement1-dc2-ipa-dev-nvan.mydomain.net-pki-tomcat;dc2-ipa-dev-nvan.mydomain.net;389;76;56980c5 1000000600000 nscpentrywsi: nsruvReplicaLastModified: {replica 96 ldap://dc1-ipa-dev-van.mydomain.net:389} 56980c4f nscpentrywsi: nsruvReplicaLastModified: {replica 76 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56976b68 nscpentrywsi: nsruvReplicaLastModified: {replica 81 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 5697f1f1 nscpentrywsi: nsruvReplicaLastModified: {replica 86 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 56976208 nscpentrywsi: nsruvReplicaLastModified: {replica 91 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56973881 nscpentrywsi: nsruvReplicaLastModified: {replica 97 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 00000000 nscpentrywsi: nsds5ReplicaChangeCount: 1374 nscpentrywsi: nsds5replicareapactive: 0 # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 [root at dc1-ipa-dev-van slapd-mydomain-NET]# ipa-replica-manage list-ruv dc1-ipa-dev-nvan.mydomain.net:389: 9 dc1-ipa-dev-van.mydomain.net:389: 4 dc2-ipa-dev-nvan.mydomain.net:389: 10 DC1-IPA-DEV-NVAN OUTPUT ======================= [root at dc1-ipa-dev-nvan slapd-mydomain-NET]# ldapsearch -D "cn=directory manager" -W -b "o=ipaca" "(&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff))" nscpentrywsi Enter LDAP Password: # extended LDIF # # LDAPv3 # base with scope subtree # filter: (&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff)) # requesting: nscpentrywsi # # replica, o\3Dipaca, mapping tree, config dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config nscpentrywsi: dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config nscpentrywsi: cn: replica nscpentrywsi: createTimestamp: 20160114091023Z nscpentrywsi: creatorsName: cn=directory manager nscpentrywsi: modifiersName: cn=Multimaster Replication Plugin,cn=plugins,cn=config nscpentrywsi: modifyTimestamp: 20160114205455Z nscpentrywsi: nsDS5Flags: 1 nscpentrywsi: nsDS5ReplicaBindDN: cn=Replication Manager cloneAgreement1-dc1-ipa-dev-nvan.mydomain.net-pki-tomcat,ou=csusers,cn=config nscpentrywsi: nsDS5ReplicaId: 81 nscpentrywsi: nsDS5ReplicaName: 9f025f1e-ba9e11e5-a3eed144-7534709f nscpentrywsi: nsDS5ReplicaRoot: o=ipaca nscpentrywsi: nsDS5ReplicaType: 3 nscpentrywsi: nsState:: UQAAAAAAAAAeC5hWAAAAAAAAAAAAAAAAAgAAAAAAAAABAAAAAAAAAA== nscpentrywsi: objectClass: top nscpentrywsi: objectClass: nsDS5Replica nscpentrywsi: objectClass: extensibleobject nscpentrywsi: numSubordinates: 1 nscpentrywsi: nsds50ruv: {replicageneration} 5697199b000000600000 nscpentrywsi: nsds50ruv: {replica 81 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 5697661a000000510000 5697f1f4000300510000 nscpentrywsi: nsds50ruv: {replica 96 ldap://dc1-ipa-dev-van.mydomain.net:389} 569719a0000000600000 56980fcd000000600000 nscpentrywsi: nsds50ruv: {replica 86 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 569761d2000000560000 5697620b000500560000 nscpentrywsi: nsds50ruv: {replica 91 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 569738560000005b0000 569738790004005b0000 nscpentrywsi: nsds50ruv: {replica 97 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 569719a4000000610000 569719e6001100610000 nscpentrywsi: nsds50ruv: {replica 76 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56976b310000004c0000 56976b5c0002004c0000 nscpentrywsi: nsds5agmtmaxcsn: o=ipaca;cloneAgreement1-dc1-ipa-dev-nvan.mydomain.net-pki-tomcat;dc1-ipa-dev-van.mydomain.net;389;96;5697f1f40 00300510000 nscpentrywsi: nsruvReplicaLastModified: {replica 81 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 00000000 nscpentrywsi: nsruvReplicaLastModified: {replica 96 ldap://dc1-ipa-dev-van.mydomain.net:389} 56980fcb nscpentrywsi: nsruvReplicaLastModified: {replica 86 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 00000000 nscpentrywsi: nsruvReplicaLastModified: {replica 91 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 00000000 nscpentrywsi: nsruvReplicaLastModified: {replica 97 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 00000000 nscpentrywsi: nsruvReplicaLastModified: {replica 76 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 00000000 nscpentrywsi: nsds5ReplicaChangeCount: 571 nscpentrywsi: nsds5replicareapactive: 0 # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 [root at dc1-ipa-dev-nvan slapd-mydomain-NET]# ipa-replica-manage list-ruv dc1-ipa-dev-nvan.mydomain.net:389: 9 dc2-ipa-dev-nvan.mydomain.net:389: 10 dc1-ipa-dev-van.mydomain.net:389: 4 DC2-IPA-DEV-NVAN OUTPUT ======================= [root at dc2-ipa-dev-nvan slapd-mydomain-NET]# ldapsearch -D "cn=directory manager" -W -b "o=ipaca" "(&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff))" nscpentrywsi Enter LDAP Password: # extended LDIF # # LDAPv3 # base with scope subtree # filter: (&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff)) # requesting: nscpentrywsi # # replica, o\3Dipaca, mapping tree, config dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config nscpentrywsi: dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config nscpentrywsi: cn: replica nscpentrywsi: createTimestamp: 20160114093204Z nscpentrywsi: creatorsName: cn=directory manager nscpentrywsi: modifiersName: cn=Multimaster Replication Plugin,cn=plugins,cn=config nscpentrywsi: modifyTimestamp: 20160114210009Z nscpentrywsi: nsDS5Flags: 1 nscpentrywsi: nsDS5ReplicaBindDN: cn=Replication Manager cloneAgreement1-dc2-ipa-dev-nvan.mydomain.net-pki-tomcat,ou=csusers,cn=config nscpentrywsi: nsDS5ReplicaId: 76 nscpentrywsi: nsDS5ReplicaName: a70fce1e-baa111e5-bbb09cc0-8cbb81b3 nscpentrywsi: nsDS5ReplicaRoot: o=ipaca nscpentrywsi: nsDS5ReplicaType: 3 nscpentrywsi: nsState:: TAAAAAAAAABXDJhWAAAAAAAAAAAAAAAAAgAAAAAAAAABAAAAAAAAAA== nscpentrywsi: objectClass: top nscpentrywsi: objectClass: nsDS5Replica nscpentrywsi: objectClass: extensibleobject nscpentrywsi: numSubordinates: 1 nscpentrywsi: nsds50ruv: {replicageneration} 5697199b000000600000 nscpentrywsi: nsds50ruv: {replica 76 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56976b310000004c0000 56976b5c0002004c0000 nscpentrywsi: nsds50ruv: {replica 96 ldap://dc1-ipa-dev-van.mydomain.net:389} 569719a0000000600000 56980fcd000000600000 nscpentrywsi: nsds50ruv: {replica 81 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 5697661a000000510000 5697f1f4000300510000 nscpentrywsi: nsds50ruv: {replica 86 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 569761d2000000560000 5697620b000500560000 nscpentrywsi: nsds50ruv: {replica 91 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 569738560000005b0000 569738790004005b0000 nscpentrywsi: nsds50ruv: {replica 97 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 569719a4000000610000 569719e6001100610000 nscpentrywsi: nsds5agmtmaxcsn: o=ipaca;cloneAgreement1-dc2-ipa-dev-nvan.mydomain.net-pki-tomcat;dc1-ipa-dev-van.mydomain.net;389;96;56976b5c0 002004c0000 nscpentrywsi: nsruvReplicaLastModified: {replica 76 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 00000000 nscpentrywsi: nsruvReplicaLastModified: {replica 96 ldap://dc1-ipa-dev-van.mydomain.net:389} 56980fca nscpentrywsi: nsruvReplicaLastModified: {replica 81 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 00000000 nscpentrywsi: nsruvReplicaLastModified: {replica 86 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 00000000 nscpentrywsi: nsruvReplicaLastModified: {replica 91 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 00000000 nscpentrywsi: nsruvReplicaLastModified: {replica 97 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 00000000 nscpentrywsi: nsds5ReplicaChangeCount: 322 nscpentrywsi: nsds5replicareapactive: 0 # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 [root at dc2-ipa-dev-nvan slapd-mydomain-NET]# ipa-replica-manage list-ruv dc2-ipa-dev-nvan.mydomain.net:389: 10 dc1-ipa-dev-van.mydomain.net:389: 4 dc1-ipa-dev-nvan.mydomain.net:389: 9 -----Original Message----- From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Nathan Peters Sent: January-14-16 12:53 PM To: Rob Crittenden; Ludwig Krispenz; freeipa-users at redhat.com Subject: Re: [Freeipa-users] Replication failing on FreeIPA 4.2.0 I'm beginning to suspect there may be something wrong with my ldap database. I actually completed deleted dc1-nvan and dc2-nvan last night, leaving only dc1-van. I then re-provosioned dc1-nvan and dc2-nvan from scratch (os install and everything). After re-provisioning I was finally able to make a 3 way replication agreement so each server was replicating with 2 others. When I left, all servers were reporting successful output similar to this : [root at dc2-ipa-dev-nvan ~]# ipa-replica-manage list -v `hostname` p11-kit: ipa.p11-kit: x-public-key-info: invalid or unsupported attribute dc1-ipa-dev-nvan.mydomain.net: replica last init status: None last init ended: 1970-01-01 00:00:00+00:00 last update status: 0 Replica acquired successfully: Incremental update started last update ended: 1970-01-01 00:00:00+00:00 dc1-ipa-dev-van.mydomain.net: replica last init status: None last init ended: 1970-01-01 00:00:00+00:00 last update status: 0 Replica acquired successfully: Incremental update started last update ended: 1970-01-01 00:00:00+00:00 When I came in this morning 8 hours later the logs are full of errors again: So I have a few questions: 1)Is there any way to effectively 'clean' an ldap database? 2)Are there any commands I can run to find out if it is something in my database that is causing issues? -for troubleshooting this one I tried doing ruv-clean after I deleted my replicas but it claimed their IDs no longer existed, so it thought they were deleted properly. 3)Why even with successful replication are they still showing 1970 dates? I never understand why they keep going back to that. They were at 2016 dates last night... Here are the error logs from each server : =========== Errors in dc1-nvan =========== [14/Jan/2016:20:19:52 +0000] attrlist_replace - attr_replace (nsslapd-referral, ldap://dc1-ipa-dev-van.mydomain.net:389/o%3Dipaca) failed. [14/Jan/2016:20:19:52 +0000] attrlist_replace - attr_replace (nsslapd-referral, ldap://dc1-ipa-dev-van.mydomain.net:389/o%3Dipaca) failed. [14/Jan/2016:20:27:36 +0000] NSMMReplicationPlugin - replication keep alive entry already exists [14/Jan/2016:20:29:51 +0000] attrlist_replace - attr_replace (nsslapd-referral, ldap://dc1-ipa-dev-van.mydomain.net:389/o%3Dipaca) failed. [14/Jan/2016:20:29:51 +0000] attrlist_replace - attr_replace (nsslapd-referral, ldap://dc1-ipa-dev-van.mydomain.net:389/o%3Dipaca) failed. [14/Jan/2016:20:29:51 +0000] attrlist_replace - attr_replace (nsslapd-referral, ldap://dc1-ipa-dev-van.mydomain.net:389/o%3Dipaca) failed. [14/Jan/2016:20:33:43 +0000] NSMMReplicationPlugin - replication keep alive entry already exists [14/Jan/2016:20:34:51 +0000] attrlist_replace - attr_replace (nsslapd-referral, ldap://dc1-ipa-dev-van.mydomain.net:389/o%3Dipaca) failed. [14/Jan/2016:20:34:51 +0000] attrlist_replace - attr_replace (nsslapd-referral, ldap://dc1-ipa-dev-van.mydomain.net:389/o%3Dipaca) failed. [14/Jan/2016:20:34:51 +0000] attrlist_replace - attr_replace (nsslapd-referral, ldap://dc1-ipa-dev-van.mydomain.net:389/o%3Dipaca) failed. =========== Errors in dc2-nvan =========== [14/Jan/2016:20:19:52 +0000] attrlist_replace - attr_replace (nsslapd-referral, ldap://dc1-ipa-dev-van.mydomain.net:389/o%3Dipaca) failed. [14/Jan/2016:20:19:52 +0000] attrlist_replace - attr_replace (nsslapd-referral, ldap://dc1-ipa-dev-van.mydomain.net:389/o%3Dipaca) failed. [14/Jan/2016:20:26:11 +0000] NSMMReplicationPlugin - replication keep alive entry already exists [14/Jan/2016:20:29:52 +0000] attrlist_replace - attr_replace (nsslapd-referral, ldap://dc1-ipa-dev-van.mydomain.net:389/o%3Dipaca) failed. [14/Jan/2016:20:29:52 +0000] attrlist_replace - attr_replace (nsslapd-referral, ldap://dc1-ipa-dev-van.mydomain.net:389/o%3Dipaca) failed. [14/Jan/2016:20:29:52 +0000] attrlist_replace - attr_replace (nsslapd-referral, ldap://dc1-ipa-dev-van.mydomain.net:389/o%3Dipaca) failed. [14/Jan/2016:20:31:46 +0000] NSMMReplicationPlugin - replication keep alive entry already exists [14/Jan/2016:20:34:52 +0000] attrlist_replace - attr_replace (nsslapd-referral, ldap://dc1-ipa-dev-van.mydomain.net:389/o%3Dipaca) failed. [14/Jan/2016:20:34:52 +0000] attrlist_replace - attr_replace (nsslapd-referral, ldap://dc1-ipa-dev-van.mydomain.net:389/o%3Dipaca) failed. [14/Jan/2016:20:34:52 +0000] attrlist_replace - attr_replace (nsslapd-referral, ldap://dc1-ipa-dev-van.mydomain.net:389/o%3Dipaca) failed. =========== Errors in dc1-van =========== [14/Jan/2016:20:31:45 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:31:45 +0000] NSMMReplicationPlugin - changelog program - cl5GetOperationCount: found DB object 7f5595d590d0 [14/Jan/2016:20:31:45 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:31:45 +0000] NSMMReplicationPlugin - changelog program - cl5GetOperationCount: found DB object 7f5595d590d0 [14/Jan/2016:20:31:45 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 56979f620001000a0000 into pending list [14/Jan/2016:20:31:45 +0000] NSMMReplicationPlugin - conn=14281 op=11117 csn=56979f620001000a0000 process postop: canceling operation csn [14/Jan/2016:20:31:46 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:31:46 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:31:46 +0000] - _csngen_adjust_local_time: gen state before 569806a80004:1452803504:0:248 [14/Jan/2016:20:31:46 +0000] - _csngen_adjust_local_time: gen state after 569806aa0000:1452803506:0:248 [14/Jan/2016:20:31:46 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:31:46 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:31:46 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:31:46 +0000] NSMMReplicationPlugin - conn=11725 op=16246 Acquired consumer connection extension [14/Jan/2016:20:31:46 +0000] NSMMReplicationPlugin - conn=11725 op=16246 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:31:46 +0000] - csngen_adjust_time: gen state before 569806aa0001:1452803506:0:248 [14/Jan/2016:20:31:46 +0000] - csngen_adjust_time: gen state after 569806ab0001:1452803506:1:248 [14/Jan/2016:20:31:46 +0000] NSMMReplicationPlugin - conn=11725 op=16246 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:31:46 +0000] NSMMReplicationPlugin - conn=11725 op=16246 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:31:46 +0000] NSMMReplicationPlugin - conn=11725 op=16246 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:31:46 +0000] NSMMReplicationPlugin - conn=11725 op=16246 Relinquishing consumer connection extension [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:31:47 +0000] - _csngen_adjust_local_time: gen state before 569806ab0001:1452803506:1:248 [14/Jan/2016:20:31:47 +0000] - _csngen_adjust_local_time: gen state after 569806ab0001:1452803507:0:248 [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569806ab000200040000 into pending list [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=hadoop6-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568ecc27000100040000 [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569806ab000200040000 [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: stop_fatal_error -> stop_fatal_error [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569806ab000300040000 into pending list [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=hadoop6-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568ecc2b000200040000 [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569806ab000300040000 [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: stop_fatal_error -> stop_fatal_error [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697a13d0005000a0000 into pending list [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - conn=14281 op=11118 csn=5697a13d0005000a0000 process postop: canceling operation csn [14/Jan/2016:20:31:49 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:31:49 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:31:49 +0000] - _csngen_adjust_local_time: gen state before 569806ab0004:1452803507:0:248 [14/Jan/2016:20:31:49 +0000] - _csngen_adjust_local_time: gen state after 569806ad0000:1452803509:0:248 [14/Jan/2016:20:31:49 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:31:49 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:31:49 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:31:49 +0000] NSMMReplicationPlugin - conn=11725 op=16247 Acquired consumer connection extension [14/Jan/2016:20:31:49 +0000] NSMMReplicationPlugin - conn=11725 op=16247 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:31:49 +0000] - csngen_adjust_time: gen state before 569806ad0001:1452803509:0:248 [14/Jan/2016:20:31:49 +0000] - csngen_adjust_time: gen state after 569806ae0001:1452803509:1:248 [14/Jan/2016:20:31:49 +0000] NSMMReplicationPlugin - conn=11725 op=16247 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:31:49 +0000] NSMMReplicationPlugin - conn=11725 op=16247 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:31:49 +0000] NSMMReplicationPlugin - conn=11725 op=16247 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:31:49 +0000] NSMMReplicationPlugin - conn=11725 op=16247 Relinquishing consumer connection extension [14/Jan/2016:20:31:49 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697a2fd0001000a0000 into pending list [14/Jan/2016:20:31:49 +0000] NSMMReplicationPlugin - conn=14281 op=11119 csn=5697a2fd0001000a0000 process postop: canceling operation csn [14/Jan/2016:20:31:50 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:31:50 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:31:50 +0000] - _csngen_adjust_local_time: gen state before 569806ae0001:1452803509:1:248 [14/Jan/2016:20:31:50 +0000] - _csngen_adjust_local_time: gen state after 569806ae0001:1452803510:0:248 [14/Jan/2016:20:31:50 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:31:50 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:31:50 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:31:51 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697a4ce0001000a0000 into pending list [14/Jan/2016:20:31:51 +0000] NSMMReplicationPlugin - conn=14281 op=11120 csn=5697a4ce0001000a0000 process postop: canceling operation csn [14/Jan/2016:20:31:52 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:31:52 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:31:52 +0000] - _csngen_adjust_local_time: gen state before 569806ae0002:1452803510:0:248 [14/Jan/2016:20:31:52 +0000] - _csngen_adjust_local_time: gen state after 569806b00000:1452803512:0:248 [14/Jan/2016:20:31:52 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:31:52 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:31:52 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:31:52 +0000] NSMMReplicationPlugin - conn=11725 op=16248 Acquired consumer connection extension [14/Jan/2016:20:31:52 +0000] NSMMReplicationPlugin - conn=11725 op=16248 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:31:52 +0000] - csngen_adjust_time: gen state before 569806b00001:1452803512:0:248 [14/Jan/2016:20:31:52 +0000] - csngen_adjust_time: gen state after 569806b10001:1452803512:1:248 [14/Jan/2016:20:31:52 +0000] NSMMReplicationPlugin - conn=11725 op=16248 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:31:52 +0000] NSMMReplicationPlugin - conn=11725 op=16248 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:31:52 +0000] NSMMReplicationPlugin - conn=11725 op=16248 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:31:52 +0000] NSMMReplicationPlugin - conn=11725 op=16248 Relinquishing consumer connection extension [14/Jan/2016:20:31:53 +0000] - _csngen_adjust_local_time: gen state before 569806b10001:1452803512:1:248 [14/Jan/2016:20:31:53 +0000] - _csngen_adjust_local_time: gen state after 569806b10001:1452803513:0:248 [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569806b1000100040000 into pending list [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=van-test-conv2.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568ecc2b000300040000 [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569806b1000100040000 [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: stop_fatal_error -> stop_fatal_error [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569806b1000200040000 into pending list [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=van-test-conv2.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568ecc31000100040000 [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569806b1000200040000 [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: stop_fatal_error -> stop_fatal_error [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697a6650002000a0000 into pending list [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - conn=14281 op=11121 csn=5697a6650002000a0000 process postop: canceling operation csn [14/Jan/2016:20:31:55 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:31:55 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:31:55 +0000] - _csngen_adjust_local_time: gen state before 569806b10004:1452803513:0:248 [14/Jan/2016:20:31:55 +0000] - _csngen_adjust_local_time: gen state after 569806b30000:1452803515:0:248 [14/Jan/2016:20:31:55 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:31:55 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:31:55 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:31:55 +0000] NSMMReplicationPlugin - conn=11725 op=16249 Acquired consumer connection extension [14/Jan/2016:20:31:55 +0000] NSMMReplicationPlugin - conn=11725 op=16249 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:31:55 +0000] - csngen_adjust_time: gen state before 569806b30001:1452803515:0:248 [14/Jan/2016:20:31:55 +0000] - csngen_adjust_time: gen state after 569806b40001:1452803515:1:248 [14/Jan/2016:20:31:55 +0000] NSMMReplicationPlugin - conn=11725 op=16249 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:31:55 +0000] NSMMReplicationPlugin - conn=11725 op=16249 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:31:55 +0000] NSMMReplicationPlugin - conn=11725 op=16249 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:31:55 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697a7e80000000a0000 into pending list [14/Jan/2016:20:31:55 +0000] NSMMReplicationPlugin - conn=11725 op=16249 Relinquishing consumer connection extension [14/Jan/2016:20:31:55 +0000] NSMMReplicationPlugin - conn=14281 op=11122 csn=5697a7e80000000a0000 process postop: canceling operation csn [14/Jan/2016:20:31:56 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:31:56 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:31:56 +0000] - _csngen_adjust_local_time: gen state before 569806b40001:1452803515:1:248 [14/Jan/2016:20:31:56 +0000] - _csngen_adjust_local_time: gen state after 569806b40001:1452803516:0:248 [14/Jan/2016:20:31:56 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:31:56 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:31:56 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:31:57 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697a93c0000000a0000 into pending list [14/Jan/2016:20:31:57 +0000] NSMMReplicationPlugin - conn=14281 op=11123 csn=5697a93c0000000a0000 process postop: canceling operation csn [14/Jan/2016:20:31:58 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:31:58 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:31:58 +0000] - _csngen_adjust_local_time: gen state before 569806b40002:1452803516:0:248 [14/Jan/2016:20:31:58 +0000] - _csngen_adjust_local_time: gen state after 569806b60000:1452803518:0:248 [14/Jan/2016:20:31:58 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:31:58 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:31:58 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:31:58 +0000] NSMMReplicationPlugin - conn=11725 op=16250 Acquired consumer connection extension [14/Jan/2016:20:31:58 +0000] NSMMReplicationPlugin - conn=11725 op=16250 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:31:58 +0000] - csngen_adjust_time: gen state before 569806b60001:1452803518:0:248 [14/Jan/2016:20:31:58 +0000] - csngen_adjust_time: gen state after 569806b70001:1452803518:1:248 [14/Jan/2016:20:31:58 +0000] NSMMReplicationPlugin - conn=11725 op=16250 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:31:58 +0000] NSMMReplicationPlugin - conn=11725 op=16250 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:31:58 +0000] NSMMReplicationPlugin - conn=11725 op=16250 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:31:58 +0000] NSMMReplicationPlugin - conn=11725 op=16250 Relinquishing consumer connection extension [14/Jan/2016:20:31:59 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:31:59 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:31:59 +0000] - _csngen_adjust_local_time: gen state before 569806b70001:1452803518:1:248 [14/Jan/2016:20:31:59 +0000] - _csngen_adjust_local_time: gen state after 569806b70001:1452803519:0:248 [14/Jan/2016:20:31:59 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:31:59 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:31:59 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:31:59 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697ab4b0000000a0000 into pending list [14/Jan/2016:20:31:59 +0000] NSMMReplicationPlugin - conn=14281 op=11124 csn=5697ab4b0000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:01 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:01 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:01 +0000] - _csngen_adjust_local_time: gen state before 569806b70002:1452803519:0:248 [14/Jan/2016:20:32:01 +0000] - _csngen_adjust_local_time: gen state after 569806b90000:1452803521:0:248 [14/Jan/2016:20:32:01 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:01 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:01 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:01 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697acb30000000a0000 into pending list [14/Jan/2016:20:32:01 +0000] NSMMReplicationPlugin - conn=14281 op=11125 csn=5697acb30000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:01 +0000] NSMMReplicationPlugin - conn=11725 op=16251 Acquired consumer connection extension [14/Jan/2016:20:32:01 +0000] NSMMReplicationPlugin - conn=11725 op=16251 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:32:01 +0000] - csngen_adjust_time: gen state before 569806b90001:1452803521:0:248 [14/Jan/2016:20:32:01 +0000] - csngen_adjust_time: gen state after 569806ba0001:1452803521:1:248 [14/Jan/2016:20:32:01 +0000] NSMMReplicationPlugin - conn=11725 op=16251 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:32:01 +0000] NSMMReplicationPlugin - conn=11725 op=16251 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:32:01 +0000] NSMMReplicationPlugin - conn=11725 op=16251 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:32:01 +0000] NSMMReplicationPlugin - conn=11725 op=16251 Relinquishing consumer connection extension [14/Jan/2016:20:32:02 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:02 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:02 +0000] - _csngen_adjust_local_time: gen state before 569806ba0001:1452803521:1:248 [14/Jan/2016:20:32:02 +0000] - _csngen_adjust_local_time: gen state after 569806ba0001:1452803522:0:248 [14/Jan/2016:20:32:02 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:02 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:02 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:03 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697ae970000000a0000 into pending list [14/Jan/2016:20:32:03 +0000] NSMMReplicationPlugin - conn=14281 op=11126 csn=5697ae970000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:04 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:04 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:04 +0000] - _csngen_adjust_local_time: gen state before 569806ba0002:1452803522:0:248 [14/Jan/2016:20:32:04 +0000] - _csngen_adjust_local_time: gen state after 569806bc0000:1452803524:0:248 [14/Jan/2016:20:32:04 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:04 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:04 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:04 +0000] NSMMReplicationPlugin - conn=11725 op=16252 Acquired consumer connection extension [14/Jan/2016:20:32:04 +0000] NSMMReplicationPlugin - conn=11725 op=16252 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:32:04 +0000] - csngen_adjust_time: gen state before 569806bc0001:1452803524:0:248 [14/Jan/2016:20:32:04 +0000] - csngen_adjust_time: gen state after 569806bd0001:1452803524:1:248 [14/Jan/2016:20:32:04 +0000] NSMMReplicationPlugin - conn=11725 op=16252 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:32:04 +0000] NSMMReplicationPlugin - conn=11725 op=16252 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:32:04 +0000] NSMMReplicationPlugin - conn=11725 op=16252 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:32:04 +0000] NSMMReplicationPlugin - conn=11725 op=16252 Relinquishing consumer connection extension [14/Jan/2016:20:32:05 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:05 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:05 +0000] - _csngen_adjust_local_time: gen state before 569806bd0001:1452803524:1:248 [14/Jan/2016:20:32:05 +0000] - _csngen_adjust_local_time: gen state after 569806bd0001:1452803525:0:248 [14/Jan/2016:20:32:05 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:05 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:05 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:05 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697b0100000000a0000 into pending list [14/Jan/2016:20:32:05 +0000] NSMMReplicationPlugin - conn=14281 op=11127 csn=5697b0100000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:06 +0000] - _csngen_adjust_local_time: gen state before 569806bd0002:1452803525:0:248 [14/Jan/2016:20:32:06 +0000] - _csngen_adjust_local_time: gen state after 569806be0000:1452803526:0:248 [14/Jan/2016:20:32:06 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569806be000000040000 into pending list [14/Jan/2016:20:32:06 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568ecc31000200040000 [14/Jan/2016:20:32:06 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:06 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:06 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569806be000000040000 [14/Jan/2016:20:32:06 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: stop_fatal_error -> stop_fatal_error [14/Jan/2016:20:32:06 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:06 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:06 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569806be000100040000 into pending list [14/Jan/2016:20:32:06 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568ecc3e000000040000 [14/Jan/2016:20:32:06 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:06 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:06 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569806be000100040000 [14/Jan/2016:20:32:06 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: stop_fatal_error -> stop_fatal_error [14/Jan/2016:20:32:06 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:06 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:07 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:07 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:07 +0000] - _csngen_adjust_local_time: gen state before 569806be0002:1452803526:0:248 [14/Jan/2016:20:32:07 +0000] - _csngen_adjust_local_time: gen state after 569806bf0000:1452803527:0:248 [14/Jan/2016:20:32:07 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:07 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:07 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:07 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697b1dc0001000a0000 into pending list [14/Jan/2016:20:32:07 +0000] NSMMReplicationPlugin - conn=14281 op=11128 csn=5697b1dc0001000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:07 +0000] NSMMReplicationPlugin - conn=11725 op=16253 Acquired consumer connection extension [14/Jan/2016:20:32:07 +0000] NSMMReplicationPlugin - conn=11725 op=16253 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:32:07 +0000] - csngen_adjust_time: gen state before 569806bf0001:1452803527:0:248 [14/Jan/2016:20:32:07 +0000] - csngen_adjust_time: gen state after 569806c00001:1452803527:1:248 [14/Jan/2016:20:32:07 +0000] NSMMReplicationPlugin - conn=11725 op=16253 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:32:07 +0000] NSMMReplicationPlugin - conn=11725 op=16253 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:32:07 +0000] NSMMReplicationPlugin - conn=11725 op=16253 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:32:07 +0000] NSMMReplicationPlugin - conn=11725 op=16253 Relinquishing consumer connection extension [14/Jan/2016:20:32:08 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:08 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:08 +0000] - _csngen_adjust_local_time: gen state before 569806c00001:1452803527:1:248 [14/Jan/2016:20:32:08 +0000] - _csngen_adjust_local_time: gen state after 569806c00001:1452803528:0:248 [14/Jan/2016:20:32:08 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:08 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:08 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:09 +0000] - _csngen_adjust_local_time: gen state before 569806c00002:1452803528:0:248 [14/Jan/2016:20:32:09 +0000] - _csngen_adjust_local_time: gen state after 569806c10000:1452803529:0:248 [14/Jan/2016:20:32:09 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569806c1000000040000 into pending list [14/Jan/2016:20:32:09 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=es1-sal-sinci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568ecc3e000100040000 [14/Jan/2016:20:32:09 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:09 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:09 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569806c1000000040000 [14/Jan/2016:20:32:09 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: stop_fatal_error -> stop_fatal_error [14/Jan/2016:20:32:09 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:09 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:09 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569806c1000100040000 into pending list [14/Jan/2016:20:32:09 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=es1-sal-sinci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568ecc41000000040000 [14/Jan/2016:20:32:09 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:09 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:09 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569806c1000100040000 [14/Jan/2016:20:32:09 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: stop_fatal_error -> stop_fatal_error [14/Jan/2016:20:32:09 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:09 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:09 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697b3850000000a0000 into pending list [14/Jan/2016:20:32:09 +0000] NSMMReplicationPlugin - conn=14281 op=11129 csn=5697b3850000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:10 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:10 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:10 +0000] - _csngen_adjust_local_time: gen state before 569806c10002:1452803529:0:248 [14/Jan/2016:20:32:10 +0000] - _csngen_adjust_local_time: gen state after 569806c20000:1452803530:0:248 [14/Jan/2016:20:32:10 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:10 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:10 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:10 +0000] NSMMReplicationPlugin - conn=11725 op=16254 Acquired consumer connection extension [14/Jan/2016:20:32:10 +0000] NSMMReplicationPlugin - conn=11725 op=16254 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:32:10 +0000] - csngen_adjust_time: gen state before 569806c20001:1452803530:0:248 [14/Jan/2016:20:32:10 +0000] - csngen_adjust_time: gen state after 569806c30001:1452803530:1:248 [14/Jan/2016:20:32:10 +0000] NSMMReplicationPlugin - conn=11725 op=16254 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:32:10 +0000] NSMMReplicationPlugin - conn=11725 op=16254 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:32:10 +0000] NSMMReplicationPlugin - conn=11725 op=16254 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:32:10 +0000] NSMMReplicationPlugin - conn=11725 op=16254 Relinquishing consumer connection extension [14/Jan/2016:20:32:11 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:11 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:11 +0000] - _csngen_adjust_local_time: gen state before 569806c30001:1452803530:1:248 [14/Jan/2016:20:32:11 +0000] - _csngen_adjust_local_time: gen state after 569806c30001:1452803531:0:248 [14/Jan/2016:20:32:11 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:11 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:11 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:11 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697b5360000000a0000 into pending list [14/Jan/2016:20:32:11 +0000] NSMMReplicationPlugin - conn=14281 op=11130 csn=5697b5360000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:13 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:13 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:13 +0000] - _csngen_adjust_local_time: gen state before 569806c30002:1452803531:0:248 [14/Jan/2016:20:32:13 +0000] - _csngen_adjust_local_time: gen state after 569806c50000:1452803533:0:248 [14/Jan/2016:20:32:13 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:13 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:13 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:13 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697b6fa0000000a0000 into pending list [14/Jan/2016:20:32:13 +0000] NSMMReplicationPlugin - conn=14281 op=11131 csn=5697b6fa0000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:13 +0000] NSMMReplicationPlugin - conn=11725 op=16255 Acquired consumer connection extension [14/Jan/2016:20:32:13 +0000] NSMMReplicationPlugin - conn=11725 op=16255 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:32:13 +0000] - csngen_adjust_time: gen state before 569806c50001:1452803533:0:248 [14/Jan/2016:20:32:13 +0000] - csngen_adjust_time: gen state after 569806c60001:1452803533:1:248 [14/Jan/2016:20:32:13 +0000] NSMMReplicationPlugin - conn=11725 op=16255 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:32:13 +0000] NSMMReplicationPlugin - conn=11725 op=16255 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:32:13 +0000] NSMMReplicationPlugin - conn=11725 op=16255 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:32:13 +0000] NSMMReplicationPlugin - conn=11725 op=16255 Relinquishing consumer connection extension [14/Jan/2016:20:32:14 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:14 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:14 +0000] - _csngen_adjust_local_time: gen state before 569806c60001:1452803533:1:248 [14/Jan/2016:20:32:14 +0000] - _csngen_adjust_local_time: gen state after 569806c60001:1452803534:0:248 [14/Jan/2016:20:32:14 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:14 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:14 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:15 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:15 +0000] NSMMReplicationPlugin - changelog program - cl5GetOperationCount: found DB object 7f5595d590d0 [14/Jan/2016:20:32:15 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697b8c00000000a0000 into pending list [14/Jan/2016:20:32:15 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:15 +0000] NSMMReplicationPlugin - changelog program - cl5GetOperationCount: found DB object 7f5595d590d0 [14/Jan/2016:20:32:15 +0000] NSMMReplicationPlugin - conn=14281 op=11132 csn=5697b8c00000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:16 +0000] NSMMReplicationPlugin - conn=11725 op=16256 Acquired consumer connection extension [14/Jan/2016:20:32:16 +0000] NSMMReplicationPlugin - conn=11725 op=16256 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:32:16 +0000] - csngen_adjust_time: gen state before 569806c60002:1452803534:0:248 [14/Jan/2016:20:32:16 +0000] - _csngen_adjust_local_time: gen state before 569806c60002:1452803534:0:248 [14/Jan/2016:20:32:16 +0000] - _csngen_adjust_local_time: gen state after 569806c80000:1452803536:0:248 [14/Jan/2016:20:32:16 +0000] - csngen_adjust_time: gen state after 569806c90001:1452803536:1:248 [14/Jan/2016:20:32:16 +0000] NSMMReplicationPlugin - conn=11725 op=16256 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:32:16 +0000] NSMMReplicationPlugin - conn=11725 op=16256 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:32:16 +0000] NSMMReplicationPlugin - conn=11725 op=16256 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:32:16 +0000] NSMMReplicationPlugin - conn=11725 op=16256 Relinquishing consumer connection extension [14/Jan/2016:20:32:16 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:16 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:16 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:16 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:16 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:17 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697ba710000000a0000 into pending list [14/Jan/2016:20:32:17 +0000] NSMMReplicationPlugin - conn=14281 op=11133 csn=5697ba710000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:17 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:17 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:17 +0000] - _csngen_adjust_local_time: gen state before 569806c90002:1452803536:1:248 [14/Jan/2016:20:32:17 +0000] - _csngen_adjust_local_time: gen state after 569806c90002:1452803537:0:248 [14/Jan/2016:20:32:17 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:17 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:17 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:18 +0000] - _csngen_adjust_local_time: gen state before 569806c90003:1452803537:0:248 [14/Jan/2016:20:32:18 +0000] - _csngen_adjust_local_time: gen state after 569806ca0000:1452803538:0:248 [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569806ca000000040000 into pending list [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=cass1-msg-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568ecc41000100040000 [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569806ca000000040000 [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: stop_fatal_error -> stop_fatal_error [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569806ca000100040000 into pending list [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=cass1-msg-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568ecc4a000000040000 [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569806ca000100040000 [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: stop_fatal_error -> stop_fatal_error [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569806ca000200040000 into pending list [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=fe2-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568ecc4a000100040000 [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569806ca000200040000 [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: stop_fatal_error -> stop_fatal_error [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569806ca000300040000 into pending list [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=fe2-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568ecc4a000200040000 [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569806ca000300040000 [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: stop_fatal_error -> stop_fatal_error [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:19 +0000] NSMMReplicationPlugin - conn=11725 op=16257 Acquired consumer connection extension [14/Jan/2016:20:32:19 +0000] NSMMReplicationPlugin - conn=11725 op=16257 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:32:19 +0000] - csngen_adjust_time: gen state before 569806ca0004:1452803538:0:248 [14/Jan/2016:20:32:19 +0000] - _csngen_adjust_local_time: gen state before 569806ca0004:1452803538:0:248 [14/Jan/2016:20:32:19 +0000] - _csngen_adjust_local_time: gen state after 569806cb0000:1452803539:0:248 [14/Jan/2016:20:32:19 +0000] - csngen_adjust_time: gen state after 569806cc0001:1452803539:1:248 [14/Jan/2016:20:32:19 +0000] NSMMReplicationPlugin - conn=11725 op=16257 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:32:19 +0000] NSMMReplicationPlugin - conn=11725 op=16257 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:32:19 +0000] NSMMReplicationPlugin - conn=11725 op=16257 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:32:19 +0000] NSMMReplicationPlugin - conn=11725 op=16257 Relinquishing consumer connection extension [14/Jan/2016:20:32:19 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697bc340000000a0000 into pending list [14/Jan/2016:20:32:19 +0000] NSMMReplicationPlugin - conn=14281 op=11134 csn=5697bc340000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:19 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:19 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:19 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:19 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:19 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:20 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:20 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:20 +0000] - _csngen_adjust_local_time: gen state before 569806cc0002:1452803539:1:248 [14/Jan/2016:20:32:20 +0000] - _csngen_adjust_local_time: gen state after 569806cc0002:1452803540:0:248 [14/Jan/2016:20:32:20 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:20 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:20 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:21 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697bdcb0000000a0000 into pending list [14/Jan/2016:20:32:21 +0000] NSMMReplicationPlugin - conn=14281 op=11135 csn=5697bdcb0000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:22 +0000] NSMMReplicationPlugin - conn=11725 op=16258 Acquired consumer connection extension [14/Jan/2016:20:32:22 +0000] NSMMReplicationPlugin - conn=11725 op=16258 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:32:22 +0000] - csngen_adjust_time: gen state before 569806cc0003:1452803540:0:248 [14/Jan/2016:20:32:22 +0000] - _csngen_adjust_local_time: gen state before 569806cc0003:1452803540:0:248 [14/Jan/2016:20:32:22 +0000] - _csngen_adjust_local_time: gen state after 569806ce0000:1452803542:0:248 [14/Jan/2016:20:32:22 +0000] - csngen_adjust_time: gen state after 569806cf0001:1452803542:1:248 [14/Jan/2016:20:32:22 +0000] NSMMReplicationPlugin - conn=11725 op=16258 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:32:22 +0000] NSMMReplicationPlugin - conn=11725 op=16258 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:32:22 +0000] NSMMReplicationPlugin - conn=11725 op=16258 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:32:22 +0000] NSMMReplicationPlugin - conn=11725 op=16258 Relinquishing consumer connection extension [14/Jan/2016:20:32:22 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:22 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:22 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:22 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:22 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:23 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697bf710000000a0000 into pending list [14/Jan/2016:20:32:23 +0000] NSMMReplicationPlugin - conn=14281 op=11136 csn=5697bf710000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:23 +0000] - _csngen_adjust_local_time: gen state before 569806cf0002:1452803542:1:248 [14/Jan/2016:20:32:23 +0000] - _csngen_adjust_local_time: gen state after 569806cf0002:1452803543:0:248 [14/Jan/2016:20:32:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:24 +0000] - _csngen_adjust_local_time: gen state before 569806cf0003:1452803543:0:248 [14/Jan/2016:20:32:24 +0000] - _csngen_adjust_local_time: gen state after 569806d00000:1452803544:0:248 [14/Jan/2016:20:32:24 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569806d0000000040000 into pending list [14/Jan/2016:20:32:24 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=feedspool1-arch-flex-nvan.mydomain.net+nsuniqueid=ae37be91-b97111e5-b1f1cd78-f19552bb,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568ecc4a000300040000 [14/Jan/2016:20:32:24 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:24 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:24 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569806d0000000040000 [14/Jan/2016:20:32:24 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: stop_fatal_error -> stop_fatal_error [14/Jan/2016:20:32:24 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:24 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:24 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569806d0000100040000 into pending list [14/Jan/2016:20:32:24 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=feedspool1-arch-flex-nvan.mydomain.net+nsuniqueid=ae37be91-b97111e5-b1f1cd78-f19552bb,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568ecc50000000040000 [14/Jan/2016:20:32:24 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:24 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:24 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569806d0000100040000 [14/Jan/2016:20:32:24 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: stop_fatal_error -> stop_fatal_error [14/Jan/2016:20:32:24 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:24 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:25 +0000] NSMMReplicationPlugin - conn=11725 op=16259 Acquired consumer connection extension [14/Jan/2016:20:32:25 +0000] NSMMReplicationPlugin - conn=11725 op=16259 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:32:25 +0000] - csngen_adjust_time: gen state before 569806d00002:1452803544:0:248 [14/Jan/2016:20:32:25 +0000] - _csngen_adjust_local_time: gen state before 569806d00002:1452803544:0:248 [14/Jan/2016:20:32:25 +0000] - _csngen_adjust_local_time: gen state after 569806d10000:1452803545:0:248 [14/Jan/2016:20:32:25 +0000] - csngen_adjust_time: gen state after 569806d20001:1452803545:1:248 [14/Jan/2016:20:32:25 +0000] NSMMReplicationPlugin - conn=11725 op=16259 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:32:25 +0000] NSMMReplicationPlugin - conn=11725 op=16259 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:32:25 +0000] NSMMReplicationPlugin - conn=11725 op=16259 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:32:25 +0000] NSMMReplicationPlugin - conn=11725 op=16259 Relinquishing consumer connection extension [14/Jan/2016:20:32:25 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697c13d0001000a0000 into pending list [14/Jan/2016:20:32:25 +0000] NSMMReplicationPlugin - conn=14281 op=11137 csn=5697c13d0001000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:25 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:25 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:26 +0000] - _csngen_adjust_local_time: gen state before 569806d20001:1452803545:1:248 [14/Jan/2016:20:32:26 +0000] - _csngen_adjust_local_time: gen state after 569806d20001:1452803546:0:248 [14/Jan/2016:20:32:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 3 seconds [14/Jan/2016:20:32:27 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697c2ff0000000a0000 into pending list [14/Jan/2016:20:32:27 +0000] NSMMReplicationPlugin - conn=14281 op=11138 csn=5697c2ff0000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:28 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:28 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:28 +0000] - _csngen_adjust_local_time: gen state before 569806d20003:1452803546:0:248 [14/Jan/2016:20:32:28 +0000] - _csngen_adjust_local_time: gen state after 569806d40000:1452803548:0:248 [14/Jan/2016:20:32:28 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:28 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:28 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 3 seconds [14/Jan/2016:20:32:28 +0000] NSMMReplicationPlugin - conn=11725 op=16260 Acquired consumer connection extension [14/Jan/2016:20:32:28 +0000] NSMMReplicationPlugin - conn=11725 op=16260 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:32:28 +0000] - csngen_adjust_time: gen state before 569806d40001:1452803548:0:248 [14/Jan/2016:20:32:28 +0000] - csngen_adjust_time: gen state after 569806d50001:1452803548:1:248 [14/Jan/2016:20:32:28 +0000] NSMMReplicationPlugin - conn=11725 op=16260 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:32:28 +0000] NSMMReplicationPlugin - conn=11725 op=16260 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:32:28 +0000] NSMMReplicationPlugin - conn=11725 op=16260 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:32:28 +0000] NSMMReplicationPlugin - conn=11725 op=16260 Relinquishing consumer connection extension [14/Jan/2016:20:32:29 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:29 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:29 +0000] - _csngen_adjust_local_time: gen state before 569806d50001:1452803548:1:248 [14/Jan/2016:20:32:29 +0000] - _csngen_adjust_local_time: gen state after 569806d50001:1452803549:0:248 [14/Jan/2016:20:32:29 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:29 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:29 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 3 seconds [14/Jan/2016:20:32:29 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697c4ce0000000a0000 into pending list [14/Jan/2016:20:32:29 +0000] NSMMReplicationPlugin - conn=14281 op=11139 csn=5697c4ce0000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:31 +0000] - _csngen_adjust_local_time: gen state before 569806d50002:1452803549:0:248 [14/Jan/2016:20:32:31 +0000] - _csngen_adjust_local_time: gen state after 569806d70000:1452803551:0:248 [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 3 seconds [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - conn=11725 op=16261 Acquired consumer connection extension [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - conn=11725 op=16261 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:32:31 +0000] - csngen_adjust_time: gen state before 569806d70001:1452803551:0:248 [14/Jan/2016:20:32:31 +0000] - csngen_adjust_time: gen state after 569806d80001:1452803551:1:248 [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - conn=11725 op=16261 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - conn=11725 op=16261 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - conn=11725 op=16261 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - conn=11725 op=16261 Relinquishing consumer connection extension [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569806d8000100040000 into pending list [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=hadoop3-mc-mcci1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568ecc50000100040000 [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569806d8000100040000 [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697c6970000000a0000 into pending list [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - conn=14281 op=11140 csn=5697c6970000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: stop_fatal_error -> stop_fatal_error [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569806d8000200040000 into pending list [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=hadoop3-mc-mcci1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568ecc58000100040000 [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569806d8000200040000 [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: stop_fatal_error -> stop_fatal_error [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:32 +0000] - _csngen_adjust_local_time: gen state before 569806d80003:1452803551:1:248 [14/Jan/2016:20:32:32 +0000] - _csngen_adjust_local_time: gen state after 569806d80003:1452803552:0:248 [14/Jan/2016:20:32:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 3 seconds [14/Jan/2016:20:32:33 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697c81b0003000a0000 into pending list [14/Jan/2016:20:32:33 +0000] NSMMReplicationPlugin - conn=14281 op=11141 csn=5697c81b0003000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:34 +0000] NSMMReplicationPlugin - conn=11725 op=16262 Acquired consumer connection extension [14/Jan/2016:20:32:34 +0000] NSMMReplicationPlugin - conn=11725 op=16262 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:32:34 +0000] - csngen_adjust_time: gen state before 569806d80004:1452803552:0:248 [14/Jan/2016:20:32:34 +0000] - _csngen_adjust_local_time: gen state before 569806d80004:1452803552:0:248 [14/Jan/2016:20:32:34 +0000] - _csngen_adjust_local_time: gen state after 569806da0000:1452803554:0:248 [14/Jan/2016:20:32:34 +0000] - csngen_adjust_time: gen state after 569806db0002:1452803554:1:248 [14/Jan/2016:20:32:34 +0000] NSMMReplicationPlugin - conn=11725 op=16262 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:32:34 +0000] NSMMReplicationPlugin - conn=11725 op=16262 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:32:34 +0000] NSMMReplicationPlugin - conn=11725 op=16262 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:32:34 +0000] NSMMReplicationPlugin - conn=11725 op=16262 Relinquishing consumer connection extension [14/Jan/2016:20:32:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 3 seconds [14/Jan/2016:20:32:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:35 +0000] - _csngen_adjust_local_time: gen state before 569806db0003:1452803554:1:248 [14/Jan/2016:20:32:35 +0000] - _csngen_adjust_local_time: gen state after 569806db0003:1452803555:0:248 [14/Jan/2016:20:32:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:35 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697c9d20000000a0000 into pending list [14/Jan/2016:20:32:35 +0000] NSMMReplicationPlugin - conn=14281 op=11142 csn=5697c9d20000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:37 +0000] NSMMReplicationPlugin - conn=11725 op=16263 Acquired consumer connection extension [14/Jan/2016:20:32:37 +0000] NSMMReplicationPlugin - conn=11725 op=16263 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:32:37 +0000] - csngen_adjust_time: gen state before 569806db0004:1452803555:0:248 [14/Jan/2016:20:32:37 +0000] - _csngen_adjust_local_time: gen state before 569806db0004:1452803555:0:248 [14/Jan/2016:20:32:37 +0000] - _csngen_adjust_local_time: gen state after 569806dd0000:1452803557:0:248 [14/Jan/2016:20:32:37 +0000] - csngen_adjust_time: gen state after 569806de0001:1452803557:1:248 [14/Jan/2016:20:32:37 +0000] NSMMReplicationPlugin - conn=11725 op=16263 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:32:37 +0000] NSMMReplicationPlugin - conn=11725 op=16263 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:32:37 +0000] NSMMReplicationPlugin - conn=11725 op=16263 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:32:37 +0000] NSMMReplicationPlugin - conn=11725 op=16263 Relinquishing consumer connection extension [14/Jan/2016:20:32:37 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:37 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:37 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:37 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:37 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:37 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697cb920000000a0000 into pending list [14/Jan/2016:20:32:37 +0000] NSMMReplicationPlugin - conn=14281 op=11143 csn=5697cb920000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:38 +0000] - _csngen_adjust_local_time: gen state before 569806de0002:1452803557:1:248 [14/Jan/2016:20:32:38 +0000] - _csngen_adjust_local_time: gen state after 569806de0002:1452803558:0:248 [14/Jan/2016:20:32:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:39 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697cd0f0000000a0000 into pending list [14/Jan/2016:20:32:39 +0000] NSMMReplicationPlugin - conn=14281 op=11144 csn=5697cd0f0000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:40 +0000] NSMMReplicationPlugin - conn=11725 op=16264 Acquired consumer connection extension [14/Jan/2016:20:32:40 +0000] NSMMReplicationPlugin - conn=11725 op=16264 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:32:40 +0000] - csngen_adjust_time: gen state before 569806de0003:1452803558:0:248 [14/Jan/2016:20:32:40 +0000] - _csngen_adjust_local_time: gen state before 569806de0003:1452803558:0:248 [14/Jan/2016:20:32:40 +0000] - _csngen_adjust_local_time: gen state after 569806e00000:1452803560:0:248 [14/Jan/2016:20:32:40 +0000] - csngen_adjust_time: gen state after 569806e10001:1452803560:1:248 [14/Jan/2016:20:32:40 +0000] NSMMReplicationPlugin - conn=11725 op=16264 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:32:40 +0000] NSMMReplicationPlugin - conn=11725 op=16264 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:32:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:40 +0000] NSMMReplicationPlugin - conn=11725 op=16264 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:32:40 +0000] NSMMReplicationPlugin - conn=11725 op=16264 Relinquishing consumer connection extension [14/Jan/2016:20:32:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:41 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:41 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:41 +0000] - _csngen_adjust_local_time: gen state before 569806e10002:1452803560:1:248 [14/Jan/2016:20:32:41 +0000] - _csngen_adjust_local_time: gen state after 569806e10002:1452803561:0:248 [14/Jan/2016:20:32:41 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:41 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:41 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:41 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697cee40000000a0000 into pending list [14/Jan/2016:20:32:41 +0000] NSMMReplicationPlugin - conn=14281 op=11145 csn=5697cee40000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:43 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:43 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:43 +0000] - _csngen_adjust_local_time: gen state before 569806e10003:1452803561:0:248 [14/Jan/2016:20:32:43 +0000] - _csngen_adjust_local_time: gen state after 569806e30000:1452803563:0:248 [14/Jan/2016:20:32:43 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:43 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:43 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:43 +0000] NSMMReplicationPlugin - conn=11725 op=16265 Acquired consumer connection extension [14/Jan/2016:20:32:43 +0000] NSMMReplicationPlugin - conn=11725 op=16265 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:32:43 +0000] - csngen_adjust_time: gen state before 569806e30001:1452803563:0:248 [14/Jan/2016:20:32:43 +0000] - csngen_adjust_time: gen state after 569806e40001:1452803563:1:248 [14/Jan/2016:20:32:43 +0000] NSMMReplicationPlugin - conn=11725 op=16265 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:32:43 +0000] NSMMReplicationPlugin - conn=11725 op=16265 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:32:43 +0000] NSMMReplicationPlugin - conn=11725 op=16265 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:32:43 +0000] NSMMReplicationPlugin - conn=11725 op=16265 Relinquishing consumer connection extension [14/Jan/2016:20:32:43 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697d0250001000a0000 into pending list [14/Jan/2016:20:32:43 +0000] NSMMReplicationPlugin - conn=14281 op=11146 csn=5697d0250001000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:44 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:44 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:44 +0000] - _csngen_adjust_local_time: gen state before 569806e40001:1452803563:1:248 [14/Jan/2016:20:32:44 +0000] - _csngen_adjust_local_time: gen state after 569806e40001:1452803564:0:248 [14/Jan/2016:20:32:44 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:44 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:44 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:45 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:45 +0000] NSMMReplicationPlugin - changelog program - cl5GetOperationCount: found DB object 7f5595d590d0 [14/Jan/2016:20:32:45 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:45 +0000] NSMMReplicationPlugin - changelog program - cl5GetOperationCount: found DB object 7f5595d590d0 [14/Jan/2016:20:32:45 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697d2120000000a0000 into pending list [14/Jan/2016:20:32:45 +0000] NSMMReplicationPlugin - conn=14281 op=11147 csn=5697d2120000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:46 +0000] NSMMReplicationPlugin - conn=11725 op=16266 Acquired consumer connection extension [14/Jan/2016:20:32:46 +0000] NSMMReplicationPlugin - conn=11725 op=16266 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:32:46 +0000] - csngen_adjust_time: gen state before 569806e40002:1452803564:0:248 [14/Jan/2016:20:32:46 +0000] - _csngen_adjust_local_time: gen state before 569806e40002:1452803564:0:248 [14/Jan/2016:20:32:46 +0000] - _csngen_adjust_local_time: gen state after 569806e60000:1452803566:0:248 [14/Jan/2016:20:32:46 +0000] - csngen_adjust_time: gen state after 569806e70001:1452803566:1:248 [14/Jan/2016:20:32:46 +0000] NSMMReplicationPlugin - conn=11725 op=16266 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:32:46 +0000] NSMMReplicationPlugin - conn=11725 op=16266 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:32:46 +0000] NSMMReplicationPlugin - conn=11725 op=16266 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:32:46 +0000] NSMMReplicationPlugin - conn=11725 op=16266 Relinquishing consumer connection extension [14/Jan/2016:20:32:46 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:46 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:46 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:46 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:46 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:47 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:47 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:47 +0000] - _csngen_adjust_local_time: gen state before 569806e70002:1452803566:1:248 [14/Jan/2016:20:32:47 +0000] - _csngen_adjust_local_time: gen state after 569806e70002:1452803567:0:248 [14/Jan/2016:20:32:47 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:47 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:47 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:47 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697d3630000000a0000 into pending list [14/Jan/2016:20:32:47 +0000] NSMMReplicationPlugin - conn=14281 op=11148 csn=5697d3630000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:49 +0000] NSMMReplicationPlugin - conn=11725 op=16267 Acquired consumer connection extension [14/Jan/2016:20:32:49 +0000] NSMMReplicationPlugin - conn=11725 op=16267 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:32:49 +0000] - csngen_adjust_time: gen state before 569806e70003:1452803567:0:248 [14/Jan/2016:20:32:49 +0000] - _csngen_adjust_local_time: gen state before 569806e70003:1452803567:0:248 [14/Jan/2016:20:32:49 +0000] - _csngen_adjust_local_time: gen state after 569806e90000:1452803569:0:248 [14/Jan/2016:20:32:49 +0000] - csngen_adjust_time: gen state after 569806ea0001:1452803569:1:248 [14/Jan/2016:20:32:49 +0000] NSMMReplicationPlugin - conn=11725 op=16267 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:32:49 +0000] NSMMReplicationPlugin - conn=11725 op=16267 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:32:49 +0000] NSMMReplicationPlugin - conn=11725 op=16267 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:32:49 +0000] NSMMReplicationPlugin - conn=11725 op=16267 Relinquishing consumer connection extension [14/Jan/2016:20:32:49 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:49 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:49 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:49 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:49 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:49 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697d5690000000a0000 into pending list [14/Jan/2016:20:32:49 +0000] NSMMReplicationPlugin - conn=14281 op=11149 csn=5697d5690000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:50 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:50 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:50 +0000] - _csngen_adjust_local_time: gen state before 569806ea0002:1452803569:1:248 [14/Jan/2016:20:32:50 +0000] - _csngen_adjust_local_time: gen state after 569806ea0002:1452803570:0:248 [14/Jan/2016:20:32:50 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:50 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:50 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:51 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697d6c90000000a0000 into pending list [14/Jan/2016:20:32:51 +0000] NSMMReplicationPlugin - conn=14281 op=11150 csn=5697d6c90000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:52 +0000] NSMMReplicationPlugin - conn=11725 op=16268 Acquired consumer connection extension [14/Jan/2016:20:32:52 +0000] NSMMReplicationPlugin - conn=11725 op=16268 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:32:52 +0000] - csngen_adjust_time: gen state before 569806ea0003:1452803570:0:248 [14/Jan/2016:20:32:52 +0000] - _csngen_adjust_local_time: gen state before 569806ea0003:1452803570:0:248 [14/Jan/2016:20:32:52 +0000] - _csngen_adjust_local_time: gen state after 569806ec0000:1452803572:0:248 [14/Jan/2016:20:32:52 +0000] - csngen_adjust_time: gen state after 569806ed0001:1452803572:1:248 [14/Jan/2016:20:32:52 +0000] NSMMReplicationPlugin - conn=11725 op=16268 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:32:52 +0000] NSMMReplicationPlugin - conn=11725 op=16268 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:32:52 +0000] NSMMReplicationPlugin - conn=11725 op=16268 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:32:52 +0000] NSMMReplicationPlugin - conn=11725 op=16268 Relinquishing consumer connection extension [14/Jan/2016:20:32:52 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:52 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:52 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:52 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:52 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:53 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:53 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:53 +0000] - _csngen_adjust_local_time: gen state before 569806ed0002:1452803572:1:248 [14/Jan/2016:20:32:53 +0000] - _csngen_adjust_local_time: gen state after 569806ed0002:1452803573:0:248 [14/Jan/2016:20:32:53 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:53 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:53 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:53 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697d8e70000000a0000 into pending list [14/Jan/2016:20:32:53 +0000] NSMMReplicationPlugin - conn=14281 op=11151 csn=5697d8e70000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:55 +0000] NSMMReplicationPlugin - conn=11725 op=16269 Acquired consumer connection extension [14/Jan/2016:20:32:55 +0000] NSMMReplicationPlugin - conn=11725 op=16269 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:32:55 +0000] - csngen_adjust_time: gen state before 569806ed0003:1452803573:0:248 [14/Jan/2016:20:32:55 +0000] - _csngen_adjust_local_time: gen state before 569806ed0003:1452803573:0:248 [14/Jan/2016:20:32:55 +0000] - _csngen_adjust_local_time: gen state after 569806ef0000:1452803575:0:248 [14/Jan/2016:20:32:55 +0000] - csngen_adjust_time: gen state after 569806f00001:1452803575:1:248 [14/Jan/2016:20:32:55 +0000] NSMMReplicationPlugin - conn=11725 op=16269 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:32:55 +0000] NSMMReplicationPlugin - conn=11725 op=16269 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:32:55 +0000] NSMMReplicationPlugin - conn=11725 op=16269 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:32:55 +0000] NSMMReplicationPlugin - conn=11725 op=16269 Relinquishing consumer connection extension -----Original Message----- From: Rob Crittenden [mailto:rcritten at redhat.com] Sent: January-14-16 6:33 AM To: Nathan Peters; Ludwig Krispenz; freeipa-users at redhat.com Subject: Re: [Freeipa-users] Replication failing on FreeIPA 4.2.0 Nathan Peters wrote: > This just keeps on getting better and better. > > > > I need this replication working properly because it has caused about 7 > or 8 builds to fail today alone so I decided to just be done with > troubleshooting and remove the server from the domain and re-initialize it. > > > > I deleted it with 'ipa-replica-manage del dc1-ipa-dev-nvan.mydomain.net' > and then removed then ran an ipa-server uninstall. I then made a new > gpg file for it on dc1-van and added it back as a replica. > > > > After I did that, I wanted to connect all 3 servers together and when > I run ipa-replica-manage connect on dc2-nvan I get this now. I'm not > sure how troubleshoot that. > > > > > > dc1-ipa-dev-nvan.mydomain.net is an IPA Server, but it might be > unknown, foreign or previously deleted one. It means that the new server isn't showing up in the list of masters on dc2-nvan which points to continuing replication issues. rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project From jeff.hallyburton at bloomip.com Fri Jan 15 01:59:15 2016 From: jeff.hallyburton at bloomip.com (Jeff Hallyburton) Date: Thu, 14 Jan 2016 20:59:15 -0500 Subject: [Freeipa-users] FreeIPA Replica / HA Issues In-Reply-To: <569748EB.6040900@redhat.com> References: <5696FB70.1090205@redhat.com> <569748EB.6040900@redhat.com> Message-ID: Petr, Thanks for the info. This is in fact probably what's happening in our case. That said, is there any supported way of manually setting up failover at this time? Is it hard, or simply impossible? Thanks, Jeff Jeff Hallyburton Strategic Systems Engineer Bloomip Inc. Web: http://www.bloomip.com Engineering Support: support at bloomip.com Billing Support: billing at bloomip.com Customer Support Portal: https://my.bloomip.com On Thu, Jan 14, 2016 at 2:06 AM, Petr Spacek wrote: > Hello, > > > this log is weird: > > On 14.1.2016 03:02, Jeff Hallyburton wrote: > >> 2016-01-14T00:45:35Z DEBUG [IPA Discovery] > >> 2016-01-14T00:45:35Z DEBUG Starting IPA discovery with domain= > west-2.production.example.com, servers=None, hostname= > test.west-2.production.example.com > >> 2016-01-14T00:45:35Z DEBUG Search for LDAP SRV record in > west-2.production.example.com > >> 2016-01-14T00:45:35Z DEBUG Search DNS for SRV record of _ldap._ > tcp.west-2.production.example.com > >> 2016-01-14T00:45:35Z DEBUG DNS record found: 0 100 389 > ipa1.west-2.production.example.com. > >> 2016-01-14T00:45:35Z DEBUG DNS record found: 10 100 389 > ipa2.west-2.production.example.com. > >> 2016-01-14T00:45:35Z DEBUG [Kerberos realm search] > >> 2016-01-14T00:45:35Z DEBUG Search DNS for TXT record of _ > kerberos.west-2.production.example.com > >> 2016-01-14T00:45:35Z DEBUG DNS record found: "EXAMPLE.COM" > >> 2016-01-14T00:45:35Z DEBUG Search DNS for SRV record of _kerberos._ > udp.west-2.production.example.com > >> 2016-01-14T00:45:35Z DEBUG DNS record found: 10 100 88 > ipa2.west-2.production.example.com. > >> 2016-01-14T00:45:35Z DEBUG DNS record found: 0 100 88 > ipa1.west-2.production.example.com. > >> 2016-01-14T00:45:35Z DEBUG [LDAP server check] > >> 2016-01-14T00:45:35Z DEBUG Verifying that > ipa1.west-2.production.example.com (realm EXAMPLE.COM) is an IPA server > >> 2016-01-14T00:45:35Z DEBUG Init LDAP connection to: > ipa1.west-2.production.example.com > >> 2016-01-14T00:45:35Z DEBUG Search LDAP server for IPA base DN > >> 2016-01-14T00:45:35Z DEBUG Check if naming context 'dc=example,dc=com' > is for IPA > >> 2016-01-14T00:45:35Z DEBUG Naming context 'dc=example,dc=com' is a > valid IPA context > >> 2016-01-14T00:45:35Z DEBUG Search for (objectClass=krbRealmContainer) > in dc=example,dc=com (sub) > >> 2016-01-14T00:45:35Z DEBUG Found: cn=EXAMPLE.COM > ,cn=kerberos,dc=example,dc=com > >> 2016-01-14T00:45:35Z DEBUG Discovery result: Success; server= > ipa1.west-2.production.example.com, domain=west-2.production.example.com, > kdc=ipa2.west-2.production.example.com,ipa1.west-2.production.example.com, > basedn=dc=example,dc=com > >> 2016-01-14T00:45:35Z DEBUG Validated servers: > ipa1.west-2.production.example.com > >> 2016-01-14T00:45:35Z DEBUG will use discovered domain: > west-2.production.example.com > > It looks that your IPA domain & realm is "example.com" and "EXAMPLE.COM", > is > that correct? > > Looking further ... > > > 2016-01-14T00:45:39Z DEBUG Writing Kerberos configuration to > /etc/krb5.conf: > > 2016-01-14T00:45:39Z DEBUG #File modified by ipa-client-install > > > > includedir /var/lib/sss/pubconf/krb5.include.d/ > > > > [libdefaults] > > default_realm = EXAMPLE.COM > > dns_lookup_realm = true > > dns_lookup_kdc = true > > rdns = false > > ticket_lifetime = 24h > > forwardable = yes > > udp_preference_limit = 0 > > default_ccache_name = KEYRING:persistent:%{uid} > > > > > > [realms] > > EXAMPLE.COM = { > > pkinit_anchors = FILE:/etc/ipa/ca.crt > > > > } > > > > > > [domain_realm] > > .west-2.production.example.com = EXAMPLE.COM > > west-2.production.example.com = EXAMPLE.COM > > Hmm, this is going to be wild guess, but let's try it: > Do you have DNS SRV records in domain west-2.production.example.com but > not in > DNS domain example.com? > > That would probably cause this kind of problem. > > Generally it is necessary to put _kerberos TXT + SRV records into the > (primary) DNS domain specified during IPA installation. Then use --domain > option during ipa-client-install. > > --server is generally discouraged as it disables DNS SRV lookup and makes > failover hard or impossible. > > --domain is just a hint for the installer where to start looking for DNS > SRV > records and allows full automatic failover. > > > The autodiscovery is quite messy and needs to be imporoved in next > versions. > https://fedorahosted.org/freeipa/ticket/5270 should avoid the need to > specify > --domain when Kerberos TXT record is in DNS ... Stay tuned :-) > > -- > Petr^2 Spacek > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project > -------------- next part -------------- An HTML attachment was scrubbed... URL: From Nathan.Peters at globalrelay.net Fri Jan 15 04:21:03 2016 From: Nathan.Peters at globalrelay.net (Nathan Peters) Date: Fri, 15 Jan 2016 04:21:03 +0000 Subject: [Freeipa-users] Replication failing on FreeIPA 4.2.0 In-Reply-To: References: <5697B18E.2070809@redhat.com> Message-ID: And the saga continues... In my latest round of trying to fix this, I've attempted to remove the replicas again, this time ensuring to use the --force and --cleanup flags to try to remove the data. As you can see from the output below, it seems like every possible error that could happen did. Some examples : Ruvs needed to be manually cleaned. Ldapsearch reveals that nothing at all has been deleted in the ruv section, and I still have 6 duplicates somehow ipa : ERROR Instance removal failed. ipa : ERROR Failed to remove DS instance. You may need to remove instance data manually SASL failures while removing or trying to get replication agreements At this point I think I may need to manually clean all the old data, but I'm not even sure where to start. Also... When dc1 is alone with no replicas, why does he have a ruv for himself... does he need one ? And... isn't there supposed to be some kind of clean-all-ruv task or is that not in 4.2.0 but only a later version ? ---- logs below ---- [root at dc1-ipa-dev-van slapd-mydomain-NET]# ipa-replica-manage del dc2-ipa-dev-nvan.mydomain.net --force --cleanup Connection to 'dc2-ipa-dev-nvan.mydomain.net' failed: Insufficient access: SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context Invalid credentials Forcing removal of dc2-ipa-dev-nvan.mydomain.net Skipping calculation to determine if one or more masters would be orphaned. Deleting replication agreements between dc2-ipa-dev-nvan.mydomain.net and dc1-ipa-dev-van.mydomain.net, dc1-ipa-dev-nvan.mydomain.net Failed to get list of agreements from 'dc2-ipa-dev-nvan.mydomain.net': Insufficient access: SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context Invalid credentials Forcing removal on 'dc1-ipa-dev-van.mydomain.net' Any DNA range on 'dc2-ipa-dev-nvan.mydomain.net' will be lost Deleted replication agreement from 'dc1-ipa-dev-van.mydomain.net' to 'dc2-ipa-dev-nvan.mydomain.net' Failed to determine agreement type for 'dc2-ipa-dev-nvan.mydomain.net': Insufficient access: SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context Invalid credentials There were issues removing a connection for dc2-ipa-dev-nvan.mydomain.net from dc1-ipa-dev-nvan.mydomain.net: local variable 'type1' referenced before assignment Background task created to clean replication data. This may take a while. This may be safely interrupted with Ctrl+C [root at dc1-ipa-dev-van slapd-mydomain-NET]# [root at dc2-ipa-dev-nvan slapd-mydomain-NET]# ipa-server-install --uninstall This is a NON REVERSIBLE operation and will delete all data and configuration! Are you sure you want to continue with the uninstall procedure? [no]: yes Replication agreements with the following IPA masters found: dc1-ipa-dev-van .mydomain.net. Removing any replication agreements before uninstalling the server is strongly recommended. You can remove replication agreements by running the following command on any other IPA master: $ ipa-replica-manage del dc2-ipa-dev-nvan.mydomain.net Are you sure you want to continue with the uninstall procedure? [no]: yes Shutting down all IPA services Removing IPA client configuration Unconfiguring ntpd Configuring certmonger to stop tracking system certificates for KRA Configuring certmonger to stop tracking system certificates for CA Unconfiguring CA Unconfiguring named Unconfiguring ipa-dnskeysyncd Unconfiguring web server Unconfiguring krb5kdc Unconfiguring kadmin Unconfiguring directory server ipa : ERROR Instance removal failed. ipa : ERROR Failed to remove DS instance. You may need to remove instance data manually Unconfiguring ipa_memcached Unconfiguring ipa-otpd [root at dc2-ipa-dev-nvan slapd-mydomain-NET]# [root at dc1-ipa-dev-van slapd-mydomain-NET]# ipa-csreplica-manage del dc2-ipa-dev-nvan.mydomain.net --force -v Directory Manager password: Unable to connect to replica dc2-ipa-dev-nvan.mydomain.net, forcing removal Failed to get data from 'dc2-ipa-dev-nvan.mydomain.net': cannot connect to 'ldap://dc2-ipa-dev-nvan.mydomain.net:389': Forcing removal on 'dc1-ipa-dev-van.mydomain.net' There were issues removing a connection: 'NoneType' object has no attribute 'port' [root at dc1-ipa-dev-van slapd-mydomain-NET]# ldapsearch -D "cn=directory manager" -W -b "o=ipaca" "(&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff))" nscpentrywsi Enter LDAP Password: # extended LDIF # # LDAPv3 # base with scope subtree # filter: (&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff)) # requesting: nscpentrywsi # # replica, o\3Dipaca, mapping tree, config dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config nscpentrywsi: dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config nscpentrywsi: objectClass: top nscpentrywsi: objectClass: nsDS5Replica nscpentrywsi: objectClass: extensibleobject nscpentrywsi: nsDS5ReplicaRoot: o=ipaca nscpentrywsi: nsDS5ReplicaType: 3 nscpentrywsi: nsDS5ReplicaBindDN: cn=Replication Manager masterAgreement1-dc1-ipa-dev-nvan.mydomain.net-pki-tomcat,ou=csusers,cn=config nscpentrywsi: nsDS5ReplicaBindDN: cn=Replication Manager masterAgreement1-dc2-ipa-dev-nvan.mydomain.net-pki-tomcat,ou=csusers,cn=config nscpentrywsi: cn: replica nscpentrywsi: nsDS5ReplicaId: 96 nscpentrywsi: nsDS5Flags: 1 nscpentrywsi: creatorsName: uid=pkidbuser,ou=people,o=ipaca nscpentrywsi: modifiersName: cn=Multimaster Replication Plugin,cn=plugins,cn=c onfig nscpentrywsi: createTimestamp: 20160114034427Z nscpentrywsi: modifyTimestamp: 20160115034515Z nscpentrywsi: nsState:: YAAAAAAAAAA3a5hWAAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAA == nscpentrywsi: nsDS5ReplicaName: 0c97968e-ba7111e5-b1f1cd78-f19552bb nscpentrywsi: numSubordinates: 1 nscpentrywsi: nsds50ruv: {replicageneration} 5697199b000000600000 nscpentrywsi: nsds50ruv: {replica 96 ldap://dc1-ipa-dev-van.mydomain.net:389} 569719a0000000600000 56986b35000000600000 nscpentrywsi: nsds50ruv: {replica 76 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56976b310000004c0000 56976b5c0002004c0000 nscpentrywsi: nsds50ruv: {replica 81 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 5697661a000000510000 56986b55000000510000 nscpentrywsi: nsds50ruv: {replica 86 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 569761d2000000560000 5697620b000500560000 nscpentrywsi: nsds50ruv: {replica 91 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 569738560000005b0000 569738790004005b0000 nscpentrywsi: nsds50ruv: {replica 97 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 569719a4000000610000 569719e6001100610000 nscpentrywsi: nsds5agmtmaxcsn: o=ipaca;masterAgreement1-dc1-ipa-dev-nvan.mydomain.net-pki-tomcat;dc1-ipa-dev-nvan.mydomain.net;389;81;56986b3 5000000600000 nscpentrywsi: nsruvReplicaLastModified: {replica 96 ldap://dc1-ipa-dev-van.mydomain.net:389} 56986b33 nscpentrywsi: nsruvReplicaLastModified: {replica 76 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56976b68 nscpentrywsi: nsruvReplicaLastModified: {replica 81 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 56986b54 nscpentrywsi: nsruvReplicaLastModified: {replica 86 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 56976208 nscpentrywsi: nsruvReplicaLastModified: {replica 91 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56973881 nscpentrywsi: nsruvReplicaLastModified: {replica 97 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 00000000 nscpentrywsi: nsds5ReplicaChangeCount: 1464 nscpentrywsi: nsds5replicareapactive: 0 # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 [root at dc1-ipa-dev-van slapd-mydomain-NET]# ipa-replica-manage list-ruv dc2-ipa-dev-nvan.mydomain.net:389: 10 dc1-ipa-dev-van.mydomain.net:389: 4 dc1-ipa-dev-nvan.mydomain.net:389: 9 [root at dc1-ipa-dev-van slapd-mydomain-NET]# ipa-replica-manage clean-ruv 10 Clean the Replication Update Vector for dc2-ipa-dev-nvan.mydomain.net:389 Cleaning the wrong replica ID will cause that server to no longer replicate so it may miss updates while the process is running. It would need to be re-initialized to maintain consistency. Be very careful. Continue to clean? [no]: yes Background task created to clean replication data. This may take a while. This may be safely interrupted with Ctrl+C Cleanup task created [root at dc1-ipa-dev-van slapd-mydomain-NET]# ipa-replica-manage list-ruv dc1-ipa-dev-van.mydomain.net:389: 4 dc1-ipa-dev-nvan.mydomain.net:389: 9 [root at dc1-ipa-dev-van slapd-mydomain-NET]# [root at dc1-ipa-dev-van slapd-mydomain-NET]# ldapsearch -D "cn=directory manager" -W -b "o=ipaca" "(&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff))" nscpentrywsi Enter LDAP Password: # extended LDIF # # LDAPv3 # base with scope subtree # filter: (&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff)) # requesting: nscpentrywsi # # replica, o\3Dipaca, mapping tree, config dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config nscpentrywsi: dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config nscpentrywsi: objectClass: top nscpentrywsi: objectClass: nsDS5Replica nscpentrywsi: objectClass: extensibleobject nscpentrywsi: nsDS5ReplicaRoot: o=ipaca nscpentrywsi: nsDS5ReplicaType: 3 nscpentrywsi: nsDS5ReplicaBindDN: cn=Replication Manager masterAgreement1-dc1-ipa-dev-nvan.mydomain.net-pki-tomcat,ou=csusers,cn=config nscpentrywsi: nsDS5ReplicaBindDN: cn=Replication Manager masterAgreement1-dc2-ipa-dev-nvan.mydomain.net-pki-tomcat,ou=csusers,cn=config nscpentrywsi: cn: replica nscpentrywsi: nsDS5ReplicaId: 96 nscpentrywsi: nsDS5Flags: 1 nscpentrywsi: creatorsName: uid=pkidbuser,ou=people,o=ipaca nscpentrywsi: modifiersName: cn=Multimaster Replication Plugin,cn=plugins,cn=c onfig nscpentrywsi: createTimestamp: 20160114034427Z nscpentrywsi: modifyTimestamp: 20160115034515Z nscpentrywsi: nsState:: YAAAAAAAAAA3a5hWAAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAA == nscpentrywsi: nsDS5ReplicaName: 0c97968e-ba7111e5-b1f1cd78-f19552bb nscpentrywsi: numSubordinates: 1 nscpentrywsi: nsds50ruv: {replicageneration} 5697199b000000600000 nscpentrywsi: nsds50ruv: {replica 96 ldap://dc1-ipa-dev-van.mydomain.net:389} 569719a0000000600000 56986b35000000600000 nscpentrywsi: nsds50ruv: {replica 76 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56976b310000004c0000 56976b5c0002004c0000 nscpentrywsi: nsds50ruv: {replica 81 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 5697661a000000510000 56986b55000000510000 nscpentrywsi: nsds50ruv: {replica 86 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 569761d2000000560000 5697620b000500560000 nscpentrywsi: nsds50ruv: {replica 91 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 569738560000005b0000 569738790004005b0000 nscpentrywsi: nsds50ruv: {replica 97 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 569719a4000000610000 569719e6001100610000 nscpentrywsi: nsds5agmtmaxcsn: o=ipaca;masterAgreement1-dc1-ipa-dev-nvan.mydomain.net-pki-tomcat;dc1-ipa-dev-nvan.mydomain.net;389;81;56986b3 5000000600000 nscpentrywsi: nsruvReplicaLastModified: {replica 96 ldap://dc1-ipa-dev-van.mydomain.net:389} 56986b33 nscpentrywsi: nsruvReplicaLastModified: {replica 76 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56976b68 nscpentrywsi: nsruvReplicaLastModified: {replica 81 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 56986b54 nscpentrywsi: nsruvReplicaLastModified: {replica 86 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 56976208 nscpentrywsi: nsruvReplicaLastModified: {replica 91 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56973881 nscpentrywsi: nsruvReplicaLastModified: {replica 97 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 00000000 nscpentrywsi: nsds5ReplicaChangeCount: 1464 nscpentrywsi: nsds5replicareapactive: 0 # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 [root at dc1-ipa-dev-van slapd-mydomain-NET]# [root at dc1-ipa-dev-van slapd-mydomain-NET]# ipa-replica-manage del dc1-ipa-dev-nvan.mydomain.net --force --cleanup Connection to 'dc1-ipa-dev-nvan.mydomain.net' failed: Insufficient access: SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context Invalid credentials Forcing removal of dc1-ipa-dev-nvan.mydomain.net Skipping calculation to determine if one or more masters would be orphaned. Deleting replication agreements between dc1-ipa-dev-nvan.mydomain.net and dc1-ipa-dev-van.mydomain.net Failed to get list of agreements from 'dc1-ipa-dev-nvan.mydomain.net': Insufficient access: SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context Invalid credentials Forcing removal on 'dc1-ipa-dev-van.mydomain.net' Any DNA range on 'dc1-ipa-dev-nvan.mydomain.net' will be lost Deleted replication agreement from 'dc1-ipa-dev-van.mydomain.net' to 'dc1-ipa-dev-nvan.mydomain.net' Background task created to clean replication data. This may take a while. This may be safely interrupted with Ctrl+C Failed to cleanup dc1-ipa-dev-nvan.mydomain.net entries: Operations error: You may need to manually remove them from the tree [root at dc1-ipa-dev-van slapd-mydomain-NET]# [root at dc1-ipa-dev-van slapd-mydomain-NET]# ipa-csreplica-manage del dc1-ipa-dev-nvan.mydomain.net --force Directory Manager password: Unable to connect to replica dc1-ipa-dev-nvan.mydomain.net, forcing removal Failed to get data from 'dc1-ipa-dev-nvan.mydomain.net': cannot connect to 'ldap://dc1-ipa-dev-nvan.mydomain.net:389': Forcing removal on 'dc1-ipa-dev-van.mydomain.net' There were issues removing a connection: 'NoneType' object has no attribute 'port' [root at dc1-ipa-dev-nvan slapd-mydomain-NET]# ipa-server-install --uninstall This is a NON REVERSIBLE operation and will delete all data and configuration! Are you sure you want to continue with the uninstall procedure? [no]: yes Replication agreements with the following IPA masters found: dc1-ipa-dev-van .mydomain.net. Removing any replication agreements before uninstalling the server is strongly recommended. You can remove replication agreements by running the following command on any other IPA master: $ ipa-replica-manage del dc1-ipa-dev-nvan.mydomain.net Are you sure you want to continue with the uninstall procedure? [no]: yes Shutting down all IPA services Removing IPA client configuration Unconfiguring ntpd Configuring certmonger to stop tracking system certificates for KRA Configuring certmonger to stop tracking system certificates for CA Unconfiguring CA Unconfiguring named Unconfiguring ipa-dnskeysyncd Unconfiguring web server ipa : ERROR Command ''/bin/systemctl' 'restart' 'httpd.service'' returned non-zero exit status 1 [root at dc1-ipa-dev-nvan slapd-mydomain-NET]# ipa-server-install --uninstall This is a NON REVERSIBLE operation and will delete all data and configuration! Are you sure you want to continue with the uninstall procedure? [no]: yes WARNING: Failed to connect to Directory Server to find information about replication agreements. Uninstallation will continue despite the possible existing replication agreements. Shutting down all IPA services Removing IPA client configuration Configuring certmonger to stop tracking system certificates for KRA Configuring certmonger to stop tracking system certificates for CA Unconfiguring krb5kdc Unconfiguring kadmin Unconfiguring directory server ipa : ERROR Instance removal failed. ipa : ERROR Failed to remove DS instance. You may need to remove instance data manually Unconfiguring ipa_memcached Unconfiguring ipa-otpd [root at dc1-ipa-dev-nvan slapd-mydomain-NET]# ipa-server-install --uninstall This is a NON REVERSIBLE operation and will delete all data and configuration! Are you sure you want to continue with the uninstall procedure? [no]: yes WARNING: Failed to connect to Directory Server to find information about replication agreements. Uninstallation will continue despite the possible existing replication agreements. Shutting down all IPA services Removing IPA client configuration Configuring certmonger to stop tracking system certificates for KRA Configuring certmonger to stop tracking system certificates for CA [root at dc1-ipa-dev-nvan slapd-mydomain-NET]# [root at dc2-ipa-dev-nvan slapd-mydomain-NET]# ipa-server-install --uninstall This is a NON REVERSIBLE operation and will delete all data and configuration! Are you sure you want to continue with the uninstall procedure? [no]: yes Replication agreements with the following IPA masters found: dc1-ipa-dev-van .mydomain.net. Removing any replication agreements before uninstalling the server is strongly recommended. You can remove replication agreements by running the following command on any other IPA master: $ ipa-replica-manage del dc2-ipa-dev-nvan.mydomain.net Are you sure you want to continue with the uninstall procedure? [no]: yes Shutting down all IPA services Removing IPA client configuration Unconfiguring ntpd Configuring certmonger to stop tracking system certificates for KRA Configuring certmonger to stop tracking system certificates for CA Unconfiguring CA Unconfiguring named Unconfiguring ipa-dnskeysyncd Unconfiguring web server Unconfiguring krb5kdc Unconfiguring kadmin Unconfiguring directory server ipa : ERROR Instance removal failed. ipa : ERROR Failed to remove DS instance. You may need to remove instance data manually Unconfiguring ipa_memcached Unconfiguring ipa-otpd [root at dc2-ipa-dev-nvan slapd-mydomain-NET]# ipa-server-install --uninstall This is a NON REVERSIBLE operation and will delete all data and configuration! Are you sure you want to continue with the uninstall procedure? [no]: yes WARNING: Failed to connect to Directory Server to find information about replication agreements. Uninstallation will continue despite the possible existing replication agreements. Shutting down all IPA services Removing IPA client configuration Configuring certmonger to stop tracking system certificates for KRA Configuring certmonger to stop tracking system certificates for CA [root at dc2-ipa-dev-nvan slapd-mydomain-NET]# [root at dc1-ipa-dev-van slapd-mydomain-NET]# ipa-replica-manage clean-all-ruv Usage: ipa-replica-manage [options] ipa-replica-manage: error: must provide a command [clean-ruv | dnarange-set | list-ruv | dnarange-show | connect | force-sync | list-clean-ruv | disconnect | list | dnanextrange-set | dnanextrange-show | del | re-initialize | abort-clean-ruv] [root at dc1-ipa-dev-van slapd-mydomain-NET]# ipa-replica-manage clean-ruv 9 Clean the Replication Update Vector for dc1-ipa-dev-nvan.mydomain.net:389 Cleaning the wrong replica ID will cause that server to no longer replicate so it may miss updates while the process is running. It would need to be re-initialized to maintain consistency. Be very careful. Continue to clean? [no]: yes Background task created to clean replication data. This may take a while. This may be safely interrupted with Ctrl+C Cleanup task created [root at dc1-ipa-dev-van slapd-mydomain-NET]# ipa-replica-manage list-ruv unexpected error: Insufficient access: SASL(-14): authorization failure: Invalid credentials [root at dc1-ipa-dev-van slapd-mydomain-NET]# kdestroy [root at dc1-ipa-dev-van slapd-mydomain-NET]# kinit nathan.peters Password for nathan.peters at mydomain.NET: [root at dc1-ipa-dev-van slapd-mydomain-NET]# ipa-replica-manage list-ruv dc1-ipa-dev-van.mydomain.net:389: 4 [root at dc1-ipa-dev-van slapd-mydomain-NET]# [root at dc1-ipa-dev-van slapd-mydomain-NET]# ldapsearch -D "cn=directory manager" -W -b "o=ipaca" "(&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff))" nscpentrywsi Enter LDAP Password: # extended LDIF # # LDAPv3 # base with scope subtree # filter: (&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff)) # requesting: nscpentrywsi # # replica, o\3Dipaca, mapping tree, config dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config nscpentrywsi: dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config nscpentrywsi: objectClass: top nscpentrywsi: objectClass: nsDS5Replica nscpentrywsi: objectClass: extensibleobject nscpentrywsi: nsDS5ReplicaRoot: o=ipaca nscpentrywsi: nsDS5ReplicaType: 3 nscpentrywsi: nsDS5ReplicaBindDN: cn=Replication Manager masterAgreement1-dc1-ipa-dev-nvan.mydomain.net-pki-tomcat,ou=csusers,cn=config nscpentrywsi: nsDS5ReplicaBindDN: cn=Replication Manager masterAgreement1-dc2-ipa-dev-nvan.mydomain.net-pki-tomcat,ou=csusers,cn=config nscpentrywsi: cn: replica nscpentrywsi: nsDS5ReplicaId: 96 nscpentrywsi: nsDS5Flags: 1 nscpentrywsi: creatorsName: uid=pkidbuser,ou=people,o=ipaca nscpentrywsi: modifiersName: cn=Multimaster Replication Plugin,cn=plugins,cn=c onfig nscpentrywsi: createTimestamp: 20160114034427Z nscpentrywsi: modifyTimestamp: 20160115040015Z nscpentrywsi: nsState:: YAAAAAAAAAC3bphWAAAAAAAAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA == nscpentrywsi: nsDS5ReplicaName: 0c97968e-ba7111e5-b1f1cd78-f19552bb nscpentrywsi: nsds50ruv: {replicageneration} 5697199b000000600000 nscpentrywsi: nsds50ruv: {replica 96 ldap://dc1-ipa-dev-van.mydomain.net:389} 569719a0000000600000 56986eb9000000600000 nscpentrywsi: nsds50ruv: {replica 76 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56976b310000004c0000 56976b5c0002004c0000 nscpentrywsi: nsds50ruv: {replica 81 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 5697661a000000510000 56986b55000000510000 nscpentrywsi: nsds50ruv: {replica 86 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 569761d2000000560000 5697620b000500560000 nscpentrywsi: nsds50ruv: {replica 91 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 569738560000005b0000 569738790004005b0000 nscpentrywsi: nsds50ruv: {replica 97 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 569719a4000000610000 569719e6001100610000 nscpentrywsi: nsruvReplicaLastModified: {replica 96 ldap://dc1-ipa-dev-van.mydomain.net:389} 56986eb7 nscpentrywsi: nsruvReplicaLastModified: {replica 76 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56976b68 nscpentrywsi: nsruvReplicaLastModified: {replica 81 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 56986b54 nscpentrywsi: nsruvReplicaLastModified: {replica 86 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 56976208 nscpentrywsi: nsruvReplicaLastModified: {replica 91 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56973881 nscpentrywsi: nsruvReplicaLastModified: {replica 97 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 00000000 nscpentrywsi: nsds5ReplicaChangeCount: 1465 nscpentrywsi: nsds5replicareapactive: 0 # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 [root at dc1-ipa-dev-van slapd-mydomain-NET]# -----Original Message----- From: Nathan Peters Sent: January-14-16 1:26 PM To: Nathan Peters; Rob Crittenden; Ludwig Krispenz; freeipa-users at redhat.com Subject: RE: [Freeipa-users] Replication failing on FreeIPA 4.2.0 So after some more forum searching I found a command that searches your ldap database for RUVs. The output does not seems to match the list-ruv command for each server. Is this where the issue lies in the database? I see 6 ruvs for each host in the ldapsearch but only 3 in the ipa-replica-manage list-ruv command DC1-IPA-DEV-VAN OUTPUT ====================== [root at dc1-ipa-dev-van slapd-mydomain-NET]# ldapsearch -D "cn=directory manager" -W -b "o=ipaca" "(&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff))" nscpentrywsi Enter LDAP Password: # extended LDIF # # LDAPv3 # base with scope subtree # filter: (&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff)) # requesting: nscpentrywsi # # replica, o\3Dipaca, mapping tree, config dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config nscpentrywsi: dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config nscpentrywsi: objectClass: top nscpentrywsi: objectClass: nsDS5Replica nscpentrywsi: objectClass: extensibleobject nscpentrywsi: nsDS5ReplicaRoot: o=ipaca nscpentrywsi: nsDS5ReplicaType: 3 nscpentrywsi: nsDS5ReplicaBindDN: cn=Replication Manager masterAgreement1-dc1-ipa-dev-nvan.mydomain.net-pki-tomcat,ou=csusers,cn=config nscpentrywsi: nsDS5ReplicaBindDN: cn=Replication Manager masterAgreement1-dc2-ipa-dev-nvan.mydomain.net-pki-tomcat,ou=csusers,cn=config nscpentrywsi: cn: replica nscpentrywsi: nsDS5ReplicaId: 96 nscpentrywsi: nsDS5Flags: 1 nscpentrywsi: creatorsName: uid=pkidbuser,ou=people,o=ipaca nscpentrywsi: modifiersName: cn=Multimaster Replication Plugin,cn=plugins,cn=config nscpentrywsi: createTimestamp: 20160114034427Z nscpentrywsi: modifyTimestamp: 20160114210015Z nscpentrywsi: nsState:: YAAAAAAAAABPDJhWAAAAAAAAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA== nscpentrywsi: nsDS5ReplicaName: 0c97968e-ba7111e5-b1f1cd78-f19552bb nscpentrywsi: numSubordinates: 2 nscpentrywsi: nsds50ruv: {replicageneration} 5697199b000000600000 nscpentrywsi: nsds50ruv: {replica 96 ldap://dc1-ipa-dev-van.mydomain.net:389} 569719a0000000600000 56980c51000000600000 nscpentrywsi: nsds50ruv: {replica 76 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56976b310000004c0000 56976b5c0002004c0000 nscpentrywsi: nsds50ruv: {replica 81 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 5697661a000000510000 5697f1f4000300510000 nscpentrywsi: nsds50ruv: {replica 86 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 569761d2000000560000 5697620b000500560000 nscpentrywsi: nsds50ruv: {replica 91 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 569738560000005b0000 569738790004005b0000 nscpentrywsi: nsds50ruv: {replica 97 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 569719a4000000610000 569719e6001100610000 nscpentrywsi: nsds5agmtmaxcsn: o=ipaca;masterAgreement1-dc1-ipa-dev-nvan.mydomain.net-pki-tomcat;dc1-ipa-dev-nvan.mydomain.net;389;81;56980c5 1000000600000 nscpentrywsi: nsds5agmtmaxcsn: o=ipaca;masterAgreement1-dc2-ipa-dev-nvan.mydomain.net-pki-tomcat;dc2-ipa-dev-nvan.mydomain.net;389;76;56980c5 1000000600000 nscpentrywsi: nsruvReplicaLastModified: {replica 96 ldap://dc1-ipa-dev-van.mydomain.net:389} 56980c4f nscpentrywsi: nsruvReplicaLastModified: {replica 76 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56976b68 nscpentrywsi: nsruvReplicaLastModified: {replica 81 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 5697f1f1 nscpentrywsi: nsruvReplicaLastModified: {replica 86 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 56976208 nscpentrywsi: nsruvReplicaLastModified: {replica 91 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56973881 nscpentrywsi: nsruvReplicaLastModified: {replica 97 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 00000000 nscpentrywsi: nsds5ReplicaChangeCount: 1374 nscpentrywsi: nsds5replicareapactive: 0 # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 [root at dc1-ipa-dev-van slapd-mydomain-NET]# ipa-replica-manage list-ruv dc1-ipa-dev-nvan.mydomain.net:389: 9 dc1-ipa-dev-van.mydomain.net:389: 4 dc2-ipa-dev-nvan.mydomain.net:389: 10 DC1-IPA-DEV-NVAN OUTPUT ======================= [root at dc1-ipa-dev-nvan slapd-mydomain-NET]# ldapsearch -D "cn=directory manager" -W -b "o=ipaca" "(&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff))" nscpentrywsi Enter LDAP Password: # extended LDIF # # LDAPv3 # base with scope subtree # filter: (&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff)) # requesting: nscpentrywsi # # replica, o\3Dipaca, mapping tree, config dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config nscpentrywsi: dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config nscpentrywsi: cn: replica nscpentrywsi: createTimestamp: 20160114091023Z nscpentrywsi: creatorsName: cn=directory manager nscpentrywsi: modifiersName: cn=Multimaster Replication Plugin,cn=plugins,cn=config nscpentrywsi: modifyTimestamp: 20160114205455Z nscpentrywsi: nsDS5Flags: 1 nscpentrywsi: nsDS5ReplicaBindDN: cn=Replication Manager cloneAgreement1-dc1-ipa-dev-nvan.mydomain.net-pki-tomcat,ou=csusers,cn=config nscpentrywsi: nsDS5ReplicaId: 81 nscpentrywsi: nsDS5ReplicaName: 9f025f1e-ba9e11e5-a3eed144-7534709f nscpentrywsi: nsDS5ReplicaRoot: o=ipaca nscpentrywsi: nsDS5ReplicaType: 3 nscpentrywsi: nsState:: UQAAAAAAAAAeC5hWAAAAAAAAAAAAAAAAAgAAAAAAAAABAAAAAAAAAA== nscpentrywsi: objectClass: top nscpentrywsi: objectClass: nsDS5Replica nscpentrywsi: objectClass: extensibleobject nscpentrywsi: numSubordinates: 1 nscpentrywsi: nsds50ruv: {replicageneration} 5697199b000000600000 nscpentrywsi: nsds50ruv: {replica 81 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 5697661a000000510000 5697f1f4000300510000 nscpentrywsi: nsds50ruv: {replica 96 ldap://dc1-ipa-dev-van.mydomain.net:389} 569719a0000000600000 56980fcd000000600000 nscpentrywsi: nsds50ruv: {replica 86 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 569761d2000000560000 5697620b000500560000 nscpentrywsi: nsds50ruv: {replica 91 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 569738560000005b0000 569738790004005b0000 nscpentrywsi: nsds50ruv: {replica 97 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 569719a4000000610000 569719e6001100610000 nscpentrywsi: nsds50ruv: {replica 76 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56976b310000004c0000 56976b5c0002004c0000 nscpentrywsi: nsds5agmtmaxcsn: o=ipaca;cloneAgreement1-dc1-ipa-dev-nvan.mydomain.net-pki-tomcat;dc1-ipa-dev-van.mydomain.net;389;96;5697f1f40 00300510000 nscpentrywsi: nsruvReplicaLastModified: {replica 81 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 00000000 nscpentrywsi: nsruvReplicaLastModified: {replica 96 ldap://dc1-ipa-dev-van.mydomain.net:389} 56980fcb nscpentrywsi: nsruvReplicaLastModified: {replica 86 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 00000000 nscpentrywsi: nsruvReplicaLastModified: {replica 91 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 00000000 nscpentrywsi: nsruvReplicaLastModified: {replica 97 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 00000000 nscpentrywsi: nsruvReplicaLastModified: {replica 76 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 00000000 nscpentrywsi: nsds5ReplicaChangeCount: 571 nscpentrywsi: nsds5replicareapactive: 0 # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 [root at dc1-ipa-dev-nvan slapd-mydomain-NET]# ipa-replica-manage list-ruv dc1-ipa-dev-nvan.mydomain.net:389: 9 dc2-ipa-dev-nvan.mydomain.net:389: 10 dc1-ipa-dev-van.mydomain.net:389: 4 DC2-IPA-DEV-NVAN OUTPUT ======================= [root at dc2-ipa-dev-nvan slapd-mydomain-NET]# ldapsearch -D "cn=directory manager" -W -b "o=ipaca" "(&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff))" nscpentrywsi Enter LDAP Password: # extended LDIF # # LDAPv3 # base with scope subtree # filter: (&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff)) # requesting: nscpentrywsi # # replica, o\3Dipaca, mapping tree, config dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config nscpentrywsi: dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config nscpentrywsi: cn: replica nscpentrywsi: createTimestamp: 20160114093204Z nscpentrywsi: creatorsName: cn=directory manager nscpentrywsi: modifiersName: cn=Multimaster Replication Plugin,cn=plugins,cn=config nscpentrywsi: modifyTimestamp: 20160114210009Z nscpentrywsi: nsDS5Flags: 1 nscpentrywsi: nsDS5ReplicaBindDN: cn=Replication Manager cloneAgreement1-dc2-ipa-dev-nvan.mydomain.net-pki-tomcat,ou=csusers,cn=config nscpentrywsi: nsDS5ReplicaId: 76 nscpentrywsi: nsDS5ReplicaName: a70fce1e-baa111e5-bbb09cc0-8cbb81b3 nscpentrywsi: nsDS5ReplicaRoot: o=ipaca nscpentrywsi: nsDS5ReplicaType: 3 nscpentrywsi: nsState:: TAAAAAAAAABXDJhWAAAAAAAAAAAAAAAAAgAAAAAAAAABAAAAAAAAAA== nscpentrywsi: objectClass: top nscpentrywsi: objectClass: nsDS5Replica nscpentrywsi: objectClass: extensibleobject nscpentrywsi: numSubordinates: 1 nscpentrywsi: nsds50ruv: {replicageneration} 5697199b000000600000 nscpentrywsi: nsds50ruv: {replica 76 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56976b310000004c0000 56976b5c0002004c0000 nscpentrywsi: nsds50ruv: {replica 96 ldap://dc1-ipa-dev-van.mydomain.net:389} 569719a0000000600000 56980fcd000000600000 nscpentrywsi: nsds50ruv: {replica 81 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 5697661a000000510000 5697f1f4000300510000 nscpentrywsi: nsds50ruv: {replica 86 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 569761d2000000560000 5697620b000500560000 nscpentrywsi: nsds50ruv: {replica 91 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 569738560000005b0000 569738790004005b0000 nscpentrywsi: nsds50ruv: {replica 97 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 569719a4000000610000 569719e6001100610000 nscpentrywsi: nsds5agmtmaxcsn: o=ipaca;cloneAgreement1-dc2-ipa-dev-nvan.mydomain.net-pki-tomcat;dc1-ipa-dev-van.mydomain.net;389;96;56976b5c0 002004c0000 nscpentrywsi: nsruvReplicaLastModified: {replica 76 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 00000000 nscpentrywsi: nsruvReplicaLastModified: {replica 96 ldap://dc1-ipa-dev-van.mydomain.net:389} 56980fca nscpentrywsi: nsruvReplicaLastModified: {replica 81 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 00000000 nscpentrywsi: nsruvReplicaLastModified: {replica 86 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 00000000 nscpentrywsi: nsruvReplicaLastModified: {replica 91 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 00000000 nscpentrywsi: nsruvReplicaLastModified: {replica 97 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 00000000 nscpentrywsi: nsds5ReplicaChangeCount: 322 nscpentrywsi: nsds5replicareapactive: 0 # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 [root at dc2-ipa-dev-nvan slapd-mydomain-NET]# ipa-replica-manage list-ruv dc2-ipa-dev-nvan.mydomain.net:389: 10 dc1-ipa-dev-van.mydomain.net:389: 4 dc1-ipa-dev-nvan.mydomain.net:389: 9 -----Original Message----- From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Nathan Peters Sent: January-14-16 12:53 PM To: Rob Crittenden; Ludwig Krispenz; freeipa-users at redhat.com Subject: Re: [Freeipa-users] Replication failing on FreeIPA 4.2.0 I'm beginning to suspect there may be something wrong with my ldap database. I actually completed deleted dc1-nvan and dc2-nvan last night, leaving only dc1-van. I then re-provosioned dc1-nvan and dc2-nvan from scratch (os install and everything). After re-provisioning I was finally able to make a 3 way replication agreement so each server was replicating with 2 others. When I left, all servers were reporting successful output similar to this : [root at dc2-ipa-dev-nvan ~]# ipa-replica-manage list -v `hostname` p11-kit: ipa.p11-kit: x-public-key-info: invalid or unsupported attribute dc1-ipa-dev-nvan.mydomain.net: replica last init status: None last init ended: 1970-01-01 00:00:00+00:00 last update status: 0 Replica acquired successfully: Incremental update started last update ended: 1970-01-01 00:00:00+00:00 dc1-ipa-dev-van.mydomain.net: replica last init status: None last init ended: 1970-01-01 00:00:00+00:00 last update status: 0 Replica acquired successfully: Incremental update started last update ended: 1970-01-01 00:00:00+00:00 When I came in this morning 8 hours later the logs are full of errors again: So I have a few questions: 1)Is there any way to effectively 'clean' an ldap database? 2)Are there any commands I can run to find out if it is something in my database that is causing issues? -for troubleshooting this one I tried doing ruv-clean after I deleted my replicas but it claimed their IDs no longer existed, so it thought they were deleted properly. 3)Why even with successful replication are they still showing 1970 dates? I never understand why they keep going back to that. They were at 2016 dates last night... Here are the error logs from each server : =========== Errors in dc1-nvan =========== [14/Jan/2016:20:19:52 +0000] attrlist_replace - attr_replace (nsslapd-referral, ldap://dc1-ipa-dev-van.mydomain.net:389/o%3Dipaca) failed. [14/Jan/2016:20:19:52 +0000] attrlist_replace - attr_replace (nsslapd-referral, ldap://dc1-ipa-dev-van.mydomain.net:389/o%3Dipaca) failed. [14/Jan/2016:20:27:36 +0000] NSMMReplicationPlugin - replication keep alive entry already exists [14/Jan/2016:20:29:51 +0000] attrlist_replace - attr_replace (nsslapd-referral, ldap://dc1-ipa-dev-van.mydomain.net:389/o%3Dipaca) failed. [14/Jan/2016:20:29:51 +0000] attrlist_replace - attr_replace (nsslapd-referral, ldap://dc1-ipa-dev-van.mydomain.net:389/o%3Dipaca) failed. [14/Jan/2016:20:29:51 +0000] attrlist_replace - attr_replace (nsslapd-referral, ldap://dc1-ipa-dev-van.mydomain.net:389/o%3Dipaca) failed. [14/Jan/2016:20:33:43 +0000] NSMMReplicationPlugin - replication keep alive entry already exists [14/Jan/2016:20:34:51 +0000] attrlist_replace - attr_replace (nsslapd-referral, ldap://dc1-ipa-dev-van.mydomain.net:389/o%3Dipaca) failed. [14/Jan/2016:20:34:51 +0000] attrlist_replace - attr_replace (nsslapd-referral, ldap://dc1-ipa-dev-van.mydomain.net:389/o%3Dipaca) failed. [14/Jan/2016:20:34:51 +0000] attrlist_replace - attr_replace (nsslapd-referral, ldap://dc1-ipa-dev-van.mydomain.net:389/o%3Dipaca) failed. =========== Errors in dc2-nvan =========== [14/Jan/2016:20:19:52 +0000] attrlist_replace - attr_replace (nsslapd-referral, ldap://dc1-ipa-dev-van.mydomain.net:389/o%3Dipaca) failed. [14/Jan/2016:20:19:52 +0000] attrlist_replace - attr_replace (nsslapd-referral, ldap://dc1-ipa-dev-van.mydomain.net:389/o%3Dipaca) failed. [14/Jan/2016:20:26:11 +0000] NSMMReplicationPlugin - replication keep alive entry already exists [14/Jan/2016:20:29:52 +0000] attrlist_replace - attr_replace (nsslapd-referral, ldap://dc1-ipa-dev-van.mydomain.net:389/o%3Dipaca) failed. [14/Jan/2016:20:29:52 +0000] attrlist_replace - attr_replace (nsslapd-referral, ldap://dc1-ipa-dev-van.mydomain.net:389/o%3Dipaca) failed. [14/Jan/2016:20:29:52 +0000] attrlist_replace - attr_replace (nsslapd-referral, ldap://dc1-ipa-dev-van.mydomain.net:389/o%3Dipaca) failed. [14/Jan/2016:20:31:46 +0000] NSMMReplicationPlugin - replication keep alive entry already exists [14/Jan/2016:20:34:52 +0000] attrlist_replace - attr_replace (nsslapd-referral, ldap://dc1-ipa-dev-van.mydomain.net:389/o%3Dipaca) failed. [14/Jan/2016:20:34:52 +0000] attrlist_replace - attr_replace (nsslapd-referral, ldap://dc1-ipa-dev-van.mydomain.net:389/o%3Dipaca) failed. [14/Jan/2016:20:34:52 +0000] attrlist_replace - attr_replace (nsslapd-referral, ldap://dc1-ipa-dev-van.mydomain.net:389/o%3Dipaca) failed. =========== Errors in dc1-van =========== [14/Jan/2016:20:31:45 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:31:45 +0000] NSMMReplicationPlugin - changelog program - cl5GetOperationCount: found DB object 7f5595d590d0 [14/Jan/2016:20:31:45 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:31:45 +0000] NSMMReplicationPlugin - changelog program - cl5GetOperationCount: found DB object 7f5595d590d0 [14/Jan/2016:20:31:45 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 56979f620001000a0000 into pending list [14/Jan/2016:20:31:45 +0000] NSMMReplicationPlugin - conn=14281 op=11117 csn=56979f620001000a0000 process postop: canceling operation csn [14/Jan/2016:20:31:46 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:31:46 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:31:46 +0000] - _csngen_adjust_local_time: gen state before 569806a80004:1452803504:0:248 [14/Jan/2016:20:31:46 +0000] - _csngen_adjust_local_time: gen state after 569806aa0000:1452803506:0:248 [14/Jan/2016:20:31:46 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:31:46 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:31:46 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:31:46 +0000] NSMMReplicationPlugin - conn=11725 op=16246 Acquired consumer connection extension [14/Jan/2016:20:31:46 +0000] NSMMReplicationPlugin - conn=11725 op=16246 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:31:46 +0000] - csngen_adjust_time: gen state before 569806aa0001:1452803506:0:248 [14/Jan/2016:20:31:46 +0000] - csngen_adjust_time: gen state after 569806ab0001:1452803506:1:248 [14/Jan/2016:20:31:46 +0000] NSMMReplicationPlugin - conn=11725 op=16246 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:31:46 +0000] NSMMReplicationPlugin - conn=11725 op=16246 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:31:46 +0000] NSMMReplicationPlugin - conn=11725 op=16246 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:31:46 +0000] NSMMReplicationPlugin - conn=11725 op=16246 Relinquishing consumer connection extension [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:31:47 +0000] - _csngen_adjust_local_time: gen state before 569806ab0001:1452803506:1:248 [14/Jan/2016:20:31:47 +0000] - _csngen_adjust_local_time: gen state after 569806ab0001:1452803507:0:248 [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569806ab000200040000 into pending list [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=hadoop6-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568ecc27000100040000 [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569806ab000200040000 [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: stop_fatal_error -> stop_fatal_error [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569806ab000300040000 into pending list [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=hadoop6-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568ecc2b000200040000 [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569806ab000300040000 [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: stop_fatal_error -> stop_fatal_error [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697a13d0005000a0000 into pending list [14/Jan/2016:20:31:47 +0000] NSMMReplicationPlugin - conn=14281 op=11118 csn=5697a13d0005000a0000 process postop: canceling operation csn [14/Jan/2016:20:31:49 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:31:49 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:31:49 +0000] - _csngen_adjust_local_time: gen state before 569806ab0004:1452803507:0:248 [14/Jan/2016:20:31:49 +0000] - _csngen_adjust_local_time: gen state after 569806ad0000:1452803509:0:248 [14/Jan/2016:20:31:49 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:31:49 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:31:49 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:31:49 +0000] NSMMReplicationPlugin - conn=11725 op=16247 Acquired consumer connection extension [14/Jan/2016:20:31:49 +0000] NSMMReplicationPlugin - conn=11725 op=16247 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:31:49 +0000] - csngen_adjust_time: gen state before 569806ad0001:1452803509:0:248 [14/Jan/2016:20:31:49 +0000] - csngen_adjust_time: gen state after 569806ae0001:1452803509:1:248 [14/Jan/2016:20:31:49 +0000] NSMMReplicationPlugin - conn=11725 op=16247 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:31:49 +0000] NSMMReplicationPlugin - conn=11725 op=16247 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:31:49 +0000] NSMMReplicationPlugin - conn=11725 op=16247 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:31:49 +0000] NSMMReplicationPlugin - conn=11725 op=16247 Relinquishing consumer connection extension [14/Jan/2016:20:31:49 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697a2fd0001000a0000 into pending list [14/Jan/2016:20:31:49 +0000] NSMMReplicationPlugin - conn=14281 op=11119 csn=5697a2fd0001000a0000 process postop: canceling operation csn [14/Jan/2016:20:31:50 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:31:50 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:31:50 +0000] - _csngen_adjust_local_time: gen state before 569806ae0001:1452803509:1:248 [14/Jan/2016:20:31:50 +0000] - _csngen_adjust_local_time: gen state after 569806ae0001:1452803510:0:248 [14/Jan/2016:20:31:50 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:31:50 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:31:50 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:31:51 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697a4ce0001000a0000 into pending list [14/Jan/2016:20:31:51 +0000] NSMMReplicationPlugin - conn=14281 op=11120 csn=5697a4ce0001000a0000 process postop: canceling operation csn [14/Jan/2016:20:31:52 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:31:52 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:31:52 +0000] - _csngen_adjust_local_time: gen state before 569806ae0002:1452803510:0:248 [14/Jan/2016:20:31:52 +0000] - _csngen_adjust_local_time: gen state after 569806b00000:1452803512:0:248 [14/Jan/2016:20:31:52 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:31:52 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:31:52 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:31:52 +0000] NSMMReplicationPlugin - conn=11725 op=16248 Acquired consumer connection extension [14/Jan/2016:20:31:52 +0000] NSMMReplicationPlugin - conn=11725 op=16248 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:31:52 +0000] - csngen_adjust_time: gen state before 569806b00001:1452803512:0:248 [14/Jan/2016:20:31:52 +0000] - csngen_adjust_time: gen state after 569806b10001:1452803512:1:248 [14/Jan/2016:20:31:52 +0000] NSMMReplicationPlugin - conn=11725 op=16248 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:31:52 +0000] NSMMReplicationPlugin - conn=11725 op=16248 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:31:52 +0000] NSMMReplicationPlugin - conn=11725 op=16248 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:31:52 +0000] NSMMReplicationPlugin - conn=11725 op=16248 Relinquishing consumer connection extension [14/Jan/2016:20:31:53 +0000] - _csngen_adjust_local_time: gen state before 569806b10001:1452803512:1:248 [14/Jan/2016:20:31:53 +0000] - _csngen_adjust_local_time: gen state after 569806b10001:1452803513:0:248 [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569806b1000100040000 into pending list [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=van-test-conv2.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568ecc2b000300040000 [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569806b1000100040000 [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: stop_fatal_error -> stop_fatal_error [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569806b1000200040000 into pending list [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=van-test-conv2.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568ecc31000100040000 [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569806b1000200040000 [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: stop_fatal_error -> stop_fatal_error [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697a6650002000a0000 into pending list [14/Jan/2016:20:31:53 +0000] NSMMReplicationPlugin - conn=14281 op=11121 csn=5697a6650002000a0000 process postop: canceling operation csn [14/Jan/2016:20:31:55 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:31:55 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:31:55 +0000] - _csngen_adjust_local_time: gen state before 569806b10004:1452803513:0:248 [14/Jan/2016:20:31:55 +0000] - _csngen_adjust_local_time: gen state after 569806b30000:1452803515:0:248 [14/Jan/2016:20:31:55 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:31:55 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:31:55 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:31:55 +0000] NSMMReplicationPlugin - conn=11725 op=16249 Acquired consumer connection extension [14/Jan/2016:20:31:55 +0000] NSMMReplicationPlugin - conn=11725 op=16249 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:31:55 +0000] - csngen_adjust_time: gen state before 569806b30001:1452803515:0:248 [14/Jan/2016:20:31:55 +0000] - csngen_adjust_time: gen state after 569806b40001:1452803515:1:248 [14/Jan/2016:20:31:55 +0000] NSMMReplicationPlugin - conn=11725 op=16249 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:31:55 +0000] NSMMReplicationPlugin - conn=11725 op=16249 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:31:55 +0000] NSMMReplicationPlugin - conn=11725 op=16249 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:31:55 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697a7e80000000a0000 into pending list [14/Jan/2016:20:31:55 +0000] NSMMReplicationPlugin - conn=11725 op=16249 Relinquishing consumer connection extension [14/Jan/2016:20:31:55 +0000] NSMMReplicationPlugin - conn=14281 op=11122 csn=5697a7e80000000a0000 process postop: canceling operation csn [14/Jan/2016:20:31:56 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:31:56 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:31:56 +0000] - _csngen_adjust_local_time: gen state before 569806b40001:1452803515:1:248 [14/Jan/2016:20:31:56 +0000] - _csngen_adjust_local_time: gen state after 569806b40001:1452803516:0:248 [14/Jan/2016:20:31:56 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:31:56 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:31:56 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:31:57 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697a93c0000000a0000 into pending list [14/Jan/2016:20:31:57 +0000] NSMMReplicationPlugin - conn=14281 op=11123 csn=5697a93c0000000a0000 process postop: canceling operation csn [14/Jan/2016:20:31:58 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:31:58 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:31:58 +0000] - _csngen_adjust_local_time: gen state before 569806b40002:1452803516:0:248 [14/Jan/2016:20:31:58 +0000] - _csngen_adjust_local_time: gen state after 569806b60000:1452803518:0:248 [14/Jan/2016:20:31:58 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:31:58 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:31:58 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:31:58 +0000] NSMMReplicationPlugin - conn=11725 op=16250 Acquired consumer connection extension [14/Jan/2016:20:31:58 +0000] NSMMReplicationPlugin - conn=11725 op=16250 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:31:58 +0000] - csngen_adjust_time: gen state before 569806b60001:1452803518:0:248 [14/Jan/2016:20:31:58 +0000] - csngen_adjust_time: gen state after 569806b70001:1452803518:1:248 [14/Jan/2016:20:31:58 +0000] NSMMReplicationPlugin - conn=11725 op=16250 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:31:58 +0000] NSMMReplicationPlugin - conn=11725 op=16250 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:31:58 +0000] NSMMReplicationPlugin - conn=11725 op=16250 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:31:58 +0000] NSMMReplicationPlugin - conn=11725 op=16250 Relinquishing consumer connection extension [14/Jan/2016:20:31:59 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:31:59 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:31:59 +0000] - _csngen_adjust_local_time: gen state before 569806b70001:1452803518:1:248 [14/Jan/2016:20:31:59 +0000] - _csngen_adjust_local_time: gen state after 569806b70001:1452803519:0:248 [14/Jan/2016:20:31:59 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:31:59 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:31:59 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:31:59 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697ab4b0000000a0000 into pending list [14/Jan/2016:20:31:59 +0000] NSMMReplicationPlugin - conn=14281 op=11124 csn=5697ab4b0000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:01 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:01 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:01 +0000] - _csngen_adjust_local_time: gen state before 569806b70002:1452803519:0:248 [14/Jan/2016:20:32:01 +0000] - _csngen_adjust_local_time: gen state after 569806b90000:1452803521:0:248 [14/Jan/2016:20:32:01 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:01 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:01 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:01 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697acb30000000a0000 into pending list [14/Jan/2016:20:32:01 +0000] NSMMReplicationPlugin - conn=14281 op=11125 csn=5697acb30000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:01 +0000] NSMMReplicationPlugin - conn=11725 op=16251 Acquired consumer connection extension [14/Jan/2016:20:32:01 +0000] NSMMReplicationPlugin - conn=11725 op=16251 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:32:01 +0000] - csngen_adjust_time: gen state before 569806b90001:1452803521:0:248 [14/Jan/2016:20:32:01 +0000] - csngen_adjust_time: gen state after 569806ba0001:1452803521:1:248 [14/Jan/2016:20:32:01 +0000] NSMMReplicationPlugin - conn=11725 op=16251 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:32:01 +0000] NSMMReplicationPlugin - conn=11725 op=16251 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:32:01 +0000] NSMMReplicationPlugin - conn=11725 op=16251 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:32:01 +0000] NSMMReplicationPlugin - conn=11725 op=16251 Relinquishing consumer connection extension [14/Jan/2016:20:32:02 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:02 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:02 +0000] - _csngen_adjust_local_time: gen state before 569806ba0001:1452803521:1:248 [14/Jan/2016:20:32:02 +0000] - _csngen_adjust_local_time: gen state after 569806ba0001:1452803522:0:248 [14/Jan/2016:20:32:02 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:02 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:02 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:03 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697ae970000000a0000 into pending list [14/Jan/2016:20:32:03 +0000] NSMMReplicationPlugin - conn=14281 op=11126 csn=5697ae970000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:04 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:04 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:04 +0000] - _csngen_adjust_local_time: gen state before 569806ba0002:1452803522:0:248 [14/Jan/2016:20:32:04 +0000] - _csngen_adjust_local_time: gen state after 569806bc0000:1452803524:0:248 [14/Jan/2016:20:32:04 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:04 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:04 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:04 +0000] NSMMReplicationPlugin - conn=11725 op=16252 Acquired consumer connection extension [14/Jan/2016:20:32:04 +0000] NSMMReplicationPlugin - conn=11725 op=16252 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:32:04 +0000] - csngen_adjust_time: gen state before 569806bc0001:1452803524:0:248 [14/Jan/2016:20:32:04 +0000] - csngen_adjust_time: gen state after 569806bd0001:1452803524:1:248 [14/Jan/2016:20:32:04 +0000] NSMMReplicationPlugin - conn=11725 op=16252 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:32:04 +0000] NSMMReplicationPlugin - conn=11725 op=16252 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:32:04 +0000] NSMMReplicationPlugin - conn=11725 op=16252 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:32:04 +0000] NSMMReplicationPlugin - conn=11725 op=16252 Relinquishing consumer connection extension [14/Jan/2016:20:32:05 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:05 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:05 +0000] - _csngen_adjust_local_time: gen state before 569806bd0001:1452803524:1:248 [14/Jan/2016:20:32:05 +0000] - _csngen_adjust_local_time: gen state after 569806bd0001:1452803525:0:248 [14/Jan/2016:20:32:05 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:05 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:05 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:05 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697b0100000000a0000 into pending list [14/Jan/2016:20:32:05 +0000] NSMMReplicationPlugin - conn=14281 op=11127 csn=5697b0100000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:06 +0000] - _csngen_adjust_local_time: gen state before 569806bd0002:1452803525:0:248 [14/Jan/2016:20:32:06 +0000] - _csngen_adjust_local_time: gen state after 569806be0000:1452803526:0:248 [14/Jan/2016:20:32:06 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569806be000000040000 into pending list [14/Jan/2016:20:32:06 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568ecc31000200040000 [14/Jan/2016:20:32:06 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:06 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:06 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569806be000000040000 [14/Jan/2016:20:32:06 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: stop_fatal_error -> stop_fatal_error [14/Jan/2016:20:32:06 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:06 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:06 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569806be000100040000 into pending list [14/Jan/2016:20:32:06 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=pm1-portal-mbsnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568ecc3e000000040000 [14/Jan/2016:20:32:06 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:06 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:06 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569806be000100040000 [14/Jan/2016:20:32:06 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: stop_fatal_error -> stop_fatal_error [14/Jan/2016:20:32:06 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:06 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:07 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:07 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:07 +0000] - _csngen_adjust_local_time: gen state before 569806be0002:1452803526:0:248 [14/Jan/2016:20:32:07 +0000] - _csngen_adjust_local_time: gen state after 569806bf0000:1452803527:0:248 [14/Jan/2016:20:32:07 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:07 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:07 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:07 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697b1dc0001000a0000 into pending list [14/Jan/2016:20:32:07 +0000] NSMMReplicationPlugin - conn=14281 op=11128 csn=5697b1dc0001000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:07 +0000] NSMMReplicationPlugin - conn=11725 op=16253 Acquired consumer connection extension [14/Jan/2016:20:32:07 +0000] NSMMReplicationPlugin - conn=11725 op=16253 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:32:07 +0000] - csngen_adjust_time: gen state before 569806bf0001:1452803527:0:248 [14/Jan/2016:20:32:07 +0000] - csngen_adjust_time: gen state after 569806c00001:1452803527:1:248 [14/Jan/2016:20:32:07 +0000] NSMMReplicationPlugin - conn=11725 op=16253 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:32:07 +0000] NSMMReplicationPlugin - conn=11725 op=16253 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:32:07 +0000] NSMMReplicationPlugin - conn=11725 op=16253 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:32:07 +0000] NSMMReplicationPlugin - conn=11725 op=16253 Relinquishing consumer connection extension [14/Jan/2016:20:32:08 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:08 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:08 +0000] - _csngen_adjust_local_time: gen state before 569806c00001:1452803527:1:248 [14/Jan/2016:20:32:08 +0000] - _csngen_adjust_local_time: gen state after 569806c00001:1452803528:0:248 [14/Jan/2016:20:32:08 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:08 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:08 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:09 +0000] - _csngen_adjust_local_time: gen state before 569806c00002:1452803528:0:248 [14/Jan/2016:20:32:09 +0000] - _csngen_adjust_local_time: gen state after 569806c10000:1452803529:0:248 [14/Jan/2016:20:32:09 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569806c1000000040000 into pending list [14/Jan/2016:20:32:09 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=es1-sal-sinci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568ecc3e000100040000 [14/Jan/2016:20:32:09 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:09 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:09 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569806c1000000040000 [14/Jan/2016:20:32:09 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: stop_fatal_error -> stop_fatal_error [14/Jan/2016:20:32:09 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:09 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:09 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569806c1000100040000 into pending list [14/Jan/2016:20:32:09 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=es1-sal-sinci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568ecc41000000040000 [14/Jan/2016:20:32:09 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:09 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:09 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569806c1000100040000 [14/Jan/2016:20:32:09 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: stop_fatal_error -> stop_fatal_error [14/Jan/2016:20:32:09 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:09 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:09 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697b3850000000a0000 into pending list [14/Jan/2016:20:32:09 +0000] NSMMReplicationPlugin - conn=14281 op=11129 csn=5697b3850000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:10 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:10 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:10 +0000] - _csngen_adjust_local_time: gen state before 569806c10002:1452803529:0:248 [14/Jan/2016:20:32:10 +0000] - _csngen_adjust_local_time: gen state after 569806c20000:1452803530:0:248 [14/Jan/2016:20:32:10 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:10 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:10 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:10 +0000] NSMMReplicationPlugin - conn=11725 op=16254 Acquired consumer connection extension [14/Jan/2016:20:32:10 +0000] NSMMReplicationPlugin - conn=11725 op=16254 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:32:10 +0000] - csngen_adjust_time: gen state before 569806c20001:1452803530:0:248 [14/Jan/2016:20:32:10 +0000] - csngen_adjust_time: gen state after 569806c30001:1452803530:1:248 [14/Jan/2016:20:32:10 +0000] NSMMReplicationPlugin - conn=11725 op=16254 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:32:10 +0000] NSMMReplicationPlugin - conn=11725 op=16254 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:32:10 +0000] NSMMReplicationPlugin - conn=11725 op=16254 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:32:10 +0000] NSMMReplicationPlugin - conn=11725 op=16254 Relinquishing consumer connection extension [14/Jan/2016:20:32:11 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:11 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:11 +0000] - _csngen_adjust_local_time: gen state before 569806c30001:1452803530:1:248 [14/Jan/2016:20:32:11 +0000] - _csngen_adjust_local_time: gen state after 569806c30001:1452803531:0:248 [14/Jan/2016:20:32:11 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:11 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:11 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:11 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697b5360000000a0000 into pending list [14/Jan/2016:20:32:11 +0000] NSMMReplicationPlugin - conn=14281 op=11130 csn=5697b5360000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:13 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:13 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:13 +0000] - _csngen_adjust_local_time: gen state before 569806c30002:1452803531:0:248 [14/Jan/2016:20:32:13 +0000] - _csngen_adjust_local_time: gen state after 569806c50000:1452803533:0:248 [14/Jan/2016:20:32:13 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:13 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:13 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:13 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697b6fa0000000a0000 into pending list [14/Jan/2016:20:32:13 +0000] NSMMReplicationPlugin - conn=14281 op=11131 csn=5697b6fa0000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:13 +0000] NSMMReplicationPlugin - conn=11725 op=16255 Acquired consumer connection extension [14/Jan/2016:20:32:13 +0000] NSMMReplicationPlugin - conn=11725 op=16255 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:32:13 +0000] - csngen_adjust_time: gen state before 569806c50001:1452803533:0:248 [14/Jan/2016:20:32:13 +0000] - csngen_adjust_time: gen state after 569806c60001:1452803533:1:248 [14/Jan/2016:20:32:13 +0000] NSMMReplicationPlugin - conn=11725 op=16255 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:32:13 +0000] NSMMReplicationPlugin - conn=11725 op=16255 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:32:13 +0000] NSMMReplicationPlugin - conn=11725 op=16255 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:32:13 +0000] NSMMReplicationPlugin - conn=11725 op=16255 Relinquishing consumer connection extension [14/Jan/2016:20:32:14 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:14 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:14 +0000] - _csngen_adjust_local_time: gen state before 569806c60001:1452803533:1:248 [14/Jan/2016:20:32:14 +0000] - _csngen_adjust_local_time: gen state after 569806c60001:1452803534:0:248 [14/Jan/2016:20:32:14 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:14 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:14 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:15 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:15 +0000] NSMMReplicationPlugin - changelog program - cl5GetOperationCount: found DB object 7f5595d590d0 [14/Jan/2016:20:32:15 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697b8c00000000a0000 into pending list [14/Jan/2016:20:32:15 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:15 +0000] NSMMReplicationPlugin - changelog program - cl5GetOperationCount: found DB object 7f5595d590d0 [14/Jan/2016:20:32:15 +0000] NSMMReplicationPlugin - conn=14281 op=11132 csn=5697b8c00000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:16 +0000] NSMMReplicationPlugin - conn=11725 op=16256 Acquired consumer connection extension [14/Jan/2016:20:32:16 +0000] NSMMReplicationPlugin - conn=11725 op=16256 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:32:16 +0000] - csngen_adjust_time: gen state before 569806c60002:1452803534:0:248 [14/Jan/2016:20:32:16 +0000] - _csngen_adjust_local_time: gen state before 569806c60002:1452803534:0:248 [14/Jan/2016:20:32:16 +0000] - _csngen_adjust_local_time: gen state after 569806c80000:1452803536:0:248 [14/Jan/2016:20:32:16 +0000] - csngen_adjust_time: gen state after 569806c90001:1452803536:1:248 [14/Jan/2016:20:32:16 +0000] NSMMReplicationPlugin - conn=11725 op=16256 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:32:16 +0000] NSMMReplicationPlugin - conn=11725 op=16256 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:32:16 +0000] NSMMReplicationPlugin - conn=11725 op=16256 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:32:16 +0000] NSMMReplicationPlugin - conn=11725 op=16256 Relinquishing consumer connection extension [14/Jan/2016:20:32:16 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:16 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:16 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:16 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:16 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:17 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697ba710000000a0000 into pending list [14/Jan/2016:20:32:17 +0000] NSMMReplicationPlugin - conn=14281 op=11133 csn=5697ba710000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:17 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:17 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:17 +0000] - _csngen_adjust_local_time: gen state before 569806c90002:1452803536:1:248 [14/Jan/2016:20:32:17 +0000] - _csngen_adjust_local_time: gen state after 569806c90002:1452803537:0:248 [14/Jan/2016:20:32:17 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:17 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:17 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:18 +0000] - _csngen_adjust_local_time: gen state before 569806c90003:1452803537:0:248 [14/Jan/2016:20:32:18 +0000] - _csngen_adjust_local_time: gen state after 569806ca0000:1452803538:0:248 [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569806ca000000040000 into pending list [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=cass1-msg-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568ecc41000100040000 [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569806ca000000040000 [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: stop_fatal_error -> stop_fatal_error [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569806ca000100040000 into pending list [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=cass1-msg-cpci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568ecc4a000000040000 [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569806ca000100040000 [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: stop_fatal_error -> stop_fatal_error [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569806ca000200040000 into pending list [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=fe2-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568ecc4a000100040000 [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569806ca000200040000 [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: stop_fatal_error -> stop_fatal_error [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569806ca000300040000 into pending list [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=fe2-gas-gassnap1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568ecc4a000200040000 [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569806ca000300040000 [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: stop_fatal_error -> stop_fatal_error [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:18 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:19 +0000] NSMMReplicationPlugin - conn=11725 op=16257 Acquired consumer connection extension [14/Jan/2016:20:32:19 +0000] NSMMReplicationPlugin - conn=11725 op=16257 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:32:19 +0000] - csngen_adjust_time: gen state before 569806ca0004:1452803538:0:248 [14/Jan/2016:20:32:19 +0000] - _csngen_adjust_local_time: gen state before 569806ca0004:1452803538:0:248 [14/Jan/2016:20:32:19 +0000] - _csngen_adjust_local_time: gen state after 569806cb0000:1452803539:0:248 [14/Jan/2016:20:32:19 +0000] - csngen_adjust_time: gen state after 569806cc0001:1452803539:1:248 [14/Jan/2016:20:32:19 +0000] NSMMReplicationPlugin - conn=11725 op=16257 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:32:19 +0000] NSMMReplicationPlugin - conn=11725 op=16257 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:32:19 +0000] NSMMReplicationPlugin - conn=11725 op=16257 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:32:19 +0000] NSMMReplicationPlugin - conn=11725 op=16257 Relinquishing consumer connection extension [14/Jan/2016:20:32:19 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697bc340000000a0000 into pending list [14/Jan/2016:20:32:19 +0000] NSMMReplicationPlugin - conn=14281 op=11134 csn=5697bc340000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:19 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:19 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:19 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:19 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:19 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:20 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:20 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:20 +0000] - _csngen_adjust_local_time: gen state before 569806cc0002:1452803539:1:248 [14/Jan/2016:20:32:20 +0000] - _csngen_adjust_local_time: gen state after 569806cc0002:1452803540:0:248 [14/Jan/2016:20:32:20 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:20 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:20 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:21 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697bdcb0000000a0000 into pending list [14/Jan/2016:20:32:21 +0000] NSMMReplicationPlugin - conn=14281 op=11135 csn=5697bdcb0000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:22 +0000] NSMMReplicationPlugin - conn=11725 op=16258 Acquired consumer connection extension [14/Jan/2016:20:32:22 +0000] NSMMReplicationPlugin - conn=11725 op=16258 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:32:22 +0000] - csngen_adjust_time: gen state before 569806cc0003:1452803540:0:248 [14/Jan/2016:20:32:22 +0000] - _csngen_adjust_local_time: gen state before 569806cc0003:1452803540:0:248 [14/Jan/2016:20:32:22 +0000] - _csngen_adjust_local_time: gen state after 569806ce0000:1452803542:0:248 [14/Jan/2016:20:32:22 +0000] - csngen_adjust_time: gen state after 569806cf0001:1452803542:1:248 [14/Jan/2016:20:32:22 +0000] NSMMReplicationPlugin - conn=11725 op=16258 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:32:22 +0000] NSMMReplicationPlugin - conn=11725 op=16258 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:32:22 +0000] NSMMReplicationPlugin - conn=11725 op=16258 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:32:22 +0000] NSMMReplicationPlugin - conn=11725 op=16258 Relinquishing consumer connection extension [14/Jan/2016:20:32:22 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:22 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:22 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:22 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:22 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:23 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697bf710000000a0000 into pending list [14/Jan/2016:20:32:23 +0000] NSMMReplicationPlugin - conn=14281 op=11136 csn=5697bf710000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:23 +0000] - _csngen_adjust_local_time: gen state before 569806cf0002:1452803542:1:248 [14/Jan/2016:20:32:23 +0000] - _csngen_adjust_local_time: gen state after 569806cf0002:1452803543:0:248 [14/Jan/2016:20:32:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:23 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:24 +0000] - _csngen_adjust_local_time: gen state before 569806cf0003:1452803543:0:248 [14/Jan/2016:20:32:24 +0000] - _csngen_adjust_local_time: gen state after 569806d00000:1452803544:0:248 [14/Jan/2016:20:32:24 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569806d0000000040000 into pending list [14/Jan/2016:20:32:24 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=feedspool1-arch-flex-nvan.mydomain.net+nsuniqueid=ae37be91-b97111e5-b1f1cd78-f19552bb,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568ecc4a000300040000 [14/Jan/2016:20:32:24 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:24 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:24 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569806d0000000040000 [14/Jan/2016:20:32:24 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: stop_fatal_error -> stop_fatal_error [14/Jan/2016:20:32:24 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:24 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:24 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569806d0000100040000 into pending list [14/Jan/2016:20:32:24 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=feedspool1-arch-flex-nvan.mydomain.net+nsuniqueid=ae37be91-b97111e5-b1f1cd78-f19552bb,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568ecc50000000040000 [14/Jan/2016:20:32:24 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:24 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:24 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569806d0000100040000 [14/Jan/2016:20:32:24 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: stop_fatal_error -> stop_fatal_error [14/Jan/2016:20:32:24 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:24 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:25 +0000] NSMMReplicationPlugin - conn=11725 op=16259 Acquired consumer connection extension [14/Jan/2016:20:32:25 +0000] NSMMReplicationPlugin - conn=11725 op=16259 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:32:25 +0000] - csngen_adjust_time: gen state before 569806d00002:1452803544:0:248 [14/Jan/2016:20:32:25 +0000] - _csngen_adjust_local_time: gen state before 569806d00002:1452803544:0:248 [14/Jan/2016:20:32:25 +0000] - _csngen_adjust_local_time: gen state after 569806d10000:1452803545:0:248 [14/Jan/2016:20:32:25 +0000] - csngen_adjust_time: gen state after 569806d20001:1452803545:1:248 [14/Jan/2016:20:32:25 +0000] NSMMReplicationPlugin - conn=11725 op=16259 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:32:25 +0000] NSMMReplicationPlugin - conn=11725 op=16259 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:32:25 +0000] NSMMReplicationPlugin - conn=11725 op=16259 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:32:25 +0000] NSMMReplicationPlugin - conn=11725 op=16259 Relinquishing consumer connection extension [14/Jan/2016:20:32:25 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697c13d0001000a0000 into pending list [14/Jan/2016:20:32:25 +0000] NSMMReplicationPlugin - conn=14281 op=11137 csn=5697c13d0001000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:25 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:25 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:26 +0000] - _csngen_adjust_local_time: gen state before 569806d20001:1452803545:1:248 [14/Jan/2016:20:32:26 +0000] - _csngen_adjust_local_time: gen state after 569806d20001:1452803546:0:248 [14/Jan/2016:20:32:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:26 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 3 seconds [14/Jan/2016:20:32:27 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697c2ff0000000a0000 into pending list [14/Jan/2016:20:32:27 +0000] NSMMReplicationPlugin - conn=14281 op=11138 csn=5697c2ff0000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:28 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:28 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:28 +0000] - _csngen_adjust_local_time: gen state before 569806d20003:1452803546:0:248 [14/Jan/2016:20:32:28 +0000] - _csngen_adjust_local_time: gen state after 569806d40000:1452803548:0:248 [14/Jan/2016:20:32:28 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:28 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:28 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 3 seconds [14/Jan/2016:20:32:28 +0000] NSMMReplicationPlugin - conn=11725 op=16260 Acquired consumer connection extension [14/Jan/2016:20:32:28 +0000] NSMMReplicationPlugin - conn=11725 op=16260 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:32:28 +0000] - csngen_adjust_time: gen state before 569806d40001:1452803548:0:248 [14/Jan/2016:20:32:28 +0000] - csngen_adjust_time: gen state after 569806d50001:1452803548:1:248 [14/Jan/2016:20:32:28 +0000] NSMMReplicationPlugin - conn=11725 op=16260 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:32:28 +0000] NSMMReplicationPlugin - conn=11725 op=16260 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:32:28 +0000] NSMMReplicationPlugin - conn=11725 op=16260 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:32:28 +0000] NSMMReplicationPlugin - conn=11725 op=16260 Relinquishing consumer connection extension [14/Jan/2016:20:32:29 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:29 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:29 +0000] - _csngen_adjust_local_time: gen state before 569806d50001:1452803548:1:248 [14/Jan/2016:20:32:29 +0000] - _csngen_adjust_local_time: gen state after 569806d50001:1452803549:0:248 [14/Jan/2016:20:32:29 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:29 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:29 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 3 seconds [14/Jan/2016:20:32:29 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697c4ce0000000a0000 into pending list [14/Jan/2016:20:32:29 +0000] NSMMReplicationPlugin - conn=14281 op=11139 csn=5697c4ce0000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:31 +0000] - _csngen_adjust_local_time: gen state before 569806d50002:1452803549:0:248 [14/Jan/2016:20:32:31 +0000] - _csngen_adjust_local_time: gen state after 569806d70000:1452803551:0:248 [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 3 seconds [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - conn=11725 op=16261 Acquired consumer connection extension [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - conn=11725 op=16261 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:32:31 +0000] - csngen_adjust_time: gen state before 569806d70001:1452803551:0:248 [14/Jan/2016:20:32:31 +0000] - csngen_adjust_time: gen state after 569806d80001:1452803551:1:248 [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - conn=11725 op=16261 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - conn=11725 op=16261 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - conn=11725 op=16261 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - conn=11725 op=16261 Relinquishing consumer connection extension [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569806d8000100040000 into pending list [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=hadoop3-mc-mcci1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568ecc50000100040000 [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569806d8000100040000 [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697c6970000000a0000 into pending list [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - conn=14281 op=11140 csn=5697c6970000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: stop_fatal_error -> stop_fatal_error [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569806d8000200040000 into pending list [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=hadoop3-mc-mcci1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net up to CSN 568ecc58000100040000 [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569806d8000200040000 [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.mywindowsdomain.net" (officedc2:389): State: stop_fatal_error -> stop_fatal_error [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:31 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:32 +0000] - _csngen_adjust_local_time: gen state before 569806d80003:1452803551:1:248 [14/Jan/2016:20:32:32 +0000] - _csngen_adjust_local_time: gen state after 569806d80003:1452803552:0:248 [14/Jan/2016:20:32:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:32 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 3 seconds [14/Jan/2016:20:32:33 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697c81b0003000a0000 into pending list [14/Jan/2016:20:32:33 +0000] NSMMReplicationPlugin - conn=14281 op=11141 csn=5697c81b0003000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:34 +0000] NSMMReplicationPlugin - conn=11725 op=16262 Acquired consumer connection extension [14/Jan/2016:20:32:34 +0000] NSMMReplicationPlugin - conn=11725 op=16262 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:32:34 +0000] - csngen_adjust_time: gen state before 569806d80004:1452803552:0:248 [14/Jan/2016:20:32:34 +0000] - _csngen_adjust_local_time: gen state before 569806d80004:1452803552:0:248 [14/Jan/2016:20:32:34 +0000] - _csngen_adjust_local_time: gen state after 569806da0000:1452803554:0:248 [14/Jan/2016:20:32:34 +0000] - csngen_adjust_time: gen state after 569806db0002:1452803554:1:248 [14/Jan/2016:20:32:34 +0000] NSMMReplicationPlugin - conn=11725 op=16262 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:32:34 +0000] NSMMReplicationPlugin - conn=11725 op=16262 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:32:34 +0000] NSMMReplicationPlugin - conn=11725 op=16262 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:32:34 +0000] NSMMReplicationPlugin - conn=11725 op=16262 Relinquishing consumer connection extension [14/Jan/2016:20:32:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:34 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 3 seconds [14/Jan/2016:20:32:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:35 +0000] - _csngen_adjust_local_time: gen state before 569806db0003:1452803554:1:248 [14/Jan/2016:20:32:35 +0000] - _csngen_adjust_local_time: gen state after 569806db0003:1452803555:0:248 [14/Jan/2016:20:32:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:35 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:35 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697c9d20000000a0000 into pending list [14/Jan/2016:20:32:35 +0000] NSMMReplicationPlugin - conn=14281 op=11142 csn=5697c9d20000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:37 +0000] NSMMReplicationPlugin - conn=11725 op=16263 Acquired consumer connection extension [14/Jan/2016:20:32:37 +0000] NSMMReplicationPlugin - conn=11725 op=16263 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:32:37 +0000] - csngen_adjust_time: gen state before 569806db0004:1452803555:0:248 [14/Jan/2016:20:32:37 +0000] - _csngen_adjust_local_time: gen state before 569806db0004:1452803555:0:248 [14/Jan/2016:20:32:37 +0000] - _csngen_adjust_local_time: gen state after 569806dd0000:1452803557:0:248 [14/Jan/2016:20:32:37 +0000] - csngen_adjust_time: gen state after 569806de0001:1452803557:1:248 [14/Jan/2016:20:32:37 +0000] NSMMReplicationPlugin - conn=11725 op=16263 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:32:37 +0000] NSMMReplicationPlugin - conn=11725 op=16263 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:32:37 +0000] NSMMReplicationPlugin - conn=11725 op=16263 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:32:37 +0000] NSMMReplicationPlugin - conn=11725 op=16263 Relinquishing consumer connection extension [14/Jan/2016:20:32:37 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:37 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:37 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:37 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:37 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:37 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697cb920000000a0000 into pending list [14/Jan/2016:20:32:37 +0000] NSMMReplicationPlugin - conn=14281 op=11143 csn=5697cb920000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:38 +0000] - _csngen_adjust_local_time: gen state before 569806de0002:1452803557:1:248 [14/Jan/2016:20:32:38 +0000] - _csngen_adjust_local_time: gen state after 569806de0002:1452803558:0:248 [14/Jan/2016:20:32:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:38 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:39 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697cd0f0000000a0000 into pending list [14/Jan/2016:20:32:39 +0000] NSMMReplicationPlugin - conn=14281 op=11144 csn=5697cd0f0000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:40 +0000] NSMMReplicationPlugin - conn=11725 op=16264 Acquired consumer connection extension [14/Jan/2016:20:32:40 +0000] NSMMReplicationPlugin - conn=11725 op=16264 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:32:40 +0000] - csngen_adjust_time: gen state before 569806de0003:1452803558:0:248 [14/Jan/2016:20:32:40 +0000] - _csngen_adjust_local_time: gen state before 569806de0003:1452803558:0:248 [14/Jan/2016:20:32:40 +0000] - _csngen_adjust_local_time: gen state after 569806e00000:1452803560:0:248 [14/Jan/2016:20:32:40 +0000] - csngen_adjust_time: gen state after 569806e10001:1452803560:1:248 [14/Jan/2016:20:32:40 +0000] NSMMReplicationPlugin - conn=11725 op=16264 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:32:40 +0000] NSMMReplicationPlugin - conn=11725 op=16264 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:32:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:40 +0000] NSMMReplicationPlugin - conn=11725 op=16264 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:32:40 +0000] NSMMReplicationPlugin - conn=11725 op=16264 Relinquishing consumer connection extension [14/Jan/2016:20:32:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:40 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:41 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:41 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:41 +0000] - _csngen_adjust_local_time: gen state before 569806e10002:1452803560:1:248 [14/Jan/2016:20:32:41 +0000] - _csngen_adjust_local_time: gen state after 569806e10002:1452803561:0:248 [14/Jan/2016:20:32:41 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:41 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:41 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:41 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697cee40000000a0000 into pending list [14/Jan/2016:20:32:41 +0000] NSMMReplicationPlugin - conn=14281 op=11145 csn=5697cee40000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:43 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:43 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:43 +0000] - _csngen_adjust_local_time: gen state before 569806e10003:1452803561:0:248 [14/Jan/2016:20:32:43 +0000] - _csngen_adjust_local_time: gen state after 569806e30000:1452803563:0:248 [14/Jan/2016:20:32:43 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:43 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:43 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:43 +0000] NSMMReplicationPlugin - conn=11725 op=16265 Acquired consumer connection extension [14/Jan/2016:20:32:43 +0000] NSMMReplicationPlugin - conn=11725 op=16265 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:32:43 +0000] - csngen_adjust_time: gen state before 569806e30001:1452803563:0:248 [14/Jan/2016:20:32:43 +0000] - csngen_adjust_time: gen state after 569806e40001:1452803563:1:248 [14/Jan/2016:20:32:43 +0000] NSMMReplicationPlugin - conn=11725 op=16265 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:32:43 +0000] NSMMReplicationPlugin - conn=11725 op=16265 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:32:43 +0000] NSMMReplicationPlugin - conn=11725 op=16265 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:32:43 +0000] NSMMReplicationPlugin - conn=11725 op=16265 Relinquishing consumer connection extension [14/Jan/2016:20:32:43 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697d0250001000a0000 into pending list [14/Jan/2016:20:32:43 +0000] NSMMReplicationPlugin - conn=14281 op=11146 csn=5697d0250001000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:44 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:44 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:44 +0000] - _csngen_adjust_local_time: gen state before 569806e40001:1452803563:1:248 [14/Jan/2016:20:32:44 +0000] - _csngen_adjust_local_time: gen state after 569806e40001:1452803564:0:248 [14/Jan/2016:20:32:44 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:44 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:44 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:45 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:45 +0000] NSMMReplicationPlugin - changelog program - cl5GetOperationCount: found DB object 7f5595d590d0 [14/Jan/2016:20:32:45 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7f5595d590d0 for database /var/lib/dirsrv/slapd-mydomain.net/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [14/Jan/2016:20:32:45 +0000] NSMMReplicationPlugin - changelog program - cl5GetOperationCount: found DB object 7f5595d590d0 [14/Jan/2016:20:32:45 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697d2120000000a0000 into pending list [14/Jan/2016:20:32:45 +0000] NSMMReplicationPlugin - conn=14281 op=11147 csn=5697d2120000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:46 +0000] NSMMReplicationPlugin - conn=11725 op=16266 Acquired consumer connection extension [14/Jan/2016:20:32:46 +0000] NSMMReplicationPlugin - conn=11725 op=16266 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:32:46 +0000] - csngen_adjust_time: gen state before 569806e40002:1452803564:0:248 [14/Jan/2016:20:32:46 +0000] - _csngen_adjust_local_time: gen state before 569806e40002:1452803564:0:248 [14/Jan/2016:20:32:46 +0000] - _csngen_adjust_local_time: gen state after 569806e60000:1452803566:0:248 [14/Jan/2016:20:32:46 +0000] - csngen_adjust_time: gen state after 569806e70001:1452803566:1:248 [14/Jan/2016:20:32:46 +0000] NSMMReplicationPlugin - conn=11725 op=16266 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:32:46 +0000] NSMMReplicationPlugin - conn=11725 op=16266 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:32:46 +0000] NSMMReplicationPlugin - conn=11725 op=16266 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:32:46 +0000] NSMMReplicationPlugin - conn=11725 op=16266 Relinquishing consumer connection extension [14/Jan/2016:20:32:46 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:46 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:46 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:46 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:46 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:47 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:47 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:47 +0000] - _csngen_adjust_local_time: gen state before 569806e70002:1452803566:1:248 [14/Jan/2016:20:32:47 +0000] - _csngen_adjust_local_time: gen state after 569806e70002:1452803567:0:248 [14/Jan/2016:20:32:47 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:47 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:47 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:47 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697d3630000000a0000 into pending list [14/Jan/2016:20:32:47 +0000] NSMMReplicationPlugin - conn=14281 op=11148 csn=5697d3630000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:49 +0000] NSMMReplicationPlugin - conn=11725 op=16267 Acquired consumer connection extension [14/Jan/2016:20:32:49 +0000] NSMMReplicationPlugin - conn=11725 op=16267 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:32:49 +0000] - csngen_adjust_time: gen state before 569806e70003:1452803567:0:248 [14/Jan/2016:20:32:49 +0000] - _csngen_adjust_local_time: gen state before 569806e70003:1452803567:0:248 [14/Jan/2016:20:32:49 +0000] - _csngen_adjust_local_time: gen state after 569806e90000:1452803569:0:248 [14/Jan/2016:20:32:49 +0000] - csngen_adjust_time: gen state after 569806ea0001:1452803569:1:248 [14/Jan/2016:20:32:49 +0000] NSMMReplicationPlugin - conn=11725 op=16267 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:32:49 +0000] NSMMReplicationPlugin - conn=11725 op=16267 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:32:49 +0000] NSMMReplicationPlugin - conn=11725 op=16267 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:32:49 +0000] NSMMReplicationPlugin - conn=11725 op=16267 Relinquishing consumer connection extension [14/Jan/2016:20:32:49 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:49 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:49 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:49 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:49 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:49 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697d5690000000a0000 into pending list [14/Jan/2016:20:32:49 +0000] NSMMReplicationPlugin - conn=14281 op=11149 csn=5697d5690000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:50 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:50 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:50 +0000] - _csngen_adjust_local_time: gen state before 569806ea0002:1452803569:1:248 [14/Jan/2016:20:32:50 +0000] - _csngen_adjust_local_time: gen state after 569806ea0002:1452803570:0:248 [14/Jan/2016:20:32:50 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:50 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:50 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:51 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697d6c90000000a0000 into pending list [14/Jan/2016:20:32:51 +0000] NSMMReplicationPlugin - conn=14281 op=11150 csn=5697d6c90000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:52 +0000] NSMMReplicationPlugin - conn=11725 op=16268 Acquired consumer connection extension [14/Jan/2016:20:32:52 +0000] NSMMReplicationPlugin - conn=11725 op=16268 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:32:52 +0000] - csngen_adjust_time: gen state before 569806ea0003:1452803570:0:248 [14/Jan/2016:20:32:52 +0000] - _csngen_adjust_local_time: gen state before 569806ea0003:1452803570:0:248 [14/Jan/2016:20:32:52 +0000] - _csngen_adjust_local_time: gen state after 569806ec0000:1452803572:0:248 [14/Jan/2016:20:32:52 +0000] - csngen_adjust_time: gen state after 569806ed0001:1452803572:1:248 [14/Jan/2016:20:32:52 +0000] NSMMReplicationPlugin - conn=11725 op=16268 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:32:52 +0000] NSMMReplicationPlugin - conn=11725 op=16268 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:32:52 +0000] NSMMReplicationPlugin - conn=11725 op=16268 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:32:52 +0000] NSMMReplicationPlugin - conn=11725 op=16268 Relinquishing consumer connection extension [14/Jan/2016:20:32:52 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:52 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:52 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:52 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:52 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:53 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): State: backoff -> backoff [14/Jan/2016:20:32:53 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Cancelling linger on the connection [14/Jan/2016:20:32:53 +0000] - _csngen_adjust_local_time: gen state before 569806ed0002:1452803572:1:248 [14/Jan/2016:20:32:53 +0000] - _csngen_adjust_local_time: gen state after 569806ed0002:1452803573:0:248 [14/Jan/2016:20:32:53 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Unable to acquire replica: the replica is currently being updatedby another supplier. Will try later [14/Jan/2016:20:32:53 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Beginning linger on the connection [14/Jan/2016:20:32:53 +0000] NSMMReplicationPlugin - agmt="cn=meTodc2-ipa-dev-nvan.mydomain.net" (dc2-ipa-dev-nvan:389): Replication session backing off for 2 seconds [14/Jan/2016:20:32:53 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 5697d8e70000000a0000 into pending list [14/Jan/2016:20:32:53 +0000] NSMMReplicationPlugin - conn=14281 op=11151 csn=5697d8e70000000a0000 process postop: canceling operation csn [14/Jan/2016:20:32:55 +0000] NSMMReplicationPlugin - conn=11725 op=16269 Acquired consumer connection extension [14/Jan/2016:20:32:55 +0000] NSMMReplicationPlugin - conn=11725 op=16269 repl="dc=mydomain,dc=net": Begin incremental protocol [14/Jan/2016:20:32:55 +0000] - csngen_adjust_time: gen state before 569806ed0003:1452803573:0:248 [14/Jan/2016:20:32:55 +0000] - _csngen_adjust_local_time: gen state before 569806ed0003:1452803573:0:248 [14/Jan/2016:20:32:55 +0000] - _csngen_adjust_local_time: gen state after 569806ef0000:1452803575:0:248 [14/Jan/2016:20:32:55 +0000] - csngen_adjust_time: gen state after 569806f00001:1452803575:1:248 [14/Jan/2016:20:32:55 +0000] NSMMReplicationPlugin - conn=11725 op=16269 repl="dc=mydomain,dc=net": Replica in use locking_purl=conn=14281 id=11105 [14/Jan/2016:20:32:55 +0000] NSMMReplicationPlugin - conn=11725 op=16269 replica="dc=mydomain,dc=net": Unable to acquire replica: error: replica busy locked by conn=14281 id=11105 for incremental update [14/Jan/2016:20:32:55 +0000] NSMMReplicationPlugin - conn=11725 op=16269 repl="dc=mydomain,dc=net": StartNSDS90ReplicationRequest: response=1 rc=0 [14/Jan/2016:20:32:55 +0000] NSMMReplicationPlugin - conn=11725 op=16269 Relinquishing consumer connection extension -----Original Message----- From: Rob Crittenden [mailto:rcritten at redhat.com] Sent: January-14-16 6:33 AM To: Nathan Peters; Ludwig Krispenz; freeipa-users at redhat.com Subject: Re: [Freeipa-users] Replication failing on FreeIPA 4.2.0 Nathan Peters wrote: > This just keeps on getting better and better. > > > > I need this replication working properly because it has caused about 7 > or 8 builds to fail today alone so I decided to just be done with > troubleshooting and remove the server from the domain and re-initialize it. > > > > I deleted it with 'ipa-replica-manage del dc1-ipa-dev-nvan.mydomain.net' > and then removed then ran an ipa-server uninstall. I then made a new > gpg file for it on dc1-van and added it back as a replica. > > > > After I did that, I wanted to connect all 3 servers together and when > I run ipa-replica-manage connect on dc2-nvan I get this now. I'm not > sure how troubleshoot that. > > > > > > dc1-ipa-dev-nvan.mydomain.net is an IPA Server, but it might be > unknown, foreign or previously deleted one. It means that the new server isn't showing up in the list of masters on dc2-nvan which points to continuing replication issues. rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project From Lachlan.Simpson at petermac.org Fri Jan 15 06:04:20 2016 From: Lachlan.Simpson at petermac.org (Simpson Lachlan) Date: Fri, 15 Jan 2016 06:04:20 +0000 Subject: [Freeipa-users] IPA wont start, all services fail Message-ID: <0137003026EBE54FBEC540C5600C03C432D414@PMC-EXMBX02.petermac.org.au> Hi I?m not 100% sure where I've gone wrong, but I obviously have. Running Centos 7.2, with FreeIPA 4.2.0 from the repos. FreeIPA was set up per instructions (# ipa-server-install ), and we could surf to the website and interact with it. I set up a second server, yum install -y ipa-client, and then joined with authconfig successfully and logged in. Our intention is to join an AD domain over which we have no control in a one way trust: co.org.au is trusted by unix.co.org.au. In order to do this, I followed the instructions on redhat's documentation " 5.3.3.1. Preparing the IdM Server for Trust" https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/creating-trusts.html#trust-set-up-idm I installed "*ipa-server-trust-ad" samba, ran the ipa-adtrust-install script successfully, confirmed DNS was properly configured, confirmed smbclient was properly configured, then created a trust agreement successfully (this time yesterday I was cheering). -------------------------------------------------------- Added Active Directory trust for realm "co.org.au" -------------------------------------------------------- Realm name: co.org.au Domain NetBIOS name: PMCI Domain Security Identifier: S-1-5-21-55386287-1424373824-1154838474 SID blacklist incoming: S-1-5-20, S-1-5-3, S-1-5-2, S-1-5-1, S-1-5-7, S-1-5-6, S-1-5-5, S-1-5-4, S-1-5-9, S-1-5-8, S-1-5-17, S-1-5-16, S-1-5-15, S-1-5-14, S-1-5-13, S-1-5-12, S-1-5-11, S-1-5-10, S-1-3, S-1-2, S-1-1, S-1-0, S-1-5-19, S-1-5-18 SID blacklist outgoing: S-1-5-20, S-1-5-3, S-1-5-2, S-1-5-1, S-1-5-7, S-1-5-6, S-1-5-5, S-1-5-4, S-1-5-9, S-1-5-8, S-1-5-17, S-1-5-16, S-1-5-15, S-1-5-14, S-1-5-13, S-1-5-12, S-1-5-11, S-1-5-10, S-1-3, S-1-2, S-1-1, S-1-0, S-1-5-19, S-1-5-18 Trust direction: Trusting forest Trust type: Active Directory domain Trust status: Established and verified Then I started to see some differentiation from the documented output, so I started investigating. In particular, kvno -S cifs adserver.example.com didn't work. Eventually I turned off selinux and the firewall all together and rebooted. Now IPA doesn't start. When I look into it, this is what I see: [root at vmts-linuxidm ~]# sc | grep failed ? dirsrv at unix.co.org.au.service loaded failed failed 389 Directory Server unix.co.org.au. ? ipa.service loaded failed failed Identity, Policy, Audit ? kadmin.service loaded failed failed Kerberos 5 Password-changing and Administration ? kdump.service loaded failed failed Crash recovery kernel arming ? smb.service loaded failed failed Samba SMB Daemon >From the numerous logs and web pages I've read, I think this means: IPA doesn't start because samba fails to start. This is from jouirnalctl re samba: Missing mandatory attribute ipaNTSecurityIdentifier Cannot find SID of fallback group pdb backend ipasam:ldapi://%2fvar%2frun%2fslapd-UNIX-CO-ORG-AU.socket did not correctly init (error was NT_STATUS_INVALID_PARAMETER) Server ldap/vmts-linuxidm at UNIX.CO.ORG.AU not found in Kerberos database This is from the smb log: [2016/01/15 14:53:03, 0] ../source3/smbd/server.c:1241(main) smbd version 4.2.3 started. Copyright Andrew Tridgell and the Samba Team 1992-2014 [2016/01/15 14:53:03.538393, 0] ipa_sam.c:4208(bind_callback_cleanup) kerberos error: code=-1765328228, message=Cannot contact any KDC for realm 'UNIX.CO.ORG.AU' [2016/01/15 14:53:03.538500, 0] ../source3/lib/smbldap.c:998(smbldap_connect_system) failed to bind to server ldapi://%2fvar%2frun%2fslapd-UNIX-CO-ORG-AU.socket with dn="[Anonymous bind]" Error: Local error (unknown) Samba seems to be failing because LDAP (dirsrv) is failing and it can't connect, or because Kerberos isn't running. LDAP isn't running because Kerberos isn't running: krb5kdc: cannot initialize realm UNIX.CO.ORG.AU - see log file for details krb5kdc: Server error - while fetching master key K/M for realm UNIX.CO.ORG.AU So. It looks like samba and IPA won't start because Kerberus and LDAP won't start. It's hard to tell why they won't start, but it looks a little like Kerberos won't start because there aren't any values in LDAP, and LDAP won't start because Kerberos isn't started? This is from the /var/log/dirsrv/slapd-UNIX-CO-ORG-AU/errors file: SSL Initialization - Configured SSL version range: min: TLS1.0, max: TLS1.2 - 389-Directory/1.3.4.0 B2015.343.1254 starting up - WARNING: changelog: entry cache size 2097152B is less than db size 4259840B; We recommend to increase the entry cache size nsslapd-cachememsize. schema-compat-plugin - warning: no entries set up under cn=computers, cn=compat,dc=unix,dc=co,dc=org,dc=au schema-compat-plugin - warning: no entries set up under cn=ng, cn=compat,dc=unix,dc=co,dc=org,dc=au schema-compat-plugin - warning: no entries set up under ou=sudoers,dc=unix,dc=co,dc=org,dc=au NSACLPlugin - The ACL target cn=dns,dc=unix,dc=co,dc=org,dc=au does not exist NSACLPlugin - The ACL target cn=dns,dc=unix,dc=co,dc=org,dc=au does not exist NSACLPlugin - The ACL target cn=keys,cn=sec,cn=dns,dc=unix,dc=co,dc=org,dc=au does not exist NSACLPlugin - The ACL target cn=dns,dc=unix,dc=co,dc=org,dc=au does not exist NSACLPlugin - The ACL target cn=dns,dc=unix,dc=co,dc=org,dc=au does not exist NSACLPlugin - The ACL target cn=groups,cn=compat,dc=unix,dc=co,dc=org,dc=au does not exist NSACLPlugin - The ACL target cn=computers,cn=compat,dc=unix,dc=co,dc=org,dc=au does not exist NSACLPlugin - The ACL target cn=ng,cn=compat,dc=unix,dc=co,dc=org,dc=au does not exist NSACLPlugin - The ACL target ou=sudoers,dc=unix,dc=co,dc=org,dc=au does not exist NSACLPlugin - The ACL target cn=users,cn=compat,dc=unix,dc=co,dc=org,dc=au does not exist NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=unix,dc=co,dc=org,dc=au does not exist NSACLPlugin - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=unix,dc=co,dc=org,dc=au does not exist NSACLPlugin - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=unix,dc=co,dc=org,dc=au does not exist NSACLPlugin - The ACL target cn=automember rebuild membership,cn=tasks,cn=config does not exist I don't understand why it's looking for dns.unix.co.org.au - I wanted the upstream DNS to serve this domain as well? My brain hurts. I'm new to FreeIPA. Not to linux, and I have a passing knowledge of AD, SMB, LDAP, DNS. I think I'm further confused by so many new moving parts, and not seeing a clear way to solve any of the problems, or even which problem to start with. Can anyone point me in a direction with regards to what I've done wrong, what I might look at to fix this, or some documentation that steps through the installation of a FreeIPA server, set up as a one way trust, where all clients authenticate against AD? Cheers L. This email (including any attachments or links) may contain confidential and/or legally privileged information and is intended only to be read or used by the addressee. If you are not the intended addressee, any use, distribution, disclosure or copying of this email is strictly prohibited. Confidentiality and legal privilege attached to this email (including any attachments) are not waived or lost by reason of its mistaken delivery to you. If you have received this email in error, please delete it and notify us immediately by telephone or email. Peter MacCallum Cancer Centre provides no guarantee that this transmission is free of virus or that it has not been intercepted or altered and will not be liable for any delay in its receipt. From abokovoy at redhat.com Fri Jan 15 06:58:47 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Fri, 15 Jan 2016 08:58:47 +0200 Subject: [Freeipa-users] IPA wont start, all services fail In-Reply-To: <0137003026EBE54FBEC540C5600C03C432D414@PMC-EXMBX02.petermac.org.au> References: <0137003026EBE54FBEC540C5600C03C432D414@PMC-EXMBX02.petermac.org.au> Message-ID: <20160115065847.GC4316@redhat.com> On Fri, 15 Jan 2016, Simpson Lachlan wrote: >Hi > >I?m not 100% sure where I've gone wrong, but I obviously have. > >Running Centos 7.2, with FreeIPA 4.2.0 from the repos. > >FreeIPA was set up per instructions (# ipa-server-install ), and we could surf to the website and interact with it. > >I set up a second server, yum install -y ipa-client, and then joined with authconfig successfully and logged in. > >Our intention is to join an AD domain over which we have no control in a one way trust: co.org.au is trusted by unix.co.org.au. > >In order to do this, I followed the instructions on redhat's documentation " 5.3.3.1. Preparing the IdM Server for Trust" > >https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/creating-trusts.html#trust-set-up-idm > >I installed "*ipa-server-trust-ad" samba, ran the ipa-adtrust-install script successfully, confirmed DNS was properly configured, confirmed smbclient was properly configured, then created a trust agreement successfully (this time yesterday I was cheering). > >-------------------------------------------------------- >Added Active Directory trust for realm "co.org.au" >-------------------------------------------------------- > Realm name: co.org.au > Domain NetBIOS name: PMCI > Domain Security Identifier: S-1-5-21-55386287-1424373824-1154838474 > SID blacklist incoming: S-1-5-20, S-1-5-3, S-1-5-2, S-1-5-1, S-1-5-7, S-1-5-6, S-1-5-5, S-1-5-4, S-1-5-9, S-1-5-8, S-1-5-17, S-1-5-16, S-1-5-15, S-1-5-14, S-1-5-13, S-1-5-12, S-1-5-11, S-1-5-10, S-1-3, S-1-2, S-1-1, S-1-0, S-1-5-19, S-1-5-18 > SID blacklist outgoing: S-1-5-20, S-1-5-3, S-1-5-2, S-1-5-1, S-1-5-7, S-1-5-6, S-1-5-5, S-1-5-4, S-1-5-9, S-1-5-8, S-1-5-17, S-1-5-16, S-1-5-15, S-1-5-14, S-1-5-13, S-1-5-12, S-1-5-11, S-1-5-10, S-1-3, S-1-2, S-1-1, S-1-0, S-1-5-19, S-1-5-18 > Trust direction: Trusting forest > Trust type: Active Directory domain > Trust status: Established and verified > > > >Then I started to see some differentiation from the documented output, so I started investigating. In particular, kvno -S cifs adserver.example.com didn't work. > >Eventually I turned off selinux and the firewall all together and rebooted. > >Now IPA doesn't start. When I look into it, this is what I see: > > >[root at vmts-linuxidm ~]# sc | grep failed >? dirsrv at unix.co.org.au.service loaded failed failed 389 Directory Server unix.co.org.au. >? ipa.service loaded failed failed Identity, Policy, Audit >? kadmin.service loaded failed failed Kerberos 5 Password-changing and Administration >? kdump.service loaded failed failed Crash recovery kernel arming >? smb.service loaded failed failed Samba SMB Daemon > > >>From the numerous logs and web pages I've read, I think this means: > >IPA doesn't start because samba fails to start. > >This is from jouirnalctl re samba: > >Missing mandatory attribute ipaNTSecurityIdentifier >Cannot find SID of fallback group >pdb backend ipasam:ldapi://%2fvar%2frun%2fslapd-UNIX-CO-ORG-AU.socket did not correctly init (error was NT_STATUS_INVALID_PARAMETER) >Server ldap/vmts-linuxidm at UNIX.CO.ORG.AU not found in Kerberos database > > >This is from the smb log: > >[2016/01/15 14:53:03, 0] ../source3/smbd/server.c:1241(main) > smbd version 4.2.3 started. > Copyright Andrew Tridgell and the Samba Team 1992-2014 >[2016/01/15 14:53:03.538393, 0] ipa_sam.c:4208(bind_callback_cleanup) > kerberos error: code=-1765328228, message=Cannot contact any KDC for realm 'UNIX.CO.ORG.AU' >[2016/01/15 14:53:03.538500, 0] ../source3/lib/smbldap.c:998(smbldap_connect_system) > failed to bind to server ldapi://%2fvar%2frun%2fslapd-UNIX-CO-ORG-AU.socket with dn="[Anonymous bind]" Error: Local error > (unknown) > >Samba seems to be failing because LDAP (dirsrv) is failing and it can't connect, or because Kerberos isn't running. > >LDAP isn't running because Kerberos isn't running: > >krb5kdc: cannot initialize realm UNIX.CO.ORG.AU - see log file for details > >krb5kdc: Server error - while fetching master key K/M for realm UNIX.CO.ORG.AU > > >So. It looks like samba and IPA won't start because Kerberus and LDAP >won't start. > >It's hard to tell why they won't start, but it looks a little like >Kerberos won't start because there aren't any values in LDAP, and LDAP >won't start because Kerberos isn't started? No, LDAP server startup is not tied to Kerberos. It can perfectly start without that, as Kerberos in 389-ds is only needed for replication to happen. Samba is failing because it cannot get access to LDAP server using GSSAPI, that's right. KDC is failing because LDAP server is not available, that's right too. >This is from the /var/log/dirsrv/slapd-UNIX-CO-ORG-AU/errors file: > >SSL Initialization - Configured SSL version range: min: TLS1.0, max: TLS1.2 >- 389-Directory/1.3.4.0 B2015.343.1254 starting up >- WARNING: changelog: entry cache size 2097152B is less than db size 4259840B; We recommend to increase the entry cache size nsslapd-cachememsize. >schema-compat-plugin - warning: no entries set up under cn=computers, cn=compat,dc=unix,dc=co,dc=org,dc=au >schema-compat-plugin - warning: no entries set up under cn=ng, cn=compat,dc=unix,dc=co,dc=org,dc=au >schema-compat-plugin - warning: no entries set up under ou=sudoers,dc=unix,dc=co,dc=org,dc=au >NSACLPlugin - The ACL target cn=dns,dc=unix,dc=co,dc=org,dc=au does not exist >NSACLPlugin - The ACL target cn=dns,dc=unix,dc=co,dc=org,dc=au does not exist >NSACLPlugin - The ACL target cn=keys,cn=sec,cn=dns,dc=unix,dc=co,dc=org,dc=au does not exist >NSACLPlugin - The ACL target cn=dns,dc=unix,dc=co,dc=org,dc=au does not exist >NSACLPlugin - The ACL target cn=dns,dc=unix,dc=co,dc=org,dc=au does not exist >NSACLPlugin - The ACL target cn=groups,cn=compat,dc=unix,dc=co,dc=org,dc=au does not exist >NSACLPlugin - The ACL target cn=computers,cn=compat,dc=unix,dc=co,dc=org,dc=au does not exist >NSACLPlugin - The ACL target cn=ng,cn=compat,dc=unix,dc=co,dc=org,dc=au does not exist >NSACLPlugin - The ACL target ou=sudoers,dc=unix,dc=co,dc=org,dc=au does not exist >NSACLPlugin - The ACL target cn=users,cn=compat,dc=unix,dc=co,dc=org,dc=au does not exist >NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=unix,dc=co,dc=org,dc=au does not exist > >NSACLPlugin - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=unix,dc=co,dc=org,dc=au does not exist >NSACLPlugin - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=unix,dc=co,dc=org,dc=au does not exist >NSACLPlugin - The ACL target cn=automember rebuild membership,cn=tasks,cn=config does not exist > > >I don't understand why it's looking for dns.unix.co.org.au - I wanted >the upstream DNS to serve this domain as well? You may ignore ACL's plugin output as it just mentions that there are ACLs against entries which don't exist -- this is normal, because we still have ACLs in place for cn=dns,$SUFFIX even if you don't configure integrated DNS. These messages have nothing to do with your problem. None of the above is revealing an issue. Follow http://www.port389.org/docs/389ds/FAQ/faq.html#debugging-crashes to enable crashdumps for ns-slapd to see what happens in reality (check systemd-enabled systems' recipes). -- / Alexander Bokovoy From Nathan.Peters at globalrelay.net Fri Jan 15 07:32:09 2016 From: Nathan.Peters at globalrelay.net (Nathan Peters) Date: Fri, 15 Jan 2016 07:32:09 +0000 Subject: [Freeipa-users] Replication failing on FreeIPA 4.2.0 In-Reply-To: References: <5697B18E.2070809@redhat.com> Message-ID: I think I've finally started to make some progress on this. I did a lot of googling and found some stuff to run manually in 389 ds through ldapmodify commands to clean RUVs. During this process the server crashed and when it came back online, suddenly all my ghost RUVs were visible through ipa-replica-manage list-ruv. It was really strange, I had like 5 of them from winsync agreements that kept failing and needing re-initialization, and another 5 from my earlier re-installations of the 2 other domain controllers. I ran some more ruv cleanup commands through ldap and they all appear to be gone. I'm not sure how the crash suddenly made them visible though or why they had to be cleaned through ldapmodify directly and ipa-replica-manage could neither see nor clean them. Console logs below in case anyone can shed some light on it. I've re-installed the replicas again, and I'm hoping it doesn't crash in 12 hours like last time ... --- console output --- [root at dc1-ipa-dev-van slapd-mydomain-NET]# ipa-replica-manage del dc2-ipa-dev-nvan.mydomain.net --force --cleanup Connection to 'dc2-ipa-dev-nvan.mydomain.net' failed: Insufficient access: SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context Invalid credentials Forcing removal of dc2-ipa-dev-nvan.mydomain.net Skipping calculation to determine if one or more masters would be orphaned. Deleting replication agreements between dc2-ipa-dev-nvan.mydomain.net and dc1-ipa-dev-van.mydomain.net, dc1-ipa-dev-nvan.mydomain.net Failed to get list of agreements from 'dc2-ipa-dev-nvan.mydomain.net': Insufficient access: SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context Invalid credentials Forcing removal on 'dc1-ipa-dev-van.mydomain.net' Any DNA range on 'dc2-ipa-dev-nvan.mydomain.net' will be lost Deleted replication agreement from 'dc1-ipa-dev-van.mydomain.net' to 'dc2-ipa-dev-nvan.mydomain.net' Failed to determine agreement type for 'dc2-ipa-dev-nvan.mydomain.net': Insufficient access: SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context Invalid credentials There were issues removing a connection for dc2-ipa-dev-nvan.mydomain.net from dc1-ipa-dev-nvan.mydomain.net: local variable 'type1' referenced before assignment Background task created to clean replication data. This may take a while. This may be safely interrupted with Ctrl+C [root at dc1-ipa-dev-van slapd-mydomain-NET]# [root at dc2-ipa-dev-nvan slapd-mydomain-NET]# ipa-server-install --uninstall This is a NON REVERSIBLE operation and will delete all data and configuration! Are you sure you want to continue with the uninstall procedure? [no]: yes Replication agreements with the following IPA masters found: dc1-ipa-dev-van .mydomain.net. Removing any replication agreements before uninstalling the server is strongly recommended. You can remove replication agreements by running the following command on any other IPA master: $ ipa-replica-manage del dc2-ipa-dev-nvan.mydomain.net Are you sure you want to continue with the uninstall procedure? [no]: yes Shutting down all IPA services Removing IPA client configuration Unconfiguring ntpd Configuring certmonger to stop tracking system certificates for KRA Configuring certmonger to stop tracking system certificates for CA Unconfiguring CA Unconfiguring named Unconfiguring ipa-dnskeysyncd Unconfiguring web server Unconfiguring krb5kdc Unconfiguring kadmin Unconfiguring directory server ipa : ERROR Instance removal failed. ipa : ERROR Failed to remove DS instance. You may need to remove instance data manually Unconfiguring ipa_memcached Unconfiguring ipa-otpd [root at dc2-ipa-dev-nvan slapd-mydomain-NET]# [root at dc1-ipa-dev-van slapd-mydomain-NET]# ipa-csreplica-manage del dc2-ipa-dev-nvan.mydomain.net --force -v Directory Manager password: Unable to connect to replica dc2-ipa-dev-nvan.mydomain.net, forcing removal Failed to get data from 'dc2-ipa-dev-nvan.mydomain.net': cannot connect to 'ldap://dc2-ipa-dev-nvan.mydomain.net:389': Forcing removal on 'dc1-ipa-dev-van.mydomain.net' There were issues removing a connection: 'NoneType' object has no attribute 'port' [root at dc1-ipa-dev-van slapd-mydomain-NET]# ldapsearch -D "cn=directory manager" -W -b "o=ipaca" "(&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff))" nscpentrywsi Enter LDAP Password: # extended LDIF # # LDAPv3 # base with scope subtree # filter: (&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff)) # requesting: nscpentrywsi # # replica, o\3Dipaca, mapping tree, config dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config nscpentrywsi: dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config nscpentrywsi: objectClass: top nscpentrywsi: objectClass: nsDS5Replica nscpentrywsi: objectClass: extensibleobject nscpentrywsi: nsDS5ReplicaRoot: o=ipaca nscpentrywsi: nsDS5ReplicaType: 3 nscpentrywsi: nsDS5ReplicaBindDN: cn=Replication Manager masterAgreement1-dc1-ipa-dev-nvan.mydomain.net-pki-tomcat,ou=csusers,cn=config nscpentrywsi: nsDS5ReplicaBindDN: cn=Replication Manager masterAgreement1-dc2-ipa-dev-nvan.mydomain.net-pki-tomcat,ou=csusers,cn=config nscpentrywsi: cn: replica nscpentrywsi: nsDS5ReplicaId: 96 nscpentrywsi: nsDS5Flags: 1 nscpentrywsi: creatorsName: uid=pkidbuser,ou=people,o=ipaca nscpentrywsi: modifiersName: cn=Multimaster Replication Plugin,cn=plugins,cn=c onfig nscpentrywsi: createTimestamp: 20160114034427Z nscpentrywsi: modifyTimestamp: 20160115034515Z nscpentrywsi: nsState:: YAAAAAAAAAA3a5hWAAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAA == nscpentrywsi: nsDS5ReplicaName: 0c97968e-ba7111e5-b1f1cd78-f19552bb nscpentrywsi: numSubordinates: 1 nscpentrywsi: nsds50ruv: {replicageneration} 5697199b000000600000 nscpentrywsi: nsds50ruv: {replica 96 ldap://dc1-ipa-dev-van.mydomain.net:389} 569719a0000000600000 56986b35000000600000 nscpentrywsi: nsds50ruv: {replica 76 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56976b310000004c0000 56976b5c0002004c0000 nscpentrywsi: nsds50ruv: {replica 81 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 5697661a000000510000 56986b55000000510000 nscpentrywsi: nsds50ruv: {replica 86 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 569761d2000000560000 5697620b000500560000 nscpentrywsi: nsds50ruv: {replica 91 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 569738560000005b0000 569738790004005b0000 nscpentrywsi: nsds50ruv: {replica 97 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 569719a4000000610000 569719e6001100610000 nscpentrywsi: nsds5agmtmaxcsn: o=ipaca;masterAgreement1-dc1-ipa-dev-nvan.mydomain.net-pki-tomcat;dc1-ipa-dev-nvan.mydomain.net;389;81;56986b3 5000000600000 nscpentrywsi: nsruvReplicaLastModified: {replica 96 ldap://dc1-ipa-dev-van.mydomain.net:389} 56986b33 nscpentrywsi: nsruvReplicaLastModified: {replica 76 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56976b68 nscpentrywsi: nsruvReplicaLastModified: {replica 81 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 56986b54 nscpentrywsi: nsruvReplicaLastModified: {replica 86 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 56976208 nscpentrywsi: nsruvReplicaLastModified: {replica 91 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56973881 nscpentrywsi: nsruvReplicaLastModified: {replica 97 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 00000000 nscpentrywsi: nsds5ReplicaChangeCount: 1464 nscpentrywsi: nsds5replicareapactive: 0 # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 [root at dc1-ipa-dev-van slapd-mydomain-NET]# ipa-replica-manage list-ruv dc2-ipa-dev-nvan.mydomain.net:389: 10 dc1-ipa-dev-van.mydomain.net:389: 4 dc1-ipa-dev-nvan.mydomain.net:389: 9 [root at dc1-ipa-dev-van slapd-mydomain-NET]# ipa-replica-manage clean-ruv 10 Clean the Replication Update Vector for dc2-ipa-dev-nvan.mydomain.net:389 Cleaning the wrong replica ID will cause that server to no longer replicate so it may miss updates while the process is running. It would need to be re-initialized to maintain consistency. Be very careful. Continue to clean? [no]: yes Background task created to clean replication data. This may take a while. This may be safely interrupted with Ctrl+C Cleanup task created [root at dc1-ipa-dev-van slapd-mydomain-NET]# ipa-replica-manage list-ruv dc1-ipa-dev-van.mydomain.net:389: 4 dc1-ipa-dev-nvan.mydomain.net:389: 9 [root at dc1-ipa-dev-van slapd-mydomain-NET]# [root at dc1-ipa-dev-van slapd-mydomain-NET]# ldapsearch -D "cn=directory manager" -W -b "o=ipaca" "(&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff))" nscpentrywsi Enter LDAP Password: # extended LDIF # # LDAPv3 # base with scope subtree # filter: (&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff)) # requesting: nscpentrywsi # # replica, o\3Dipaca, mapping tree, config dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config nscpentrywsi: dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config nscpentrywsi: objectClass: top nscpentrywsi: objectClass: nsDS5Replica nscpentrywsi: objectClass: extensibleobject nscpentrywsi: nsDS5ReplicaRoot: o=ipaca nscpentrywsi: nsDS5ReplicaType: 3 nscpentrywsi: nsDS5ReplicaBindDN: cn=Replication Manager masterAgreement1-dc1-ipa-dev-nvan.mydomain.net-pki-tomcat,ou=csusers,cn=config nscpentrywsi: nsDS5ReplicaBindDN: cn=Replication Manager masterAgreement1-dc2-ipa-dev-nvan.mydomain.net-pki-tomcat,ou=csusers,cn=config nscpentrywsi: cn: replica nscpentrywsi: nsDS5ReplicaId: 96 nscpentrywsi: nsDS5Flags: 1 nscpentrywsi: creatorsName: uid=pkidbuser,ou=people,o=ipaca nscpentrywsi: modifiersName: cn=Multimaster Replication Plugin,cn=plugins,cn=c onfig nscpentrywsi: createTimestamp: 20160114034427Z nscpentrywsi: modifyTimestamp: 20160115034515Z nscpentrywsi: nsState:: YAAAAAAAAAA3a5hWAAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAA == nscpentrywsi: nsDS5ReplicaName: 0c97968e-ba7111e5-b1f1cd78-f19552bb nscpentrywsi: numSubordinates: 1 nscpentrywsi: nsds50ruv: {replicageneration} 5697199b000000600000 nscpentrywsi: nsds50ruv: {replica 96 ldap://dc1-ipa-dev-van.mydomain.net:389} 569719a0000000600000 56986b35000000600000 nscpentrywsi: nsds50ruv: {replica 76 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56976b310000004c0000 56976b5c0002004c0000 nscpentrywsi: nsds50ruv: {replica 81 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 5697661a000000510000 56986b55000000510000 nscpentrywsi: nsds50ruv: {replica 86 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 569761d2000000560000 5697620b000500560000 nscpentrywsi: nsds50ruv: {replica 91 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 569738560000005b0000 569738790004005b0000 nscpentrywsi: nsds50ruv: {replica 97 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 569719a4000000610000 569719e6001100610000 nscpentrywsi: nsds5agmtmaxcsn: o=ipaca;masterAgreement1-dc1-ipa-dev-nvan.mydomain.net-pki-tomcat;dc1-ipa-dev-nvan.mydomain.net;389;81;56986b3 5000000600000 nscpentrywsi: nsruvReplicaLastModified: {replica 96 ldap://dc1-ipa-dev-van.mydomain.net:389} 56986b33 nscpentrywsi: nsruvReplicaLastModified: {replica 76 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56976b68 nscpentrywsi: nsruvReplicaLastModified: {replica 81 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 56986b54 nscpentrywsi: nsruvReplicaLastModified: {replica 86 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 56976208 nscpentrywsi: nsruvReplicaLastModified: {replica 91 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56973881 nscpentrywsi: nsruvReplicaLastModified: {replica 97 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 00000000 nscpentrywsi: nsds5ReplicaChangeCount: 1464 nscpentrywsi: nsds5replicareapactive: 0 # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 [root at dc1-ipa-dev-van slapd-mydomain-NET]# [root at dc1-ipa-dev-van slapd-mydomain-NET]# ipa-replica-manage del dc1-ipa-dev-nvan.mydomain.net --force --cleanup Connection to 'dc1-ipa-dev-nvan.mydomain.net' failed: Insufficient access: SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context Invalid credentials Forcing removal of dc1-ipa-dev-nvan.mydomain.net Skipping calculation to determine if one or more masters would be orphaned. Deleting replication agreements between dc1-ipa-dev-nvan.mydomain.net and dc1-ipa-dev-van.mydomain.net Failed to get list of agreements from 'dc1-ipa-dev-nvan.mydomain.net': Insufficient access: SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context Invalid credentials Forcing removal on 'dc1-ipa-dev-van.mydomain.net' Any DNA range on 'dc1-ipa-dev-nvan.mydomain.net' will be lost Deleted replication agreement from 'dc1-ipa-dev-van.mydomain.net' to 'dc1-ipa-dev-nvan.mydomain.net' Background task created to clean replication data. This may take a while. This may be safely interrupted with Ctrl+C Failed to cleanup dc1-ipa-dev-nvan.mydomain.net entries: Operations error: You may need to manually remove them from the tree [root at dc1-ipa-dev-van slapd-mydomain-NET]# [root at dc1-ipa-dev-van slapd-mydomain-NET]# ipa-csreplica-manage del dc1-ipa-dev-nvan.mydomain.net --force Directory Manager password: Unable to connect to replica dc1-ipa-dev-nvan.mydomain.net, forcing removal Failed to get data from 'dc1-ipa-dev-nvan.mydomain.net': cannot connect to 'ldap://dc1-ipa-dev-nvan.mydomain.net:389': Forcing removal on 'dc1-ipa-dev-van.mydomain.net' There were issues removing a connection: 'NoneType' object has no attribute 'port' [root at dc1-ipa-dev-nvan slapd-mydomain-NET]# ipa-server-install --uninstall This is a NON REVERSIBLE operation and will delete all data and configuration! Are you sure you want to continue with the uninstall procedure? [no]: yes Replication agreements with the following IPA masters found: dc1-ipa-dev-van .mydomain.net. Removing any replication agreements before uninstalling the server is strongly recommended. You can remove replication agreements by running the following command on any other IPA master: $ ipa-replica-manage del dc1-ipa-dev-nvan.mydomain.net Are you sure you want to continue with the uninstall procedure? [no]: yes Shutting down all IPA services Removing IPA client configuration Unconfiguring ntpd Configuring certmonger to stop tracking system certificates for KRA Configuring certmonger to stop tracking system certificates for CA Unconfiguring CA Unconfiguring named Unconfiguring ipa-dnskeysyncd Unconfiguring web server ipa : ERROR Command ''/bin/systemctl' 'restart' 'httpd.service'' returned non-zero exit status 1 [root at dc1-ipa-dev-nvan slapd-mydomain-NET]# ipa-server-install --uninstall This is a NON REVERSIBLE operation and will delete all data and configuration! Are you sure you want to continue with the uninstall procedure? [no]: yes WARNING: Failed to connect to Directory Server to find information about replication agreements. Uninstallation will continue despite the possible existing replication agreements. Shutting down all IPA services Removing IPA client configuration Configuring certmonger to stop tracking system certificates for KRA Configuring certmonger to stop tracking system certificates for CA Unconfiguring krb5kdc Unconfiguring kadmin Unconfiguring directory server ipa : ERROR Instance removal failed. ipa : ERROR Failed to remove DS instance. You may need to remove instance data manually Unconfiguring ipa_memcached Unconfiguring ipa-otpd [root at dc1-ipa-dev-nvan slapd-mydomain-NET]# ipa-server-install --uninstall This is a NON REVERSIBLE operation and will delete all data and configuration! Are you sure you want to continue with the uninstall procedure? [no]: yes WARNING: Failed to connect to Directory Server to find information about replication agreements. Uninstallation will continue despite the possible existing replication agreements. Shutting down all IPA services Removing IPA client configuration Configuring certmonger to stop tracking system certificates for KRA Configuring certmonger to stop tracking system certificates for CA [root at dc1-ipa-dev-nvan slapd-mydomain-NET]# [root at dc2-ipa-dev-nvan slapd-mydomain-NET]# ipa-server-install --uninstall This is a NON REVERSIBLE operation and will delete all data and configuration! Are you sure you want to continue with the uninstall procedure? [no]: yes Replication agreements with the following IPA masters found: dc1-ipa-dev-van .mydomain.net. Removing any replication agreements before uninstalling the server is strongly recommended. You can remove replication agreements by running the following command on any other IPA master: $ ipa-replica-manage del dc2-ipa-dev-nvan.mydomain.net Are you sure you want to continue with the uninstall procedure? [no]: yes Shutting down all IPA services Removing IPA client configuration Unconfiguring ntpd Configuring certmonger to stop tracking system certificates for KRA Configuring certmonger to stop tracking system certificates for CA Unconfiguring CA Unconfiguring named Unconfiguring ipa-dnskeysyncd Unconfiguring web server Unconfiguring krb5kdc Unconfiguring kadmin Unconfiguring directory server ipa : ERROR Instance removal failed. ipa : ERROR Failed to remove DS instance. You may need to remove instance data manually Unconfiguring ipa_memcached Unconfiguring ipa-otpd [root at dc2-ipa-dev-nvan slapd-mydomain-NET]# ipa-server-install --uninstall This is a NON REVERSIBLE operation and will delete all data and configuration! Are you sure you want to continue with the uninstall procedure? [no]: yes WARNING: Failed to connect to Directory Server to find information about replication agreements. Uninstallation will continue despite the possible existing replication agreements. Shutting down all IPA services Removing IPA client configuration Configuring certmonger to stop tracking system certificates for KRA Configuring certmonger to stop tracking system certificates for CA [root at dc2-ipa-dev-nvan slapd-mydomain-NET]# [root at dc1-ipa-dev-van slapd-mydomain-NET]# ipa-replica-manage clean-all-ruv Usage: ipa-replica-manage [options] ipa-replica-manage: error: must provide a command [clean-ruv | dnarange-set | list-ruv | dnarange-show | connect | force-sync | list-clean-ruv | disconnect | list | dnanextrange-set | dnanextrange-show | del | re-initialize | abort-clean-ruv] [root at dc1-ipa-dev-van slapd-mydomain-NET]# ipa-replica-manage clean-ruv 9 Clean the Replication Update Vector for dc1-ipa-dev-nvan.mydomain.net:389 Cleaning the wrong replica ID will cause that server to no longer replicate so it may miss updates while the process is running. It would need to be re-initialized to maintain consistency. Be very careful. Continue to clean? [no]: yes Background task created to clean replication data. This may take a while. This may be safely interrupted with Ctrl+C Cleanup task created [root at dc1-ipa-dev-van slapd-mydomain-NET]# ipa-replica-manage list-ruv unexpected error: Insufficient access: SASL(-14): authorization failure: Invalid credentials [root at dc1-ipa-dev-van slapd-mydomain-NET]# kdestroy [root at dc1-ipa-dev-van slapd-mydomain-NET]# kinit nathan.peters Password for nathan.peters at mydomain.NET: [root at dc1-ipa-dev-van slapd-mydomain-NET]# ipa-replica-manage list-ruv dc1-ipa-dev-van.mydomain.net:389: 4 [root at dc1-ipa-dev-van slapd-mydomain-NET]# [root at dc1-ipa-dev-van slapd-mydomain-NET]# ldapsearch -D "cn=directory manager" -W -b "o=ipaca" "(&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff))" nscpentrywsi Enter LDAP Password: # extended LDIF # # LDAPv3 # base with scope subtree # filter: (&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff)) # requesting: nscpentrywsi # # replica, o\3Dipaca, mapping tree, config dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config nscpentrywsi: dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config nscpentrywsi: objectClass: top nscpentrywsi: objectClass: nsDS5Replica nscpentrywsi: objectClass: extensibleobject nscpentrywsi: nsDS5ReplicaRoot: o=ipaca nscpentrywsi: nsDS5ReplicaType: 3 nscpentrywsi: nsDS5ReplicaBindDN: cn=Replication Manager masterAgreement1-dc1-ipa-dev-nvan.mydomain.net-pki-tomcat,ou=csusers,cn=config nscpentrywsi: nsDS5ReplicaBindDN: cn=Replication Manager masterAgreement1-dc2-ipa-dev-nvan.mydomain.net-pki-tomcat,ou=csusers,cn=config nscpentrywsi: cn: replica nscpentrywsi: nsDS5ReplicaId: 96 nscpentrywsi: nsDS5Flags: 1 nscpentrywsi: creatorsName: uid=pkidbuser,ou=people,o=ipaca nscpentrywsi: modifiersName: cn=Multimaster Replication Plugin,cn=plugins,cn=c onfig nscpentrywsi: createTimestamp: 20160114034427Z nscpentrywsi: modifyTimestamp: 20160115040015Z nscpentrywsi: nsState:: YAAAAAAAAAC3bphWAAAAAAAAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA == nscpentrywsi: nsDS5ReplicaName: 0c97968e-ba7111e5-b1f1cd78-f19552bb nscpentrywsi: nsds50ruv: {replicageneration} 5697199b000000600000 nscpentrywsi: nsds50ruv: {replica 96 ldap://dc1-ipa-dev-van.mydomain.net:389} 569719a0000000600000 56986eb9000000600000 nscpentrywsi: nsds50ruv: {replica 76 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56976b310000004c0000 56976b5c0002004c0000 nscpentrywsi: nsds50ruv: {replica 81 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 5697661a000000510000 56986b55000000510000 nscpentrywsi: nsds50ruv: {replica 86 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 569761d2000000560000 5697620b000500560000 nscpentrywsi: nsds50ruv: {replica 91 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 569738560000005b0000 569738790004005b0000 nscpentrywsi: nsds50ruv: {replica 97 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 569719a4000000610000 569719e6001100610000 nscpentrywsi: nsruvReplicaLastModified: {replica 96 ldap://dc1-ipa-dev-van.mydomain.net:389} 56986eb7 nscpentrywsi: nsruvReplicaLastModified: {replica 76 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56976b68 nscpentrywsi: nsruvReplicaLastModified: {replica 81 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 56986b54 nscpentrywsi: nsruvReplicaLastModified: {replica 86 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 56976208 nscpentrywsi: nsruvReplicaLastModified: {replica 91 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56973881 nscpentrywsi: nsruvReplicaLastModified: {replica 97 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 00000000 nscpentrywsi: nsds5ReplicaChangeCount: 1465 nscpentrywsi: nsds5replicareapactive: 0 # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 [root at dc1-ipa-dev-van slapd-mydomain-NET]# dn: cn=clean 76, cn=cleanallruv, cn=tasks, cn=config objectclass: extensibleObject replica-base-dn: dc=dev-mydomain,dc=net replica-id: 76 replica-force-cleaning: yes cn: clean 76 ldapmodify -x -D "cn=directory manager" -W < sending_updates [15/Jan/2016:05:21:46 +0000] - csngen_adjust_time: gen state before 569882e20004:1452835306:0:248 [15/Jan/2016:05:21:46 +0000] - csngen_adjust_time: gen state after 569882e20004:1452835306:0:248 [15/Jan/2016:05:21:46 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7ffa5b17b8f0 for database /var/lib/dirsrv/slapd-DEV-mydomain-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [15/Jan/2016:05:21:46 +0000] - _cl5PositionCursorForReplay (agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389)): Consumer RUV: [15/Jan/2016:05:21:46 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389): {replicageneration} 553fe9bb000000040000 [15/Jan/2016:05:21:46 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389): {replica 4 ldap://dc1-ipa-dev-van.dev-mydomain.net:389} 553fe9c9000000040000 569882e2000000040000 569881ea [15/Jan/2016:05:21:46 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389): {replica 3 ldap://dc1-ipa-dev-nvan.dev-mydomain.net:389} 553fe9c4000000030000 5696f872000300030000 00000000 [15/Jan/2016:05:21:46 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389): {replica 5} 56921205000100050000 56972b38000500050000 5698802b [15/Jan/2016:05:21:46 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389): {replica 6} 56971a3b000000060000 56974fcf000400060000 56988036 [15/Jan/2016:05:21:46 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389): {replica 7} 569738e8000200070000 56975902000100070000 5698803b [15/Jan/2016:05:21:46 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389): {replica 8} 56976262000000080000 5697639a000000080000 56988049 [15/Jan/2016:05:21:46 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389): {replica 9} 569766ae000000090000 56986c8f000000090000 5698808b [15/Jan/2016:05:21:46 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389): {replica 10} 56976bc60000000a0000 5698139b0002000a0000 5698807a [15/Jan/2016:05:21:46 +0000] - _cl5PositionCursorForReplay (agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389)): Supplier RUV: [15/Jan/2016:05:21:46 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389): {replicageneration} 553fe9bb000000040000 [15/Jan/2016:05:21:46 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389): {replica 4 ldap://dc1-ipa-dev-van.dev-mydomain.net:389} 553fe9c9000000040000 569882e2000200040000 569881ea [15/Jan/2016:05:21:46 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389): {replica 3} 56846eee000300030000 56846eee000300030000 5698802a [15/Jan/2016:05:21:46 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389): {replica 5} 56972b38000500050000 56972b38000500050000 5698802a [15/Jan/2016:05:21:46 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389): {replica 6} 56974fcf000400060000 56974fcf000400060000 5698802a [15/Jan/2016:05:21:46 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389): {replica 7} 56975902000100070000 56975902000100070000 5698802a [15/Jan/2016:05:21:46 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389): {replica 8} 5697639a000000080000 5697639a000000080000 5698802a [15/Jan/2016:05:21:46 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389): {replica 9} 56986c8f000000090000 56986c8f000000090000 5698802a [15/Jan/2016:05:21:46 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389): {replica 10} 5698139b0002000a0000 5698139b0002000a0000 5698802a [15/Jan/2016:05:21:46 +0000] agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389) - clcache_get_buffer: found thread private buffer cache 7ffa2c0746a0 [15/Jan/2016:05:21:46 +0000] agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389) - clcache_get_buffer: _pool is 7ffa5b425660 _pool->pl_busy_lists is 7ffa2c075c30 _pool->pl_busy_lists->bl_buffers is 7ffa2c0746a0 [15/Jan/2016:05:21:46 +0000] agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389) - session start: anchorcsn=569882e2000000040000 [15/Jan/2016:05:21:46 +0000] NSMMReplicationPlugin - changelog program - agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389): CSN 569882e2000000040000 found, position set for replay [15/Jan/2016:05:21:46 +0000] agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389) - load=1 rec=1 csn=569882e2000200040000 [15/Jan/2016:05:21:46 +0000] agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389) - clcache_load_buffer: rc=-30988 [15/Jan/2016:05:21:46 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389): No more updates to send (cl5GetNextOperationToReplay) [15/Jan/2016:05:21:46 +0000] agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389) - session end: state=5 load=1 sent=1 skipped=0 skipped_new_rid=0 skipped_csn_gt_cons_maxcsn=0 skipped_up_to_date=0 skipped_csn_gt_ruv=0 skipped_csn_covered=0 [15/Jan/2016:05:21:46 +0000] - Calling dirsync search request plugin [15/Jan/2016:05:21:46 +0000] - Sending dirsync search request [15/Jan/2016:05:21:46 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389): Beginning linger on the connection [15/Jan/2016:05:21:46 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389): State: sending_updates -> wait_for_changes [15/Jan/2016:05:21:47 +0000] - _csngen_adjust_local_time: gen state before 569882e20004:1452835306:0:248 [15/Jan/2016:05:21:47 +0000] - _csngen_adjust_local_time: gen state after 569882e30000:1452835307:0:248 [15/Jan/2016:05:21:47 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569882e3000000040000 into pending list [15/Jan/2016:05:21:47 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=zk1-msg-mbsnap1-nva.dev-mydomain.net,cn=computers,cn=accounts,dc=dev-mydomain,dc=net up to CSN 568f4862000200040000 [15/Jan/2016:05:21:47 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7ffa5b17b8f0 for database /var/lib/dirsrv/slapd-DEV-mydomain-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [15/Jan/2016:05:21:47 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7ffa5b17b8f0 for database /var/lib/dirsrv/slapd-DEV-mydomain-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db [15/Jan/2016:05:21:47 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569882e3000000040000 [15/Jan/2016:05:21:47 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389): State: wait_for_changes -> wait_for_changes [15/Jan/2016:05:21:47 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389): State: wait_for_changes -> ready_to_acquire_replica [15/Jan/2016:05:21:47 +0000] - acquire_replica, supplier RUV: [15/Jan/2016:05:21:47 +0000] NSMMReplicationPlugin - supplier: {replicageneration} 553fe9bb000000040000 [15/Jan/2016:05:21:47 +0000] NSMMReplicationPlugin - supplier: {replica 4 ldap://dc1-ipa-dev-van.dev-mydomain.net:389} 553fe9c9000000040000 569882e3000000040000 569881eb [15/Jan/2016:05:21:47 +0000] NSMMReplicationPlugin - supplier: {replica 3} 56846eee000300030000 56846eee000300030000 5698802a [15/Jan/2016:05:21:47 +0000] NSMMReplicationPlugin - supplier: {replica 5} 56972b38000500050000 56972b38000500050000 5698802a [15/Jan/2016:05:21:47 +0000] NSMMReplicationPlugin - supplier: {replica 6} 56974fcf000400060000 56974fcf000400060000 5698802a [15/Jan/2016:05:21:47 +0000] NSMMReplicationPlugin - supplier: {replica 7} 56975902000100070000 56975902000100070000 5698802a [15/Jan/2016:05:21:47 +0000] NSMMReplicationPlugin - supplier: {replica 8} 5697639a000000080000 5697639a000000080000 5698802a [15/Jan/2016:05:21:47 +0000] NSMMReplicationPlugin - supplier: {replica 9} 56986c8f000000090000 56986c8f000000090000 5698802a [15/Jan/2016:05:21:47 +0000] NSMMReplicationPlugin - supplier: {replica 10} 5698139b0002000a0000 5698139b0002000a0000 5698802a [15/Jan/2016:05:21:47 +0000] - acquire_replica, consumer RUV: [15/Jan/2016:05:21:47 +0000] NSMMReplicationPlugin - consumer: {replicageneration} 553fe9bb000000040000 [15/Jan/2016:05:21:47 +0000] NSMMReplicationPlugin - consumer: {replica 4 ldap://dc1-ipa-dev-van.dev-mydomain.net:389} 553fe9c9000000040000 569882e2000200040000 569881ea [15/Jan/2016:05:21:47 +0000] NSMMReplicationPlugin - consumer: {replica 3 ldap://dc1-ipa-dev-nvan.dev-mydomain.net:389} 553fe9c4000000030000 5696f872000300030000 00000000 [15/Jan/2016:05:21:47 +0000] NSMMReplicationPlugin - consumer: {replica 5} 56921205000100050000 56972b38000500050000 5698802b ^C [root at dc1-ipa-dev-van slapd-DEV-mydomain-NET]# ipa-replica-manage list-ruv unable to decode: {replica 7} 56975902000100070000 56975902000100070000 unable to decode: {replica 10} 5698139b0002000a0000 5698139b0002000a0000 unable to decode: {replica 5} 56972b38000500050000 56972b38000500050000 unable to decode: {replica 8} 5697639a000000080000 5697639a000000080000 unable to decode: {replica 6} 56974fcf000400060000 56974fcf000400060000 unable to decode: {replica 3} 56846eee000300030000 56846eee000300030000 unable to decode: {replica 9} 56986c8f000000090000 56986c8f000000090000 dc1-ipa-dev-van.dev-mydomain.net:389: 4 [root at dc1-ipa-dev-van slapd-DEV-mydomain-NET]# ipa-replica-manage clean-ruv 7 unable to decode: {replica 7} 56975902000100070000 56975902000100070000 unable to decode: {replica 10} 5698139b0002000a0000 5698139b0002000a0000 unable to decode: {replica 5} 56972b38000500050000 56972b38000500050000 unable to decode: {replica 8} 5697639a000000080000 5697639a000000080000 unable to decode: {replica 6} 56974fcf000400060000 56974fcf000400060000 unable to decode: {replica 3} 56846eee000300030000 56846eee000300030000 unable to decode: {replica 9} 56986c8f000000090000 56986c8f000000090000 Replica ID 7 not found [root at dc1-ipa-dev-van slapd-DEV-mydomain-NET]# ipa-replica-manage list-ruv unable to decode: {replica 7} 56975902000100070000 56975902000100070000 unable to decode: {replica 10} 5698139b0002000a0000 5698139b0002000a0000 unable to decode: {replica 5} 56972b38000500050000 56972b38000500050000 unable to decode: {replica 8} 5697639a000000080000 5697639a000000080000 unable to decode: {replica 6} 56974fcf000400060000 56974fcf000400060000 unable to decode: {replica 3} 56846eee000300030000 56846eee000300030000 unable to decode: {replica 9} 56986c8f000000090000 56986c8f000000090000 dc1-ipa-dev-van.dev-mydomain.net:389: 4 [root at dc1-ipa-dev-van slapd-DEV-mydomain-NET]# ldapmodify -D "cn=directory manager" -W -a Enter LDAP Password: ldap_bind: Invalid credentials (49) [root at dc1-ipa-dev-van slapd-DEV-mydomain-NET]# objectclass: extensibleObject -bash: objectclass:: command not found [root at dc1-ipa-dev-van slapd-DEV-mydomain-NET]# replica-base-dn: dc=dev-mydomain,dc=net -bash: replica-base-dn:: command not found [root at dc1-ipa-dev-van slapd-DEV-mydomain-NET]# replica-id: 7 -bash: replica-id:: command not found [root at dc1-ipa-dev-van slapd-DEV-mydomain-NET]# cn: clean 7MZKXswIqn3arBMw1xzLl -bash: cn:: command not found [root at dc1-ipa-dev-van slapd-DEV-mydomain-NET]# ldapmodify -D "cn=directory manager" -W -a Enter LDAP Password: dn: cn=clean 7, cn=cleanallruv, cn=tasks, cn=config objectclass: extensibleObject replica-base-dn: dc=dev-mydomain,dc=net replica-id: 7 cn: clean 7 adding new entry "cn=clean 7, cn=cleanallruv, cn=tasks, cn=config" [root at dc1-ipa-dev-van slapd-DEV-mydomain-NET]# ipa-replica-manage list-ruv unable to decode: {replica 5} 56972b38000500050000 56972b38000500050000 unable to decode: {replica 8} 5697639a000000080000 5697639a000000080000 unable to decode: {replica 6} 56974fcf000400060000 56974fcf000400060000 unable to decode: {replica 3} 56846eee000300030000 56846eee000300030000 unable to decode: {replica 9} 56986c8f000000090000 56986c8f000000090000 unable to decode: {replica 10} 5698139b0002000a0000 5698139b0002000a0000 dc1-ipa-dev-van.dev-mydomain.net:389: 4 [root at dc1-ipa-dev-van slapd-DEV-mydomain-NET]# ldapmodify -D "cn=directory manager" -W -a Enter LDAP Password: dn: cn=clean 5, cn=cleanallruv, cn=tasks, cn=config objectclass: extensibleObject replica-base-dn: dc=dev-mydomain,dc=net replica-id: 5 cn: clean 5 adding new entry "cn=clean 5, cn=cleanallruv, cn=tasks, cn=config" dn: cn=clean 8, cn=cleanallruv, cn=tasks, cn=config objectclass: extensibleObject replica-base-dn: dc=dev-mydomain,dc=net replica-id: 8 cn: clean 8 adding new entry "cn=clean 8, cn=cleanallruv, cn=tasks, cn=config" dn: cn=clean 6, cn=cleanallruv, cn=tasks, cn=config objectclass: extensibleObject replica-base-dn: dc=dev-mydomain,dc=net replica-id: 6 cn: clean 6 adding new entry "cn=clean 6, cn=cleanallruv, cn=tasks, cn=config" dn: cn=clean 3, cn=cleanallruv, cn=tasks, cn=config objectclass: extensibleObject replica-base-dn: dc=dev-mydomain,dc=net replica-id: 3 cn: clean 3 adding new entry "cn=clean 3, cn=cleanallruv, cn=tasks, cn=config" dn: cn=clean 9, cn=cleanallruv, cn=tasks, cn=config objectclass: extensibleObject replica-base-dn: dc=dev-mydomain,dc=net replica-id: 9 cn: clean 9 adding new entry "cn=clean 9, cn=cleanallruv, cn=tasks, cn=config" dn: cn=clean 10, cn=cleanallruv, cn=tasks, cn=config objectclass: extensibleObject replica-base-dn: dc=dev-mydomain,dc=net replica-id: 10 cn: clean 10 [root at dc1-ipa-dev-van slapd-DEV-mydomain-NET]# ldapsearch -D "cn=directory manager" -W -b "o=ipaca" "(&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff))" nscpentrywsi Enter LDAP Password: # extended LDIF # # LDAPv3 # base with scope subtree # filter: (&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff)) # requesting: nscpentrywsi # # replica, o\3Dipaca, mapping tree, config dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config nscpentrywsi: dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config nscpentrywsi: objectClass: top nscpentrywsi: objectClass: nsDS5Replica nscpentrywsi: objectClass: extensibleobject nscpentrywsi: nsDS5ReplicaRoot: o=ipaca nscpentrywsi: nsDS5ReplicaType: 3 nscpentrywsi: nsDS5ReplicaBindDN: cn=Replication Manager masterAgreement1-dc1- ipa-dev-nvan.dev-mydomain.net-pki-tomcat,ou=csusers,cn=config nscpentrywsi: nsDS5ReplicaBindDN: cn=Replication Manager masterAgreement1-dc2- ipa-dev-nvan.dev-mydomain.net-pki-tomcat,ou=csusers,cn=config nscpentrywsi: cn: replica nscpentrywsi: nsDS5ReplicaId: 96 nscpentrywsi: nsDS5Flags: 1 nscpentrywsi: creatorsName: uid=pkidbuser,ou=people,o=ipaca nscpentrywsi: modifiersName: cn=Multimaster Replication Plugin,cn=plugins,cn=c onfig nscpentrywsi: createTimestamp: 20160114034427Z nscpentrywsi: modifyTimestamp: 20160115060020Z nscpentrywsi: nsState:: YAAAAAAAAADXiphWAAAAAAAAAAAAAAAAAgAAAAAAAAABAAAAAAAAAA == nscpentrywsi: nsDS5ReplicaName: 0c97968e-ba7111e5-b1f1cd78-f19552bb nscpentrywsi: nsds50ruv: {replicageneration} 5697199b000000600000 nscpentrywsi: nsds50ruv: {replica 96 ldap://dc1-ipa-dev-van.dev-mydomain.ne t:389} 569719a0000000600000 56988ad9000000600000 nscpentrywsi: nsds50ruv: {replica 97 ldap://dc1-ipa-dev-nvan.dev-mydomain.n et:389} 569719a4000000610000 569719e6001100610000 nscpentrywsi: nsds50ruv: {replica 91} 569738790004005b0000 569738790004005b000 0 nscpentrywsi: nsds50ruv: {replica 86} 5697620b000500560000 5697620b00050056000 0 nscpentrywsi: nsruvReplicaLastModified: {replica 96 ldap://dc1-ipa-dev-van.dev -mydomain.net:389} 56988ad7 nscpentrywsi: nsruvReplicaLastModified: {replica 97 ldap://dc1-ipa-dev-nvan.de v-mydomain.net:389} 00000000 nscpentrywsi: nsruvReplicaLastModified: {replica 91} 5698802a nscpentrywsi: nsruvReplicaLastModified: {replica 86} 5698802a nscpentrywsi: nsds5ReplicaChangeCount: 908 nscpentrywsi: nsds5replicareapactive: 0 # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 [root at dc1-ipa-dev-van slapd-DEV-mydomain-NET]# ldapmodify -x -D "cn=directory manager" -W < with scope subtree # filter: (&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff)) # requesting: nscpentrywsi # # replica, o\3Dipaca, mapping tree, config dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config nscpentrywsi: dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config nscpentrywsi: objectClass: top nscpentrywsi: objectClass: nsDS5Replica nscpentrywsi: objectClass: extensibleobject nscpentrywsi: nsDS5ReplicaRoot: o=ipaca nscpentrywsi: nsDS5ReplicaType: 3 nscpentrywsi: nsDS5ReplicaBindDN: cn=Replication Manager masterAgreement1-dc1- ipa-dev-nvan.dev-mydomain.net-pki-tomcat,ou=csusers,cn=config nscpentrywsi: nsDS5ReplicaBindDN: cn=Replication Manager masterAgreement1-dc2- ipa-dev-nvan.dev-mydomain.net-pki-tomcat,ou=csusers,cn=config nscpentrywsi: cn: replica nscpentrywsi: nsDS5ReplicaId: 96 nscpentrywsi: nsDS5Flags: 1 nscpentrywsi: creatorsName: uid=pkidbuser,ou=people,o=ipaca nscpentrywsi: modifiersName: cn=Multimaster Replication Plugin,cn=plugins,cn=c onfig nscpentrywsi: createTimestamp: 20160114034427Z nscpentrywsi: modifyTimestamp: 20160115061052Z nscpentrywsi: nsState:: YAAAAAAAAADXiphWAAAAAAAAAAAAAAAAAgAAAAAAAAABAAAAAAAAAA == nscpentrywsi: nsDS5ReplicaName: 0c97968e-ba7111e5-b1f1cd78-f19552bb nscpentrywsi: nsds50ruv: {replicageneration} 5697199b000000600000 nscpentrywsi: nsds50ruv: {replica 96 ldap://dc1-ipa-dev-van.dev-mydomain.ne t:389} 569719a0000000600000 56988ad9000000600000 nscpentrywsi: nsds50ruv: {replica 97 ldap://dc1-ipa-dev-nvan.dev-mydomain.n et:389} 569719a4000000610000 569719e6001100610000 nscpentrywsi: nsruvReplicaLastModified: {replica 96 ldap://dc1-ipa-dev-van.dev -mydomain.net:389} 56988ad7 nscpentrywsi: nsruvReplicaLastModified: {replica 97 ldap://dc1-ipa-dev-nvan.de v-mydomain.net:389} 00000000 nscpentrywsi: nsds5ReplicaChangeCount: 430 nscpentrywsi: nsds5replicareapactive: 0 # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 [root at dc1-ipa-dev-van slapd-DEV-mydomain-NET]# ldapsearch -xLLL -D "cn=directory manager" -W -b dc=dev-mydomain,dc=net \ '(&(nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff)(objectclass=nstombstone))' ldapmodify -D "cn=directory manager" -W -a dn: cn=clean 7, cn=cleanallruv, cn=tasks, cn=config objectclass: extensibleObject replica-base-dn: dc=dev-mydomain,dc=net replica-id: 7 cn: clean 7 ldapmodify -D "cn=directory manager" -W -a dn: cn=clean 5, cn=cleanallruv, cn=tasks, cn=config objectclass: extensibleObject replica-base-dn: dc=dev-mydomain,dc=net replica-id: 5 cn: clean 5 dn: cn=clean 8, cn=cleanallruv, cn=tasks, cn=config objectclass: extensibleObject replica-base-dn: dc=dev-mydomain,dc=net replica-id: 8 cn: clean 8 dn: cn=clean 6, cn=cleanallruv, cn=tasks, cn=config objectclass: extensibleObject replica-base-dn: dc=dev-mydomain,dc=net replica-id: 6 cn: clean 6 dn: cn=clean 3, cn=cleanallruv, cn=tasks, cn=config objectclass: extensibleObject replica-base-dn: dc=dev-mydomain,dc=net replica-id: 3 cn: clean 3 dn: cn=clean 9, cn=cleanallruv, cn=tasks, cn=config objectclass: extensibleObject replica-base-dn: dc=dev-mydomain,dc=net replica-id: 9 cn: clean 9 dn: cn=clean 10, cn=cleanallruv, cn=tasks, cn=config objectclass: extensibleObject replica-base-dn: dc=dev-mydomain,dc=net replica-id: 10 cn: clean 10 dn: cn=clean 86, cn=cleanallruv, cn=tasks, cn=config objectclass: extensibleObject replica-base-dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config replica-id: 86 cn: clean 86 -----Original Message----- From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Nathan Peters Sent: January-14-16 8:25 PM To: Rob Crittenden; Ludwig Krispenz; freeipa-users at redhat.com Subject: Re: [Freeipa-users] Replication failing on FreeIPA 4.2.0 And the saga continues... In my latest round of trying to fix this, I've attempted to remove the replicas again, this time ensuring to use the --force and --cleanup flags to try to remove the data. As you can see from the output below, it seems like every possible error that could happen did. Some examples : Ruvs needed to be manually cleaned. Ldapsearch reveals that nothing at all has been deleted in the ruv section, and I still have 6 duplicates somehow ipa : ERROR Instance removal failed. ipa : ERROR Failed to remove DS instance. You may need to remove instance data manually SASL failures while removing or trying to get replication agreements At this point I think I may need to manually clean all the old data, but I'm not even sure where to start. Also... When dc1 is alone with no replicas, why does he have a ruv for himself... does he need one ? And... isn't there supposed to be some kind of clean-all-ruv task or is that not in 4.2.0 but only a later version ? From pspacek at redhat.com Fri Jan 15 07:33:42 2016 From: pspacek at redhat.com (Petr Spacek) Date: Fri, 15 Jan 2016 08:33:42 +0100 Subject: [Freeipa-users] FreeIPA Replica / HA Issues In-Reply-To: References: <5696FB70.1090205@redhat.com> <569748EB.6040900@redhat.com> Message-ID: <5698A0D6.70706@redhat.com> Hello, On 15.1.2016 02:59, Jeff Hallyburton wrote: > Petr, > > Thanks for the info. This is in fact probably what's happening in our > case. That said, is there any supported way of manually setting up > failover at this time? Is it hard, or simply impossible? The supported (and cleanest) way is to add SRV records to the domain equal to Kerberos realm. Technically nothing prevents you from doing so even post-install. All other configurations are non-standard, depend heavily on client, and may blow up in some situations. If you are using SSSD, try to set dns_discovery_domain option in sssd.conf to the domain name which holds all SRV records. It should help, but again, all other clients may blow up occasionally. Petr Spacek @ Red Hat > On Thu, Jan 14, 2016 at 2:06 AM, Petr Spacek wrote: > >> Hello, >> >> >> this log is weird: >> >> On 14.1.2016 03:02, Jeff Hallyburton wrote: >>>> 2016-01-14T00:45:35Z DEBUG [IPA Discovery] >>>> 2016-01-14T00:45:35Z DEBUG Starting IPA discovery with domain= >> west-2.production.example.com, servers=None, hostname= >> test.west-2.production.example.com >>>> 2016-01-14T00:45:35Z DEBUG Search for LDAP SRV record in >> west-2.production.example.com >>>> 2016-01-14T00:45:35Z DEBUG Search DNS for SRV record of _ldap._ >> tcp.west-2.production.example.com >>>> 2016-01-14T00:45:35Z DEBUG DNS record found: 0 100 389 >> ipa1.west-2.production.example.com. >>>> 2016-01-14T00:45:35Z DEBUG DNS record found: 10 100 389 >> ipa2.west-2.production.example.com. >>>> 2016-01-14T00:45:35Z DEBUG [Kerberos realm search] >>>> 2016-01-14T00:45:35Z DEBUG Search DNS for TXT record of _ >> kerberos.west-2.production.example.com >>>> 2016-01-14T00:45:35Z DEBUG DNS record found: "EXAMPLE.COM" >>>> 2016-01-14T00:45:35Z DEBUG Search DNS for SRV record of _kerberos._ >> udp.west-2.production.example.com >>>> 2016-01-14T00:45:35Z DEBUG DNS record found: 10 100 88 >> ipa2.west-2.production.example.com. >>>> 2016-01-14T00:45:35Z DEBUG DNS record found: 0 100 88 >> ipa1.west-2.production.example.com. >>>> 2016-01-14T00:45:35Z DEBUG [LDAP server check] >>>> 2016-01-14T00:45:35Z DEBUG Verifying that >> ipa1.west-2.production.example.com (realm EXAMPLE.COM) is an IPA server >>>> 2016-01-14T00:45:35Z DEBUG Init LDAP connection to: >> ipa1.west-2.production.example.com >>>> 2016-01-14T00:45:35Z DEBUG Search LDAP server for IPA base DN >>>> 2016-01-14T00:45:35Z DEBUG Check if naming context 'dc=example,dc=com' >> is for IPA >>>> 2016-01-14T00:45:35Z DEBUG Naming context 'dc=example,dc=com' is a >> valid IPA context >>>> 2016-01-14T00:45:35Z DEBUG Search for (objectClass=krbRealmContainer) >> in dc=example,dc=com (sub) >>>> 2016-01-14T00:45:35Z DEBUG Found: cn=EXAMPLE.COM >> ,cn=kerberos,dc=example,dc=com >>>> 2016-01-14T00:45:35Z DEBUG Discovery result: Success; server= >> ipa1.west-2.production.example.com, domain=west-2.production.example.com, >> kdc=ipa2.west-2.production.example.com,ipa1.west-2.production.example.com, >> basedn=dc=example,dc=com >>>> 2016-01-14T00:45:35Z DEBUG Validated servers: >> ipa1.west-2.production.example.com >>>> 2016-01-14T00:45:35Z DEBUG will use discovered domain: >> west-2.production.example.com >> >> It looks that your IPA domain & realm is "example.com" and "EXAMPLE.COM", >> is >> that correct? >> >> Looking further ... >> >>> 2016-01-14T00:45:39Z DEBUG Writing Kerberos configuration to >> /etc/krb5.conf: >>> 2016-01-14T00:45:39Z DEBUG #File modified by ipa-client-install >>> >>> includedir /var/lib/sss/pubconf/krb5.include.d/ >>> >>> [libdefaults] >>> default_realm = EXAMPLE.COM >>> dns_lookup_realm = true >>> dns_lookup_kdc = true >>> rdns = false >>> ticket_lifetime = 24h >>> forwardable = yes >>> udp_preference_limit = 0 >>> default_ccache_name = KEYRING:persistent:%{uid} >>> >>> >>> [realms] >>> EXAMPLE.COM = { >>> pkinit_anchors = FILE:/etc/ipa/ca.crt >>> >>> } >>> >>> >>> [domain_realm] >>> .west-2.production.example.com = EXAMPLE.COM >>> west-2.production.example.com = EXAMPLE.COM >> >> Hmm, this is going to be wild guess, but let's try it: >> Do you have DNS SRV records in domain west-2.production.example.com but >> not in >> DNS domain example.com? >> >> That would probably cause this kind of problem. >> >> Generally it is necessary to put _kerberos TXT + SRV records into the >> (primary) DNS domain specified during IPA installation. Then use --domain >> option during ipa-client-install. >> >> --server is generally discouraged as it disables DNS SRV lookup and makes >> failover hard or impossible. >> >> --domain is just a hint for the installer where to start looking for DNS >> SRV >> records and allows full automatic failover. >> >> >> The autodiscovery is quite messy and needs to be imporoved in next >> versions. >> https://fedorahosted.org/freeipa/ticket/5270 should avoid the need to >> specify >> --domain when Kerberos TXT record is in DNS ... Stay tuned :-) >> >> -- >> Petr^2 Spacek From dkupka at redhat.com Fri Jan 15 07:48:19 2016 From: dkupka at redhat.com (David Kupka) Date: Fri, 15 Jan 2016 08:48:19 +0100 Subject: [Freeipa-users] GID, groups and ipa group-show In-Reply-To: <56980EA3.9050001@redhat.com> References: <55DADD5D.60809@redhat.com> <56980EA3.9050001@redhat.com> Message-ID: <5698A443.90601@redhat.com> On 14/01/16 22:09, Rob Crittenden wrote: > Prasun Gera wrote: >> This is an old thread, but I can confirm that this is still an issue on >> RHEL 7.2 + 4.2. This creates problems when there are roles associated >> with groups, but group membership through GID is broken. I had migrated >> all old NIS accounts into ipa. I then added the host enrollment role to >> a particular group. Now, unless I add the users to the group explicitly, >> they won't get the role, even if their gid is the same as the gid of the >> group. > > The user GIDNumber just sets the default group for POSIX. If you do > groups on the user I'll bet it shows correctly. > > For the purposes of IPA access control, as you've seen, the user must > have a memberOf for a given group, either directly or indirectly. > > rob > Exactly, but the question is, shouldn't IPA add this membership automatically? (Of course, only in case IPA has group with this GID.) David >> On Mon, Aug 24, 2015 at 5:01 AM, David Kupka > > wrote: >> >> On 21/08/15 15:21, bahan w wrote: >> >> Hello ! >> >> I contact you because I notice something strange with IPA >> environment. >> >> I created a group : >> ipa group-add g1 --desc="my first group" >> >> Then I created a user with the GID of g1 >> GID1=`ipa group-show g1 | awk '/GID/ {printf("%s",$2)}'` >> ipa user-add --first=u1 --last=u1 --homedir=/home/u1 >> --shell=/bin/bash >> --gidnumber=${GID1} u1 >> >> Then when I perform ipa group-show g1 command, I got the >> following result : >> ### >> Group name: g1 >> Description: my first group >> GID: >> ### >> >> Same for ipa user-show u1 : >> ### >> User login: u1 >> First name: u1 >> Last name: u1 >> Home directory: /home/u1 >> Login shell: /bin/bash >> Email address: u1@ >> UID: >> GID: >> Account disabled: False >> Password: False >> Member of groups: ipausers >> Kerberos keys available: False >> ### >> >> These 2 commands does not see u1 as a member of g1. >> When I try the command id u1, I can see the group : >> >> ### >> id u1 >> uid=(u1) gid=(g1) groups=(g1) >> ### >> >> Is it the normal behaviour of these IPA commands ? >> >> Best regards. >> >> Bahan >> >> >> >> Hello! >> >> I'm not sure if this is intended and/or correct behavior or not. >> Looking at /etc/passwd and /etc/group I see it behaves similarly in >> a way. >> >> You can have following entries in the aforementioned files >> >> [/etc/group] >> ... >> g1:x:: >> ... >> >> [/etc/passwd] >> ... >> u1:x::::/home/u1:/bin/bash >> ... >> >> Looking in /etc/group you can't see user 'u1' is member of group >> 'g1' but tools like id, groups, getent shows this information. >> >> On the other hand it would be useful to show these "implicit" >> members in group-show output. >> Could you please file a ticket >> (https://fedorahosted.org/freeipa/newticket)? >> >> -- >> David Kupka >> >> -- >> Manage your subscription for the Freeipa-users mailing list: >> https://www.redhat.com/mailman/listinfo/freeipa-users >> Go to http://freeipa.org for more info on the project >> >> >> >> > -- David Kupka From lkrispen at redhat.com Fri Jan 15 08:21:01 2016 From: lkrispen at redhat.com (Ludwig Krispenz) Date: Fri, 15 Jan 2016 09:21:01 +0100 Subject: [Freeipa-users] Replication failing on FreeIPA 4.2.0 In-Reply-To: References: <5697B18E.2070809@redhat.com> Message-ID: <5698ABED.90601@redhat.com> On 01/15/2016 08:32 AM, Nathan Peters wrote: > I think I've finally started to make some progress on this. I did a lot of googling and found some stuff to run manually in 389 ds through ldapmodify commands to clean RUVs. During this process the server crashed and when it came back online, suddenly all my ghost RUVs were visible through ipa-replica-manage list-ruv. It was really strange, I had like 5 of them from winsync agreements that kept failing and needing re-initialization, and another 5 from my earlier re-installations of the 2 other domain controllers. > > I ran some more ruv cleanup commands through ldap and they all appear to be gone. I'm not sure how the crash suddenly made them visible though or why they had to be cleaned through ldapmodify directly and ipa-replica-manage could neither see nor clean them. After a crash the RUV could be rebuilt from the changelog, and the changelog could contain references to cleaned ReplicaIds and so they came to live again. The cleanallruv task was enhanced to also clean the changelog, but this fix is in 1.3.4.2+. > Console logs below in case anyone can shed some light on it. I've re-installed the replicas again, and I'm hoping it doesn't crash in 12 hours like last time ... > > --- console output --- > > [root at dc1-ipa-dev-van slapd-mydomain-NET]# ipa-replica-manage del dc2-ipa-dev-nvan.mydomain.net --force --cleanup > Connection to 'dc2-ipa-dev-nvan.mydomain.net' failed: Insufficient access: SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context Invalid credentials > Forcing removal of dc2-ipa-dev-nvan.mydomain.net > Skipping calculation to determine if one or more masters would be orphaned. > Deleting replication agreements between dc2-ipa-dev-nvan.mydomain.net and dc1-ipa-dev-van.mydomain.net, dc1-ipa-dev-nvan.mydomain.net > Failed to get list of agreements from 'dc2-ipa-dev-nvan.mydomain.net': Insufficient access: SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context Invalid credentials > Forcing removal on 'dc1-ipa-dev-van.mydomain.net' > Any DNA range on 'dc2-ipa-dev-nvan.mydomain.net' will be lost > Deleted replication agreement from 'dc1-ipa-dev-van.mydomain.net' to 'dc2-ipa-dev-nvan.mydomain.net' > Failed to determine agreement type for 'dc2-ipa-dev-nvan.mydomain.net': Insufficient access: SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context Invalid credentials > There were issues removing a connection for dc2-ipa-dev-nvan.mydomain.net from dc1-ipa-dev-nvan.mydomain.net: local variable 'type1' referenced before assignment > Background task created to clean replication data. This may take a while. > This may be safely interrupted with Ctrl+C > [root at dc1-ipa-dev-van slapd-mydomain-NET]# > > [root at dc2-ipa-dev-nvan slapd-mydomain-NET]# ipa-server-install --uninstall > > This is a NON REVERSIBLE operation and will delete all data and configuration! > > Are you sure you want to continue with the uninstall procedure? [no]: yes > > Replication agreements with the following IPA masters found: dc1-ipa-dev-van > .mydomain.net. Removing any replication agreements before uninstalling > the server is strongly recommended. You can remove replication agreements by > running the following command on any other IPA master: > $ ipa-replica-manage del dc2-ipa-dev-nvan.mydomain.net > > Are you sure you want to continue with the uninstall procedure? [no]: yes > Shutting down all IPA services > Removing IPA client configuration > Unconfiguring ntpd > Configuring certmonger to stop tracking system certificates for KRA > Configuring certmonger to stop tracking system certificates for CA > Unconfiguring CA > Unconfiguring named > Unconfiguring ipa-dnskeysyncd > Unconfiguring web server > Unconfiguring krb5kdc > Unconfiguring kadmin > Unconfiguring directory server > ipa : ERROR Instance removal failed. > ipa : ERROR Failed to remove DS instance. You may need to remove instance data manually > Unconfiguring ipa_memcached > Unconfiguring ipa-otpd > [root at dc2-ipa-dev-nvan slapd-mydomain-NET]# > > [root at dc1-ipa-dev-van slapd-mydomain-NET]# ipa-csreplica-manage del dc2-ipa-dev-nvan.mydomain.net --force -v > Directory Manager password: > > Unable to connect to replica dc2-ipa-dev-nvan.mydomain.net, forcing removal > Failed to get data from 'dc2-ipa-dev-nvan.mydomain.net': cannot connect to 'ldap://dc2-ipa-dev-nvan.mydomain.net:389': > Forcing removal on 'dc1-ipa-dev-van.mydomain.net' > There were issues removing a connection: 'NoneType' object has no attribute 'port' > > > [root at dc1-ipa-dev-van slapd-mydomain-NET]# ldapsearch -D "cn=directory manager" -W -b "o=ipaca" "(&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff))" nscpentrywsi > Enter LDAP Password: > # extended LDIF > # > # LDAPv3 > # base with scope subtree > # filter: (&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff)) > # requesting: nscpentrywsi > # > > # replica, o\3Dipaca, mapping tree, config > dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config > nscpentrywsi: dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config > nscpentrywsi: objectClass: top > nscpentrywsi: objectClass: nsDS5Replica > nscpentrywsi: objectClass: extensibleobject > nscpentrywsi: nsDS5ReplicaRoot: o=ipaca > nscpentrywsi: nsDS5ReplicaType: 3 > nscpentrywsi: nsDS5ReplicaBindDN: cn=Replication Manager masterAgreement1-dc1-ipa-dev-nvan.mydomain.net-pki-tomcat,ou=csusers,cn=config > nscpentrywsi: nsDS5ReplicaBindDN: cn=Replication Manager masterAgreement1-dc2-ipa-dev-nvan.mydomain.net-pki-tomcat,ou=csusers,cn=config > nscpentrywsi: cn: replica > nscpentrywsi: nsDS5ReplicaId: 96 > nscpentrywsi: nsDS5Flags: 1 > nscpentrywsi: creatorsName: uid=pkidbuser,ou=people,o=ipaca > nscpentrywsi: modifiersName: cn=Multimaster Replication Plugin,cn=plugins,cn=c > onfig > nscpentrywsi: createTimestamp: 20160114034427Z > nscpentrywsi: modifyTimestamp: 20160115034515Z > nscpentrywsi: nsState:: YAAAAAAAAAA3a5hWAAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAA > == > nscpentrywsi: nsDS5ReplicaName: 0c97968e-ba7111e5-b1f1cd78-f19552bb > nscpentrywsi: numSubordinates: 1 > nscpentrywsi: nsds50ruv: {replicageneration} 5697199b000000600000 > nscpentrywsi: nsds50ruv: {replica 96 ldap://dc1-ipa-dev-van.mydomain.net:389} 569719a0000000600000 56986b35000000600000 > nscpentrywsi: nsds50ruv: {replica 76 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56976b310000004c0000 56976b5c0002004c0000 > nscpentrywsi: nsds50ruv: {replica 81 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 5697661a000000510000 56986b55000000510000 > nscpentrywsi: nsds50ruv: {replica 86 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 569761d2000000560000 5697620b000500560000 > nscpentrywsi: nsds50ruv: {replica 91 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 569738560000005b0000 569738790004005b0000 > nscpentrywsi: nsds50ruv: {replica 97 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 569719a4000000610000 569719e6001100610000 > nscpentrywsi: nsds5agmtmaxcsn: o=ipaca;masterAgreement1-dc1-ipa-dev-nvan.mydomain.net-pki-tomcat;dc1-ipa-dev-nvan.mydomain.net;389;81;56986b3 > 5000000600000 > nscpentrywsi: nsruvReplicaLastModified: {replica 96 ldap://dc1-ipa-dev-van.mydomain.net:389} 56986b33 > nscpentrywsi: nsruvReplicaLastModified: {replica 76 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56976b68 > nscpentrywsi: nsruvReplicaLastModified: {replica 81 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 56986b54 > nscpentrywsi: nsruvReplicaLastModified: {replica 86 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 56976208 > nscpentrywsi: nsruvReplicaLastModified: {replica 91 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56973881 > nscpentrywsi: nsruvReplicaLastModified: {replica 97 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 00000000 > nscpentrywsi: nsds5ReplicaChangeCount: 1464 > nscpentrywsi: nsds5replicareapactive: 0 > > # search result > search: 2 > result: 0 Success > > # numResponses: 2 > # numEntries: 1 > [root at dc1-ipa-dev-van slapd-mydomain-NET]# ipa-replica-manage list-ruv > dc2-ipa-dev-nvan.mydomain.net:389: 10 > dc1-ipa-dev-van.mydomain.net:389: 4 > dc1-ipa-dev-nvan.mydomain.net:389: 9 > [root at dc1-ipa-dev-van slapd-mydomain-NET]# ipa-replica-manage clean-ruv 10 > Clean the Replication Update Vector for dc2-ipa-dev-nvan.mydomain.net:389 > > Cleaning the wrong replica ID will cause that server to no > longer replicate so it may miss updates while the process > is running. It would need to be re-initialized to maintain > consistency. Be very careful. > Continue to clean? [no]: yes > Background task created to clean replication data. This may take a while. > This may be safely interrupted with Ctrl+C > Cleanup task created > [root at dc1-ipa-dev-van slapd-mydomain-NET]# ipa-replica-manage list-ruv > dc1-ipa-dev-van.mydomain.net:389: 4 > dc1-ipa-dev-nvan.mydomain.net:389: 9 > [root at dc1-ipa-dev-van slapd-mydomain-NET]# > > [root at dc1-ipa-dev-van slapd-mydomain-NET]# ldapsearch -D "cn=directory manager" -W -b "o=ipaca" "(&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff))" nscpentrywsi > Enter LDAP Password: > # extended LDIF > # > # LDAPv3 > # base with scope subtree > # filter: (&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff)) > # requesting: nscpentrywsi > # > > # replica, o\3Dipaca, mapping tree, config > dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config > nscpentrywsi: dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config > nscpentrywsi: objectClass: top > nscpentrywsi: objectClass: nsDS5Replica > nscpentrywsi: objectClass: extensibleobject > nscpentrywsi: nsDS5ReplicaRoot: o=ipaca > nscpentrywsi: nsDS5ReplicaType: 3 > nscpentrywsi: nsDS5ReplicaBindDN: cn=Replication Manager masterAgreement1-dc1-ipa-dev-nvan.mydomain.net-pki-tomcat,ou=csusers,cn=config > nscpentrywsi: nsDS5ReplicaBindDN: cn=Replication Manager masterAgreement1-dc2-ipa-dev-nvan.mydomain.net-pki-tomcat,ou=csusers,cn=config > nscpentrywsi: cn: replica > nscpentrywsi: nsDS5ReplicaId: 96 > nscpentrywsi: nsDS5Flags: 1 > nscpentrywsi: creatorsName: uid=pkidbuser,ou=people,o=ipaca > nscpentrywsi: modifiersName: cn=Multimaster Replication Plugin,cn=plugins,cn=c > onfig > nscpentrywsi: createTimestamp: 20160114034427Z > nscpentrywsi: modifyTimestamp: 20160115034515Z > nscpentrywsi: nsState:: YAAAAAAAAAA3a5hWAAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAA > == > nscpentrywsi: nsDS5ReplicaName: 0c97968e-ba7111e5-b1f1cd78-f19552bb > nscpentrywsi: numSubordinates: 1 > nscpentrywsi: nsds50ruv: {replicageneration} 5697199b000000600000 > nscpentrywsi: nsds50ruv: {replica 96 ldap://dc1-ipa-dev-van.mydomain.net:389} 569719a0000000600000 56986b35000000600000 > nscpentrywsi: nsds50ruv: {replica 76 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56976b310000004c0000 56976b5c0002004c0000 > nscpentrywsi: nsds50ruv: {replica 81 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 5697661a000000510000 56986b55000000510000 > nscpentrywsi: nsds50ruv: {replica 86 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 569761d2000000560000 5697620b000500560000 > nscpentrywsi: nsds50ruv: {replica 91 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 569738560000005b0000 569738790004005b0000 > nscpentrywsi: nsds50ruv: {replica 97 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 569719a4000000610000 569719e6001100610000 > nscpentrywsi: nsds5agmtmaxcsn: o=ipaca;masterAgreement1-dc1-ipa-dev-nvan.mydomain.net-pki-tomcat;dc1-ipa-dev-nvan.mydomain.net;389;81;56986b3 > 5000000600000 > nscpentrywsi: nsruvReplicaLastModified: {replica 96 ldap://dc1-ipa-dev-van.mydomain.net:389} 56986b33 > nscpentrywsi: nsruvReplicaLastModified: {replica 76 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56976b68 > nscpentrywsi: nsruvReplicaLastModified: {replica 81 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 56986b54 > nscpentrywsi: nsruvReplicaLastModified: {replica 86 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 56976208 > nscpentrywsi: nsruvReplicaLastModified: {replica 91 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56973881 > nscpentrywsi: nsruvReplicaLastModified: {replica 97 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 00000000 > nscpentrywsi: nsds5ReplicaChangeCount: 1464 > nscpentrywsi: nsds5replicareapactive: 0 > > # search result > search: 2 > result: 0 Success > > # numResponses: 2 > # numEntries: 1 > [root at dc1-ipa-dev-van slapd-mydomain-NET]# > > > [root at dc1-ipa-dev-van slapd-mydomain-NET]# ipa-replica-manage del dc1-ipa-dev-nvan.mydomain.net --force --cleanup > Connection to 'dc1-ipa-dev-nvan.mydomain.net' failed: Insufficient access: SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context Invalid credentials > Forcing removal of dc1-ipa-dev-nvan.mydomain.net > Skipping calculation to determine if one or more masters would be orphaned. > Deleting replication agreements between dc1-ipa-dev-nvan.mydomain.net and dc1-ipa-dev-van.mydomain.net > Failed to get list of agreements from 'dc1-ipa-dev-nvan.mydomain.net': Insufficient access: SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context Invalid credentials > Forcing removal on 'dc1-ipa-dev-van.mydomain.net' > Any DNA range on 'dc1-ipa-dev-nvan.mydomain.net' will be lost > Deleted replication agreement from 'dc1-ipa-dev-van.mydomain.net' to 'dc1-ipa-dev-nvan.mydomain.net' > Background task created to clean replication data. This may take a while. > This may be safely interrupted with Ctrl+C > Failed to cleanup dc1-ipa-dev-nvan.mydomain.net entries: Operations error: > You may need to manually remove them from the tree > [root at dc1-ipa-dev-van slapd-mydomain-NET]# > > [root at dc1-ipa-dev-van slapd-mydomain-NET]# ipa-csreplica-manage del dc1-ipa-dev-nvan.mydomain.net --force > Directory Manager password: > > Unable to connect to replica dc1-ipa-dev-nvan.mydomain.net, forcing removal > Failed to get data from 'dc1-ipa-dev-nvan.mydomain.net': cannot connect to 'ldap://dc1-ipa-dev-nvan.mydomain.net:389': > Forcing removal on 'dc1-ipa-dev-van.mydomain.net' > There were issues removing a connection: 'NoneType' object has no attribute 'port' > > [root at dc1-ipa-dev-nvan slapd-mydomain-NET]# ipa-server-install --uninstall > > This is a NON REVERSIBLE operation and will delete all data and configuration! > > Are you sure you want to continue with the uninstall procedure? [no]: yes > > Replication agreements with the following IPA masters found: dc1-ipa-dev-van > .mydomain.net. Removing any replication agreements before uninstalling > the server is strongly recommended. You can remove replication agreements by > running the following command on any other IPA master: > $ ipa-replica-manage del dc1-ipa-dev-nvan.mydomain.net > > Are you sure you want to continue with the uninstall procedure? [no]: yes > Shutting down all IPA services > Removing IPA client configuration > Unconfiguring ntpd > Configuring certmonger to stop tracking system certificates for KRA > Configuring certmonger to stop tracking system certificates for CA > Unconfiguring CA > Unconfiguring named > Unconfiguring ipa-dnskeysyncd > Unconfiguring web server > ipa : ERROR Command ''/bin/systemctl' 'restart' 'httpd.service'' returned non-zero exit status 1 > [root at dc1-ipa-dev-nvan slapd-mydomain-NET]# ipa-server-install --uninstall > > This is a NON REVERSIBLE operation and will delete all data and configuration! > > Are you sure you want to continue with the uninstall procedure? [no]: yes > > WARNING: Failed to connect to Directory Server to find information about > replication agreements. Uninstallation will continue despite the possible > existing replication agreements. > Shutting down all IPA services > Removing IPA client configuration > Configuring certmonger to stop tracking system certificates for KRA > Configuring certmonger to stop tracking system certificates for CA > Unconfiguring krb5kdc > Unconfiguring kadmin > Unconfiguring directory server > ipa : ERROR Instance removal failed. > ipa : ERROR Failed to remove DS instance. You may need to remove instance data manually > Unconfiguring ipa_memcached > Unconfiguring ipa-otpd > [root at dc1-ipa-dev-nvan slapd-mydomain-NET]# ipa-server-install --uninstall > > This is a NON REVERSIBLE operation and will delete all data and configuration! > > Are you sure you want to continue with the uninstall procedure? [no]: yes > > WARNING: Failed to connect to Directory Server to find information about > replication agreements. Uninstallation will continue despite the possible > existing replication agreements. > Shutting down all IPA services > Removing IPA client configuration > Configuring certmonger to stop tracking system certificates for KRA > Configuring certmonger to stop tracking system certificates for CA > [root at dc1-ipa-dev-nvan slapd-mydomain-NET]# > > > [root at dc2-ipa-dev-nvan slapd-mydomain-NET]# ipa-server-install --uninstall > > This is a NON REVERSIBLE operation and will delete all data and configuration! > > Are you sure you want to continue with the uninstall procedure? [no]: yes > > Replication agreements with the following IPA masters found: dc1-ipa-dev-van > .mydomain.net. Removing any replication agreements before uninstalling > the server is strongly recommended. You can remove replication agreements by > running the following command on any other IPA master: > $ ipa-replica-manage del dc2-ipa-dev-nvan.mydomain.net > > Are you sure you want to continue with the uninstall procedure? [no]: yes > Shutting down all IPA services > Removing IPA client configuration > Unconfiguring ntpd > Configuring certmonger to stop tracking system certificates for KRA > Configuring certmonger to stop tracking system certificates for CA > Unconfiguring CA > Unconfiguring named > Unconfiguring ipa-dnskeysyncd > Unconfiguring web server > Unconfiguring krb5kdc > Unconfiguring kadmin > Unconfiguring directory server > ipa : ERROR Instance removal failed. > ipa : ERROR Failed to remove DS instance. You may need to remove instance data manually > Unconfiguring ipa_memcached > Unconfiguring ipa-otpd > [root at dc2-ipa-dev-nvan slapd-mydomain-NET]# ipa-server-install --uninstall > > This is a NON REVERSIBLE operation and will delete all data and configuration! > > Are you sure you want to continue with the uninstall procedure? [no]: yes > > WARNING: Failed to connect to Directory Server to find information about > replication agreements. Uninstallation will continue despite the possible > existing replication agreements. > Shutting down all IPA services > Removing IPA client configuration > Configuring certmonger to stop tracking system certificates for KRA > Configuring certmonger to stop tracking system certificates for CA > [root at dc2-ipa-dev-nvan slapd-mydomain-NET]# > > > [root at dc1-ipa-dev-van slapd-mydomain-NET]# ipa-replica-manage clean-all-ruv > Usage: ipa-replica-manage [options] > > ipa-replica-manage: error: must provide a command [clean-ruv | dnarange-set | list-ruv | dnarange-show | connect | force-sync | list-clean-ruv | disconnect | list | dnanextrange-set | dnanextrange-show | del | re-initialize | abort-clean-ruv] > [root at dc1-ipa-dev-van slapd-mydomain-NET]# ipa-replica-manage clean-ruv 9 > Clean the Replication Update Vector for dc1-ipa-dev-nvan.mydomain.net:389 > > Cleaning the wrong replica ID will cause that server to no > longer replicate so it may miss updates while the process > is running. It would need to be re-initialized to maintain > consistency. Be very careful. > Continue to clean? [no]: yes > Background task created to clean replication data. This may take a while. > This may be safely interrupted with Ctrl+C > Cleanup task created > [root at dc1-ipa-dev-van slapd-mydomain-NET]# ipa-replica-manage list-ruv > unexpected error: Insufficient access: SASL(-14): authorization failure: Invalid credentials > [root at dc1-ipa-dev-van slapd-mydomain-NET]# kdestroy > [root at dc1-ipa-dev-van slapd-mydomain-NET]# kinit nathan.peters > Password for nathan.peters at mydomain.NET: > [root at dc1-ipa-dev-van slapd-mydomain-NET]# ipa-replica-manage list-ruv > dc1-ipa-dev-van.mydomain.net:389: 4 > [root at dc1-ipa-dev-van slapd-mydomain-NET]# > > [root at dc1-ipa-dev-van slapd-mydomain-NET]# ldapsearch -D "cn=directory manager" -W -b "o=ipaca" "(&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff))" nscpentrywsi > Enter LDAP Password: > # extended LDIF > # > # LDAPv3 > # base with scope subtree > # filter: (&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff)) > # requesting: nscpentrywsi > # > > # replica, o\3Dipaca, mapping tree, config > dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config > nscpentrywsi: dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config > nscpentrywsi: objectClass: top > nscpentrywsi: objectClass: nsDS5Replica > nscpentrywsi: objectClass: extensibleobject > nscpentrywsi: nsDS5ReplicaRoot: o=ipaca > nscpentrywsi: nsDS5ReplicaType: 3 > nscpentrywsi: nsDS5ReplicaBindDN: cn=Replication Manager masterAgreement1-dc1-ipa-dev-nvan.mydomain.net-pki-tomcat,ou=csusers,cn=config > nscpentrywsi: nsDS5ReplicaBindDN: cn=Replication Manager masterAgreement1-dc2-ipa-dev-nvan.mydomain.net-pki-tomcat,ou=csusers,cn=config > nscpentrywsi: cn: replica > nscpentrywsi: nsDS5ReplicaId: 96 > nscpentrywsi: nsDS5Flags: 1 > nscpentrywsi: creatorsName: uid=pkidbuser,ou=people,o=ipaca > nscpentrywsi: modifiersName: cn=Multimaster Replication Plugin,cn=plugins,cn=c > onfig > nscpentrywsi: createTimestamp: 20160114034427Z > nscpentrywsi: modifyTimestamp: 20160115040015Z > nscpentrywsi: nsState:: YAAAAAAAAAC3bphWAAAAAAAAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA > == > nscpentrywsi: nsDS5ReplicaName: 0c97968e-ba7111e5-b1f1cd78-f19552bb > nscpentrywsi: nsds50ruv: {replicageneration} 5697199b000000600000 > nscpentrywsi: nsds50ruv: {replica 96 ldap://dc1-ipa-dev-van.mydomain.net:389} 569719a0000000600000 56986eb9000000600000 > nscpentrywsi: nsds50ruv: {replica 76 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56976b310000004c0000 56976b5c0002004c0000 > nscpentrywsi: nsds50ruv: {replica 81 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 5697661a000000510000 56986b55000000510000 > nscpentrywsi: nsds50ruv: {replica 86 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 569761d2000000560000 5697620b000500560000 > nscpentrywsi: nsds50ruv: {replica 91 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 569738560000005b0000 569738790004005b0000 > nscpentrywsi: nsds50ruv: {replica 97 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 569719a4000000610000 569719e6001100610000 > nscpentrywsi: nsruvReplicaLastModified: {replica 96 ldap://dc1-ipa-dev-van.mydomain.net:389} 56986eb7 > nscpentrywsi: nsruvReplicaLastModified: {replica 76 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56976b68 > nscpentrywsi: nsruvReplicaLastModified: {replica 81 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 56986b54 > nscpentrywsi: nsruvReplicaLastModified: {replica 86 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 56976208 > nscpentrywsi: nsruvReplicaLastModified: {replica 91 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 56973881 > nscpentrywsi: nsruvReplicaLastModified: {replica 97 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 00000000 > nscpentrywsi: nsds5ReplicaChangeCount: 1465 > nscpentrywsi: nsds5replicareapactive: 0 > > # search result > search: 2 > result: 0 Success > > # numResponses: 2 > # numEntries: 1 > [root at dc1-ipa-dev-van slapd-mydomain-NET]# > > > > > > dn: cn=clean 76, cn=cleanallruv, cn=tasks, cn=config > objectclass: extensibleObject > replica-base-dn: dc=dev-mydomain,dc=net > replica-id: 76 > replica-force-cleaning: yes > cn: clean 76 > > > ldapmodify -x -D "cn=directory manager" -W < dn: cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config > changetype: modify > replace: nsds5task > nsds5task: CLEANRUV76 > EOF > > ldapmodify -x -D "cn=directory manager" -W < dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config > changetype: modify > replace: nsds5task > nsds5task: CLEANRUV76 > EOF > > ldapmodify -x -D "cn=directory manager" -W < dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config > changetype: modify > replace: nsds5task > nsds5task: CLEANRUV81 > EOF > > ldapmodify -x -D "cn=directory manager" -W < dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config > changetype: modify > replace: nsds5task > nsds5task: CLEANRUV91 > EOF > > ==== SERVER CRASHED HERE ==== > > [15/Jan/2016:05:21:46 +0000] - acquire_replica, supplier RUV is newer > [15/Jan/2016:05:21:46 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389): Cancelling linger on the connection > [15/Jan/2016:05:21:46 +0000] NSMMReplicationPlugin - windows sync - windows_acquire_replica returned success (101) > [15/Jan/2016:05:21:46 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389): State: ready_to_acquire_replica -> sending_updates > [15/Jan/2016:05:21:46 +0000] - csngen_adjust_time: gen state before 569882e20004:1452835306:0:248 > [15/Jan/2016:05:21:46 +0000] - csngen_adjust_time: gen state after 569882e20004:1452835306:0:248 > [15/Jan/2016:05:21:46 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: found DB object 7ffa5b17b8f0 for database /var/lib/dirsrv/slapd-DEV-mydomain-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db > [15/Jan/2016:05:21:46 +0000] - _cl5PositionCursorForReplay (agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389)): Consumer RUV: > [15/Jan/2016:05:21:46 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389): {replicageneration} 553fe9bb000000040000 > [15/Jan/2016:05:21:46 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389): {replica 4 ldap://dc1-ipa-dev-van.dev-mydomain.net:389} 553fe9c9000000040000 569882e2000000040000 569881ea > [15/Jan/2016:05:21:46 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389): {replica 3 ldap://dc1-ipa-dev-nvan.dev-mydomain.net:389} 553fe9c4000000030000 5696f872000300030000 00000000 > [15/Jan/2016:05:21:46 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389): {replica 5} 56921205000100050000 56972b38000500050000 5698802b > [15/Jan/2016:05:21:46 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389): {replica 6} 56971a3b000000060000 56974fcf000400060000 56988036 > [15/Jan/2016:05:21:46 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389): {replica 7} 569738e8000200070000 56975902000100070000 5698803b > [15/Jan/2016:05:21:46 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389): {replica 8} 56976262000000080000 5697639a000000080000 56988049 > [15/Jan/2016:05:21:46 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389): {replica 9} 569766ae000000090000 56986c8f000000090000 5698808b > [15/Jan/2016:05:21:46 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389): {replica 10} 56976bc60000000a0000 5698139b0002000a0000 5698807a > [15/Jan/2016:05:21:46 +0000] - _cl5PositionCursorForReplay (agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389)): Supplier RUV: > [15/Jan/2016:05:21:46 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389): {replicageneration} 553fe9bb000000040000 > [15/Jan/2016:05:21:46 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389): {replica 4 ldap://dc1-ipa-dev-van.dev-mydomain.net:389} 553fe9c9000000040000 569882e2000200040000 569881ea > [15/Jan/2016:05:21:46 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389): {replica 3} 56846eee000300030000 56846eee000300030000 5698802a > [15/Jan/2016:05:21:46 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389): {replica 5} 56972b38000500050000 56972b38000500050000 5698802a > [15/Jan/2016:05:21:46 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389): {replica 6} 56974fcf000400060000 56974fcf000400060000 5698802a > [15/Jan/2016:05:21:46 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389): {replica 7} 56975902000100070000 56975902000100070000 5698802a > [15/Jan/2016:05:21:46 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389): {replica 8} 5697639a000000080000 5697639a000000080000 5698802a > [15/Jan/2016:05:21:46 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389): {replica 9} 56986c8f000000090000 56986c8f000000090000 5698802a > [15/Jan/2016:05:21:46 +0000] NSMMReplicationPlugin - agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389): {replica 10} 5698139b0002000a0000 5698139b0002000a0000 5698802a > [15/Jan/2016:05:21:46 +0000] agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389) - clcache_get_buffer: found thread private buffer cache 7ffa2c0746a0 > [15/Jan/2016:05:21:46 +0000] agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389) - clcache_get_buffer: _pool is 7ffa5b425660 _pool->pl_busy_lists is 7ffa2c075c30 _pool->pl_busy_lists->bl_buffers is 7ffa2c0746a0 > [15/Jan/2016:05:21:46 +0000] agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389) - session start: anchorcsn=569882e2000000040000 > [15/Jan/2016:05:21:46 +0000] NSMMReplicationPlugin - changelog program - agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389): CSN 569882e2000000040000 found, position set for replay > [15/Jan/2016:05:21:46 +0000] agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389) - load=1 rec=1 csn=569882e2000200040000 > [15/Jan/2016:05:21:46 +0000] agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389) - clcache_load_buffer: rc=-30988 > [15/Jan/2016:05:21:46 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389): No more updates to send (cl5GetNextOperationToReplay) > [15/Jan/2016:05:21:46 +0000] agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389) - session end: state=5 load=1 sent=1 skipped=0 skipped_new_rid=0 skipped_csn_gt_cons_maxcsn=0 skipped_up_to_date=0 skipped_csn_gt_ruv=0 skipped_csn_covered=0 > [15/Jan/2016:05:21:46 +0000] - Calling dirsync search request plugin > [15/Jan/2016:05:21:46 +0000] - Sending dirsync search request > [15/Jan/2016:05:21:46 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389): Beginning linger on the connection > [15/Jan/2016:05:21:46 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389): State: sending_updates -> wait_for_changes > [15/Jan/2016:05:21:47 +0000] - _csngen_adjust_local_time: gen state before 569882e20004:1452835306:0:248 > [15/Jan/2016:05:21:47 +0000] - _csngen_adjust_local_time: gen state after 569882e30000:1452835307:0:248 > [15/Jan/2016:05:21:47 +0000] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569882e3000000040000 into pending list > [15/Jan/2016:05:21:47 +0000] NSMMReplicationPlugin - Purged state information from entry fqdn=zk1-msg-mbsnap1-nva.dev-mydomain.net,cn=computers,cn=accounts,dc=dev-mydomain,dc=net up to CSN 568f4862000200040000 > [15/Jan/2016:05:21:47 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7ffa5b17b8f0 for database /var/lib/dirsrv/slapd-DEV-mydomain-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db > [15/Jan/2016:05:21:47 +0000] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 7ffa5b17b8f0 for database /var/lib/dirsrv/slapd-DEV-mydomain-NET/cldb/e054c085-ede211e4-bf10cd78-f19552bb_553fe9bb000000040000.db > [15/Jan/2016:05:21:47 +0000] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 569882e3000000040000 > [15/Jan/2016:05:21:47 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389): State: wait_for_changes -> wait_for_changes > [15/Jan/2016:05:21:47 +0000] NSMMReplicationPlugin - windows sync - agmt="cn=meToofficedc2.office.mydomain.net" (officedc2:389): State: wait_for_changes -> ready_to_acquire_replica > [15/Jan/2016:05:21:47 +0000] - acquire_replica, supplier RUV: > [15/Jan/2016:05:21:47 +0000] NSMMReplicationPlugin - supplier: {replicageneration} 553fe9bb000000040000 > [15/Jan/2016:05:21:47 +0000] NSMMReplicationPlugin - supplier: {replica 4 ldap://dc1-ipa-dev-van.dev-mydomain.net:389} 553fe9c9000000040000 569882e3000000040000 569881eb > [15/Jan/2016:05:21:47 +0000] NSMMReplicationPlugin - supplier: {replica 3} 56846eee000300030000 56846eee000300030000 5698802a > [15/Jan/2016:05:21:47 +0000] NSMMReplicationPlugin - supplier: {replica 5} 56972b38000500050000 56972b38000500050000 5698802a > [15/Jan/2016:05:21:47 +0000] NSMMReplicationPlugin - supplier: {replica 6} 56974fcf000400060000 56974fcf000400060000 5698802a > [15/Jan/2016:05:21:47 +0000] NSMMReplicationPlugin - supplier: {replica 7} 56975902000100070000 56975902000100070000 5698802a > [15/Jan/2016:05:21:47 +0000] NSMMReplicationPlugin - supplier: {replica 8} 5697639a000000080000 5697639a000000080000 5698802a > [15/Jan/2016:05:21:47 +0000] NSMMReplicationPlugin - supplier: {replica 9} 56986c8f000000090000 56986c8f000000090000 5698802a > [15/Jan/2016:05:21:47 +0000] NSMMReplicationPlugin - supplier: {replica 10} 5698139b0002000a0000 5698139b0002000a0000 5698802a > [15/Jan/2016:05:21:47 +0000] - acquire_replica, consumer RUV: > [15/Jan/2016:05:21:47 +0000] NSMMReplicationPlugin - consumer: {replicageneration} 553fe9bb000000040000 > [15/Jan/2016:05:21:47 +0000] NSMMReplicationPlugin - consumer: {replica 4 ldap://dc1-ipa-dev-van.dev-mydomain.net:389} 553fe9c9000000040000 569882e2000200040000 569881ea > [15/Jan/2016:05:21:47 +0000] NSMMReplicationPlugin - consumer: {replica 3 ldap://dc1-ipa-dev-nvan.dev-mydomain.net:389} 553fe9c4000000030000 5696f872000300030000 00000000 > [15/Jan/2016:05:21:47 +0000] NSMMReplicationPlugin - consumer: {replica 5} 56921205000100050000 56972b38000500050000 5698802b > ^C > [root at dc1-ipa-dev-van slapd-DEV-mydomain-NET]# ipa-replica-manage list-ruv > unable to decode: {replica 7} 56975902000100070000 56975902000100070000 > unable to decode: {replica 10} 5698139b0002000a0000 5698139b0002000a0000 > unable to decode: {replica 5} 56972b38000500050000 56972b38000500050000 > unable to decode: {replica 8} 5697639a000000080000 5697639a000000080000 > unable to decode: {replica 6} 56974fcf000400060000 56974fcf000400060000 > unable to decode: {replica 3} 56846eee000300030000 56846eee000300030000 > unable to decode: {replica 9} 56986c8f000000090000 56986c8f000000090000 > dc1-ipa-dev-van.dev-mydomain.net:389: 4 > [root at dc1-ipa-dev-van slapd-DEV-mydomain-NET]# ipa-replica-manage clean-ruv 7 > unable to decode: {replica 7} 56975902000100070000 56975902000100070000 > unable to decode: {replica 10} 5698139b0002000a0000 5698139b0002000a0000 > unable to decode: {replica 5} 56972b38000500050000 56972b38000500050000 > unable to decode: {replica 8} 5697639a000000080000 5697639a000000080000 > unable to decode: {replica 6} 56974fcf000400060000 56974fcf000400060000 > unable to decode: {replica 3} 56846eee000300030000 56846eee000300030000 > unable to decode: {replica 9} 56986c8f000000090000 56986c8f000000090000 > Replica ID 7 not found > [root at dc1-ipa-dev-van slapd-DEV-mydomain-NET]# ipa-replica-manage list-ruv > unable to decode: {replica 7} 56975902000100070000 56975902000100070000 > unable to decode: {replica 10} 5698139b0002000a0000 5698139b0002000a0000 > unable to decode: {replica 5} 56972b38000500050000 56972b38000500050000 > unable to decode: {replica 8} 5697639a000000080000 5697639a000000080000 > unable to decode: {replica 6} 56974fcf000400060000 56974fcf000400060000 > unable to decode: {replica 3} 56846eee000300030000 56846eee000300030000 > unable to decode: {replica 9} 56986c8f000000090000 56986c8f000000090000 > dc1-ipa-dev-van.dev-mydomain.net:389: 4 > [root at dc1-ipa-dev-van slapd-DEV-mydomain-NET]# ldapmodify -D "cn=directory manager" -W -a > Enter LDAP Password: > ldap_bind: Invalid credentials (49) > [root at dc1-ipa-dev-van slapd-DEV-mydomain-NET]# objectclass: extensibleObject > -bash: objectclass:: command not found > [root at dc1-ipa-dev-van slapd-DEV-mydomain-NET]# replica-base-dn: dc=dev-mydomain,dc=net > -bash: replica-base-dn:: command not found > [root at dc1-ipa-dev-van slapd-DEV-mydomain-NET]# replica-id: 7 > -bash: replica-id:: command not found > [root at dc1-ipa-dev-van slapd-DEV-mydomain-NET]# cn: clean 7MZKXswIqn3arBMw1xzLl > -bash: cn:: command not found > [root at dc1-ipa-dev-van slapd-DEV-mydomain-NET]# ldapmodify -D "cn=directory manager" -W -a > Enter LDAP Password: > dn: cn=clean 7, cn=cleanallruv, cn=tasks, cn=config > objectclass: extensibleObject > replica-base-dn: dc=dev-mydomain,dc=net > replica-id: 7 > cn: clean 7 > > adding new entry "cn=clean 7, cn=cleanallruv, cn=tasks, cn=config" > > [root at dc1-ipa-dev-van slapd-DEV-mydomain-NET]# ipa-replica-manage list-ruv > unable to decode: {replica 5} 56972b38000500050000 56972b38000500050000 > unable to decode: {replica 8} 5697639a000000080000 5697639a000000080000 > unable to decode: {replica 6} 56974fcf000400060000 56974fcf000400060000 > unable to decode: {replica 3} 56846eee000300030000 56846eee000300030000 > unable to decode: {replica 9} 56986c8f000000090000 56986c8f000000090000 > unable to decode: {replica 10} 5698139b0002000a0000 5698139b0002000a0000 > dc1-ipa-dev-van.dev-mydomain.net:389: 4 > [root at dc1-ipa-dev-van slapd-DEV-mydomain-NET]# ldapmodify -D "cn=directory manager" -W -a > Enter LDAP Password: > dn: cn=clean 5, cn=cleanallruv, cn=tasks, cn=config > objectclass: extensibleObject > replica-base-dn: dc=dev-mydomain,dc=net > replica-id: 5 > cn: clean 5 > > adding new entry "cn=clean 5, cn=cleanallruv, cn=tasks, cn=config" > > dn: cn=clean 8, cn=cleanallruv, cn=tasks, cn=config > objectclass: extensibleObject > replica-base-dn: dc=dev-mydomain,dc=net > replica-id: 8 > cn: clean 8 > > adding new entry "cn=clean 8, cn=cleanallruv, cn=tasks, cn=config" > > dn: cn=clean 6, cn=cleanallruv, cn=tasks, cn=config > objectclass: extensibleObject > replica-base-dn: dc=dev-mydomain,dc=net > replica-id: 6 > cn: clean 6 > > adding new entry "cn=clean 6, cn=cleanallruv, cn=tasks, cn=config" > > dn: cn=clean 3, cn=cleanallruv, cn=tasks, cn=config > objectclass: extensibleObject > replica-base-dn: dc=dev-mydomain,dc=net > replica-id: 3 > cn: clean 3 > > adding new entry "cn=clean 3, cn=cleanallruv, cn=tasks, cn=config" > > dn: cn=clean 9, cn=cleanallruv, cn=tasks, cn=config > objectclass: extensibleObject > replica-base-dn: dc=dev-mydomain,dc=net > replica-id: 9 > cn: clean 9 > > adding new entry "cn=clean 9, cn=cleanallruv, cn=tasks, cn=config" > > dn: cn=clean 10, cn=cleanallruv, cn=tasks, cn=config > objectclass: extensibleObject > replica-base-dn: dc=dev-mydomain,dc=net > replica-id: 10 > cn: clean 10 > > > [root at dc1-ipa-dev-van slapd-DEV-mydomain-NET]# ldapsearch -D "cn=directory manager" -W -b "o=ipaca" "(&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff))" nscpentrywsi > Enter LDAP Password: > # extended LDIF > # > # LDAPv3 > # base with scope subtree > # filter: (&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff)) > # requesting: nscpentrywsi > # > > # replica, o\3Dipaca, mapping tree, config > dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config > nscpentrywsi: dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config > nscpentrywsi: objectClass: top > nscpentrywsi: objectClass: nsDS5Replica > nscpentrywsi: objectClass: extensibleobject > nscpentrywsi: nsDS5ReplicaRoot: o=ipaca > nscpentrywsi: nsDS5ReplicaType: 3 > nscpentrywsi: nsDS5ReplicaBindDN: cn=Replication Manager masterAgreement1-dc1- > ipa-dev-nvan.dev-mydomain.net-pki-tomcat,ou=csusers,cn=config > nscpentrywsi: nsDS5ReplicaBindDN: cn=Replication Manager masterAgreement1-dc2- > ipa-dev-nvan.dev-mydomain.net-pki-tomcat,ou=csusers,cn=config > nscpentrywsi: cn: replica > nscpentrywsi: nsDS5ReplicaId: 96 > nscpentrywsi: nsDS5Flags: 1 > nscpentrywsi: creatorsName: uid=pkidbuser,ou=people,o=ipaca > nscpentrywsi: modifiersName: cn=Multimaster Replication Plugin,cn=plugins,cn=c > onfig > nscpentrywsi: createTimestamp: 20160114034427Z > nscpentrywsi: modifyTimestamp: 20160115060020Z > nscpentrywsi: nsState:: YAAAAAAAAADXiphWAAAAAAAAAAAAAAAAAgAAAAAAAAABAAAAAAAAAA > == > nscpentrywsi: nsDS5ReplicaName: 0c97968e-ba7111e5-b1f1cd78-f19552bb > nscpentrywsi: nsds50ruv: {replicageneration} 5697199b000000600000 > nscpentrywsi: nsds50ruv: {replica 96 ldap://dc1-ipa-dev-van.dev-mydomain.ne > t:389} 569719a0000000600000 56988ad9000000600000 > nscpentrywsi: nsds50ruv: {replica 97 ldap://dc1-ipa-dev-nvan.dev-mydomain.n > et:389} 569719a4000000610000 569719e6001100610000 > nscpentrywsi: nsds50ruv: {replica 91} 569738790004005b0000 569738790004005b000 > 0 > nscpentrywsi: nsds50ruv: {replica 86} 5697620b000500560000 5697620b00050056000 > 0 > nscpentrywsi: nsruvReplicaLastModified: {replica 96 ldap://dc1-ipa-dev-van.dev > -mydomain.net:389} 56988ad7 > nscpentrywsi: nsruvReplicaLastModified: {replica 97 ldap://dc1-ipa-dev-nvan.de > v-mydomain.net:389} 00000000 > nscpentrywsi: nsruvReplicaLastModified: {replica 91} 5698802a > nscpentrywsi: nsruvReplicaLastModified: {replica 86} 5698802a > nscpentrywsi: nsds5ReplicaChangeCount: 908 > nscpentrywsi: nsds5replicareapactive: 0 > > # search result > search: 2 > result: 0 Success > > # numResponses: 2 > # numEntries: 1 > [root at dc1-ipa-dev-van slapd-DEV-mydomain-NET]# ldapmodify -x -D "cn=directory manager" -W < dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config > changetype: modify > replace: nsds5task > nsds5task: CLEANRUV91 > EOF > > Enter LDAP Password: > modifying entry "cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config" > > [root at dc1-ipa-dev-van slapd-DEV-mydomain-NET]# ldapmodify -x -D "cn=directory manager" -W < dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config > changetype: modify > replace: nsds5task > nsds5task: CLEANRUV86 > EOF > > Enter LDAP Password: > modifying entry "cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config" > > [root at dc1-ipa-dev-van slapd-DEV-mydomain-NET]# ldapsearch -D "cn=directory manager" -W -b "o=ipaca" "(&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff))" nscpentrywsi > Enter LDAP Password: > # extended LDIF > # > # LDAPv3 > # base with scope subtree > # filter: (&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff)) > # requesting: nscpentrywsi > # > > # replica, o\3Dipaca, mapping tree, config > dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config > nscpentrywsi: dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config > nscpentrywsi: objectClass: top > nscpentrywsi: objectClass: nsDS5Replica > nscpentrywsi: objectClass: extensibleobject > nscpentrywsi: nsDS5ReplicaRoot: o=ipaca > nscpentrywsi: nsDS5ReplicaType: 3 > nscpentrywsi: nsDS5ReplicaBindDN: cn=Replication Manager masterAgreement1-dc1- > ipa-dev-nvan.dev-mydomain.net-pki-tomcat,ou=csusers,cn=config > nscpentrywsi: nsDS5ReplicaBindDN: cn=Replication Manager masterAgreement1-dc2- > ipa-dev-nvan.dev-mydomain.net-pki-tomcat,ou=csusers,cn=config > nscpentrywsi: cn: replica > nscpentrywsi: nsDS5ReplicaId: 96 > nscpentrywsi: nsDS5Flags: 1 > nscpentrywsi: creatorsName: uid=pkidbuser,ou=people,o=ipaca > nscpentrywsi: modifiersName: cn=Multimaster Replication Plugin,cn=plugins,cn=c > onfig > nscpentrywsi: createTimestamp: 20160114034427Z > nscpentrywsi: modifyTimestamp: 20160115061052Z > nscpentrywsi: nsState:: YAAAAAAAAADXiphWAAAAAAAAAAAAAAAAAgAAAAAAAAABAAAAAAAAAA > == > nscpentrywsi: nsDS5ReplicaName: 0c97968e-ba7111e5-b1f1cd78-f19552bb > nscpentrywsi: nsds50ruv: {replicageneration} 5697199b000000600000 > nscpentrywsi: nsds50ruv: {replica 96 ldap://dc1-ipa-dev-van.dev-mydomain.ne > t:389} 569719a0000000600000 56988ad9000000600000 > nscpentrywsi: nsds50ruv: {replica 97 ldap://dc1-ipa-dev-nvan.dev-mydomain.n > et:389} 569719a4000000610000 569719e6001100610000 > nscpentrywsi: nsruvReplicaLastModified: {replica 96 ldap://dc1-ipa-dev-van.dev > -mydomain.net:389} 56988ad7 > nscpentrywsi: nsruvReplicaLastModified: {replica 97 ldap://dc1-ipa-dev-nvan.de > v-mydomain.net:389} 00000000 > nscpentrywsi: nsds5ReplicaChangeCount: 430 > nscpentrywsi: nsds5replicareapactive: 0 > > # search result > search: 2 > result: 0 Success > > # numResponses: 2 > # numEntries: 1 > [root at dc1-ipa-dev-van slapd-DEV-mydomain-NET]# > > > ldapsearch -xLLL -D "cn=directory manager" -W -b dc=dev-mydomain,dc=net \ > '(&(nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff)(objectclass=nstombstone))' > > > ldapmodify -D "cn=directory manager" -W -a > dn: cn=clean 7, cn=cleanallruv, cn=tasks, cn=config > objectclass: extensibleObject > replica-base-dn: dc=dev-mydomain,dc=net > replica-id: 7 > cn: clean 7 > > ldapmodify -D "cn=directory manager" -W -a > dn: cn=clean 5, cn=cleanallruv, cn=tasks, cn=config > objectclass: extensibleObject > replica-base-dn: dc=dev-mydomain,dc=net > replica-id: 5 > cn: clean 5 > > dn: cn=clean 8, cn=cleanallruv, cn=tasks, cn=config > objectclass: extensibleObject > replica-base-dn: dc=dev-mydomain,dc=net > replica-id: 8 > cn: clean 8 > > dn: cn=clean 6, cn=cleanallruv, cn=tasks, cn=config > objectclass: extensibleObject > replica-base-dn: dc=dev-mydomain,dc=net > replica-id: 6 > cn: clean 6 > > dn: cn=clean 3, cn=cleanallruv, cn=tasks, cn=config > objectclass: extensibleObject > replica-base-dn: dc=dev-mydomain,dc=net > replica-id: 3 > cn: clean 3 > > dn: cn=clean 9, cn=cleanallruv, cn=tasks, cn=config > objectclass: extensibleObject > replica-base-dn: dc=dev-mydomain,dc=net > replica-id: 9 > cn: clean 9 > > dn: cn=clean 10, cn=cleanallruv, cn=tasks, cn=config > objectclass: extensibleObject > replica-base-dn: dc=dev-mydomain,dc=net > replica-id: 10 > cn: clean 10 > > dn: cn=clean 86, cn=cleanallruv, cn=tasks, cn=config > objectclass: extensibleObject > replica-base-dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config > replica-id: 86 > cn: clean 86 > > > -----Original Message----- > From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Nathan Peters > Sent: January-14-16 8:25 PM > To: Rob Crittenden; Ludwig Krispenz; freeipa-users at redhat.com > Subject: Re: [Freeipa-users] Replication failing on FreeIPA 4.2.0 > > And the saga continues... > > In my latest round of trying to fix this, I've attempted to remove the replicas again, this time ensuring to use the --force and --cleanup flags to try to remove the data. As you can see from the output below, it seems like every possible error that could happen did. Some examples : > > Ruvs needed to be manually cleaned. > Ldapsearch reveals that nothing at all has been deleted in the ruv section, and I still have 6 duplicates somehow > ipa : ERROR Instance removal failed. > ipa : ERROR Failed to remove DS instance. You may need to remove instance data manually > SASL failures while removing or trying to get replication agreements > > At this point I think I may need to manually clean all the old data, but I'm not even sure where to start. > > Also... When dc1 is alone with no replicas, why does he have a ruv for himself... does he need one ? > > And... isn't there supposed to be some kind of clean-all-ruv task or is that not in 4.2.0 but only a later version ? From pspacek at redhat.com Fri Jan 15 08:31:10 2016 From: pspacek at redhat.com (Petr Spacek) Date: Fri, 15 Jan 2016 09:31:10 +0100 Subject: [Freeipa-users] GID, groups and ipa group-show In-Reply-To: <5698A443.90601@redhat.com> References: <55DADD5D.60809@redhat.com> <56980EA3.9050001@redhat.com> <5698A443.90601@redhat.com> Message-ID: <5698AE4E.7080100@redhat.com> On 15.1.2016 08:48, David Kupka wrote: > On 14/01/16 22:09, Rob Crittenden wrote: >> Prasun Gera wrote: >>> This is an old thread, but I can confirm that this is still an issue on >>> RHEL 7.2 + 4.2. This creates problems when there are roles associated >>> with groups, but group membership through GID is broken. I had migrated >>> all old NIS accounts into ipa. I then added the host enrollment role to >>> a particular group. Now, unless I add the users to the group explicitly, >>> they won't get the role, even if their gid is the same as the gid of the >>> group. >> >> The user GIDNumber just sets the default group for POSIX. If you do >> groups on the user I'll bet it shows correctly. >> >> For the purposes of IPA access control, as you've seen, the user must >> have a memberOf for a given group, either directly or indirectly. >> >> rob >> > > Exactly, but the question is, shouldn't IPA add this membership automatically? > (Of course, only in case IPA has group with this GID.) IMHO we should. Currently, the user effectively has different group membership on POSIX systems and non-POSIX systems which read only member attribute. I think that this is surprising and inconsistent. Petr^2 Spacek > > David > >>> On Mon, Aug 24, 2015 at 5:01 AM, David Kupka >> > wrote: >>> >>> On 21/08/15 15:21, bahan w wrote: >>> >>> Hello ! >>> >>> I contact you because I notice something strange with IPA >>> environment. >>> >>> I created a group : >>> ipa group-add g1 --desc="my first group" >>> >>> Then I created a user with the GID of g1 >>> GID1=`ipa group-show g1 | awk '/GID/ {printf("%s",$2)}'` >>> ipa user-add --first=u1 --last=u1 --homedir=/home/u1 >>> --shell=/bin/bash >>> --gidnumber=${GID1} u1 >>> >>> Then when I perform ipa group-show g1 command, I got the >>> following result : >>> ### >>> Group name: g1 >>> Description: my first group >>> GID: >>> ### >>> >>> Same for ipa user-show u1 : >>> ### >>> User login: u1 >>> First name: u1 >>> Last name: u1 >>> Home directory: /home/u1 >>> Login shell: /bin/bash >>> Email address: u1@ >>> UID: >>> GID: >>> Account disabled: False >>> Password: False >>> Member of groups: ipausers >>> Kerberos keys available: False >>> ### >>> >>> These 2 commands does not see u1 as a member of g1. >>> When I try the command id u1, I can see the group : >>> >>> ### >>> id u1 >>> uid=(u1) gid=(g1) groups=(g1) >>> ### >>> >>> Is it the normal behaviour of these IPA commands ? >>> >>> Best regards. >>> >>> Bahan >>> >>> >>> >>> Hello! >>> >>> I'm not sure if this is intended and/or correct behavior or not. >>> Looking at /etc/passwd and /etc/group I see it behaves similarly in >>> a way. >>> >>> You can have following entries in the aforementioned files >>> >>> [/etc/group] >>> ... >>> g1:x:: >>> ... >>> >>> [/etc/passwd] >>> ... >>> u1:x::::/home/u1:/bin/bash >>> ... >>> >>> Looking in /etc/group you can't see user 'u1' is member of group >>> 'g1' but tools like id, groups, getent shows this information. >>> >>> On the other hand it would be useful to show these "implicit" >>> members in group-show output. >>> Could you please file a ticket >>> (https://fedorahosted.org/freeipa/newticket)? >>> >>> -- >>> David Kupka From mkosek at redhat.com Fri Jan 15 09:16:38 2016 From: mkosek at redhat.com (Martin Kosek) Date: Fri, 15 Jan 2016 10:16:38 +0100 Subject: [Freeipa-users] Announcing FreeIPA 4.3.0 - demo In-Reply-To: <5674413E.4000206@redhat.com> References: <5674413E.4000206@redhat.com> Message-ID: <5698B8F6.2070002@redhat.com> On 12/18/2015 06:24 PM, Petr Vobornik wrote: > The FreeIPA team would like to announce FreeIPA v4.3.0 release! > > It can be downloaded from http://www.freeipa.org/page/Downloads. The builds are > available for Fedora rawhide. Builds for Fedora 23 are available in the > official COPR repository > . > > This announcement is also available at > . > > == Highlights in 4.3.0 == > * Simplified management of replication topology - control and display your > topology from CLI and UI > * Simplified replica installation - install replica without ''replica package'' > via OTP, keytab or privileged user credentials. The new method is called > ''replica promotion'' as it adds FreeIPA server capability to existing or new > client > ... FreeIPA demo [1] was upgraded to version 4.3.0. Compared to previous Demo version (4.2.x), you can now see the new Topology tab in "IPA Server" section, to get information about the FreeIPA servers in the realm, including a very thrilling Topology Graph :-) The Apache service was also updated to use a trusted certificate from Let's Encrypt, so you no longer need to waive the nasty Certificate Warning. Thanks to Petr Spacek and Jan Cholasta for helping me setting it up. [1] http://www.freeipa.org/page/Demo From LuisFilipe.Domingues at nagra.com Fri Jan 15 09:48:50 2016 From: LuisFilipe.Domingues at nagra.com (Domingues Luis Filipe) Date: Fri, 15 Jan 2016 09:48:50 +0000 Subject: [Freeipa-users] ns-slapd using all CPU ressources Message-ID: <44CB25C72DF2CF4591AFBE25ED76033FB063A4@CHX-EXMBX-01.hq.k.grp> Hi all, On our infra, we have two machines running Fedora with FreeIPA installed. we have an issue with ns-slapd using 100% of CPU after a while. If we restart the service, it starts to use all CPU resources after one day. Outpute of the command strace -c -p running for 4 minutes is: % time seconds usecs/call calls errors syscall ------ ----------- ----------- --------- --------- ---------------- 99.80 229.603633 11247 20415 poll 0.15 0.340032 10 32983 4 futex 0.05 0.114068 114068 1 restart_syscall 0.00 0.003464 0 20420 20416 getpeername 0.00 0.002752 0 20416 clock_gettime 0.00 0.001920 0 9840 read 0.00 0.000205 5 45 close 0.00 0.000036 2 22 access 0.00 0.000017 1 22 open 0.00 0.000016 1 24 accept 0.00 0.000012 0 45 setsockopt 0.00 0.000007 0 22 fstat 0.00 0.000000 0 22 stat 0.00 0.000000 0 1 sendto 0.00 0.000000 0 24 getsockname 0.00 0.000000 0 4 getsockopt 0.00 0.000000 0 70 fcntl 0.00 0.000000 0 22 gettimeofday ------ ----------- ----------- --------- --------- ---------------- 100.00 230.066162 104398 20420 total Plus we looked at the syscalls using FTrace: ns-slapd-7963 [000] .... 4063846.395630: sys_sched_yield() ns-slapd-7956 [000] .... 4063846.395631: sys_sched_yield -> 0x0 ns-slapd-7956 [000] .... 4063846.395632: sys_sched_yield() ns-slapd-7973 [000] .... 4063846.395633: sys_sched_yield -> 0x0 ns-slapd-7973 [000] .... 4063846.395634: sys_sched_yield() ns-slapd-7965 [000] .... 4063846.395635: sys_sched_yield -> 0x0 ns-slapd-7965 [000] .... 4063846.395637: sys_sched_yield() ns-slapd-7963 [000] .... 4063846.395637: sys_sched_yield -> 0x0 ns-slapd-7963 [000] .... 4063846.395639: sys_sched_yield() ns-slapd-7956 [000] .... 4063846.395640: sys_sched_yield -> 0x0 ns-slapd-7956 [000] .... 4063846.395641: sys_sched_yield() ns-slapd-7973 [000] .... 4063846.395642: sys_sched_yield -> 0x0 ns-slapd-7973 [000] .... 4063846.395643: sys_sched_yield() ns-slapd-7965 [000] .... 4063846.395644: sys_sched_yield -> 0x0 The sys_sched_yield function is called almost every 2 microseconds. It seems too much. Anyone have an idea where this can come from? Bad configuration on our side or some bug on ns-slapd? Regards, Luis Domingues -------------- next part -------------- An HTML attachment was scrubbed... URL: From prasun.gera at gmail.com Fri Jan 15 14:47:57 2016 From: prasun.gera at gmail.com (Prasun Gera) Date: Fri, 15 Jan 2016 09:47:57 -0500 Subject: [Freeipa-users] Announcing FreeIPA 4.3.0 - demo In-Reply-To: <5698B8F6.2070002@redhat.com> References: <5674413E.4000206@redhat.com> <5698B8F6.2070002@redhat.com> Message-ID: This is great. Can you post instructions for getting Let's Encrypt working on 4.2.x ? I had created a thread, but I eventually got stuck, and it felt a bit risky to modify low level things on a production system. This is the thread for reference: https://www.redhat.com/archives/freeipa-users/2015-November/msg00048.html I got as far as adding the root cert manually, but it still didn't work after that. On Fri, Jan 15, 2016 at 4:16 AM, Martin Kosek wrote: > On 12/18/2015 06:24 PM, Petr Vobornik wrote: > > The FreeIPA team would like to announce FreeIPA v4.3.0 release! > > > > It can be downloaded from http://www.freeipa.org/page/Downloads. The > builds are > > available for Fedora rawhide. Builds for Fedora 23 are available in the > > official COPR repository > > . > > > > This announcement is also available at > > . > > > > == Highlights in 4.3.0 == > > * Simplified management of replication topology - control and display > your > > topology from CLI and UI > > * Simplified replica installation - install replica without ''replica > package'' > > via OTP, keytab or privileged user credentials. The new method is called > > ''replica promotion'' as it adds FreeIPA server capability to existing > or new > > client > > ... > > FreeIPA demo [1] was upgraded to version 4.3.0. Compared to previous Demo > version (4.2.x), you can now see the new Topology tab in "IPA Server" > section, > to get information about the FreeIPA servers in the realm, including a very > thrilling Topology Graph :-) > > The Apache service was also updated to use a trusted certificate from Let's > Encrypt, so you no longer need to waive the nasty Certificate Warning. > Thanks > to Petr Spacek and Jan Cholasta for helping me setting it up. > > [1] http://www.freeipa.org/page/Demo > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rcritten at redhat.com Fri Jan 15 14:51:41 2016 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 15 Jan 2016 09:51:41 -0500 Subject: [Freeipa-users] ns-slapd using all CPU ressources In-Reply-To: <44CB25C72DF2CF4591AFBE25ED76033FB063A4@CHX-EXMBX-01.hq.k.grp> References: <44CB25C72DF2CF4591AFBE25ED76033FB063A4@CHX-EXMBX-01.hq.k.grp> Message-ID: <5699077D.7040408@redhat.com> Domingues Luis Filipe wrote: > Hi all, > > On our infra, we have two machines running Fedora with FreeIPA installed. > > we have an issue with ns-slapd using 100% of CPU after a while. If we > restart the service, it starts to use all CPU resources after one day. > > Outpute of the command strace -c -p running for 4 minutes is: > > % time seconds usecs/call calls errors syscall > ------ ----------- ----------- --------- --------- ---------------- > 99.80 229.603633 11247 20415 poll > 0.15 0.340032 10 32983 4 futex > 0.05 0.114068 114068 1 restart_syscall > 0.00 0.003464 0 20420 20416 getpeername > 0.00 0.002752 0 20416 clock_gettime > 0.00 0.001920 0 9840 read > 0.00 0.000205 5 45 close > 0.00 0.000036 2 22 access > 0.00 0.000017 1 22 open > 0.00 0.000016 1 24 accept > 0.00 0.000012 0 45 setsockopt > 0.00 0.000007 0 22 fstat > 0.00 0.000000 0 22 stat > 0.00 0.000000 0 1 sendto > 0.00 0.000000 0 24 getsockname > 0.00 0.000000 0 4 getsockopt > 0.00 0.000000 0 70 fcntl > 0.00 0.000000 0 22 gettimeofday > ------ ----------- ----------- --------- --------- ---------------- > 100.00 230.066162 104398 20420 total > > > > Plus we looked at the syscalls using FTrace: > > ns-slapd-7963 [000] .... 4063846.395630: sys_sched_yield() > ns-slapd-7956 [000] .... 4063846.395631: sys_sched_yield -> 0x0 > ns-slapd-7956 [000] .... 4063846.395632: sys_sched_yield() > ns-slapd-7973 [000] .... 4063846.395633: sys_sched_yield -> 0x0 > ns-slapd-7973 [000] .... 4063846.395634: sys_sched_yield() > ns-slapd-7965 [000] .... 4063846.395635: sys_sched_yield -> 0x0 > ns-slapd-7965 [000] .... 4063846.395637: sys_sched_yield() > ns-slapd-7963 [000] .... 4063846.395637: sys_sched_yield -> 0x0 > ns-slapd-7963 [000] .... 4063846.395639: sys_sched_yield() > ns-slapd-7956 [000] .... 4063846.395640: sys_sched_yield -> 0x0 > ns-slapd-7956 [000] .... 4063846.395641: sys_sched_yield() > ns-slapd-7973 [000] .... 4063846.395642: sys_sched_yield -> 0x0 > ns-slapd-7973 [000] .... 4063846.395643: sys_sched_yield() > ns-slapd-7965 [000] .... 4063846.395644: sys_sched_yield -> 0x0 > > The sys_sched_yield function is called almost every 2 microseconds. It seems too much. Your best bet is to get a pstack or full backtrace to see what 389-ds is doing. See http://directory.fedoraproject.org/docs/389ds/FAQ/faq.html#debugging-hangs rob From rcritten at redhat.com Fri Jan 15 14:55:31 2016 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 15 Jan 2016 09:55:31 -0500 Subject: [Freeipa-users] GID, groups and ipa group-show In-Reply-To: <5698AE4E.7080100@redhat.com> References: <55DADD5D.60809@redhat.com> <56980EA3.9050001@redhat.com> <5698A443.90601@redhat.com> <5698AE4E.7080100@redhat.com> Message-ID: <56990863.3040705@redhat.com> Petr Spacek wrote: > On 15.1.2016 08:48, David Kupka wrote: >> On 14/01/16 22:09, Rob Crittenden wrote: >>> Prasun Gera wrote: >>>> This is an old thread, but I can confirm that this is still an issue on >>>> RHEL 7.2 + 4.2. This creates problems when there are roles associated >>>> with groups, but group membership through GID is broken. I had migrated >>>> all old NIS accounts into ipa. I then added the host enrollment role to >>>> a particular group. Now, unless I add the users to the group explicitly, >>>> they won't get the role, even if their gid is the same as the gid of the >>>> group. >>> >>> The user GIDNumber just sets the default group for POSIX. If you do >>> groups on the user I'll bet it shows correctly. >>> >>> For the purposes of IPA access control, as you've seen, the user must >>> have a memberOf for a given group, either directly or indirectly. >>> >>> rob >>> >> >> Exactly, but the question is, shouldn't IPA add this membership automatically? >> (Of course, only in case IPA has group with this GID.) > > IMHO we should. Currently, the user effectively has different group membership > on POSIX systems and non-POSIX systems which read only member attribute. I > think that this is surprising and inconsistent. Seems like next step is to open the RFE. I wouldn't characterize it as POSIX vs non-POSIX as that could confuse things. It is just that if the user doesn't have a UPG then they probably don't have a memberOf for their GID group. rob From mkosek at redhat.com Fri Jan 15 15:01:54 2016 From: mkosek at redhat.com (Martin Kosek) Date: Fri, 15 Jan 2016 16:01:54 +0100 Subject: [Freeipa-users] Announcing FreeIPA 4.3.0 - demo In-Reply-To: References: <5674413E.4000206@redhat.com> <5698B8F6.2070002@redhat.com> Message-ID: <569909E2.1090600@redhat.com> Yeah, I think we should produce a How To on FreeIPA.org as this is what many people would look for. It was slightly tricky as there were 2 hickups involved: * SELinux policy bug (WIP) * ipa-cacert-manage bug where I had to comment one line Petr/Jan, would you like to create the How To, since you provided me the instructions? On 01/15/2016 03:47 PM, Prasun Gera wrote: > This is great. Can you post instructions for getting Let's Encrypt working > on 4.2.x ? I had created a thread, but I eventually got stuck, and it felt > a bit risky to modify low level things on a production system. > > This is the thread for reference: > https://www.redhat.com/archives/freeipa-users/2015-November/msg00048.html > > I got as far as adding the root cert manually, but it still didn't work > after that. > > On Fri, Jan 15, 2016 at 4:16 AM, Martin Kosek wrote: > >> On 12/18/2015 06:24 PM, Petr Vobornik wrote: >>> The FreeIPA team would like to announce FreeIPA v4.3.0 release! >>> >>> It can be downloaded from http://www.freeipa.org/page/Downloads. The >> builds are >>> available for Fedora rawhide. Builds for Fedora 23 are available in the >>> official COPR repository >>> . >>> >>> This announcement is also available at >>> . >>> >>> == Highlights in 4.3.0 == >>> * Simplified management of replication topology - control and display >> your >>> topology from CLI and UI >>> * Simplified replica installation - install replica without ''replica >> package'' >>> via OTP, keytab or privileged user credentials. The new method is called >>> ''replica promotion'' as it adds FreeIPA server capability to existing >> or new >>> client >>> ... >> >> FreeIPA demo [1] was upgraded to version 4.3.0. Compared to previous Demo >> version (4.2.x), you can now see the new Topology tab in "IPA Server" >> section, >> to get information about the FreeIPA servers in the realm, including a very >> thrilling Topology Graph :-) >> >> The Apache service was also updated to use a trusted certificate from Let's >> Encrypt, so you no longer need to waive the nasty Certificate Warning. >> Thanks >> to Petr Spacek and Jan Cholasta for helping me setting it up. >> >> [1] http://www.freeipa.org/page/Demo >> >> -- >> Manage your subscription for the Freeipa-users mailing list: >> https://www.redhat.com/mailman/listinfo/freeipa-users >> Go to http://freeipa.org for more info on the project >> > From rcritten at redhat.com Fri Jan 15 15:04:23 2016 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 15 Jan 2016 10:04:23 -0500 Subject: [Freeipa-users] Using 3rd party certificates for HTTP/LDAP In-Reply-To: <56981097.4070501@pakos.pl> References: <56782C27.3000102@pakos.pl> <568A6921.6000708@redhat.com> <5697E464.5040907@pakos.pl> <5697EE18.1090406@redhat.com> <56981097.4070501@pakos.pl> Message-ID: <56990A77.3020000@redhat.com> Peter Pakos wrote: > On 14/01/2016 18:51, Rob Crittenden wrote: >> You need to add the new root certs to the pki NSS database. > > As far as I can see those 3 new CA certs are already in the database > (unless you're talking about a different db): > > $ certutil -d /etc/pki/nssdb/ -L > > Certificate Nickname Trust > Attributes > > SSL,S/MIME,JAR/XPI > > IPA.WANDISCO.COM IPA CA CT,C,C > AddTrust ,, > USERTrustRSAAddTrustCA ,, > GandiStandardSSLCA2 ,, > > Please advise. > Discussed in IRC last night but for the sake of history, he needed to add the CA's to the dogtag NSS database in /var/lib/pki/pki-tomcat/alias/ with a trust of C,,. rob From peter at pakos.pl Fri Jan 15 15:16:53 2016 From: peter at pakos.pl (Peter Pakos) Date: Fri, 15 Jan 2016 15:16:53 +0000 Subject: [Freeipa-users] Using 3rd party certificates for HTTP/LDAP In-Reply-To: <56990A77.3020000@redhat.com> References: <56782C27.3000102@pakos.pl> <568A6921.6000708@redhat.com> <5697E464.5040907@pakos.pl> <5697EE18.1090406@redhat.com> <56981097.4070501@pakos.pl> <56990A77.3020000@redhat.com> Message-ID: <56990D65.405@pakos.pl> On 15/01/2016 15:04, Rob Crittenden wrote: > Discussed in IRC last night but for the sake of history, he needed to > add the CA's to the dogtag NSS database in > /var/lib/pki/pki-tomcat/alias/ with a trust of C,,. Yes, I added new root certificates to /etc/pki/pki-tomcat/alias and I was able to start all services. I've noticed that ipa-certupdate command removes them and we're back to square one. Why is it doing this? Which database is it retrieving certificates from? I've re-run ipa-certupdate in verbose mode and I could see that it removes all certificates in different databases (/etc/httpd/alias, /etc/pki/nssdb, /etc/pki/pki-tomcat/alias) and then re-adds them (apart from /etc/pki/pki-tomcat/alias). Also, what is the correct process for renewing 3rd party certificate? Will it be pushed automatically to all servers/clients? I don't want to be in trouble when it comes to renewing it. Thanks. -- Kind regards, Peter Pakos From rcritten at redhat.com Fri Jan 15 15:55:33 2016 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 15 Jan 2016 10:55:33 -0500 Subject: [Freeipa-users] Using 3rd party certificates for HTTP/LDAP In-Reply-To: <56990D65.405@pakos.pl> References: <56782C27.3000102@pakos.pl> <568A6921.6000708@redhat.com> <5697E464.5040907@pakos.pl> <5697EE18.1090406@redhat.com> <56981097.4070501@pakos.pl> <56990A77.3020000@redhat.com> <56990D65.405@pakos.pl> Message-ID: <56991675.5010405@redhat.com> Peter Pakos wrote: > On 15/01/2016 15:04, Rob Crittenden wrote: >> Discussed in IRC last night but for the sake of history, he needed to >> add the CA's to the dogtag NSS database in >> /var/lib/pki/pki-tomcat/alias/ with a trust of C,,. > > Yes, I added new root certificates to /etc/pki/pki-tomcat/alias and I > was able to start all services. > > I've noticed that ipa-certupdate command removes them and we're back to > square one. Why is it doing this? Which database is it retrieving > certificates from? >From LDAP. It is dropping current certs and replacing them with those in the NSS database. > I've re-run ipa-certupdate in verbose mode and I could see that it > removes all certificates in different databases (/etc/httpd/alias, > /etc/pki/nssdb, /etc/pki/pki-tomcat/alias) and then re-adds them (apart > from /etc/pki/pki-tomcat/alias). Yup, looks like this part is missing. Perhaps the assumption was that the CA would be authoritative in this regard. > Also, what is the correct process for renewing 3rd party certificate? > Will it be pushed automatically to all servers/clients? I don't want to > be in trouble when it comes to renewing it. There are two things here: the server certificates and the CA certificates. In both cases you are on your own in doing this for now, you won't get any notification of impending expiration unless your issuing CA tells you. For the server certificates renewal depends on your CA but usually involves resubmitting the original CSR and getting an updated certificate. You then take that to your IPA servers and install that updated certificate. You should be able to do this with certutil. This only affects the IPA masters. Updating the CA certs you'd want to add them to LDAP, replacing the older ones, and then ipa-certupdate will do the rest. You'd need to run this on all clients and servers. rob From peter at pakos.pl Fri Jan 15 16:17:35 2016 From: peter at pakos.pl (Peter Pakos) Date: Fri, 15 Jan 2016 16:17:35 +0000 Subject: [Freeipa-users] CA-less vs CA-ful FreeIPA 4.2 installation Message-ID: <56991B9F.5060907@pakos.pl> Hi, We've been testing FreeIPA system for a while now and we're getting closer to moving it into production. I'm considering both CA-less and CA-ful installation types. I hope you guys can help me make my mind and choose the right decision. What are the pros and cons of each install type? What exactly are we loosing if we choose CA-less install? One of our requirements is to have a 3rd party HTTP and LDAP certificates installed - which install path would be more suitable? I'm also thinking ahead, when it comes to renewing certificates when they expire in 1 year time, which install type would cause less problems? I've failed to find any useful info covering the above points, so if you know anything, please just let me know. I would appreciate your input. Thanks in advance. -- Kind regards, Peter Pakos From peter at pakos.pl Fri Jan 15 16:34:38 2016 From: peter at pakos.pl (Peter Pakos) Date: Fri, 15 Jan 2016 16:34:38 +0000 Subject: [Freeipa-users] Using 3rd party certificates for HTTP/LDAP In-Reply-To: <56991675.5010405@redhat.com> References: <56782C27.3000102@pakos.pl> <568A6921.6000708@redhat.com> <5697E464.5040907@pakos.pl> <5697EE18.1090406@redhat.com> <56981097.4070501@pakos.pl> <56990A77.3020000@redhat.com> <56990D65.405@pakos.pl> <56991675.5010405@redhat.com> Message-ID: <56991F9E.9050104@pakos.pl> On 15/01/2016 15:55, Rob Crittenden wrote: >> I've re-run ipa-certupdate in verbose mode and I could see that it >> removes all certificates in different databases (/etc/httpd/alias, >> /etc/pki/nssdb, /etc/pki/pki-tomcat/alias) and then re-adds them (apart >> from /etc/pki/pki-tomcat/alias). > > Yup, looks like this part is missing. Perhaps the assumption was that > the CA would be authoritative in this regard. Is this a bug? Should this be logged somewhere so it can be looked into? > Updating the CA certs you'd want to add them to LDAP, replacing the > older ones, and then ipa-certupdate will do the rest. You'd need to run > this on all clients and servers. This sounds like a lot of manual work will be involved when it comes to renewal. And without clear and up-to-date information and possibly step-by-step instructions the effort needed to get this sorted is doubled. Please note that it took us many hours to get a 3rd party SSL certificate installed (you would think a very simple task). And the truth is that without this mailing list and #freeipa channel we would still be stuck trying to get to the bottom of this. -- Kind regards, Peter Pakos From Nathan.Peters at globalrelay.net Fri Jan 15 17:57:25 2016 From: Nathan.Peters at globalrelay.net (Nathan Peters) Date: Fri, 15 Jan 2016 17:57:25 +0000 Subject: [Freeipa-users] Replication failing on FreeIPA 4.2.0 In-Reply-To: <5698ABED.90601@redhat.com> References: <5697B18E.2070809@redhat.com> <5698ABED.90601@redhat.com> Message-ID: No dice on the rebuild and RUV cleaning. I'm still getting a pile of these on dc1-van : [15/Jan/2016:17:55:25 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 6e6784a0-b5c911e5-b1f1cd78-f19552bb, CSN 569932db000000040000): I'm also getting these on dc1-nvan: [15/Jan/2016:17:45:36 +0000] attrlist_replace - attr_replace (nsslapd-referral, ldap://dc1-ipa-dev-van.mydomain.net:389/o%3Dipaca) failed. -----Original Message----- From: Ludwig Krispenz [mailto:lkrispen at redhat.com] Sent: January-15-16 12:19 AM To: Nathan Peters Cc: Rob Crittenden; freeipa-users at redhat.com Subject: Re: [Freeipa-users] Replication failing on FreeIPA 4.2.0 On 01/15/2016 08:32 AM, Nathan Peters wrote: > I think I've finally started to make some progress on this. I did a lot of googling and found some stuff to run manually in 389 ds through ldapmodify commands to clean RUVs. During this process the server crashed and when it came back online, suddenly all my ghost RUVs were visible through ipa-replica-manage list-ruv. It was really strange, I had like 5 of them from winsync agreements that kept failing and needing re-initialization, and another 5 from my earlier re-installations of the 2 other domain controllers. > > I ran some more ruv cleanup commands through ldap and they all appear to be gone. I'm not sure how the crash suddenly made them visible though or why they had to be cleaned through ldapmodify directly and ipa-replica-manage could neither see nor clean them. After a crash the RUV could be rebuilt from the changelog, and the changelog could contain references to cleaned ReplicaIds and so they came to live again. The cleanallruv task was enhanced to also clean the changelog, but this fix is in 1.3.4.2+. From akaczka86 at gmail.com Fri Jan 15 20:20:25 2016 From: akaczka86 at gmail.com (Adam Kaczka) Date: Fri, 15 Jan 2016 20:20:25 +0000 Subject: [Freeipa-users] Browser login to IPA "Authentication Required" prompt Message-ID: Hello, This has been bugging me for awhile but how do I turn off the "Authentication Required" prompt that pops up on the GUI when I login to IPA through browser? I can cancel it and lands on the /ipa/ui page but I'd like to not see it by default. Also I take it that the prompt is related to Kerberos login; is the prompt meant to be used as a 2 factor authentication for browser login? -- Best Regards, - Adam -------------- next part -------------- An HTML attachment was scrubbed... URL: From jeff.hallyburton at bloomip.com Sat Jan 16 01:21:55 2016 From: jeff.hallyburton at bloomip.com (Jeff Hallyburton) Date: Fri, 15 Jan 2016 20:21:55 -0500 Subject: [Freeipa-users] Free-IPA failover succeeds, but ssh is broken? Message-ID: Having finished setting up an ipa server and replica, we're trying to test failover to ensure that HA works as expected. We've been able to verify the replication agreements and auto-discovery are working, and both servers are picked up as expected at install time. That said, we're seeing some oddities with failover. Once I shut down the ipa service on the main ipa server, I get most requests completing after about a 2 min window. I am able to: 1. Authenticate to our jump server and get a kerberos ticket 2. kinit successfully as other users However, whenever I try to ssh to another system within our domain, ssh breaks with the following error: $ ssh -vvv automation01 OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 5: Applying options for * debug1: Executing proxy command: exec /usr/bin/sss_ssh_knownhostsproxy -p 22 automation01 debug1: permanently_drop_suid: 1587000001 debug1: identity file /home/jeff.hallyburton/.ssh/id_rsa type -1 debug1: identity file /home/jeff.hallyburton/.ssh/id_rsa-cert type -1 debug1: identity file /home/jeff.hallyburton/.ssh/id_dsa type -1 debug1: identity file /home/jeff.hallyburton/.ssh/id_dsa-cert type -1 debug1: identity file /home/jeff.hallyburton/.ssh/id_ecdsa type -1 debug1: identity file /home/jeff.hallyburton/.ssh/id_ecdsa-cert type -1 debug1: identity file /home/jeff.hallyburton/.ssh/id_ed25519 type -1 debug1: identity file /home/jeff.hallyburton/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.6.1 ssh_exchange_identification: Connection closed by remote host Nothing is logged in either /var/log/messages or /var/log/secure when this happens, so I'm unsure where to begin debugging. Can you offer any insight? Thanks, Jeff Jeff Hallyburton Strategic Systems Engineer Bloomip Inc. Web: http://www.bloomip.com Engineering Support: support at bloomip.com Billing Support: billing at bloomip.com Customer Support Portal: https://my.bloomip.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From Nathan.Peters at globalrelay.net Sat Jan 16 22:09:24 2016 From: Nathan.Peters at globalrelay.net (Nathan Peters) Date: Sat, 16 Jan 2016 22:09:24 +0000 Subject: [Freeipa-users] FreeIPA 4.3.0 replica installation fails with AttributeError: 'NameSpace' object has no attribute 'rpcclient' Message-ID: I'm attempting to add a Fedora 23 Server as a replica in a FreeIPA 4.2.0 CentOS 7.2 domain so I can begin migrating my domain to 4.3.0 and Fedora. Because the domain is still domain level 0, I've prepared the replica file on the old CA master (4.2.0) and installed it on the new Fedora replica and installed the freeipa-server and freeipa-server-dns packages from the 4.3.0 COPR repository. When I attempt the ipa-replica-install command, it fails with AttributeError: 'NameSpace' object has no attribute 'rpcclient' --- debugging info including console and log --- [root at dc2-ipa-dev-van yum.repos.d]# ipa-replica-install --mkhomedir --setup-ca --setup-dns --no-forwarders /var/lib/ipa/replica-info-dc2-ipa-dev-van.mydomain.net.gpg WARNING: conflicting time&date synchronization service 'chronyd' will be disabled in favor of ntpd Directory Manager (existing master) password: Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. ipa.ipapython.install.cli.install_tool(Replica): ERROR 'NameSpace' object has no attribute 'rpcclient' ipa.ipapython.install.cli.install_tool(Replica): ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information [root at dc2-ipa-dev-van yum.repos.d]# cat /var/log/ipareplica-install.log 2016-01-16T22:06:04Z DEBUG Logging to /var/log/ipareplica-install.log 2016-01-16T22:06:04Z DEBUG ipa-replica-install was invoked with arguments ['/var/lib/ipa/replica-info-dc2-ipa-dev-van.mydomain.net.gpg'] and options: { 'no_dns_sshfp': None, 'skip_schema_check': None, 'setup_kra': None, 'ip_addresses': None, 'mkhomedir': True, 'no_pkinit': None, 'http_cert_files': None, 'no_n tp': None, 'verbose': False, 'no_forwarders': True, 'keytab': None, 'ssh_trust_dns': None, 'domain_name': None, 'http_cert_name': None, 'dirsrv_cert_files': N one, 'no_dnssec_validation': None, 'no_reverse': None, 'pkinit_cert_files': None, 'unattended': False, 'auto_reverse': None, 'auto_forwarders': None, 'no_host _dns': None, 'no_sshd': None, 'no_ui_redirect': None, 'dirsrv_config_file': None, 'forwarders': None, 'pkinit_cert_name': None, 'setup_ca': True, 'realm_name' : None, 'skip_conncheck': None, 'no_ssh': None, 'dirsrv_cert_name': None, 'quiet': False, 'server': None, 'setup_dns': True, 'host_name': None, 'log_file': No ne, 'reverse_zones': None, 'allow_zone_overlap': None} 2016-01-16T22:06:04Z DEBUG IPA version 4.3.0-1.fc23 2016-01-16T22:06:04Z DEBUG Starting external process 2016-01-16T22:06:04Z DEBUG args=/usr/sbin/selinuxenabled 2016-01-16T22:06:04Z DEBUG Process finished, return code=1 2016-01-16T22:06:04Z DEBUG stdout= 2016-01-16T22:06:04Z DEBUG stderr= 2016-01-16T22:06:04Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2016-01-16T22:06:04Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2016-01-16T22:06:04Z DEBUG httpd is not configured 2016-01-16T22:06:04Z DEBUG kadmin is not configured 2016-01-16T22:06:04Z DEBUG dirsrv is not configured 2016-01-16T22:06:04Z DEBUG pki-tomcatd is not configured 2016-01-16T22:06:04Z DEBUG install is not configured 2016-01-16T22:06:04Z DEBUG krb5kdc is not configured 2016-01-16T22:06:04Z DEBUG ntpd is not configured 2016-01-16T22:06:04Z DEBUG named is not configured 2016-01-16T22:06:04Z DEBUG ipa_memcached is not configured 2016-01-16T22:06:04Z DEBUG filestore is tracking no files 2016-01-16T22:06:04Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' 2016-01-16T22:06:04Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2016-01-16T22:06:04Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2016-01-16T22:06:04Z DEBUG Starting external process 2016-01-16T22:06:04Z DEBUG args=/usr/sbin/httpd -t -D DUMP_VHOSTS 2016-01-16T22:06:04Z DEBUG Process finished, return code=0 2016-01-16T22:06:04Z DEBUG stdout=VirtualHost configuration: *:8443 dc2-ipa-dev-van.mydomain.net (/etc/httpd/conf.d/nss.conf:83) 2016-01-16T22:06:04Z DEBUG stderr= 2016-01-16T22:06:04Z DEBUG Starting external process 2016-01-16T22:06:04Z DEBUG args=/bin/systemctl is-enabled chronyd.service 2016-01-16T22:06:04Z DEBUG Process finished, return code=0 2016-01-16T22:06:04Z DEBUG stdout=enabled 2016-01-16T22:06:04Z DEBUG stderr= 2016-01-16T22:06:09Z DEBUG Starting external process 2016-01-16T22:06:09Z DEBUG args=/usr/bin/gpg-agent --batch --homedir /tmp/tmpUXsgIeipa/ipa-HOKFdw/.gnupg --daemon /usr/bin/gpg --batch --homedir /tmp/tmpUXsgI eipa/ipa-HOKFdw/.gnupg --passphrase-fd 0 --yes --no-tty -o /tmp/tmpUXsgIeipa/files.tar -d /var/lib/ipa/replica-info-dc2-ipa-dev-van.mydomain.net.gpg 2016-01-16T22:06:10Z DEBUG Process finished, return code=0 2016-01-16T22:06:10Z DEBUG Starting external process 2016-01-16T22:06:10Z DEBUG args=tar xf /tmp/tmpUXsgIeipa/files.tar -C /tmp/tmpUXsgIeipa 2016-01-16T22:06:10Z DEBUG Process finished, return code=0 2016-01-16T22:06:10Z DEBUG stdout= 2016-01-16T22:06:10Z DEBUG stderr= 2016-01-16T22:06:10Z DEBUG Installing replica file with version 40200 (0 means no version in prepared file). 2016-01-16T22:06:10Z DEBUG Check if dc2-ipa-dev-van.mydomain.net is a primary hostname for localhost 2016-01-16T22:06:10Z DEBUG Primary hostname for localhost: dc2-ipa-dev-van.mydomain.net 2016-01-16T22:06:10Z DEBUG Search DNS for dc2-ipa-dev-van.mydomain.net 2016-01-16T22:06:10Z DEBUG Check if dc2-ipa-dev-van.mydomain.net is not a CNAME 2016-01-16T22:06:10Z DEBUG Check reverse address of fe80::250:56ff:feb7:7228%ens32 2016-01-16T22:06:10Z DEBUG Found reverse name: dc2-ipa-dev-van.mydomain.net 2016-01-16T22:06:10Z DEBUG Check reverse address of 10.21.0.98 2016-01-16T22:06:10Z DEBUG Found reverse name: dc2-ipa-dev-van.mydomain.net 2016-01-16T22:06:10Z DEBUG importing all plugin modules in ipalib.plugins... 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.aci 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.automember 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.automount 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.baseldap 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.baseuser 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.batch 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.caacl 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.cert 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.certprofile 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.config 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.delegation 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.dns 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.domainlevel 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.group 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.hbacrule 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.hbacsvc 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.hbacsvcgroup 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.hbactest 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.host 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.hostgroup 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.idrange 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.idviews 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.internal 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.krbtpolicy 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.migration 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.misc 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.netgroup 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.otpconfig 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.otptoken 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.otptoken_yubikey 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.passwd 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.permission 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.ping 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.pkinit 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.privilege 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.pwpolicy 2016-01-16T22:06:10Z DEBUG Starting external process 2016-01-16T22:06:10Z DEBUG args=klist -V 2016-01-16T22:06:10Z DEBUG Process finished, return code=0 2016-01-16T22:06:10Z DEBUG stdout=Kerberos 5 version 1.14 2016-01-16T22:06:10Z DEBUG stderr= 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.radiusproxy 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.realmdomains 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.role 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.rpcclient 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.selfservice 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.selinuxusermap 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.server 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.service 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.servicedelegation 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.session 2016-01-16T22:06:10Z WARNING session memcached servers not running 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.stageuser 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.sudocmd 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.sudocmdgroup 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.sudorule 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.topology 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.trust 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.user 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.vault 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.virtual 2016-01-16T22:06:10Z DEBUG importing all plugin modules in ipaserver.plugins... 2016-01-16T22:06:10Z DEBUG importing plugin module ipaserver.plugins.dogtag 2016-01-16T22:06:10Z DEBUG importing plugin module ipaserver.plugins.join 2016-01-16T22:06:10Z DEBUG importing plugin module ipaserver.plugins.ldap2 2016-01-16T22:06:10Z DEBUG importing plugin module ipaserver.plugins.rabase 2016-01-16T22:06:10Z DEBUG importing plugin module ipaserver.plugins.xmlserver 2016-01-16T22:06:10Z DEBUG importing all plugin modules in ipaserver.install.plugins... 2016-01-16T22:06:10Z DEBUG importing plugin module ipaserver.install.plugins.adtrust 2016-01-16T22:06:10Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master 2016-01-16T22:06:10Z DEBUG importing plugin module ipaserver.install.plugins.dns 2016-01-16T22:06:10Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements 2016-01-16T22:06:10Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed 2016-01-16T22:06:10Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology 2016-01-16T22:06:10Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges 2016-01-16T22:06:10Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions 2016-01-16T22:06:10Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs 2016-01-16T22:06:10Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync 2016-01-16T22:06:10Z DEBUG importing plugin module ipaserver.install.plugins.update_referint 2016-01-16T22:06:10Z DEBUG importing plugin module ipaserver.install.plugins.update_services 2016-01-16T22:06:10Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness 2016-01-16T22:06:10Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt 2016-01-16T22:06:10Z DEBUG SessionAuthManager.register: name=jsonserver_session_139847657508816 2016-01-16T22:06:10Z DEBUG SessionAuthManager.register: name=xmlserver_session_139847657547472 2016-01-16T22:06:11Z DEBUG Mounting ipaserver.rpcserver.sync_token() at '/session/sync_token' 2016-01-16T22:06:11Z DEBUG Mounting ipaserver.rpcserver.xmlserver_session() at '/session/xml' 2016-01-16T22:06:11Z DEBUG session_auth_duration: 0:20:00 2016-01-16T22:06:11Z DEBUG session_auth_duration: 0:20:00 2016-01-16T22:06:11Z DEBUG Mounting ipaserver.rpcserver.xmlserver() at '/xml' 2016-01-16T22:06:11Z DEBUG session_auth_duration: 0:20:00 2016-01-16T22:06:11Z DEBUG Mounting ipaserver.rpcserver.login_password() at '/session/login_password' 2016-01-16T22:06:11Z DEBUG session_auth_duration: 0:20:00 2016-01-16T22:06:11Z DEBUG Mounting ipaserver.rpcserver.jsonserver_session() at '/session/json' 2016-01-16T22:06:11Z DEBUG session_auth_duration: 0:20:00 2016-01-16T22:06:11Z DEBUG Mounting ipaserver.rpcserver.change_password() at '/session/change_password' 2016-01-16T22:06:11Z DEBUG Mounting ipaserver.rpcserver.jsonserver_kerb() at '/json' 2016-01-16T22:06:11Z DEBUG session_auth_duration: 0:20:00 2016-01-16T22:06:11Z DEBUG Mounting ipaserver.rpcserver.login_kerberos() at '/session/login_kerberos' 2016-01-16T22:06:11Z DEBUG session_auth_duration: 0:20:00 2016-01-16T22:06:11Z DEBUG Check if dc1-ipa-dev-van.mydomain.net is a primary hostname for localhost 2016-01-16T22:06:11Z DEBUG Primary hostname for localhost: dc1-ipa-dev-van.mydomain.net 2016-01-16T22:06:11Z DEBUG Search DNS for dc1-ipa-dev-van.mydomain.net 2016-01-16T22:06:11Z DEBUG Check if dc1-ipa-dev-van.mydomain.net is not a CNAME 2016-01-16T22:06:12Z DEBUG Check reverse address of 10.21.0.99 2016-01-16T22:06:12Z DEBUG Found reverse name: dc1-ipa-dev-van.mydomain.net 2016-01-16T22:06:12Z DEBUG importing all plugin modules in ipalib.plugins... 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.aci 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.automember 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.automount 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.baseldap 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.baseuser 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.batch 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.caacl 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.cert 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.certprofile 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.config 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.delegation 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.dns 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.domainlevel 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.group 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.hbacrule 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.hbacsvc 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.hbacsvcgroup 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.hbactest 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.host 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.hostgroup 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.idrange 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.idviews 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.internal 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.krbtpolicy 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.migration 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.misc 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.netgroup 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.otpconfig 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.otptoken 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.otptoken_yubikey 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.passwd 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.permission 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.ping 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.pkinit 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.privilege 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.pwpolicy 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.radiusproxy 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.realmdomains 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.role 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.rpcclient 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.selfservice 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.selinuxusermap 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.server 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.service 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.servicedelegation 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.session 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.stageuser 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.sudocmd 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.sudocmdgroup 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.sudorule 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.topology 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.trust 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.user 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.vault 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.virtual 2016-01-16T22:06:12Z DEBUG importing all plugin modules in ipaserver.plugins... 2016-01-16T22:06:12Z DEBUG importing plugin module ipaserver.plugins.dogtag 2016-01-16T22:06:12Z DEBUG importing plugin module ipaserver.plugins.join 2016-01-16T22:06:12Z DEBUG importing plugin module ipaserver.plugins.ldap2 2016-01-16T22:06:12Z DEBUG importing plugin module ipaserver.plugins.rabase 2016-01-16T22:06:12Z DEBUG importing plugin module ipaserver.plugins.xmlserver 2016-01-16T22:06:12Z DEBUG importing all plugin modules in ipaserver.install.plugins... 2016-01-16T22:06:12Z DEBUG importing plugin module ipaserver.install.plugins.adtrust 2016-01-16T22:06:12Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master 2016-01-16T22:06:12Z DEBUG importing plugin module ipaserver.install.plugins.dns 2016-01-16T22:06:12Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements 2016-01-16T22:06:12Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed 2016-01-16T22:06:12Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology 2016-01-16T22:06:12Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges 2016-01-16T22:06:12Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions 2016-01-16T22:06:12Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs 2016-01-16T22:06:12Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync 2016-01-16T22:06:12Z DEBUG importing plugin module ipaserver.install.plugins.update_referint 2016-01-16T22:06:12Z DEBUG importing plugin module ipaserver.install.plugins.update_services 2016-01-16T22:06:12Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness 2016-01-16T22:06:12Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt 2016-01-16T22:06:12Z DEBUG SessionAuthManager.register: name=jsonserver_session_139847648179216 2016-01-16T22:06:12Z DEBUG SessionAuthManager.register: name=xmlserver_session_139847648180560 2016-01-16T22:06:12Z DEBUG Mounting ipaserver.rpcserver.sync_token() at '/session/sync_token' 2016-01-16T22:06:12Z DEBUG Mounting ipaserver.rpcserver.xmlserver_session() at '/session/xml' 2016-01-16T22:06:12Z DEBUG session_auth_duration: 0:20:00 2016-01-16T22:06:12Z DEBUG session_auth_duration: 0:20:00 2016-01-16T22:06:13Z DEBUG Mounting ipaserver.rpcserver.xmlserver() at '/xml' 2016-01-16T22:06:13Z DEBUG session_auth_duration: 0:20:00 2016-01-16T22:06:13Z DEBUG Mounting ipaserver.rpcserver.login_password() at '/session/login_password' 2016-01-16T22:06:13Z DEBUG session_auth_duration: 0:20:00 2016-01-16T22:06:13Z DEBUG Mounting ipaserver.rpcserver.jsonserver_session() at '/session/json' 2016-01-16T22:06:13Z DEBUG session_auth_duration: 0:20:00 2016-01-16T22:06:13Z DEBUG Mounting ipaserver.rpcserver.change_password() at '/session/change_password' 2016-01-16T22:06:13Z DEBUG Mounting ipaserver.rpcserver.jsonserver_kerb() at '/json' 2016-01-16T22:06:13Z DEBUG session_auth_duration: 0:20:00 2016-01-16T22:06:13Z DEBUG Mounting ipaserver.rpcserver.login_kerberos() at '/session/login_kerberos' 2016-01-16T22:06:13Z DEBUG session_auth_duration: 0:20:00 2016-01-16T22:06:13Z DEBUG Created connection context.ldap2_139847648178768 2016-01-16T22:06:13Z DEBUG raw: domainlevel_get(version=u'2.163') 2016-01-16T22:06:13Z DEBUG domainlevel_get(version=u'2.163') 2016-01-16T22:06:13Z DEBUG flushing ldaps://dc1-ipa-dev-van.mydomain.net from SchemaCache 2016-01-16T22:06:13Z DEBUG retrieving schema for SchemaCache url=ldaps://dc1-ipa-dev-van.mydomain.net conn= 2016-01-16T22:06:14Z DEBUG Check forward/reverse DNS resolution 2016-01-16T22:06:14Z DEBUG Search DNS server dc1-ipa-dev-van.mydomain.net (['10.21.0.99', '10.21.0.99', '10.21.0.99']) for dc1-ipa-dev-van.mydomain.net 2016-01-16T22:06:14Z DEBUG Check reverse address 10.21.0.99 (dc1-ipa-dev-van.mydomain.net) 2016-01-16T22:06:14Z DEBUG Address 10.21.0.99 resolves to: dc1-ipa-dev-van.mydomain.net.. 2016-01-16T22:06:14Z DEBUG Search DNS server dc1-ipa-dev-van.mydomain.net (['10.21.0.99', '10.21.0.99', '10.21.0.99']) for dc2-ipa-dev-van.mydomain.net 2016-01-16T22:06:14Z DEBUG Check reverse address 10.21.0.98 (dc2-ipa-dev-van.mydomain.net) 2016-01-16T22:06:14Z DEBUG Address 10.21.0.98 resolves to: dc2-ipa-dev-van.mydomain.net.. 2016-01-16T22:06:14Z DEBUG Installing CA Replica from master with a merged database 2016-01-16T22:06:14Z DEBUG Destroyed connection context.ldap2_139847648178768 2016-01-16T22:06:14Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2016-01-16T22:06:14Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in execute return_value = self.run() File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 318, in run cfgr.run() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 308, in run self.validate() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 317, in validate for nothing in self._validator(): File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 372, in __runner self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 362, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 359, in step = lambda: next(self.__gen) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 549, in _configure next(validator) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 372, in __runner self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 449, in _handle_exception self.__parent._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 446, in _handle_exception super(ComponentBase, self)._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 362, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 359, in step = lambda: next(self.__gen) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 63, in _install for nothing in self._installer(self.parent): File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 1555, in main install_check(self) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 372, in decorated func(installer) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 656, in install_check dns.install_check(False, True, options, config.host_name) File "/usr/lib/python2.7/site-packages/ipaserver/install/dns.py", line 125, in install_check if not replica or not check_dns_enabled(api): File "/usr/lib/python2.7/site-packages/ipaserver/install/dns.py", line 111, in check_dns_enabled if api.Backend.rpcclient.isconnected(): 2016-01-16T22:06:14Z DEBUG The ipa-replica-install command failed, exception: AttributeError: 'NameSpace' object has no attribute 'rpcclient' 2016-01-16T22:06:14Z ERROR 'NameSpace' object has no attribute 'rpcclient' 2016-01-16T22:06:14Z ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information -------------- next part -------------- An HTML attachment was scrubbed... URL: From Nathan.Peters at globalrelay.net Sun Jan 17 08:48:38 2016 From: Nathan.Peters at globalrelay.net (Nathan Peters) Date: Sun, 17 Jan 2016 08:48:38 +0000 Subject: [Freeipa-users] FreeIPA 4.3.0 replica installation fails with AttributeError: 'NameSpace' object has no attribute 'rpcclient' In-Reply-To: References: Message-ID: In case anyone is having the same issue, I was able to work around this. I found that if I first installed a Fedora 23 Freeipa 4.2.3 replica, it did not complain about the missing attribute. I assume it added it during the 4.2.3 installations because after I had replaced all CentOS 7 domain controllers with Fedora 23 domain controllers, I was able to perform the upgrade to Fedora 30. From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Nathan Peters Sent: January-16-16 2:13 PM To: freeipa-users at redhat.com Subject: [Freeipa-users] FreeIPA 4.3.0 replica installation fails with AttributeError: 'NameSpace' object has no attribute 'rpcclient' I'm attempting to add a Fedora 23 Server as a replica in a FreeIPA 4.2.0 CentOS 7.2 domain so I can begin migrating my domain to 4.3.0 and Fedora. Because the domain is still domain level 0, I've prepared the replica file on the old CA master (4.2.0) and installed it on the new Fedora replica and installed the freeipa-server and freeipa-server-dns packages from the 4.3.0 COPR repository. When I attempt the ipa-replica-install command, it fails with AttributeError: 'NameSpace' object has no attribute 'rpcclient' --- debugging info including console and log --- [root at dc2-ipa-dev-van yum.repos.d]# ipa-replica-install --mkhomedir --setup-ca --setup-dns --no-forwarders /var/lib/ipa/replica-info-dc2-ipa-dev-van.mydomain.net.gpg WARNING: conflicting time&date synchronization service 'chronyd' will be disabled in favor of ntpd Directory Manager (existing master) password: Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. ipa.ipapython.install.cli.install_tool(Replica): ERROR 'NameSpace' object has no attribute 'rpcclient' ipa.ipapython.install.cli.install_tool(Replica): ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information [root at dc2-ipa-dev-van yum.repos.d]# cat /var/log/ipareplica-install.log 2016-01-16T22:06:04Z DEBUG Logging to /var/log/ipareplica-install.log 2016-01-16T22:06:04Z DEBUG ipa-replica-install was invoked with arguments ['/var/lib/ipa/replica-info-dc2-ipa-dev-van.mydomain.net.gpg'] and options: { 'no_dns_sshfp': None, 'skip_schema_check': None, 'setup_kra': None, 'ip_addresses': None, 'mkhomedir': True, 'no_pkinit': None, 'http_cert_files': None, 'no_n tp': None, 'verbose': False, 'no_forwarders': True, 'keytab': None, 'ssh_trust_dns': None, 'domain_name': None, 'http_cert_name': None, 'dirsrv_cert_files': N one, 'no_dnssec_validation': None, 'no_reverse': None, 'pkinit_cert_files': None, 'unattended': False, 'auto_reverse': None, 'auto_forwarders': None, 'no_host _dns': None, 'no_sshd': None, 'no_ui_redirect': None, 'dirsrv_config_file': None, 'forwarders': None, 'pkinit_cert_name': None, 'setup_ca': True, 'realm_name' : None, 'skip_conncheck': None, 'no_ssh': None, 'dirsrv_cert_name': None, 'quiet': False, 'server': None, 'setup_dns': True, 'host_name': None, 'log_file': No ne, 'reverse_zones': None, 'allow_zone_overlap': None} 2016-01-16T22:06:04Z DEBUG IPA version 4.3.0-1.fc23 2016-01-16T22:06:04Z DEBUG Starting external process 2016-01-16T22:06:04Z DEBUG args=/usr/sbin/selinuxenabled 2016-01-16T22:06:04Z DEBUG Process finished, return code=1 2016-01-16T22:06:04Z DEBUG stdout= 2016-01-16T22:06:04Z DEBUG stderr= 2016-01-16T22:06:04Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2016-01-16T22:06:04Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2016-01-16T22:06:04Z DEBUG httpd is not configured 2016-01-16T22:06:04Z DEBUG kadmin is not configured 2016-01-16T22:06:04Z DEBUG dirsrv is not configured 2016-01-16T22:06:04Z DEBUG pki-tomcatd is not configured 2016-01-16T22:06:04Z DEBUG install is not configured 2016-01-16T22:06:04Z DEBUG krb5kdc is not configured 2016-01-16T22:06:04Z DEBUG ntpd is not configured 2016-01-16T22:06:04Z DEBUG named is not configured 2016-01-16T22:06:04Z DEBUG ipa_memcached is not configured 2016-01-16T22:06:04Z DEBUG filestore is tracking no files 2016-01-16T22:06:04Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' 2016-01-16T22:06:04Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2016-01-16T22:06:04Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2016-01-16T22:06:04Z DEBUG Starting external process 2016-01-16T22:06:04Z DEBUG args=/usr/sbin/httpd -t -D DUMP_VHOSTS 2016-01-16T22:06:04Z DEBUG Process finished, return code=0 2016-01-16T22:06:04Z DEBUG stdout=VirtualHost configuration: *:8443 dc2-ipa-dev-van.mydomain.net (/etc/httpd/conf.d/nss.conf:83) 2016-01-16T22:06:04Z DEBUG stderr= 2016-01-16T22:06:04Z DEBUG Starting external process 2016-01-16T22:06:04Z DEBUG args=/bin/systemctl is-enabled chronyd.service 2016-01-16T22:06:04Z DEBUG Process finished, return code=0 2016-01-16T22:06:04Z DEBUG stdout=enabled 2016-01-16T22:06:04Z DEBUG stderr= 2016-01-16T22:06:09Z DEBUG Starting external process 2016-01-16T22:06:09Z DEBUG args=/usr/bin/gpg-agent --batch --homedir /tmp/tmpUXsgIeipa/ipa-HOKFdw/.gnupg --daemon /usr/bin/gpg --batch --homedir /tmp/tmpUXsgI eipa/ipa-HOKFdw/.gnupg --passphrase-fd 0 --yes --no-tty -o /tmp/tmpUXsgIeipa/files.tar -d /var/lib/ipa/replica-info-dc2-ipa-dev-van.mydomain.net.gpg 2016-01-16T22:06:10Z DEBUG Process finished, return code=0 2016-01-16T22:06:10Z DEBUG Starting external process 2016-01-16T22:06:10Z DEBUG args=tar xf /tmp/tmpUXsgIeipa/files.tar -C /tmp/tmpUXsgIeipa 2016-01-16T22:06:10Z DEBUG Process finished, return code=0 2016-01-16T22:06:10Z DEBUG stdout= 2016-01-16T22:06:10Z DEBUG stderr= 2016-01-16T22:06:10Z DEBUG Installing replica file with version 40200 (0 means no version in prepared file). 2016-01-16T22:06:10Z DEBUG Check if dc2-ipa-dev-van.mydomain.net is a primary hostname for localhost 2016-01-16T22:06:10Z DEBUG Primary hostname for localhost: dc2-ipa-dev-van.mydomain.net 2016-01-16T22:06:10Z DEBUG Search DNS for dc2-ipa-dev-van.mydomain.net 2016-01-16T22:06:10Z DEBUG Check if dc2-ipa-dev-van.mydomain.net is not a CNAME 2016-01-16T22:06:10Z DEBUG Check reverse address of fe80::250:56ff:feb7:7228%ens32 2016-01-16T22:06:10Z DEBUG Found reverse name: dc2-ipa-dev-van.mydomain.net 2016-01-16T22:06:10Z DEBUG Check reverse address of 10.21.0.98 2016-01-16T22:06:10Z DEBUG Found reverse name: dc2-ipa-dev-van.mydomain.net 2016-01-16T22:06:10Z DEBUG importing all plugin modules in ipalib.plugins... 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.aci 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.automember 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.automount 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.baseldap 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.baseuser 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.batch 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.caacl 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.cert 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.certprofile 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.config 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.delegation 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.dns 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.domainlevel 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.group 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.hbacrule 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.hbacsvc 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.hbacsvcgroup 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.hbactest 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.host 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.hostgroup 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.idrange 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.idviews 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.internal 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.krbtpolicy 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.migration 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.misc 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.netgroup 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.otpconfig 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.otptoken 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.otptoken_yubikey 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.passwd 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.permission 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.ping 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.pkinit 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.privilege 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.pwpolicy 2016-01-16T22:06:10Z DEBUG Starting external process 2016-01-16T22:06:10Z DEBUG args=klist -V 2016-01-16T22:06:10Z DEBUG Process finished, return code=0 2016-01-16T22:06:10Z DEBUG stdout=Kerberos 5 version 1.14 2016-01-16T22:06:10Z DEBUG stderr= 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.radiusproxy 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.realmdomains 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.role 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.rpcclient 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.selfservice 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.selinuxusermap 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.server 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.service 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.servicedelegation 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.session 2016-01-16T22:06:10Z WARNING session memcached servers not running 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.stageuser 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.sudocmd 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.sudocmdgroup 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.sudorule 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.topology 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.trust 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.user 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.vault 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.virtual 2016-01-16T22:06:10Z DEBUG importing all plugin modules in ipaserver.plugins... 2016-01-16T22:06:10Z DEBUG importing plugin module ipaserver.plugins.dogtag 2016-01-16T22:06:10Z DEBUG importing plugin module ipaserver.plugins.join 2016-01-16T22:06:10Z DEBUG importing plugin module ipaserver.plugins.ldap2 2016-01-16T22:06:10Z DEBUG importing plugin module ipaserver.plugins.rabase 2016-01-16T22:06:10Z DEBUG importing plugin module ipaserver.plugins.xmlserver 2016-01-16T22:06:10Z DEBUG importing all plugin modules in ipaserver.install.plugins... 2016-01-16T22:06:10Z DEBUG importing plugin module ipaserver.install.plugins.adtrust 2016-01-16T22:06:10Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master 2016-01-16T22:06:10Z DEBUG importing plugin module ipaserver.install.plugins.dns 2016-01-16T22:06:10Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements 2016-01-16T22:06:10Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed 2016-01-16T22:06:10Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology 2016-01-16T22:06:10Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges 2016-01-16T22:06:10Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions 2016-01-16T22:06:10Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs 2016-01-16T22:06:10Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync 2016-01-16T22:06:10Z DEBUG importing plugin module ipaserver.install.plugins.update_referint 2016-01-16T22:06:10Z DEBUG importing plugin module ipaserver.install.plugins.update_services 2016-01-16T22:06:10Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness 2016-01-16T22:06:10Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt 2016-01-16T22:06:10Z DEBUG SessionAuthManager.register: name=jsonserver_session_139847657508816 2016-01-16T22:06:10Z DEBUG SessionAuthManager.register: name=xmlserver_session_139847657547472 2016-01-16T22:06:11Z DEBUG Mounting ipaserver.rpcserver.sync_token() at '/session/sync_token' 2016-01-16T22:06:11Z DEBUG Mounting ipaserver.rpcserver.xmlserver_session() at '/session/xml' 2016-01-16T22:06:11Z DEBUG session_auth_duration: 0:20:00 2016-01-16T22:06:11Z DEBUG session_auth_duration: 0:20:00 2016-01-16T22:06:11Z DEBUG Mounting ipaserver.rpcserver.xmlserver() at '/xml' 2016-01-16T22:06:11Z DEBUG session_auth_duration: 0:20:00 2016-01-16T22:06:11Z DEBUG Mounting ipaserver.rpcserver.login_password() at '/session/login_password' 2016-01-16T22:06:11Z DEBUG session_auth_duration: 0:20:00 2016-01-16T22:06:11Z DEBUG Mounting ipaserver.rpcserver.jsonserver_session() at '/session/json' 2016-01-16T22:06:11Z DEBUG session_auth_duration: 0:20:00 2016-01-16T22:06:11Z DEBUG Mounting ipaserver.rpcserver.change_password() at '/session/change_password' 2016-01-16T22:06:11Z DEBUG Mounting ipaserver.rpcserver.jsonserver_kerb() at '/json' 2016-01-16T22:06:11Z DEBUG session_auth_duration: 0:20:00 2016-01-16T22:06:11Z DEBUG Mounting ipaserver.rpcserver.login_kerberos() at '/session/login_kerberos' 2016-01-16T22:06:11Z DEBUG session_auth_duration: 0:20:00 2016-01-16T22:06:11Z DEBUG Check if dc1-ipa-dev-van.mydomain.net is a primary hostname for localhost 2016-01-16T22:06:11Z DEBUG Primary hostname for localhost: dc1-ipa-dev-van.mydomain.net 2016-01-16T22:06:11Z DEBUG Search DNS for dc1-ipa-dev-van.mydomain.net 2016-01-16T22:06:11Z DEBUG Check if dc1-ipa-dev-van.mydomain.net is not a CNAME 2016-01-16T22:06:12Z DEBUG Check reverse address of 10.21.0.99 2016-01-16T22:06:12Z DEBUG Found reverse name: dc1-ipa-dev-van.mydomain.net 2016-01-16T22:06:12Z DEBUG importing all plugin modules in ipalib.plugins... 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.aci 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.automember 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.automount 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.baseldap 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.baseuser 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.batch 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.caacl 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.cert 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.certprofile 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.config 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.delegation 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.dns 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.domainlevel 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.group 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.hbacrule 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.hbacsvc 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.hbacsvcgroup 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.hbactest 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.host 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.hostgroup 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.idrange 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.idviews 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.internal 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.krbtpolicy 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.migration 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.misc 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.netgroup 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.otpconfig 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.otptoken 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.otptoken_yubikey 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.passwd 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.permission 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.ping 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.pkinit 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.privilege 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.pwpolicy 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.radiusproxy 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.realmdomains 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.role 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.rpcclient 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.selfservice 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.selinuxusermap 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.server 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.service 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.servicedelegation 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.session 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.stageuser 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.sudocmd 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.sudocmdgroup 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.sudorule 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.topology 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.trust 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.user 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.vault 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.virtual 2016-01-16T22:06:12Z DEBUG importing all plugin modules in ipaserver.plugins... 2016-01-16T22:06:12Z DEBUG importing plugin module ipaserver.plugins.dogtag 2016-01-16T22:06:12Z DEBUG importing plugin module ipaserver.plugins.join 2016-01-16T22:06:12Z DEBUG importing plugin module ipaserver.plugins.ldap2 2016-01-16T22:06:12Z DEBUG importing plugin module ipaserver.plugins.rabase 2016-01-16T22:06:12Z DEBUG importing plugin module ipaserver.plugins.xmlserver 2016-01-16T22:06:12Z DEBUG importing all plugin modules in ipaserver.install.plugins... 2016-01-16T22:06:12Z DEBUG importing plugin module ipaserver.install.plugins.adtrust 2016-01-16T22:06:12Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master 2016-01-16T22:06:12Z DEBUG importing plugin module ipaserver.install.plugins.dns 2016-01-16T22:06:12Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements 2016-01-16T22:06:12Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed 2016-01-16T22:06:12Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology 2016-01-16T22:06:12Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges 2016-01-16T22:06:12Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions 2016-01-16T22:06:12Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs 2016-01-16T22:06:12Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync 2016-01-16T22:06:12Z DEBUG importing plugin module ipaserver.install.plugins.update_referint 2016-01-16T22:06:12Z DEBUG importing plugin module ipaserver.install.plugins.update_services 2016-01-16T22:06:12Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness 2016-01-16T22:06:12Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt 2016-01-16T22:06:12Z DEBUG SessionAuthManager.register: name=jsonserver_session_139847648179216 2016-01-16T22:06:12Z DEBUG SessionAuthManager.register: name=xmlserver_session_139847648180560 2016-01-16T22:06:12Z DEBUG Mounting ipaserver.rpcserver.sync_token() at '/session/sync_token' 2016-01-16T22:06:12Z DEBUG Mounting ipaserver.rpcserver.xmlserver_session() at '/session/xml' 2016-01-16T22:06:12Z DEBUG session_auth_duration: 0:20:00 2016-01-16T22:06:12Z DEBUG session_auth_duration: 0:20:00 2016-01-16T22:06:13Z DEBUG Mounting ipaserver.rpcserver.xmlserver() at '/xml' 2016-01-16T22:06:13Z DEBUG session_auth_duration: 0:20:00 2016-01-16T22:06:13Z DEBUG Mounting ipaserver.rpcserver.login_password() at '/session/login_password' 2016-01-16T22:06:13Z DEBUG session_auth_duration: 0:20:00 2016-01-16T22:06:13Z DEBUG Mounting ipaserver.rpcserver.jsonserver_session() at '/session/json' 2016-01-16T22:06:13Z DEBUG session_auth_duration: 0:20:00 2016-01-16T22:06:13Z DEBUG Mounting ipaserver.rpcserver.change_password() at '/session/change_password' 2016-01-16T22:06:13Z DEBUG Mounting ipaserver.rpcserver.jsonserver_kerb() at '/json' 2016-01-16T22:06:13Z DEBUG session_auth_duration: 0:20:00 2016-01-16T22:06:13Z DEBUG Mounting ipaserver.rpcserver.login_kerberos() at '/session/login_kerberos' 2016-01-16T22:06:13Z DEBUG session_auth_duration: 0:20:00 2016-01-16T22:06:13Z DEBUG Created connection context.ldap2_139847648178768 2016-01-16T22:06:13Z DEBUG raw: domainlevel_get(version=u'2.163') 2016-01-16T22:06:13Z DEBUG domainlevel_get(version=u'2.163') 2016-01-16T22:06:13Z DEBUG flushing ldaps://dc1-ipa-dev-van.mydomain.net from SchemaCache 2016-01-16T22:06:13Z DEBUG retrieving schema for SchemaCache url=ldaps://dc1-ipa-dev-van.mydomain.net conn= 2016-01-16T22:06:14Z DEBUG Check forward/reverse DNS resolution 2016-01-16T22:06:14Z DEBUG Search DNS server dc1-ipa-dev-van.mydomain.net (['10.21.0.99', '10.21.0.99', '10.21.0.99']) for dc1-ipa-dev-van.mydomain.net 2016-01-16T22:06:14Z DEBUG Check reverse address 10.21.0.99 (dc1-ipa-dev-van.mydomain.net) 2016-01-16T22:06:14Z DEBUG Address 10.21.0.99 resolves to: dc1-ipa-dev-van.mydomain.net.. 2016-01-16T22:06:14Z DEBUG Search DNS server dc1-ipa-dev-van.mydomain.net (['10.21.0.99', '10.21.0.99', '10.21.0.99']) for dc2-ipa-dev-van.mydomain.net 2016-01-16T22:06:14Z DEBUG Check reverse address 10.21.0.98 (dc2-ipa-dev-van.mydomain.net) 2016-01-16T22:06:14Z DEBUG Address 10.21.0.98 resolves to: dc2-ipa-dev-van.mydomain.net.. 2016-01-16T22:06:14Z DEBUG Installing CA Replica from master with a merged database 2016-01-16T22:06:14Z DEBUG Destroyed connection context.ldap2_139847648178768 2016-01-16T22:06:14Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2016-01-16T22:06:14Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in execute return_value = self.run() File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 318, in run cfgr.run() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 308, in run self.validate() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 317, in validate for nothing in self._validator(): File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 372, in __runner self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 362, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 359, in step = lambda: next(self.__gen) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 549, in _configure next(validator) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 372, in __runner self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 449, in _handle_exception self.__parent._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 446, in _handle_exception super(ComponentBase, self)._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 362, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 359, in step = lambda: next(self.__gen) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 63, in _install for nothing in self._installer(self.parent): File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 1555, in main install_check(self) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 372, in decorated func(installer) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 656, in install_check dns.install_check(False, True, options, config.host_name) File "/usr/lib/python2.7/site-packages/ipaserver/install/dns.py", line 125, in install_check if not replica or not check_dns_enabled(api): File "/usr/lib/python2.7/site-packages/ipaserver/install/dns.py", line 111, in check_dns_enabled if api.Backend.rpcclient.isconnected(): 2016-01-16T22:06:14Z DEBUG The ipa-replica-install command failed, exception: AttributeError: 'NameSpace' object has no attribute 'rpcclient' 2016-01-16T22:06:14Z ERROR 'NameSpace' object has no attribute 'rpcclient' 2016-01-16T22:06:14Z ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information -------------- next part -------------- An HTML attachment was scrubbed... URL: From Nathan.Peters at globalrelay.net Sun Jan 17 09:10:15 2016 From: Nathan.Peters at globalrelay.net (Nathan Peters) Date: Sun, 17 Jan 2016 09:10:15 +0000 Subject: [Freeipa-users] Replication failing on FreeIPA 4.2.0 In-Reply-To: References: <5697B18E.2070809@redhat.com> <5698ABED.90601@redhat.com> Message-ID: After some amount of work, I was able to get my system back to a state where it seems to be replicating ok, but not with FreeIPA 4.2.0. Because this was a production system with several hundred users and computers attached to it, a wipe of the domain was not an option so I decided to chance that the new replication topology features would help. I replaced each CentOS 7 domain controller with a Fedora 23 FreeIPA 4.2.3 host and while doing so I noticed an odd behavior of the RUVs. I know about the current bug where deleting a replica doesn't delete its RUV and I experienced that. I would run a command like this : dn: cn=clean 4, cn=cleanallruv, cn=tasks, cn=config objectclass: top objectclass: extensibleObject replica-base-dn: dc=mydomain,dc=net replica-id: 4 replica-force-cleaning: yes cn: clean 4 It would fail only if I was not in a current agreement with the new Fedora RUV for that host. Ie, if the old CentOS host had a RUV of 4, and the new Fedora host 15, and I was in an agreement with 15, that ldap code would delete 4, but if I was not in an agreement with 15, it would fail. After A while I had every server in an agreement with all others and got all the old RUVs cleared. I was still experiencing strange error messages in my logs with FreeIPA 4.2.3 so I decided to go all the way to 4.3.0. Here are the 4.2.3 errors : [16/Jan/2016:22:29:12 -0800] NSMMReplicationPlugin - replica_replace_ruv_tombstone: failed to update replication update vector for replica dc=mydomain,dc=net: LDAP error - 53 [16/Jan/2016:22:29:13 -0800] NSMMReplicationPlugin - agmt_delete: begin [16/Jan/2016:22:32:51 -0800] slapi_ldap_bind - Error: could not bind id [cn=Replication Manager masterAgreement1-dc2-ipa-dev-van.mydomain.net-pki-tomcat,ou=csusers,cn=config] authentication mechanism [SIMPLE]: error 32 (No such object) errno 0 (Success) On 4 servers, 3 upgrades to 4.3.0 went smooth, and 1 just hung during the %post section of the dnf install for an hour with ns-lapd process taking 100% cpu on all 4 cores until I stopped it. A subsequent ipa-server-upgrade fixed everything. With the new replication topology management graphs and controls in the ui, I was able to find some missing segments and replace some that were for some reason only 1 way. Replication seems to actually be proceeding smoothly and now instead of getting the hundreds of error log entries per second that I had reported in my earlier posts, I am only getting about 3 every 5 minutes. The bugs that were present in 4.2.0 and 4.2.3 seem to be almost entirely gone. I have ran the new topology suffix verification commands and they say everything is ok. I still get these errors in batches of 3, but they don't seem to be doing anything harmful in terms of my systems ability to operating and replicate properly : [17/Jan/2016:01:07:27 -0800] attrlist_replace - attr_replace (nsslapd-referral, ldap://dc1-ipa-dev-nvan.mydomain.net:389/o%3Dipaca) failed. -----Original Message----- From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Nathan Peters Sent: January-15-16 10:00 AM To: Ludwig Krispenz Cc: freeipa-users at redhat.com Subject: Re: [Freeipa-users] Replication failing on FreeIPA 4.2.0 No dice on the rebuild and RUV cleaning. I'm still getting a pile of these on dc1-van : [15/Jan/2016:17:55:25 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 6e6784a0-b5c911e5-b1f1cd78-f19552bb, CSN 569932db000000040000): I'm also getting these on dc1-nvan: [15/Jan/2016:17:45:36 +0000] attrlist_replace - attr_replace (nsslapd-referral, ldap://dc1-ipa-dev-van.mydomain.net:389/o%3Dipaca) failed. -----Original Message----- From: Ludwig Krispenz [mailto:lkrispen at redhat.com] Sent: January-15-16 12:19 AM To: Nathan Peters Cc: Rob Crittenden; freeipa-users at redhat.com Subject: Re: [Freeipa-users] Replication failing on FreeIPA 4.2.0 On 01/15/2016 08:32 AM, Nathan Peters wrote: > I think I've finally started to make some progress on this. I did a lot of googling and found some stuff to run manually in 389 ds through ldapmodify commands to clean RUVs. During this process the server crashed and when it came back online, suddenly all my ghost RUVs were visible through ipa-replica-manage list-ruv. It was really strange, I had like 5 of them from winsync agreements that kept failing and needing re-initialization, and another 5 from my earlier re-installations of the 2 other domain controllers. > > I ran some more ruv cleanup commands through ldap and they all appear to be gone. I'm not sure how the crash suddenly made them visible though or why they had to be cleaned through ldapmodify directly and ipa-replica-manage could neither see nor clean them. After a crash the RUV could be rebuilt from the changelog, and the changelog could contain references to cleaned ReplicaIds and so they came to live again. The cleanallruv task was enhanced to also clean the changelog, but this fix is in 1.3.4.2+. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project From zeal at freecharge.com Sun Jan 17 11:14:42 2016 From: zeal at freecharge.com (Zeal Vora) Date: Sun, 17 Jan 2016 16:44:42 +0530 Subject: [Freeipa-users] Clients with Multi Master IPA replication Message-ID: Hi I have setup a multi-master IPA server. I was wondering for IPA Client, which URL should we add in to ? Should we setup a DNS entry with round robin ? But then if single Master fails, the queries will still reach to it. What is the ideal way to implement in such scenarios ? Any help will be appreciated ! Thanks, Zeal -------------- next part -------------- An HTML attachment was scrubbed... URL: From Nathan.Peters at globalrelay.net Sun Jan 17 11:46:42 2016 From: Nathan.Peters at globalrelay.net (Nathan Peters) Date: Sun, 17 Jan 2016 11:46:42 +0000 Subject: [Freeipa-users] Clients with Multi Master IPA replication In-Reply-To: References: Message-ID: Hey Zeal, When you join a FreeIPA client to a domain, as long as you put the address of at least one of the FreeIPA servers (if they are serving DNS) in the /etc/resolv.conf file, they will use DNS to find FreeIPA servers. Specifically they look for _SRV records. I think they naturally prefer hosts in the same subnet as them, but will talk to anything available if nothing close answers. This applies both during the join process, and in regular operation. This way you don?t have to worry about messing with your DNS records, FreeIPA handles it all for you. From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Zeal Vora Sent: January-17-16 3:21 AM To: freeipa-users at redhat.com Subject: [Freeipa-users] Clients with Multi Master IPA replication Hi I have setup a multi-master IPA server. I was wondering for IPA Client, which URL should we add in to ? Should we setup a DNS entry with round robin ? But then if single Master fails, the queries will still reach to it. What is the ideal way to implement in such scenarios ? Any help will be appreciated ! Thanks, Zeal -------------- next part -------------- An HTML attachment was scrubbed... URL: From Nathan.Peters at globalrelay.net Sun Jan 17 12:14:00 2016 From: Nathan.Peters at globalrelay.net (Nathan Peters) Date: Sun, 17 Jan 2016 12:14:00 +0000 Subject: [Freeipa-users] Replication failing on FreeIPA 4.2.0 In-Reply-To: References: <5697B18E.2070809@redhat.com> <5698ABED.90601@redhat.com> Message-ID: After a bunch more troubleshooting I finally have logs that are error free on all 4 servers :-) I couldn't find anything really useful on Google about this particular error : attrlist_replace - attr_replace (nsslapd-referral, ldap://ipadc.mydomain.net:389/o%3Dipaca) failed So I am going to write about my experiences fixing it. There was a clue in a thread here : https://www.redhat.com/archives/freeipa-users/2015-March/msg00699.html But if you are like me and chose FreeIPA because you wanted to spend your time managing a lot of computers without worrying about the gorry technical details of 389 directory server, the answer given in that thread needs some explaining. On every domain controller in your network run this command : ldapsearch -D "cn=directory manager" -W -b "o=ipaca" "(&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff))" nscpentrywsi In the output on each server, look for the following key : It tells you the server's current ID : nscpentrywsi: nsDS5ReplicaId: 1195 Now look for the ruv entries that look like this : nscpentrywsi: nsds50ruv: {replica 1195 ldap://dc1-ipa-dev-nvan.mydomain .net:389} 569afd7c000004ab0000 569b5b0e000004ab0000 Any of those ruvs that have an id number after the word replica need to be deleted if the number doesn't match the number of one of your servers. They are old entries from previously deleted agreements. Don't delete any that your servers identified themselves current as though, that will crash the server. Use the following ldap query to delete the old ones (where 21 in CLEANRUV21 is the id number of the agreement you want to delete) : ldapmodify -x -D "cn=directory manager" -W < dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config > changetype: modify > replace: nsds5task > nsds5task: CLEANRUV21 > EOF I noticed more strange behavior here because even after I deleted every old RUV, one of them came back all by itself. I assumed it must be part of an agreement somewhere in the system and was getting re-created automatically so I went hunting for more info. I noticed that the amount of unique servers listed in the error log message on each server uniquely matched the number of maxcsn entries in the ldap output of the tombstone search on each server. The entries looked like this : nscpentrywsi: nsds5agmtmaxcsn: o=ipaca;dc2-ipa-dev-van.mydomain.net-to- dc1-ipa-dev-nvan.mydomain.net;dc1-ipa-dev-nvan.mydomain.net;389 ;unavailable nscpentrywsi: nsds5agmtmaxcsn: o=ipaca;masterAgreement1-dc2-ipa-dev-nvan.mydomain.net-pki-tomcat;dc2-ipa-dev-nvan.mydomain.net;389;1095;569ae e5a000300380000 I could tell by looking at the unavailable it meant it was having trouble getting a csn number, but I didn't know how to delete them safely with ldap syntax. Luckily, the new 4.3.0 interface calls these maxcsn entries segments. Removing them using the web ui is kind of round about, but works eventually. On each server, go to the web ui and one at a time delete and re-create all segments in the ca topology USING THE TEXT BASED ONE, NOT THE GRAPHIC ONE (this requires domain level 1). The reason this works is because the command to delete a domain level segment also doubles as a command to clean local segments that are still in the old local part of the ldap tree from domain level 0. You still have to repeat it on each server (which is kind of funny because you are deleting the domain level objects multiple times, but only because you need to cause the local trigger on each server). I noticed that after re-creation the names of the maxcsn entries in that ldap query result are much more uniform. There are no 'masterAgreement' csn types, all member servers that are not the CA master have no entries at all, even after replication, and on the master, they are all labelled with the -to- syntax instead of the pki syntax. I also noticed that some of my old invalid agreements had the same server name on both sides of the -to- and now they all perfectly match the segment names in the web ui. I'm assuming all the bugs in 4.1.4 and 4.2.0 and 4.2.3 created a lot of garbage entries. Luckily, with the tools in 4.3.0 those can all be removed. I have now been staring at logs that have zero errors for over 30 minutes, and I was previously getting hundreds per second. Although this is great news for me, it is not great news for anyone stuck on a CentOS or RHEL machine with no upgrade path to 4.3.0 without switching to Fedora who is experiencing the category of bugs (there were definitely multiple ones) that I encountered trying to fix these replication issues. -----Original Message----- From: Nathan Peters Sent: January-17-16 1:10 AM To: Nathan Peters Cc: freeipa-users at redhat.com Subject: RE: [Freeipa-users] Replication failing on FreeIPA 4.2.0 After some amount of work, I was able to get my system back to a state where it seems to be replicating ok, but not with FreeIPA 4.2.0. Because this was a production system with several hundred users and computers attached to it, a wipe of the domain was not an option so I decided to chance that the new replication topology features would help. I replaced each CentOS 7 domain controller with a Fedora 23 FreeIPA 4.2.3 host and while doing so I noticed an odd behavior of the RUVs. I know about the current bug where deleting a replica doesn't delete its RUV and I experienced that. I would run a command like this : dn: cn=clean 4, cn=cleanallruv, cn=tasks, cn=config objectclass: top objectclass: extensibleObject replica-base-dn: dc=mydomain,dc=net replica-id: 4 replica-force-cleaning: yes cn: clean 4 It would fail only if I was not in a current agreement with the new Fedora RUV for that host. Ie, if the old CentOS host had a RUV of 4, and the new Fedora host 15, and I was in an agreement with 15, that ldap code would delete 4, but if I was not in an agreement with 15, it would fail. After A while I had every server in an agreement with all others and got all the old RUVs cleared. I was still experiencing strange error messages in my logs with FreeIPA 4.2.3 so I decided to go all the way to 4.3.0. Here are the 4.2.3 errors : [16/Jan/2016:22:29:12 -0800] NSMMReplicationPlugin - replica_replace_ruv_tombstone: failed to update replication update vector for replica dc=mydomain,dc=net: LDAP error - 53 [16/Jan/2016:22:29:13 -0800] NSMMReplicationPlugin - agmt_delete: begin [16/Jan/2016:22:32:51 -0800] slapi_ldap_bind - Error: could not bind id [cn=Replication Manager masterAgreement1-dc2-ipa-dev-van.mydomain.net-pki-tomcat,ou=csusers,cn=config] authentication mechanism [SIMPLE]: error 32 (No such object) errno 0 (Success) On 4 servers, 3 upgrades to 4.3.0 went smooth, and 1 just hung during the %post section of the dnf install for an hour with ns-lapd process taking 100% cpu on all 4 cores until I stopped it. A subsequent ipa-server-upgrade fixed everything. With the new replication topology management graphs and controls in the ui, I was able to find some missing segments and replace some that were for some reason only 1 way. Replication seems to actually be proceeding smoothly and now instead of getting the hundreds of error log entries per second that I had reported in my earlier posts, I am only getting about 3 every 5 minutes. The bugs that were present in 4.2.0 and 4.2.3 seem to be almost entirely gone. I have ran the new topology suffix verification commands and they say everything is ok. I still get these errors in batches of 3, but they don't seem to be doing anything harmful in terms of my systems ability to operating and replicate properly : [17/Jan/2016:01:07:27 -0800] attrlist_replace - attr_replace (nsslapd-referral, ldap://dc1-ipa-dev-nvan.mydomain.net:389/o%3Dipaca) failed. -----Original Message----- From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Nathan Peters Sent: January-15-16 10:00 AM To: Ludwig Krispenz Cc: freeipa-users at redhat.com Subject: Re: [Freeipa-users] Replication failing on FreeIPA 4.2.0 No dice on the rebuild and RUV cleaning. I'm still getting a pile of these on dc1-van : [15/Jan/2016:17:55:25 +0000] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): Skipping update operation with no message_id (uniqueid 6e6784a0-b5c911e5-b1f1cd78-f19552bb, CSN 569932db000000040000): I'm also getting these on dc1-nvan: [15/Jan/2016:17:45:36 +0000] attrlist_replace - attr_replace (nsslapd-referral, ldap://dc1-ipa-dev-van.mydomain.net:389/o%3Dipaca) failed. -----Original Message----- From: Ludwig Krispenz [mailto:lkrispen at redhat.com] Sent: January-15-16 12:19 AM To: Nathan Peters Cc: Rob Crittenden; freeipa-users at redhat.com Subject: Re: [Freeipa-users] Replication failing on FreeIPA 4.2.0 On 01/15/2016 08:32 AM, Nathan Peters wrote: > I think I've finally started to make some progress on this. I did a lot of googling and found some stuff to run manually in 389 ds through ldapmodify commands to clean RUVs. During this process the server crashed and when it came back online, suddenly all my ghost RUVs were visible through ipa-replica-manage list-ruv. It was really strange, I had like 5 of them from winsync agreements that kept failing and needing re-initialization, and another 5 from my earlier re-installations of the 2 other domain controllers. > > I ran some more ruv cleanup commands through ldap and they all appear to be gone. I'm not sure how the crash suddenly made them visible though or why they had to be cleaned through ldapmodify directly and ipa-replica-manage could neither see nor clean them. After a crash the RUV could be rebuilt from the changelog, and the changelog could contain references to cleaned ReplicaIds and so they came to live again. The cleanallruv task was enhanced to also clean the changelog, but this fix is in 1.3.4.2+. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project From zeal at freecharge.com Sun Jan 17 12:46:33 2016 From: zeal at freecharge.com (Zeal Vora) Date: Sun, 17 Jan 2016 18:16:33 +0530 Subject: [Freeipa-users] Clients with Multi Master IPA replication In-Reply-To: References: Message-ID: Thanks Nathan. Actually, the FreeIPA servers are not serving DNS. For this way, we will have to do it some other way ? On Sun, Jan 17, 2016 at 5:16 PM, Nathan Peters < Nathan.Peters at globalrelay.net> wrote: > Hey Zeal, > > > > When you join a FreeIPA client to a domain, as long as you put the address > of at least one of the FreeIPA servers (if they are serving DNS) in the > /etc/resolv.conf file, they will use DNS to find FreeIPA servers. > Specifically they look for _SRV records. I think they naturally prefer > hosts in the same subnet as them, but will talk to anything available if > nothing close answers. > > > > This applies both during the join process, and in regular operation. > > > > This way you don?t have to worry about messing with your DNS records, > FreeIPA handles it all for you. > > > > *From:* freeipa-users-bounces at redhat.com [mailto: > freeipa-users-bounces at redhat.com] *On Behalf Of *Zeal Vora > *Sent:* January-17-16 3:21 AM > *To:* freeipa-users at redhat.com > *Subject:* [Freeipa-users] Clients with Multi Master IPA replication > > > > Hi > > > > I have setup a multi-master IPA server. > > > > I was wondering for IPA Client, which URL should we add in to ? > > > > Should we setup a DNS entry with round robin ? But then if single Master > fails, the queries will still reach to it. > > > > What is the ideal way to implement in such scenarios ? > > > > Any help will be appreciated ! > > > > > > > > Thanks, > > Zeal > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jhrozek at redhat.com Sun Jan 17 13:24:54 2016 From: jhrozek at redhat.com (Jakub Hrozek) Date: Sun, 17 Jan 2016 14:24:54 +0100 Subject: [Freeipa-users] Free-IPA failover succeeds, but ssh is broken? In-Reply-To: References: Message-ID: <32756ABD-BB75-48B4-9BEA-0FEBC650B764@redhat.com> > On 16 Jan 2016, at 02:21, Jeff Hallyburton wrote: > > Having finished setting up an ipa server and replica, we're trying to test failover to ensure that HA works as expected. We've been able to verify the replication agreements and auto-discovery are working, and both servers are picked up as expected at install time. > > That said, we're seeing some oddities with failover. Once I shut down the ipa service on the main ipa server, I get most requests completing after about a 2 min window. I am able to: > > 1. Authenticate to our jump server and get a kerberos ticket > 2. kinit successfully as other users > > However, whenever I try to ssh to another system within our domain, ssh breaks with the following error: > > $ ssh -vvv automation01 > OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: /etc/ssh/ssh_config line 5: Applying options for * > debug1: Executing proxy command: exec /usr/bin/sss_ssh_knownhostsproxy -p 22 automation01 > debug1: permanently_drop_suid: 1587000001 > debug1: identity file /home/jeff.hallyburton/.ssh/id_rsa type -1 > debug1: identity file /home/jeff.hallyburton/.ssh/id_rsa-cert type -1 > debug1: identity file /home/jeff.hallyburton/.ssh/id_dsa type -1 > debug1: identity file /home/jeff.hallyburton/.ssh/id_dsa-cert type -1 > debug1: identity file /home/jeff.hallyburton/.ssh/id_ecdsa type -1 > debug1: identity file /home/jeff.hallyburton/.ssh/id_ecdsa-cert type -1 > debug1: identity file /home/jeff.hallyburton/.ssh/id_ed25519 type -1 > debug1: identity file /home/jeff.hallyburton/.ssh/id_ed25519-cert type -1 > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_6.6.1 > ssh_exchange_identification: Connection closed by remote host > Did you crank up debug level on the machine where sshd is running and see if anything is logged then? > > Nothing is logged in either /var/log/messages or /var/log/secure when this happens, so I'm unsure where to begin debugging. Can you offer any insight? > > Thanks, > > Jeff > > Jeff Hallyburton > Strategic Systems Engineer > Bloomip Inc. > Web: http://www.bloomip.com > > Engineering Support: support at bloomip.com > Billing Support: billing at bloomip.com > Customer Support Portal: https://my.bloomip.com > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project From janellenicole80 at gmail.com Sun Jan 17 14:58:01 2016 From: janellenicole80 at gmail.com (Janelle) Date: Sun, 17 Jan 2016 06:58:01 -0800 Subject: [Freeipa-users] Free-IPA failover succeeds, but ssh is broken? In-Reply-To: <32756ABD-BB75-48B4-9BEA-0FEBC650B764@redhat.com> References: <32756ABD-BB75-48B4-9BEA-0FEBC650B764@redhat.com> Message-ID: <2FEC3962-59F1-4764-929F-12855F9854D7@gmail.com> Hi, Try commenting out the proxy command in /etc/ssh/ssh_config The sssd proxy of ssh is buggy as can be. ~J > On Jan 17, 2016, at 05:24, Jakub Hrozek wrote: > > >> On 16 Jan 2016, at 02:21, Jeff Hallyburton wrote: >> >> Having finished setting up an ipa server and replica, we're trying to test failover to ensure that HA works as expected. We've been able to verify the replication agreements and auto-discovery are working, and both servers are picked up as expected at install time. >> >> That said, we're seeing some oddities with failover. Once I shut down the ipa service on the main ipa server, I get most requests completing after about a 2 min window. I am able to: >> >> 1. Authenticate to our jump server and get a kerberos ticket >> 2. kinit successfully as other users >> >> However, whenever I try to ssh to another system within our domain, ssh breaks with the following error: >> >> $ ssh -vvv automation01 >> OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013 >> debug1: Reading configuration data /etc/ssh/ssh_config >> debug1: /etc/ssh/ssh_config line 5: Applying options for * >> debug1: Executing proxy command: exec /usr/bin/sss_ssh_knownhostsproxy -p 22 automation01 >> debug1: permanently_drop_suid: 1587000001 >> debug1: identity file /home/jeff.hallyburton/.ssh/id_rsa type -1 >> debug1: identity file /home/jeff.hallyburton/.ssh/id_rsa-cert type -1 >> debug1: identity file /home/jeff.hallyburton/.ssh/id_dsa type -1 >> debug1: identity file /home/jeff.hallyburton/.ssh/id_dsa-cert type -1 >> debug1: identity file /home/jeff.hallyburton/.ssh/id_ecdsa type -1 >> debug1: identity file /home/jeff.hallyburton/.ssh/id_ecdsa-cert type -1 >> debug1: identity file /home/jeff.hallyburton/.ssh/id_ed25519 type -1 >> debug1: identity file /home/jeff.hallyburton/.ssh/id_ed25519-cert type -1 >> debug1: Enabling compatibility mode for protocol 2.0 >> debug1: Local version string SSH-2.0-OpenSSH_6.6.1 >> ssh_exchange_identification: Connection closed by remote host > > Did you crank up debug level on the machine where sshd is running and see if anything is logged then? > >> >> Nothing is logged in either /var/log/messages or /var/log/secure when this happens, so I'm unsure where to begin debugging. Can you offer any insight? >> >> Thanks, >> >> Jeff >> >> Jeff Hallyburton >> Strategic Systems Engineer >> Bloomip Inc. >> Web: http://www.bloomip.com >> >> Engineering Support: support at bloomip.com >> Billing Support: billing at bloomip.com >> Customer Support Portal: https://my.bloomip.com >> -- >> Manage your subscription for the Freeipa-users mailing list: >> https://www.redhat.com/mailman/listinfo/freeipa-users >> Go to http://freeipa.org for more info on the project > > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project From Nathan.Peters at globalrelay.net Mon Jan 18 00:01:17 2016 From: Nathan.Peters at globalrelay.net (Nathan Peters) Date: Mon, 18 Jan 2016 00:01:17 +0000 Subject: [Freeipa-users] ipa-adtrust-install fails with Bad talloc magic value - wrong talloc version used/mixed on FreeIPA 4.3.0 Message-ID: I have no idea how to troubleshoot this. I am trying to run ipa-adtrust-install on FreeIPA 4.3.0 Fedora 23 domain. Samba4-command and all other samba4 packages necessary are installed. It fails at step 3 for apparently no reason. Googling reveals pretty much nothing about what a talloc magic value is or why it would be bad or why the installer would crash when attempting to do something with one. [root at dc2-ipa-dev-van ~]# ipa-adtrust-install The log file for this installation can be found in /var/log/ipaserver-install.log ============================================================================== This program will setup components needed to establish trust to AD domains for the FreeIPA Server. This includes: * Configure Samba * Add trust related objects to FreeIPA LDAP server To accept the default shown in brackets, press the Enter key. IPA generated smb.conf detected. Overwrite smb.conf? [no]: yes Do you want to enable support for trusted domains in Schema Compatibility plugin? This will allow clients older than SSSD 1.9 and non-Linux clients to work with trusted users. Enable trusted domains support in slapi-nis? [no]: yes Configuring cross-realm trusts for IPA server requires password for user 'admin'. This user is a regular system account used for IPA server administration. admin password: WARNING: 664 existing users or groups do not have a SID identifier assigned. Installer can run a task to have ipa-sidgen Directory Server plugin generate the SID identifier for all these users. Please note, the in case of a high number of users and groups, the operation might lead to high replication traffic and performance degradation. Refer to ipa-adtrust-install(1) man page for details. Do you want to run the ipa-sidgen task? [no]: no The following operations may take some minutes to complete. Please wait until the prompt is returned. Configuring CIFS [1/22]: stopping smbd [2/22]: creating samba domain object Samba domain object already exists [3/22]: creating samba config registry [error] CalledProcessError: Command '/usr/bin/net conf import /tmp/tmpxOhsCm' return ed non-zero exit status -6 Unexpected error - see /var/log/ipaserver-install.log for details: CalledProcessError: Command '/usr/bin/net conf import /tmp/tmpxOhsCm' returned non-zer o exit status -6 Here is the last part of the log file : 2016-01-17T23:55:15Z DEBUG Samba domain object already exists 2016-01-17T23:55:15Z DEBUG duration: 0 seconds 2016-01-17T23:55:15Z DEBUG [3/22]: creating samba config registry 2016-01-17T23:55:15Z DEBUG Starting external process 2016-01-17T23:55:15Z DEBUG args=/usr/bin/net conf import /tmp/tmpglJmwT 2016-01-17T23:55:15Z DEBUG Process finished, return code=-6 2016-01-17T23:55:15Z DEBUG stdout= 2016-01-17T23:55:15Z DEBUG stderr=Bad talloc magic value - wrong talloc version used/mixed PANIC: Bad talloc magic value - wrong talloc version used/mixed 2016-01-17T23:55:15Z DEBUG Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 447, in start_creation run_step(full_msg, method) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 437, in run_step method() File "/usr/lib/python2.7/site-packages/ipaserver/install/adtrustinstance.py", line 520, in __write_smb_registry ipautil.run(args) File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 481, in run raise CalledProcessError(p.returncode, arg_string, str(output)) CalledProcessError: Command '/usr/bin/net conf import /tmp/tmpglJmwT' returned non-zero exit status -6 2016-01-17T23:55:15Z DEBUG [error] CalledProcessError: Command '/usr/bin/net conf import /tmp/tmpglJmwT' returned non-zero exit status -6 2016-01-17T23:55:15Z DEBUG File "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line 736, in run_script return_value = main_function() File "/usr/sbin/ipa-adtrust-install", line 389, in main smb.create_instance() File "/usr/lib/python2.7/site-packages/ipaserver/install/adtrustinstance.py", line 888, in create_instance self.start_creation(show_service_name=False) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 447, in start_creation run_step(full_msg, method) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 437, in run_step method() File "/usr/lib/python2.7/site-packages/ipaserver/install/adtrustinstance.py", line 520, in __write_smb_registry ipautil.run(args) File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 481, in run raise CalledProcessError(p.returncode, arg_string, str(output)) 2016-01-17T23:55:15Z DEBUG The ipa-adtrust-install command failed, exception: CalledProcessError: Command '/usr/bin/net conf import /tmp/tmpglJmwT' returned non-zero exit status -6 -------------- next part -------------- An HTML attachment was scrubbed... URL: From jeff.hallyburton at bloomip.com Mon Jan 18 00:14:18 2016 From: jeff.hallyburton at bloomip.com (Jeff Hallyburton) Date: Sun, 17 Jan 2016 19:14:18 -0500 Subject: [Freeipa-users] Free-IPA failover succeeds, but ssh is broken? In-Reply-To: <2FEC3962-59F1-4764-929F-12855F9854D7@gmail.com> References: <32756ABD-BB75-48B4-9BEA-0FEBC650B764@redhat.com> <2FEC3962-59F1-4764-929F-12855F9854D7@gmail.com> Message-ID: Janelle, The proxy suggestion was spot on. After that things seem to work normally. Thanks! Jeff Jeff Hallyburton Strategic Systems Engineer Bloomip Inc. Web: http://www.bloomip.com Engineering Support: support at bloomip.com Billing Support: billing at bloomip.com Customer Support Portal: https://my.bloomip.com On Sun, Jan 17, 2016 at 9:58 AM, Janelle wrote: > Hi, > > Try commenting out the proxy command in /etc/ssh/ssh_config > > The sssd proxy of ssh is buggy as can be. > > ~J > > > On Jan 17, 2016, at 05:24, Jakub Hrozek wrote: > > > > > >> On 16 Jan 2016, at 02:21, Jeff Hallyburton < > jeff.hallyburton at bloomip.com> wrote: > >> > >> Having finished setting up an ipa server and replica, we're trying to > test failover to ensure that HA works as expected. We've been able to > verify the replication agreements and auto-discovery are working, and both > servers are picked up as expected at install time. > >> > >> That said, we're seeing some oddities with failover. Once I shut down > the ipa service on the main ipa server, I get most requests completing > after about a 2 min window. I am able to: > >> > >> 1. Authenticate to our jump server and get a kerberos ticket > >> 2. kinit successfully as other users > >> > >> However, whenever I try to ssh to another system within our domain, ssh > breaks with the following error: > >> > >> $ ssh -vvv automation01 > >> OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013 > >> debug1: Reading configuration data /etc/ssh/ssh_config > >> debug1: /etc/ssh/ssh_config line 5: Applying options for * > >> debug1: Executing proxy command: exec /usr/bin/sss_ssh_knownhostsproxy > -p 22 automation01 > >> debug1: permanently_drop_suid: 1587000001 > >> debug1: identity file /home/jeff.hallyburton/.ssh/id_rsa type -1 > >> debug1: identity file /home/jeff.hallyburton/.ssh/id_rsa-cert type -1 > >> debug1: identity file /home/jeff.hallyburton/.ssh/id_dsa type -1 > >> debug1: identity file /home/jeff.hallyburton/.ssh/id_dsa-cert type -1 > >> debug1: identity file /home/jeff.hallyburton/.ssh/id_ecdsa type -1 > >> debug1: identity file /home/jeff.hallyburton/.ssh/id_ecdsa-cert type -1 > >> debug1: identity file /home/jeff.hallyburton/.ssh/id_ed25519 type -1 > >> debug1: identity file /home/jeff.hallyburton/.ssh/id_ed25519-cert type > -1 > >> debug1: Enabling compatibility mode for protocol 2.0 > >> debug1: Local version string SSH-2.0-OpenSSH_6.6.1 > >> ssh_exchange_identification: Connection closed by remote host > > > > Did you crank up debug level on the machine where sshd is running and > see if anything is logged then? > > > >> > >> Nothing is logged in either /var/log/messages or /var/log/secure when > this happens, so I'm unsure where to begin debugging. Can you offer any > insight? > >> > >> Thanks, > >> > >> Jeff > >> > >> Jeff Hallyburton > >> Strategic Systems Engineer > >> Bloomip Inc. > >> Web: http://www.bloomip.com > >> > >> Engineering Support: support at bloomip.com > >> Billing Support: billing at bloomip.com > >> Customer Support Portal: https://my.bloomip.com > >> -- > >> Manage your subscription for the Freeipa-users mailing list: > >> https://www.redhat.com/mailman/listinfo/freeipa-users > >> Go to http://freeipa.org for more info on the project > > > > > > -- > > Manage your subscription for the Freeipa-users mailing list: > > https://www.redhat.com/mailman/listinfo/freeipa-users > > Go to http://freeipa.org for more info on the project > -------------- next part -------------- An HTML attachment was scrubbed... URL: From peter at pakos.pl Mon Jan 18 00:32:19 2016 From: peter at pakos.pl (Peter Pakos) Date: Mon, 18 Jan 2016 00:32:19 +0000 Subject: [Freeipa-users] ipa-certupdate not installing root certificates in /etc/pki/pki-tomcat/alias/ Message-ID: <569C3293.1080603@pakos.pl> Hi, I have FreeIPA 4.2 (CA-ful) install on Centos 7.2 with 3rd party SSL certificates installed for HTTP/LDAP. When I run "ipa-certupdate" I can see that the 3rd party root certificates are being removed from databases (/etc/httpd/alias, /etc/pki/nssdb, /etc/pki/pki-tomcat/alias) and then re-added (apart from /etc/pki/pki-tomcat/alias). Without the 3rd party root certificates in /etc/pki/pki-tomcat/alias, the service pki-tomcatd is unable to start up. This is the complete process I'm following to install 3rd party certificate (please let me know if I'm doing anything wrong): ### 3rd party SSL certificate install ################################## # Gandi *.ipa.wandisco.com certificate chain # AddTrust.pem -> USERTrustRSAAddTrustCA.pem -> GandiStandardSSLCA2.pem -> star.ipa.wandisco.com.crt $ openssl verify -verbose -CAfile <(cat AddTrust.pem USERTrustRSAAddTrustCA.pem GandiStandardSSLCA2.pem) star.ipa.wandisco.com.crt star.ipa.wandisco.com.crt: OK # Bug in ipa-cacert-manage, comment out lines 349-352 $ vim /usr/lib/python2.7/site-packages/ipaserver/install/ipa_cacert_manage.py $ ipa-cacert-manage install AddTrust.pem -n AddTrust -t C,C,C $ ipa-cacert-manage install USERTrustRSAAddTrustCA.pem -n USERTrustRSAAddTrustCA -t C,C,C $ ipa-cacert-manage install GandiStandardSSLCA2.pem -n GandiStandardSSLCA2 -t C,C,C # Add root certificates to databases <- THIS IS WHERE THE ABOVE ROOT CERTIFICATES SHOULD BE INSTALLED IN /etc/pki/pki-tomcat/alias BUT THEY AREN'T $ ipa-certupdate # Create PKCS12 certificate file including private key and full chain $ openssl pkcs12 -export -out star.ipa.wandisco.com.pfx -inkey star.ipa.wandisco.com.key -in star.ipa.wandisco.com.crt -certfile <(cat AddTrust.pem USERTrustRSAAddTrustCA.pem GandiStandardSSLCA2.pem) -name 'GandiWildcardIPA' # Install PKCS12 certificate to LDAP and HTTP databases: $ pk12util -d /etc/dirsrv/slapd-IPA-WANDISCO-COM/ -i star.ipa.wandisco.com.pfx $ pk12util -d /etc/httpd/alias/ -i star.ipa.wandisco.com.pfx # Stop IPA $ ipactl stop # Edit /etc/dirsrv/slapd-IPA-WANDISCO-COM/dse.ldif to point dirsrv to new certificate # Replace: nsSSLPersonalitySSL: Server-Cert # with: nsSSLPersonalitySSL: GandiWildcardIPA # Edit /etc/httpd/conf.d/nss.conf to point httpd to new certificate # Replace: NSSNickname Server-Cert # with: NSSNickname GandiWildcardIPA # Start IPA $ ipactl start ##################################################################### In order to fix this, I have to manually add root certificates to the database: $ certutil -A -d /etc/pki/pki-tomcat/alias/ -n AddTrust -t C,C,C -a < AddTrust.pem $ certutil -A -d /etc/pki/pki-tomcat/alias/ -n USERTrustRSAAddTrustCA -t C,C,C -a < USERTrustRSAAddTrustCA.pem $ certutil -A -d /etc/pki/pki-tomcat/alias/ -n GandiStandardSSLCA2 -t C,C,C -a < GandiStandardSSLCA2.pem Should this not be done automatically by ipa-certupdate? Are the above steps correct for installing 3rd party certificates in FreeIPA 4.2? Should I change anything? We are planning to move these nodes into production very soon, any help would be much appreciated! -- Kind regards, Peter Pakos From Lachlan.Simpson at petermac.org Mon Jan 18 00:54:19 2016 From: Lachlan.Simpson at petermac.org (Simpson Lachlan) Date: Mon, 18 Jan 2016 00:54:19 +0000 Subject: [Freeipa-users] IPA wont start, all services fail In-Reply-To: <20160115065847.GC4316@redhat.com> References: <0137003026EBE54FBEC540C5600C03C432D414@PMC-EXMBX02.petermac.org.au> <20160115065847.GC4316@redhat.com> Message-ID: <0137003026EBE54FBEC540C5600C03C432D71C@PMC-EXMBX02.petermac.org.au> > -----Original Message----- > From: Alexander Bokovoy [mailto:abokovoy at redhat.com] > >This is from the smb log: > > > >It's hard to tell why they won't start, but it looks a little like > >Kerberos won't start because there aren't any values in LDAP, and LDAP > >won't start because Kerberos isn't started? > No, LDAP server startup is not tied to Kerberos. It can perfectly start without that, > as Kerberos in 389-ds is only needed for replication to happen. Great - thanks. > Samba is failing because it cannot get access to LDAP server using GSSAPI, > that's right. > > KDC is failing because LDAP server is not available, that's right too. > ... > You may ignore ACL's plugin output as it just mentions that there are ACLs > against entries which don't exist -- this is normal, because we still have ACLs in > place for cn=dns,$SUFFIX even if you don't configure integrated DNS. These > messages have nothing to do with your problem. ok, thanks. > None of the above is revealing an issue. > > Follow http://www.port389.org/docs/389ds/FAQ/faq.html#debugging-crashes > to enable crashdumps for ns-slapd to see what happens in reality (check > systemd-enabled systems' recipes). Here is where things got interesting - I was 20 minutes in before I realised I had no dirsrv core dumps. New things I learnt while doing this though: - I have 2.5 GB of core files in /var/log/samba/cores/winbindd ? To the best of my knowledge I was using SSSD, I have no idea what winbind is doing there. Can I just delete (yum remove samba-winbind*) it? From the look of it, I'm getting a new winbind core dump every 5 minutes.Could this be stopping samba from running? - /etc/nsswitch.conf is all "files sss" - there's no winbind anywhere. - while following the instructions to "set ulimit -c unlimited" on system I found things that *really* confused me: As noted in the original email, this was in the failed list of systemctld: dirsrv at unix.co.org.au.service and it continues to fail this morning. So I tried running sc start dirsrv.target and that worked: [root at vmts-linuxidm samba]# sc status dirsrv.target ? dirsrv.target - 389 Directory Server Loaded: loaded (/usr/lib/systemd/system/dirsrv.target; enabled; vendor preset: disabled) Active: active since Mon 2016-01-18 09:58:14 AEDT; 1h 20min ago Jan 18 09:58:14 vmts-linuxidm.unix.co.org.au systemd[1]: Reached target 389 Directory Server. Jan 18 09:58:14 vmts-linuxidm.unix.co.org.au systemd[1]: Starting 389 Directory Server. So I stopped it and started dirsrv at unix.co.org.au just to confirm, and yes it's failing. After some testing, I discovered that *this* would work: sc start dirsrv at UNIX-CO-ORG-AU My syntax was all wrong. (Does anyone know how can I clear out bad syntax from the systemctld output?) Anyway, I have a running dirsrv, but SMB still fails, and it's failing on winbind first (see notes below). It looks like it's because there's no Kerberos server available. Indeed, kinit admin is still failing. I think that when I ran ipa-adtrust-install I said no to creating sids for local users. I'm beginning to think that is the root error, but have a feeling that winbind isn't helping either. Does this seem more likely? Cheers L. Notes: Running DIRSRV [root at vmts-linuxidm samba]# sc status dirsrv at UNIX-CO-ORG-AU.service ? dirsrv at UNIX-CO-ORG-AU.service - 389 Directory Server UNIX-CO-ORG-AU. Loaded: loaded (/usr/lib/systemd/system/dirsrv at .service; enabled; vendor preset: disabled) Active: active (running) since Mon 2016-01-18 11:21:25 AEDT; 5min ago Process: 11655 ExecStart=/usr/sbin/ns-slapd -D /etc/dirsrv/slapd-%i -i /var/run/dirsrv/slapd-%i.pid -w /var/run/dirsrv/slapd-%i.startpid (code=exited, status=0/SUCCESS) Main PID: 11656 (ns-slapd) CGroup: /system.slice/system-dirsrv.slice/dirsrv at UNIX-CO-ORG-AU.service ??11656 /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-UNIX-CO-ORG-AU -i /var/run/dirsrv/slapd-UNIX-CO-OR... Jan 18 11:21:25 vmts-linuxidm.unix.co.org.au ns-slapd[11655]: [18/Jan/2016:11:21:25 +1100] - SSL alert: ...led Jan 18 11:21:25 vmts-linuxidm.unix.co.org.au ns-slapd[11655]: [18/Jan/2016:11:21:25 +1100] - SSL alert: ...led Jan 18 11:21:25 vmts-linuxidm.unix.co.org.au ns-slapd[11655]: [18/Jan/2016:11:21:25 +1100] - SSL alert: ...led Jan 18 11:21:25 vmts-linuxidm.unix.co.org.au ns-slapd[11655]: [18/Jan/2016:11:21:25 +1100] - SSL alert: ...led Jan 18 11:21:25 vmts-linuxidm.unix.co.org.au ns-slapd[11655]: [18/Jan/2016:11:21:25 +1100] - SSL alert: ...led Jan 18 11:21:25 vmts-linuxidm.unix.co.org.au ns-slapd[11655]: [18/Jan/2016:11:21:25 +1100] - SSL alert: ...led Jan 18 11:21:25 vmts-linuxidm.unix.co.org.au ns-slapd[11655]: [18/Jan/2016:11:21:25 +1100] SSL Initialization - ...1.2 Jan 18 11:25:06 vmts-linuxidm.unix.co.org.au ns-slapd[11656]: GSSAPI server step 1 Jan 18 11:25:06 vmts-linuxidm.unix.co.org.au ns-slapd[11656]: GSSAPI server step 2 Jan 18 11:25:06 vmts-linuxidm.unix.co.org.au ns-slapd[11656]: GSSAPI server step 3 When samba fails, from journalctl -xe (I'm from Ubuntu land, I'm still getting used to Centos) vmts-linuxidm.unix.co.org.au winbindd[11717]: [2016/01/18 11:25:02.359848, 0] ipa_sam.c:4208(bind_callback_cleanup) vmts-linuxidm.unix.co.org.au winbindd[11717]: kerberos error: code=-1765328228, message=Cannot contact any KDC for realm 'UNIX.CO.ORG.AU' vmts-linuxidm.unix.co.org.au winbindd[11717]: [2016/01/18 11:25:02.359949, 0] ../source3/lib/smbldap.c:998(smbldap_connect_system) vmts-linuxidm.unix.co.org.au winbindd[11717]: failed to bind to server ldapi://%2fvar%2frun%2fslapd-UNIX-CO-ORG-AU.socket with dn="[Anonymous bind]" Error: Local error vmts-linuxidm.unix.co.org.au winbindd[11717]: (unknown) vmts-linuxidm.unix.co.org.au winbindd[11717]: [2016/01/18 11:25:03.361039, 0] ipa_sam.c:4208(bind_callback_cleanup) vmts-linuxidm.unix.co.org.au winbindd[11717]: kerberos error: code=-1765328228, message=Cannot contact any KDC for realm 'UNIX.CO.ORG.AU' vmts-linuxidm.unix.co.org.au winbindd[11717]: [2016/01/18 11:25:04.361894, 0] ipa_sam.c:4208(bind_callback_cleanup) vmts-linuxidm.unix.co.org.au winbindd[11717]: kerberos error: code=-1765328228, message=Cannot contact any KDC for realm 'UNIX.CO.ORG.AU' vmts-linuxidm.unix.co.org.au polkitd[660]: Registered Authentication Agent for unix-process:11718:525588 (system bus name :1.40 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_AU.UTF-8) vmts-linuxidm.unix.co.org.au polkitd[660]: Unregistered Authentication Agent for unix-process:11718:525588 (system bus name :1.40, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_AU.UTF-8) (disconnected from bus) vmts-linuxidm.unix.co.org.au winbindd[11717]: [2016/01/18 11:25:05.362765, 0] ipa_sam.c:4208(bind_callback_cleanup) vmts-linuxidm.unix.co.org.au winbindd[11717]: kerberos error: code=-1765328228, message=Cannot contact any KDC for realm 'UNIX.CO.ORG.AU' vmts-linuxidm.unix.co.org.au polkitd[660]: Registered Authentication Agent for unix-process:11723:525731 (system bus name :1.41 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_AU.UTF-8) vmts-linuxidm.unix.co.org.au systemd[1]: Starting Samba SMB Daemon... Subject: Unit smb.service has begun start-up Defined-By: systemd Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel Unit smb.service has begun starting up. vmts-linuxidm.unix.co.org.au smbd[11729]: GSSAPI client step 1 vmts-linuxidm.unix.co.org.au smbd[11729]: GSSAPI client step 1 vmts-linuxidm.unix.co.org.au ns-slapd[11656]: GSSAPI server step 1 vmts-linuxidm.unix.co.org.au smbd[11729]: GSSAPI client step 1 vmts-linuxidm.unix.co.org.au ns-slapd[11656]: GSSAPI server step 2 vmts-linuxidm.unix.co.org.au smbd[11729]: GSSAPI client step 2 vmts-linuxidm.unix.co.org.au ns-slapd[11656]: GSSAPI server step 3 vmts-linuxidm.unix.co.org.au smbd[11729]: [2016/01/18 11:25:06.183597, 0] ipa_sam.c:3654(get_fallback_group_sid) vmts-linuxidm.unix.co.org.au smbd[11729]: Missing mandatory attribute ipaNTSecurityIdentifier. vmts-linuxidm.unix.co.org.au smbd[11729]: [2016/01/18 11:25:06.183642, 0] ipa_sam.c:4606(pdb_init_ipasam) vmts-linuxidm.unix.co.org.au smbd[11729]: Cannot find SID of fallback group. vmts-linuxidm.unix.co.org.au smbd[11729]: [2016/01/18 11:25:06.183659, 0] ../source3/passdb/pdb_interface.c:179(make_pdb_method_name) vmts-linuxidm.unix.co.org.au smbd[11729]: pdb backend ipasam:ldapi://%2fvar%2frun%2fslapd-UNIX-CO-ORG-AU.socket did not correctly init (error was NT_STATUS_INVALID_PARAMETER) vmts-linuxidm.unix.co.org.au polkitd[660]: Unregistered Authentication Agent for unix-process:11723:525731 (system bus name :1.41, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_AU.UTF-8) (disconnected from bus) vmts-linuxidm.unix.co.org.au systemd[1]: smb.service: main process exited, code=exited, status=1/FAILURE vmts-linuxidm.unix.co.org.au systemd[1]: Failed to start Samba SMB Daemon. Subject: Unit smb.service has failed Defined-By: systemd Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel Unit smb.service has failed. The result is failed. vmts-linuxidm.unix.co.org.au systemd[1]: Unit smb.service entered failed state. vmts-linuxidm.unix.co.org.au systemd[1]: smb.service failed. vmts-linuxidm.unix.co.org.au winbindd[11717]: [2016/01/18 11:25:06.363629, 0] ipa_sam.c:4208(bind_callback_cleanup) vmts-linuxidm.unix.co.org.au winbindd[11717]: kerberos error: code=-1765328228, message=Cannot contact any KDC for realm 'UNIX.CO.ORG.AU' This email (including any attachments or links) may contain confidential and/or legally privileged information and is intended only to be read or used by the addressee. If you are not the intended addressee, any use, distribution, disclosure or copying of this email is strictly prohibited. Confidentiality and legal privilege attached to this email (including any attachments) are not waived or lost by reason of its mistaken delivery to you. If you have received this email in error, please delete it and notify us immediately by telephone or email. Peter MacCallum Cancer Centre provides no guarantee that this transmission is free of virus or that it has not been intercepted or altered and will not be liable for any delay in its receipt. From Nathan.Peters at globalrelay.net Mon Jan 18 03:23:10 2016 From: Nathan.Peters at globalrelay.net (Nathan Peters) Date: Mon, 18 Jan 2016 03:23:10 +0000 Subject: [Freeipa-users] FreeIPA 4.3.0 Replica Installation fails with the hostname is not the primary hostname Message-ID: 2016-01-18T03:00:07Z DEBUG Check if dc2-ipa-dev-van.mydomain.net is a primary hostname for localhost 2016-01-18T03:00:07Z DEBUG Primary hostname for localhost: dc2-ipa-dev-van.mydomain.net 2016-01-18T03:00:07Z DEBUG Search DNS for dc2-ipa-dev-van.mydomain.net 2016-01-18T03:00:07Z DEBUG Check if dc2-ipa-dev-van.mydomain.net is not a CNAME 2016-01-18T03:00:07Z DEBUG Check reverse address of 10.21.0.98 2016-01-18T03:00:07Z DEBUG Found reverse name: dc2-ipa-dev-van.mydomain.net 2016-01-18T03:00:07Z DEBUG Check if dc1-ipa-dev-nvan.mydomain.net is a primary hostname for localhost ------> This line here is strange ----> 2016-01-18T03:00:07Z DEBUG Primary hostname for localhost: dc1-ipa-dev-nvan.mydomain.net.mydomain.net 2016-01-18T03:00:07Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in execute return_value = self.run() File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 318, in run cfgr.run() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 308, in run self.validate() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 317, in validate for nothing in self._validator(): File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 372, in __runner self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 362, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 359, in step = lambda: next(self.__gen) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 549, in _configure next(validator) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 372, in __runner self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 449, in _handle_exception self.__parent._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 446, in _handle_exception super(ComponentBase, self)._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 362, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 359, in step = lambda: next(self.__gen) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 63, in _install for nothing in self._installer(self.parent): File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 1551, in main promote_check(self) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 372, in decorated func(installer) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 394, in decorated func(installer) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 980, in promote_check installutils.verify_fqdn(config.master_host_name, options.no_host_dns) File "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line 168, in verify_fqdn "Please check /etc/hosts or DNS name resolution" % (host_name, ex_name[0])) 2016-01-18T03:00:07Z DEBUG The ipa-replica-install command failed, exception: HostLookupError: The host name dc1-ipa-dev-nvan.mydomain.net does not match the primary host name dc1-ipa-dev-nvan.mydomain.net.mydomain.net. Please check /etc/hosts or DNS name resolution 2016-01-18T03:00:07Z ERROR The host name dc1-ipa-dev-nvan.mydomain.net does not match the primary host name dc1-ipa-dev-nvan.mydomain.net.mydomain.net. Please check /etc/hosts or DNS name resolution 2016-01-18T03:00:07Z ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information So 3 questions : 1)Why does it first check if my hostname is ok, and then check if my hostname matches this other host, and why is it referring to the other remote host as localhost ? 2)Where in the world is it getting the idea that the primary hostname for my host is actually the primary hostname for the other host in a strange format with the domain name on the end twice ? 3)are there any workarounds for this? It seems rather buggy. I have triple checked hostnames on both hosts referenced in that log entry Here is the output that proves that my hostname is fine and not ending with a double domain [root at dc2-ipa-dev-van ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 10.21.0.98 dc2-ipa-dev-van.mydomain.net [root at dc2-ipa-dev-van ~]# cat /etc/hostname dc2-ipa-dev-van.mydomain.net [root at dc2-ipa-dev-van ~]# hostname dc2-ipa-dev-van.mydomain.net and on the other host : [root at dc1-ipa-dev-nvan ~]# hostname dc1-ipa-dev-nvan.mydomain.net [root at dc1-ipa-dev-nvan ~]# cat /etc/hostname dc1-ipa-dev-nvan.mydomain.net [root at dc1-ipa-dev-nvan ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 10.178.0.99 dc1-ipa-dev-nvan.mydomain.net [root at dc1-ipa-dev-nvan ~]# -------------- next part -------------- An HTML attachment was scrubbed... URL: From Nathan.Peters at globalrelay.net Mon Jan 18 03:47:19 2016 From: Nathan.Peters at globalrelay.net (Nathan Peters) Date: Mon, 18 Jan 2016 03:47:19 +0000 Subject: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists Message-ID: This is another issue I'm not sure how to debug or solve in 4.3.0. A failed replica installation left a replica with stuff in the tree, but not configured properly on the localhost. I did ipa-server-install -uninstall as suggested by the installation program and it deleted the local copy of the data, but did not clean the tree. Now all subsequent installations are failing with some duplicate entry error. All packages are up to date so this is not the pki-ca 10.2.6-13 fix issue. I've checked the whole tree for any references to the old copy of the master but I can't find them. That error log is typically unhelpful as it doesn't tell me what entry or where it is looking or finding a duplicate or I would just go delete it myself. 2016-01-18T03:29:55Z DEBUG Fetching nsDS5ReplicaId from master [attempt 1/5] 2016-01-18T03:29:55Z DEBUG Successfully updated nsDS5ReplicaId. 2016-01-18T03:29:55Z DEBUG Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 447, in start_creation run_step(full_msg, method) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 437, in run_step method() File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 413, in __setup_replica repl.setup_promote_replication(self.master_fqdn) File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", line 1589, in setup_promote_replication self.basic_replication_setup(r_conn, r_id, self.repl_man_dn, None) File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", line 983, in basic_replication_setup self.replica_config(conn, replica_id, repldn) File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", line 467, in replica_config conn.add_entry(entry) File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1442, in add_entry self.conn.add_s(str(entry.dn), list(attrs.items())) File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__ self.gen.throw(type, value, traceback) File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 947, in error_handler raise errors.DuplicateEntry() DuplicateEntry: This entry already exists 2016-01-18T03:29:55Z DEBUG [error] DuplicateEntry: This entry already exists 2016-01-18T03:29:55Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in execute return_value = self.run() File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 318, in run cfgr.run() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 310, in run self.execute() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 332, in execute for nothing in self._executor(): File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 372, in __runner self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 362, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 359, in step = lambda: next(self.__gen) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 571, in _configure next(executor) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 372, in __runner self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 449, in _handle_exception self.__parent._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 446, in _handle_exception super(ComponentBase, self)._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 362, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 359, in step = lambda: next(self.__gen) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 63, in _install for nothing in self._installer(self.parent): File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 1553, in main promote(self) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 372, in decorated func(installer) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 1275, in promote promote=True, pkcs12_info=dirsrv_pkcs12_info) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 120, in install_replica_ds promote=promote, File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 398, in create_replica self.start_creation(runtime=60) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 447, in start_creation run_step(full_msg, method) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 437, in run_step method() File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 413, in __setup_replica repl.setup_promote_replication(self.master_fqdn) File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", line 1589, in setup_promote_replication self.basic_replication_setup(r_conn, r_id, self.repl_man_dn, None) File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", line 983, in basic_replication_setup self.replica_config(conn, replica_id, repldn) File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", line 467, in replica_config conn.add_entry(entry) File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1442, in add_entry self.conn.add_s(str(entry.dn), list(attrs.items())) File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__ self.gen.throw(type, value, traceback) File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 947, in error_handler raise errors.DuplicateEntry() 2016-01-18T03:29:55Z DEBUG The ipa-replica-install command failed, exception: DuplicateEntry: This entry already exists 2016-01-18T03:29:55Z ERROR This entry already exists 2016-01-18T03:29:55Z ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information -------------- next part -------------- An HTML attachment was scrubbed... URL: From Lachlan.Simpson at petermac.org Mon Jan 18 04:59:23 2016 From: Lachlan.Simpson at petermac.org (Simpson Lachlan) Date: Mon, 18 Jan 2016 04:59:23 +0000 Subject: [Freeipa-users] IPA wont start, all services fail In-Reply-To: <0137003026EBE54FBEC540C5600C03C432D71C@PMC-EXMBX02.petermac.org.au> References: <0137003026EBE54FBEC540C5600C03C432D414@PMC-EXMBX02.petermac.org.au> <20160115065847.GC4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432D71C@PMC-EXMBX02.petermac.org.au> Message-ID: <0137003026EBE54FBEC540C5600C03C432D87C@PMC-EXMBX02.petermac.org.au> > -----Original Message----- > > My syntax was all wrong. (Does anyone know how can I clear out bad syntax from > the systemctld output?) > > Anyway, I have a running dirsrv, but SMB still fails, and it's failing on winbind first > (see notes below). It looks like it's because there's no Kerberos server available. > Indeed, kinit admin is still failing. I think that when I ran ipa-adtrust-install I said no > to creating sids for local users. > > I'm beginning to think that is the root error, but have a feeling that winbind isn't > helping either. > > > Does this seem more likely? After some more work on this, I see from this documentation that winbind is required: http://www.freeipa.org/page/Active_Directory_trust_setup#Edit_.2Fetc.2Fkrb5.conf (although we are only using one way trusts - does that change anything?) Also, after getting a lot of errors that looked like krb5kdc: cannot initialize realm UNIX.CO.ORG.AU - see log file for details Server error - while fetching master key K/M for realm UNIX.CO.ORG.AU I thought maybe it was because I'd created the realm with lower case - I had a file /var/kerberos/krb5kdc/.k5.unix.co.org.au So I tried destroying that and creating a UNIX.CO.ORG.AU although now I have a new problem - add_principal: Kerberos database constraints violated while creating UNIX.CO.ORG.AU I discover that I'm meant to use ipa service-add (I presume cifs/UNIX.CO.ORG.AU), but that fails bc no Kerberos credentials. Now everything I google takes me, essentially, to the "install ipa" page. Should I just run ipa-server-install and ipa-adtrust-install again? Does that re-write all the important things? Or should I yum remove, then yum install again? (if this is the solution I should try).... Cheers L. This email (including any attachments or links) may contain confidential and/or legally privileged information and is intended only to be read or used by the addressee. If you are not the intended addressee, any use, distribution, disclosure or copying of this email is strictly prohibited. Confidentiality and legal privilege attached to this email (including any attachments) are not waived or lost by reason of its mistaken delivery to you. If you have received this email in error, please delete it and notify us immediately by telephone or email. Peter MacCallum Cancer Centre provides no guarantee that this transmission is free of virus or that it has not been intercepted or altered and will not be liable for any delay in its receipt. From abokovoy at redhat.com Mon Jan 18 07:27:48 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Mon, 18 Jan 2016 09:27:48 +0200 Subject: [Freeipa-users] IPA wont start, all services fail In-Reply-To: <0137003026EBE54FBEC540C5600C03C432D71C@PMC-EXMBX02.petermac.org.au> References: <0137003026EBE54FBEC540C5600C03C432D414@PMC-EXMBX02.petermac.org.au> <20160115065847.GC4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432D71C@PMC-EXMBX02.petermac.org.au> Message-ID: <20160118072748.GO4316@redhat.com> On Mon, 18 Jan 2016, Simpson Lachlan wrote: >> None of the above is revealing an issue. >> >> Follow http://www.port389.org/docs/389ds/FAQ/faq.html#debugging-crashes >> to enable crashdumps for ns-slapd to see what happens in reality (check >> systemd-enabled systems' recipes). > >Here is where things got interesting - I was 20 minutes in before I realised I had >no dirsrv core dumps. > >New things I learnt while doing this though: > > - I have 2.5 GB of core files in /var/log/samba/cores/winbindd ? To the best of my >knowledge I was using SSSD, I have no idea what winbind is doing there. Can I just >delete (yum remove samba-winbind*) it? From the look of it, I'm getting a new winbind >core dump every 5 minutes.Could this be stopping samba from running? smbd and winbindd are required for trust setup but their startup fails because they cannot talk to LDAP server over LDAPI+GSSAPI. That's why they coredump, to indicate issue. However, they are not the issue in themselves, they are consequence of your LDAP server not being able to start. > - /etc/nsswitch.conf is all "files sss" - there's no winbind anywhere. winbindd has multiple operations and we are using trust topology part of it, not identity management. >- while following the instructions to "set ulimit -c unlimited" on system I found things >that *really* confused me: > >As noted in the original email, this was in the failed list of systemctld: > > dirsrv at unix.co.org.au.service > >and it continues to fail this morning. So I tried running > >sc start dirsrv.target > >and that worked: > >[root at vmts-linuxidm samba]# sc status dirsrv.target >? dirsrv.target - 389 Directory Server > Loaded: loaded (/usr/lib/systemd/system/dirsrv.target; enabled; vendor preset: disabled) > Active: active since Mon 2016-01-18 09:58:14 AEDT; 1h 20min ago > >Jan 18 09:58:14 vmts-linuxidm.unix.co.org.au systemd[1]: Reached target 389 Directory Server. >Jan 18 09:58:14 vmts-linuxidm.unix.co.org.au systemd[1]: Starting 389 Directory Server. > > > >So I stopped it and started dirsrv at unix.co.org.au just to confirm, and yes it's failing. >After some testing, I discovered that *this* would work: > >sc start dirsrv at UNIX-CO-ORG-AU > >My syntax was all wrong. (Does anyone know how can I clear out bad syntax from the >systemctld output?) what bad output? systemctl start dirsrv at INSTANCE is the correct syntax where INSTANCE is the same for /etc/dirsrv/slapd-INSTANCE or /var/log/dirsrv/slapd-INSTANCE. The name of instance is produced from the realm by replacing dots with -. >Anyway, I have a running dirsrv, but SMB still fails, and it's failing on winbind first (see >notes below). It looks like it's because there's no Kerberos server available. Indeed, >kinit admin is still failing. I think that when I ran ipa-adtrust-install I said no to creating >sids for local users. >[root at vmts-linuxidm samba]# sc status dirsrv at UNIX-CO-ORG-AU.service >? dirsrv at UNIX-CO-ORG-AU.service - 389 Directory Server UNIX-CO-ORG-AU. > Loaded: loaded (/usr/lib/systemd/system/dirsrv at .service; enabled; vendor preset: disabled) > Active: active (running) since Mon 2016-01-18 11:21:25 AEDT; 5min ago > Process: 11655 ExecStart=/usr/sbin/ns-slapd -D /etc/dirsrv/slapd-%i -i /var/run/dirsrv/slapd-%i.pid -w /var/run/dirsrv/slapd-%i.startpid (code=exited, status=0/SUCCESS) > Main PID: 11656 (ns-slapd) > CGroup: /system.slice/system-dirsrv.slice/dirsrv at UNIX-CO-ORG-AU.service > ??11656 /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-UNIX-CO-ORG-AU -i /var/run/dirsrv/slapd-UNIX-CO-OR... > >Jan 18 11:21:25 vmts-linuxidm.unix.co.org.au ns-slapd[11655]: [18/Jan/2016:11:21:25 +1100] - SSL alert: ...led >Jan 18 11:21:25 vmts-linuxidm.unix.co.org.au ns-slapd[11655]: [18/Jan/2016:11:21:25 +1100] - SSL alert: ...led >Jan 18 11:21:25 vmts-linuxidm.unix.co.org.au ns-slapd[11655]: [18/Jan/2016:11:21:25 +1100] - SSL alert: ...led >Jan 18 11:21:25 vmts-linuxidm.unix.co.org.au ns-slapd[11655]: [18/Jan/2016:11:21:25 +1100] - SSL alert: ...led >Jan 18 11:21:25 vmts-linuxidm.unix.co.org.au ns-slapd[11655]: [18/Jan/2016:11:21:25 +1100] - SSL alert: ...led >Jan 18 11:21:25 vmts-linuxidm.unix.co.org.au ns-slapd[11655]: [18/Jan/2016:11:21:25 +1100] - SSL alert: ...led >Jan 18 11:21:25 vmts-linuxidm.unix.co.org.au ns-slapd[11655]: [18/Jan/2016:11:21:25 +1100] SSL Initialization - ...1.2 >Jan 18 11:25:06 vmts-linuxidm.unix.co.org.au ns-slapd[11656]: GSSAPI server step 1 >Jan 18 11:25:06 vmts-linuxidm.unix.co.org.au ns-slapd[11656]: GSSAPI server step 2 >Jan 18 11:25:06 vmts-linuxidm.unix.co.org.au ns-slapd[11656]: GSSAPI server step 3 So, start KDC. You can at this point simply try 'ipactl restart' -- it will attempt to shutdown and restart all required IPA services, including KDC. -- / Alexander Bokovoy From abokovoy at redhat.com Mon Jan 18 07:30:09 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Mon, 18 Jan 2016 09:30:09 +0200 Subject: [Freeipa-users] ipa-adtrust-install fails with Bad talloc magic value - wrong talloc version used/mixed on FreeIPA 4.3.0 In-Reply-To: References: Message-ID: <20160118073009.GP4316@redhat.com> On Mon, 18 Jan 2016, Nathan Peters wrote: >I have no idea how to troubleshoot this. I am trying to run ipa-adtrust-install on FreeIPA 4.3.0 Fedora 23 domain. > >Samba4-command and all other samba4 packages necessary are installed. > >It fails at step 3 for apparently no reason. Googling reveals pretty >much nothing about what a talloc magic value is or why it would be bad >or why the installer would crash when attempting to do something with >one. This seems like 'net' utility from Samba is failing due to inconsistency of own code. Can you show package versions for samba packages, for libtalloc, and for freeipa? Do you have updates-testing enabled? -- / Alexander Bokovoy From mkosek at redhat.com Mon Jan 18 08:06:04 2016 From: mkosek at redhat.com (Martin Kosek) Date: Mon, 18 Jan 2016 09:06:04 +0100 Subject: [Freeipa-users] CA-less vs CA-ful FreeIPA 4.2 installation In-Reply-To: <56991B9F.5060907@pakos.pl> References: <56991B9F.5060907@pakos.pl> Message-ID: <569C9CEC.7030109@redhat.com> On 01/15/2016 05:17 PM, Peter Pakos wrote: > Hi, > > We've been testing FreeIPA system for a while now and we're getting closer to > moving it into production. > > I'm considering both CA-less and CA-ful installation types. I hope you guys can > help me make my mind and choose the right decision. > > What are the pros and cons of each install type? Hello Peter, I am hoping that this is well explained here: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/install-examples.html#install-ca-options Some useful notes are also Dmitri Pal's blog post: http://rhelblog.redhat.com/2015/06/02/identity-management-and-certificates/ > What exactly are we loosing if we choose CA-less install? You will not be able to issue certificates by FreeIPA CA, easily generate host certificates by ipa-client-install or renew them by certmonger which supports FreeIPA CA. > One of our requirements is to have a 3rd party HTTP and LDAP certificates > installed - which install path would be more suitable? I think both should work. Please see my recent mail: https://www.redhat.com/archives/freeipa-users/2016-January/msg00243.html The FreeIPA Demo is running as CA-ful and with 3rd party HTTP certificate. > I'm also thinking ahead, when it comes to renewing certificates when they > expire in 1 year time, which install type would cause less problems? In CA-ful installation, client certificates or FreeIPA CA subsystem certificates should just renew automatically. In CA-less, you need to take care to renew them manually with your 3rd party certificate provider. > I've failed to find any useful info covering the above points, so if you know > anything, please just let me know. I think the important point is that even if you choose to install with CA-less for now, you can switch to CA-ful later via ipa-ca-install: http://www.freeipa.org/page/V4/CA-less_to_CA-full_conversion Honza, please let me know if I forget anything. > > I would appreciate your input. > > Thanks in advance. > From mkosek at redhat.com Mon Jan 18 08:07:33 2016 From: mkosek at redhat.com (Martin Kosek) Date: Mon, 18 Jan 2016 09:07:33 +0100 Subject: [Freeipa-users] Using 3rd party certificates for HTTP/LDAP In-Reply-To: <56991F9E.9050104@pakos.pl> References: <56782C27.3000102@pakos.pl> <568A6921.6000708@redhat.com> <5697E464.5040907@pakos.pl> <5697EE18.1090406@redhat.com> <56981097.4070501@pakos.pl> <56990A77.3020000@redhat.com> <56990D65.405@pakos.pl> <56991675.5010405@redhat.com> <56991F9E.9050104@pakos.pl> Message-ID: <569C9D45.1070209@redhat.com> On 01/15/2016 05:34 PM, Peter Pakos wrote: > On 15/01/2016 15:55, Rob Crittenden wrote: >>> I've re-run ipa-certupdate in verbose mode and I could see that it >>> removes all certificates in different databases (/etc/httpd/alias, >>> /etc/pki/nssdb, /etc/pki/pki-tomcat/alias) and then re-adds them (apart >>> from /etc/pki/pki-tomcat/alias). >> >> Yup, looks like this part is missing. Perhaps the assumption was that >> the CA would be authoritative in this regard. > > Is this a bug? Should this be logged somewhere so it can be looked into? > >> Updating the CA certs you'd want to add them to LDAP, replacing the >> older ones, and then ipa-certupdate will do the rest. You'd need to run >> this on all clients and servers. > > This sounds like a lot of manual work will be involved when it comes to renewal. > > And without clear and up-to-date information and possibly step-by-step > instructions the effort needed to get this sorted is doubled. > > Please note that it took us many hours to get a 3rd party SSL certificate > installed (you would think a very simple task). And the truth is that without > this mailing list and #freeipa channel we would still be stuck trying to get to > the bottom of this. > CCing Honza. Do we have all the respective tickets filed, so that we can improve and speed up the user experience? From jcholast at redhat.com Mon Jan 18 08:15:56 2016 From: jcholast at redhat.com (Jan Cholasta) Date: Mon, 18 Jan 2016 09:15:56 +0100 Subject: [Freeipa-users] Using 3rd party certificates for HTTP/LDAP In-Reply-To: <569C9D45.1070209@redhat.com> References: <56782C27.3000102@pakos.pl> <568A6921.6000708@redhat.com> <5697E464.5040907@pakos.pl> <5697EE18.1090406@redhat.com> <56981097.4070501@pakos.pl> <56990A77.3020000@redhat.com> <56990D65.405@pakos.pl> <56991675.5010405@redhat.com> <56991F9E.9050104@pakos.pl> <569C9D45.1070209@redhat.com> Message-ID: <569C9F3C.8010504@redhat.com> On 18.1.2016 09:07, Martin Kosek wrote: > On 01/15/2016 05:34 PM, Peter Pakos wrote: >> On 15/01/2016 15:55, Rob Crittenden wrote: >>>> I've re-run ipa-certupdate in verbose mode and I could see that it >>>> removes all certificates in different databases (/etc/httpd/alias, >>>> /etc/pki/nssdb, /etc/pki/pki-tomcat/alias) and then re-adds them (apart >>>> from /etc/pki/pki-tomcat/alias). >>> >>> Yup, looks like this part is missing. Perhaps the assumption was that >>> the CA would be authoritative in this regard. >> >> Is this a bug? Should this be logged somewhere so it can be looked into? Yes, . >> >>> Updating the CA certs you'd want to add them to LDAP, replacing the >>> older ones, and then ipa-certupdate will do the rest. You'd need to run >>> this on all clients and servers. >> >> This sounds like a lot of manual work will be involved when it comes to renewal. >> >> And without clear and up-to-date information and possibly step-by-step >> instructions the effort needed to get this sorted is doubled. >> >> Please note that it took us many hours to get a 3rd party SSL certificate >> installed (you would think a very simple task). And the truth is that without >> this mailing list and #freeipa channel we would still be stuck trying to get to >> the bottom of this. >> > > CCing Honza. Do we have all the respective tickets filed, so that we can > improve and speed up the user experience? There's for automatic CA certificate distribution and and for ipa-server-certinstall fixes. If there's anything missing, pleaes file a new ticket. -- Jan Cholasta From mkosek at redhat.com Mon Jan 18 08:20:02 2016 From: mkosek at redhat.com (Martin Kosek) Date: Mon, 18 Jan 2016 09:20:02 +0100 Subject: [Freeipa-users] Browser login to IPA "Authentication Required" prompt In-Reply-To: References: Message-ID: <569CA032.8050805@redhat.com> On 01/15/2016 09:20 PM, Adam Kaczka wrote: > Hello, > > This has been bugging me for awhile but how do I turn off the > "Authentication Required" prompt that pops up on the GUI when I login to > IPA through browser? I can cancel it and lands on the /ipa/ui page but I'd > like to not see it by default. > > Also I take it that the prompt is related to Kerberos login; is the prompt > meant to be used as a 2 factor authentication for browser login? CCing Petr to be aware of this question. But first, I would be curious - what browser version do you use and what FreeIPA version do you use? Do you see the same troubling behavior with FreeIPA demo [1]? [1] http://www.freeipa.org/page/Demo From mkosek at redhat.com Mon Jan 18 08:24:35 2016 From: mkosek at redhat.com (Martin Kosek) Date: Mon, 18 Jan 2016 09:24:35 +0100 Subject: [Freeipa-users] Clients with Multi Master IPA replication In-Reply-To: References: Message-ID: <569CA143.40105@redhat.com> Even if FreeIPA server does not control DNS, you can still setup proper DNS SRV records to enable autodiscovery or client fallack. Some hint what records are needed should be given at the end of ipa-server-install. It uses this template: https://git.fedorahosted.org/cgit/freeipa.git/tree/install/share/bind.zone.db.template You can use it as a hint what records are expected (more DNS SRV records are needed when/if you also configure Trusts with Active Directory). On 01/17/2016 01:46 PM, Zeal Vora wrote: > Thanks Nathan. > > Actually, the FreeIPA servers are not serving DNS. For this way, we will > have to do it some other way ? > > > > On Sun, Jan 17, 2016 at 5:16 PM, Nathan Peters < > Nathan.Peters at globalrelay.net> wrote: > >> Hey Zeal, >> >> >> >> When you join a FreeIPA client to a domain, as long as you put the address >> of at least one of the FreeIPA servers (if they are serving DNS) in the >> /etc/resolv.conf file, they will use DNS to find FreeIPA servers. >> Specifically they look for _SRV records. I think they naturally prefer >> hosts in the same subnet as them, but will talk to anything available if >> nothing close answers. >> >> >> >> This applies both during the join process, and in regular operation. >> >> >> >> This way you don?t have to worry about messing with your DNS records, >> FreeIPA handles it all for you. >> >> >> >> *From:* freeipa-users-bounces at redhat.com [mailto: >> freeipa-users-bounces at redhat.com] *On Behalf Of *Zeal Vora >> *Sent:* January-17-16 3:21 AM >> *To:* freeipa-users at redhat.com >> *Subject:* [Freeipa-users] Clients with Multi Master IPA replication >> >> >> >> Hi >> >> >> >> I have setup a multi-master IPA server. >> >> >> >> I was wondering for IPA Client, which URL should we add in to ? >> >> >> >> Should we setup a DNS entry with round robin ? But then if single Master >> fails, the queries will still reach to it. >> >> >> >> What is the ideal way to implement in such scenarios ? >> >> >> >> Any help will be appreciated ! >> >> >> >> >> >> >> >> Thanks, >> >> Zeal >> > > > From mkosek at redhat.com Mon Jan 18 08:27:23 2016 From: mkosek at redhat.com (Martin Kosek) Date: Mon, 18 Jan 2016 09:27:23 +0100 Subject: [Freeipa-users] Free-IPA failover succeeds, but ssh is broken? In-Reply-To: References: <32756ABD-BB75-48B4-9BEA-0FEBC650B764@redhat.com> <2FEC3962-59F1-4764-929F-12855F9854D7@gmail.com> Message-ID: <569CA1EB.8000100@redhat.com> Hi Jeff and Janelle, I am glad you got things working, but I am not convinced this is the best way to do it. The proxy is needed for SSSD SSH integration (public keys and fingerprints), if the proxy is buggy, we should fix. And in order to fix it, it would be great to get our hands on the logs showing the fault - CCing Jakub and Honza on this one. Thanks for help, Martin On 01/18/2016 01:14 AM, Jeff Hallyburton wrote: > Janelle, > > The proxy suggestion was spot on. After that things seem to work normally. > > Thanks! > > Jeff > > Jeff Hallyburton > Strategic Systems Engineer > Bloomip Inc. > Web: http://www.bloomip.com > > Engineering Support: support at bloomip.com > Billing Support: billing at bloomip.com > Customer Support Portal: https://my.bloomip.com > > On Sun, Jan 17, 2016 at 9:58 AM, Janelle wrote: > >> Hi, >> >> Try commenting out the proxy command in /etc/ssh/ssh_config >> >> The sssd proxy of ssh is buggy as can be. >> >> ~J >> >>> On Jan 17, 2016, at 05:24, Jakub Hrozek wrote: >>> >>> >>>> On 16 Jan 2016, at 02:21, Jeff Hallyburton < >> jeff.hallyburton at bloomip.com> wrote: >>>> >>>> Having finished setting up an ipa server and replica, we're trying to >> test failover to ensure that HA works as expected. We've been able to >> verify the replication agreements and auto-discovery are working, and both >> servers are picked up as expected at install time. >>>> >>>> That said, we're seeing some oddities with failover. Once I shut down >> the ipa service on the main ipa server, I get most requests completing >> after about a 2 min window. I am able to: >>>> >>>> 1. Authenticate to our jump server and get a kerberos ticket >>>> 2. kinit successfully as other users >>>> >>>> However, whenever I try to ssh to another system within our domain, ssh >> breaks with the following error: >>>> >>>> $ ssh -vvv automation01 >>>> OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013 >>>> debug1: Reading configuration data /etc/ssh/ssh_config >>>> debug1: /etc/ssh/ssh_config line 5: Applying options for * >>>> debug1: Executing proxy command: exec /usr/bin/sss_ssh_knownhostsproxy >> -p 22 automation01 >>>> debug1: permanently_drop_suid: 1587000001 >>>> debug1: identity file /home/jeff.hallyburton/.ssh/id_rsa type -1 >>>> debug1: identity file /home/jeff.hallyburton/.ssh/id_rsa-cert type -1 >>>> debug1: identity file /home/jeff.hallyburton/.ssh/id_dsa type -1 >>>> debug1: identity file /home/jeff.hallyburton/.ssh/id_dsa-cert type -1 >>>> debug1: identity file /home/jeff.hallyburton/.ssh/id_ecdsa type -1 >>>> debug1: identity file /home/jeff.hallyburton/.ssh/id_ecdsa-cert type -1 >>>> debug1: identity file /home/jeff.hallyburton/.ssh/id_ed25519 type -1 >>>> debug1: identity file /home/jeff.hallyburton/.ssh/id_ed25519-cert type >> -1 >>>> debug1: Enabling compatibility mode for protocol 2.0 >>>> debug1: Local version string SSH-2.0-OpenSSH_6.6.1 >>>> ssh_exchange_identification: Connection closed by remote host >>> >>> Did you crank up debug level on the machine where sshd is running and >> see if anything is logged then? >>> >>>> >>>> Nothing is logged in either /var/log/messages or /var/log/secure when >> this happens, so I'm unsure where to begin debugging. Can you offer any >> insight? >>>> >>>> Thanks, >>>> >>>> Jeff >>>> >>>> Jeff Hallyburton >>>> Strategic Systems Engineer >>>> Bloomip Inc. >>>> Web: http://www.bloomip.com >>>> >>>> Engineering Support: support at bloomip.com >>>> Billing Support: billing at bloomip.com >>>> Customer Support Portal: https://my.bloomip.com >>>> -- >>>> Manage your subscription for the Freeipa-users mailing list: >>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>>> Go to http://freeipa.org for more info on the project >>> >>> >>> -- >>> Manage your subscription for the Freeipa-users mailing list: >>> https://www.redhat.com/mailman/listinfo/freeipa-users >>> Go to http://freeipa.org for more info on the project >> > > > From jcholast at redhat.com Mon Jan 18 08:37:36 2016 From: jcholast at redhat.com (Jan Cholasta) Date: Mon, 18 Jan 2016 09:37:36 +0100 Subject: [Freeipa-users] ipa-certupdate not installing root certificates in /etc/pki/pki-tomcat/alias/ In-Reply-To: <569C3293.1080603@pakos.pl> References: <569C3293.1080603@pakos.pl> Message-ID: <569CA450.2050805@redhat.com> Hi Peter, On 18.1.2016 01:32, Peter Pakos wrote: > Hi, > > I have FreeIPA 4.2 (CA-ful) install on Centos 7.2 with 3rd party SSL > certificates installed for HTTP/LDAP. > > When I run "ipa-certupdate" I can see that the 3rd party root > certificates are being removed from databases (/etc/httpd/alias, > /etc/pki/nssdb, /etc/pki/pki-tomcat/alias) and then re-added (apart from > /etc/pki/pki-tomcat/alias). > > Without the 3rd party root certificates in /etc/pki/pki-tomcat/alias, > the service pki-tomcatd is unable to start up. > > This is the complete process I'm following to install 3rd party > certificate (please let me know if I'm doing anything wrong): > > ### 3rd party SSL certificate install ################################## > > # Gandi *.ipa.wandisco.com certificate chain > # AddTrust.pem -> USERTrustRSAAddTrustCA.pem -> GandiStandardSSLCA2.pem > -> star.ipa.wandisco.com.crt > > $ openssl verify -verbose -CAfile <(cat AddTrust.pem > USERTrustRSAAddTrustCA.pem GandiStandardSSLCA2.pem) > star.ipa.wandisco.com.crt > star.ipa.wandisco.com.crt: OK > > # Bug in ipa-cacert-manage, comment out lines 349-352 > $ vim > /usr/lib/python2.7/site-packages/ipaserver/install/ipa_cacert_manage.py > > $ ipa-cacert-manage install AddTrust.pem -n AddTrust -t C,C,C > $ ipa-cacert-manage install USERTrustRSAAddTrustCA.pem -n > USERTrustRSAAddTrustCA -t C,C,C > $ ipa-cacert-manage install GandiStandardSSLCA2.pem -n > GandiStandardSSLCA2 -t C,C,C > > # Add root certificates to databases <- THIS IS WHERE THE ABOVE ROOT > CERTIFICATES SHOULD BE INSTALLED IN /etc/pki/pki-tomcat/alias BUT THEY > AREN'T > $ ipa-certupdate > > # Create PKCS12 certificate file including private key and full chain > $ openssl pkcs12 -export -out star.ipa.wandisco.com.pfx -inkey > star.ipa.wandisco.com.key -in star.ipa.wandisco.com.crt -certfile <(cat > AddTrust.pem USERTrustRSAAddTrustCA.pem GandiStandardSSLCA2.pem) -name > 'GandiWildcardIPA' > > # Install PKCS12 certificate to LDAP and HTTP databases: > $ pk12util -d /etc/dirsrv/slapd-IPA-WANDISCO-COM/ -i > star.ipa.wandisco.com.pfx > $ pk12util -d /etc/httpd/alias/ -i star.ipa.wandisco.com.pfx > > # Stop IPA > $ ipactl stop > > # Edit /etc/dirsrv/slapd-IPA-WANDISCO-COM/dse.ldif to point dirsrv to > new certificate > # Replace: > nsSSLPersonalitySSL: Server-Cert > # with: > nsSSLPersonalitySSL: GandiWildcardIPA > > # Edit /etc/httpd/conf.d/nss.conf to point httpd to new certificate > # Replace: > NSSNickname Server-Cert > # with: > NSSNickname GandiWildcardIPA > > # Start IPA > $ ipactl start > > ##################################################################### > > In order to fix this, I have to manually add root certificates to the > database: > > $ certutil -A -d /etc/pki/pki-tomcat/alias/ -n AddTrust -t C,C,C -a < > AddTrust.pem > $ certutil -A -d /etc/pki/pki-tomcat/alias/ -n USERTrustRSAAddTrustCA -t > C,C,C -a < USERTrustRSAAddTrustCA.pem > $ certutil -A -d /etc/pki/pki-tomcat/alias/ -n GandiStandardSSLCA2 -t > C,C,C -a < GandiStandardSSLCA2.pem > > Should this not be done automatically by ipa-certupdate? It should: . > > Are the above steps correct for installing 3rd party certificates in > FreeIPA 4.2? Should I change anything? Looks OK to me. > > We are planning to move these nodes into production very soon, any help > would be much appreciated! Honza -- Jan Cholasta From jhrozek at redhat.com Mon Jan 18 08:45:10 2016 From: jhrozek at redhat.com (Jakub Hrozek) Date: Mon, 18 Jan 2016 09:45:10 +0100 Subject: [Freeipa-users] Free-IPA failover succeeds, but ssh is broken? In-Reply-To: <569CA1EB.8000100@redhat.com> References: <32756ABD-BB75-48B4-9BEA-0FEBC650B764@redhat.com> <2FEC3962-59F1-4764-929F-12855F9854D7@gmail.com> <569CA1EB.8000100@redhat.com> Message-ID: <20160118084510.GC3805@hendrix.arn.redhat.com> On Mon, Jan 18, 2016 at 09:27:23AM +0100, Martin Kosek wrote: > Hi Jeff and Janelle, > > I am glad you got things working, but I am not convinced this is the best way > to do it. The proxy is needed for SSSD SSH integration (public keys and > fingerprints), if the proxy is buggy, we should fix. And in order to fix it, it > would be great to get our hands on the logs showing the fault - CCing Jakub and > Honza on this one. Yes, if you see issues with the proxy, by all means file bugs.. > > Thanks for help, > Martin > > On 01/18/2016 01:14 AM, Jeff Hallyburton wrote: > > Janelle, > > > > The proxy suggestion was spot on. After that things seem to work normally. > > > > Thanks! > > > > Jeff > > > > Jeff Hallyburton > > Strategic Systems Engineer > > Bloomip Inc. > > Web: http://www.bloomip.com > > > > Engineering Support: support at bloomip.com > > Billing Support: billing at bloomip.com > > Customer Support Portal: https://my.bloomip.com > > > > On Sun, Jan 17, 2016 at 9:58 AM, Janelle wrote: > > > >> Hi, > >> > >> Try commenting out the proxy command in /etc/ssh/ssh_config > >> > >> The sssd proxy of ssh is buggy as can be. > >> > >> ~J > >> > >>> On Jan 17, 2016, at 05:24, Jakub Hrozek wrote: > >>> > >>> > >>>> On 16 Jan 2016, at 02:21, Jeff Hallyburton < > >> jeff.hallyburton at bloomip.com> wrote: > >>>> > >>>> Having finished setting up an ipa server and replica, we're trying to > >> test failover to ensure that HA works as expected. We've been able to > >> verify the replication agreements and auto-discovery are working, and both > >> servers are picked up as expected at install time. > >>>> > >>>> That said, we're seeing some oddities with failover. Once I shut down > >> the ipa service on the main ipa server, I get most requests completing > >> after about a 2 min window. I am able to: > >>>> > >>>> 1. Authenticate to our jump server and get a kerberos ticket > >>>> 2. kinit successfully as other users > >>>> > >>>> However, whenever I try to ssh to another system within our domain, ssh > >> breaks with the following error: > >>>> > >>>> $ ssh -vvv automation01 > >>>> OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013 > >>>> debug1: Reading configuration data /etc/ssh/ssh_config > >>>> debug1: /etc/ssh/ssh_config line 5: Applying options for * > >>>> debug1: Executing proxy command: exec /usr/bin/sss_ssh_knownhostsproxy > >> -p 22 automation01 > >>>> debug1: permanently_drop_suid: 1587000001 > >>>> debug1: identity file /home/jeff.hallyburton/.ssh/id_rsa type -1 > >>>> debug1: identity file /home/jeff.hallyburton/.ssh/id_rsa-cert type -1 > >>>> debug1: identity file /home/jeff.hallyburton/.ssh/id_dsa type -1 > >>>> debug1: identity file /home/jeff.hallyburton/.ssh/id_dsa-cert type -1 > >>>> debug1: identity file /home/jeff.hallyburton/.ssh/id_ecdsa type -1 > >>>> debug1: identity file /home/jeff.hallyburton/.ssh/id_ecdsa-cert type -1 > >>>> debug1: identity file /home/jeff.hallyburton/.ssh/id_ed25519 type -1 > >>>> debug1: identity file /home/jeff.hallyburton/.ssh/id_ed25519-cert type > >> -1 > >>>> debug1: Enabling compatibility mode for protocol 2.0 > >>>> debug1: Local version string SSH-2.0-OpenSSH_6.6.1 > >>>> ssh_exchange_identification: Connection closed by remote host > >>> > >>> Did you crank up debug level on the machine where sshd is running and > >> see if anything is logged then? > >>> > >>>> > >>>> Nothing is logged in either /var/log/messages or /var/log/secure when > >> this happens, so I'm unsure where to begin debugging. Can you offer any > >> insight? > >>>> > >>>> Thanks, > >>>> > >>>> Jeff > >>>> > >>>> Jeff Hallyburton > >>>> Strategic Systems Engineer > >>>> Bloomip Inc. > >>>> Web: http://www.bloomip.com > >>>> > >>>> Engineering Support: support at bloomip.com > >>>> Billing Support: billing at bloomip.com > >>>> Customer Support Portal: https://my.bloomip.com > >>>> -- > >>>> Manage your subscription for the Freeipa-users mailing list: > >>>> https://www.redhat.com/mailman/listinfo/freeipa-users > >>>> Go to http://freeipa.org for more info on the project > >>> > >>> > >>> -- > >>> Manage your subscription for the Freeipa-users mailing list: > >>> https://www.redhat.com/mailman/listinfo/freeipa-users > >>> Go to http://freeipa.org for more info on the project > >> > > > > > > > From abokovoy at redhat.com Mon Jan 18 08:54:42 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Mon, 18 Jan 2016 10:54:42 +0200 Subject: [Freeipa-users] Free-IPA failover succeeds, but ssh is broken? In-Reply-To: References: Message-ID: <20160118085442.GS4316@redhat.com> On Fri, 15 Jan 2016, Jeff Hallyburton wrote: >Having finished setting up an ipa server and replica, we're trying to test >failover to ensure that HA works as expected. We've been able to verify >the replication agreements and auto-discovery are working, and both servers >are picked up as expected at install time. > >That said, we're seeing some oddities with failover. Once I shut down the >ipa service on the main ipa server, I get most requests completing after >about a 2 min window. I am able to: > >1. Authenticate to our jump server and get a kerberos ticket >2. kinit successfully as other users > >However, whenever I try to ssh to another system within our domain, ssh >breaks with the following error: > >$ ssh -vvv automation01 > >OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013 > >debug1: Reading configuration data /etc/ssh/ssh_config > >debug1: /etc/ssh/ssh_config line 5: Applying options for * > >debug1: Executing proxy command: exec /usr/bin/sss_ssh_knownhostsproxy -p >22 automation01 > >debug1: permanently_drop_suid: 1587000001 > >debug1: identity file /home/jeff.hallyburton/.ssh/id_rsa type -1 > >debug1: identity file /home/jeff.hallyburton/.ssh/id_rsa-cert type -1 > >debug1: identity file /home/jeff.hallyburton/.ssh/id_dsa type -1 > >debug1: identity file /home/jeff.hallyburton/.ssh/id_dsa-cert type -1 > >debug1: identity file /home/jeff.hallyburton/.ssh/id_ecdsa type -1 > >debug1: identity file /home/jeff.hallyburton/.ssh/id_ecdsa-cert type -1 > >debug1: identity file /home/jeff.hallyburton/.ssh/id_ed25519 type -1 > >debug1: identity file /home/jeff.hallyburton/.ssh/id_ed25519-cert type -1 > >debug1: Enabling compatibility mode for protocol 2.0 > >debug1: Local version string SSH-2.0-OpenSSH_6.6.1 > >ssh_exchange_identification: Connection closed by remote host > > >Nothing is logged in either /var/log/messages or /var/log/secure when this >happens, so I'm unsure where to begin debugging. Can you offer any insight? Do you have, by chance either on the client or on automation01 a locale that doesn't exist on either one? For example, a fr_FR locale on the client which is missing on the server? By default sshd configuration allows to accept certain environmental variables when client connection comes in: /etc/ssh/sshd_config: # Accept locale-related environment variables AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE AcceptEnv XMODIFIERS /etc/ssh/ssh_config: # Send locale-related environment variables SendEnv LANG SendEnv XMODIFIERS There is a bug in the proxy command -- it tries to enable localized error messages and if that step fails, the proxy tool exits with an error code which is visible as ssh_exchange_identification: Connection closde by remote host I think we fixed this in newer SSSD versions already. -- / Alexander Bokovoy From jhrozek at redhat.com Mon Jan 18 09:04:20 2016 From: jhrozek at redhat.com (Jakub Hrozek) Date: Mon, 18 Jan 2016 10:04:20 +0100 Subject: [Freeipa-users] Free-IPA failover succeeds, but ssh is broken? In-Reply-To: <20160118085442.GS4316@redhat.com> References: <20160118085442.GS4316@redhat.com> Message-ID: <20160118090420.GD3805@hendrix.arn.redhat.com> On Mon, Jan 18, 2016 at 10:54:42AM +0200, Alexander Bokovoy wrote: > I think we fixed this in newer SSSD versions already. Yes, but in master only, we haven't released the fix yet: https://fedorahosted.org/sssd/ticket/2785 From mbasti at redhat.com Mon Jan 18 09:43:05 2016 From: mbasti at redhat.com (Martin Basti) Date: Mon, 18 Jan 2016 10:43:05 +0100 Subject: [Freeipa-users] FreeIPA 4.3.0 replica installation fails with AttributeError: 'NameSpace' object has no attribute 'rpcclient' In-Reply-To: References: Message-ID: <569CB3A9.5050406@redhat.com> Hello, sorry for troubles. This is probably this bug: https://fedorahosted.org/freeipa/ticket/5562 It has been fixed, fix will be in IPA 4.3.1 On 17.01.2016 09:48, Nathan Peters wrote: > > In case anyone is having the same issue, I was able to work around this. > > I found that if I first installed a Fedora 23 Freeipa 4.2.3 replica, > it did not complain about the missing attribute. I assume it added it > during the 4.2.3 installations because after I had replaced all CentOS > 7 domain controllers with Fedora 23 domain controllers, I was able to > perform the upgrade to Fedora 30. > > *From:*freeipa-users-bounces at redhat.com > [mailto:freeipa-users-bounces at redhat.com] *On Behalf Of *Nathan Peters > *Sent:* January-16-16 2:13 PM > *To:* freeipa-users at redhat.com > *Subject:* [Freeipa-users] FreeIPA 4.3.0 replica installation fails > with AttributeError: 'NameSpace' object has no attribute 'rpcclient' > > I?m attempting to add a Fedora 23 Server as a replica in a FreeIPA > 4.2.0 CentOS 7.2 domain so I can begin migrating my domain to 4.3.0 > and Fedora. > > Because the domain is still domain level 0, I?ve prepared the replica > file on the old CA master (4.2.0) and installed it on the new Fedora > replica and installed the freeipa-server and freeipa-server-dns > packages from the 4.3.0 COPR repository. > > When I attempt the ipa-replica-install command, it fails with > AttributeError: 'NameSpace' object has no attribute 'rpcclient' > > --- debugging info including console and log --- > > [root at dc2-ipa-dev-van yum.repos.d]# ipa-replica-install --mkhomedir > --setup-ca --setup-dns --no-forwarders > /var/lib/ipa/replica-info-dc2-ipa-dev-van.mydomain.net.gpg > > WARNING: conflicting time&date synchronization service 'chronyd' will > > be disabled in favor of ntpd > > Directory Manager (existing master) password: > > Your system may be partly configured. > > Run /usr/sbin/ipa-server-install --uninstall to clean up. > > ipa.ipapython.install.cli.install_tool(Replica): ERROR 'NameSpace' > object has no attribute 'rpcclient' > > ipa.ipapython.install.cli.install_tool(Replica): ERROR The > ipa-replica-install command failed. See > /var/log/ipareplica-install.log for more information > > [root at dc2-ipa-dev-van yum.repos.d]# cat /var/log/ipareplica-install.log > > 2016-01-16T22:06:04Z DEBUG Logging to /var/log/ipareplica-install.log > > 2016-01-16T22:06:04Z DEBUG ipa-replica-install was invoked with > arguments > ['/var/lib/ipa/replica-info-dc2-ipa-dev-van.mydomain.net.gpg'] and > options: { 'no_dns_sshfp': None, 'skip_schema_check': None, > 'setup_kra': None, 'ip_addresses': None, 'mkhomedir': True, > 'no_pkinit': None, 'http_cert_files': None, 'no_n tp': None, > 'verbose': False, 'no_forwarders': True, 'keytab': None, > 'ssh_trust_dns': None, 'domain_name': None, 'http_cert_name': None, > 'dirsrv_cert_files': N one, 'no_dnssec_validation': None, > 'no_reverse': None, 'pkinit_cert_files': None, 'unattended': False, > 'auto_reverse': None, 'auto_forwarders': None, 'no_host _dns': None, > 'no_sshd': None, 'no_ui_redirect': None, 'dirsrv_config_file': None, > 'forwarders': None, 'pkinit_cert_name': None, 'setup_ca': True, > 'realm_name' : None, 'skip_conncheck': None, 'no_ssh': None, > 'dirsrv_cert_name': None, 'quiet': False, 'server': None, 'setup_dns': > True, 'host_name': None, 'log_file': No ne, 'reverse_zones': None, > 'allow_zone_overlap': None} > > 2016-01-16T22:06:04Z DEBUG IPA version 4.3.0-1.fc23 > > 2016-01-16T22:06:04Z DEBUG Starting external process > > 2016-01-16T22:06:04Z DEBUG args=/usr/sbin/selinuxenabled > > 2016-01-16T22:06:04Z DEBUG Process finished, return code=1 > > 2016-01-16T22:06:04Z DEBUG stdout= > > 2016-01-16T22:06:04Z DEBUG stderr= > > 2016-01-16T22:06:04Z DEBUG Loading StateFile from > '/var/lib/ipa/sysrestore/sysrestore.state' > > 2016-01-16T22:06:04Z DEBUG Loading Index file from > '/var/lib/ipa/sysrestore/sysrestore.index' > > 2016-01-16T22:06:04Z DEBUG httpd is not configured > > 2016-01-16T22:06:04Z DEBUG kadmin is not configured > > 2016-01-16T22:06:04Z DEBUG dirsrv is not configured > > 2016-01-16T22:06:04Z DEBUG pki-tomcatd is not configured > > 2016-01-16T22:06:04Z DEBUG install is not configured > > 2016-01-16T22:06:04Z DEBUG krb5kdc is not configured > > 2016-01-16T22:06:04Z DEBUG ntpd is not configured > > 2016-01-16T22:06:04Z DEBUG named is not configured > > 2016-01-16T22:06:04Z DEBUG ipa_memcached is not configured > > 2016-01-16T22:06:04Z DEBUG filestore is tracking no files > > 2016-01-16T22:06:04Z DEBUG Loading Index file from > '/var/lib/ipa-client/sysrestore/sysrestore.index' > > 2016-01-16T22:06:04Z DEBUG Loading StateFile from > '/var/lib/ipa/sysrestore/sysrestore.state' > > 2016-01-16T22:06:04Z DEBUG Loading Index file from > '/var/lib/ipa/sysrestore/sysrestore.index' > > 2016-01-16T22:06:04Z DEBUG Starting external process > > 2016-01-16T22:06:04Z DEBUG args=/usr/sbin/httpd -t -D DUMP_VHOSTS > > 2016-01-16T22:06:04Z DEBUG Process finished, return code=0 > > 2016-01-16T22:06:04Z DEBUG stdout=VirtualHost configuration: > > *:8443 dc2-ipa-dev-van.mydomain.net (/etc/httpd/conf.d/nss.conf:83) > > 2016-01-16T22:06:04Z DEBUG stderr= > > 2016-01-16T22:06:04Z DEBUG Starting external process > > 2016-01-16T22:06:04Z DEBUG args=/bin/systemctl is-enabled chronyd.service > > 2016-01-16T22:06:04Z DEBUG Process finished, return code=0 > > 2016-01-16T22:06:04Z DEBUG stdout=enabled > > 2016-01-16T22:06:04Z DEBUG stderr= > > 2016-01-16T22:06:09Z DEBUG Starting external process > > 2016-01-16T22:06:09Z DEBUG args=/usr/bin/gpg-agent --batch --homedir > /tmp/tmpUXsgIeipa/ipa-HOKFdw/.gnupg --daemon /usr/bin/gpg --batch > --homedir /tmp/tmpUXsgI eipa/ipa-HOKFdw/.gnupg --passphrase-fd 0 > --yes --no-tty -o /tmp/tmpUXsgIeipa/files.tar -d > /var/lib/ipa/replica-info-dc2-ipa-dev-van.mydomain.net.gpg > > 2016-01-16T22:06:10Z DEBUG Process finished, return code=0 > > 2016-01-16T22:06:10Z DEBUG Starting external process > > 2016-01-16T22:06:10Z DEBUG args=tar xf /tmp/tmpUXsgIeipa/files.tar -C > /tmp/tmpUXsgIeipa > > 2016-01-16T22:06:10Z DEBUG Process finished, return code=0 > > 2016-01-16T22:06:10Z DEBUG stdout= > > 2016-01-16T22:06:10Z DEBUG stderr= > > 2016-01-16T22:06:10Z DEBUG Installing replica file with version 40200 > (0 means no version in prepared file). > > 2016-01-16T22:06:10Z DEBUG Check if dc2-ipa-dev-van.mydomain.net is a > primary hostname for localhost > > 2016-01-16T22:06:10Z DEBUG Primary hostname for localhost: > dc2-ipa-dev-van.mydomain.net > > 2016-01-16T22:06:10Z DEBUG Search DNS for dc2-ipa-dev-van.mydomain.net > > 2016-01-16T22:06:10Z DEBUG Check if dc2-ipa-dev-van.mydomain.net is > not a CNAME > > 2016-01-16T22:06:10Z DEBUG Check reverse address of > fe80::250:56ff:feb7:7228%ens32 > > 2016-01-16T22:06:10Z DEBUG Found reverse name: > dc2-ipa-dev-van.mydomain.net > > 2016-01-16T22:06:10Z DEBUG Check reverse address of 10.21.0.98 > > 2016-01-16T22:06:10Z DEBUG Found reverse name: > dc2-ipa-dev-van.mydomain.net > > 2016-01-16T22:06:10Z DEBUG importing all plugin modules in > ipalib.plugins... > > 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.aci > > 2016-01-16T22:06:10Z DEBUG importing plugin module > ipalib.plugins.automember > > 2016-01-16T22:06:10Z DEBUG importing plugin module > ipalib.plugins.automount > > 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.baseldap > > 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.baseuser > > 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.batch > > 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.caacl > > 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.cert > > 2016-01-16T22:06:10Z DEBUG importing plugin module > ipalib.plugins.certprofile > > 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.config > > 2016-01-16T22:06:10Z DEBUG importing plugin module > ipalib.plugins.delegation > > 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.dns > > 2016-01-16T22:06:10Z DEBUG importing plugin module > ipalib.plugins.domainlevel > > 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.group > > 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.hbacrule > > 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.hbacsvc > > 2016-01-16T22:06:10Z DEBUG importing plugin module > ipalib.plugins.hbacsvcgroup > > 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.hbactest > > 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.host > > 2016-01-16T22:06:10Z DEBUG importing plugin module > ipalib.plugins.hostgroup > > 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.idrange > > 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.idviews > > 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.internal > > 2016-01-16T22:06:10Z DEBUG importing plugin module > ipalib.plugins.krbtpolicy > > 2016-01-16T22:06:10Z DEBUG importing plugin module > ipalib.plugins.migration > > 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.misc > > 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.netgroup > > 2016-01-16T22:06:10Z DEBUG importing plugin module > ipalib.plugins.otpconfig > > 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.otptoken > > 2016-01-16T22:06:10Z DEBUG importing plugin module > ipalib.plugins.otptoken_yubikey > > 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.passwd > > 2016-01-16T22:06:10Z DEBUG importing plugin module > ipalib.plugins.permission > > 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.ping > > 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.pkinit > > 2016-01-16T22:06:10Z DEBUG importing plugin module > ipalib.plugins.privilege > > 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.pwpolicy > > 2016-01-16T22:06:10Z DEBUG Starting external process > > 2016-01-16T22:06:10Z DEBUG args=klist -V > > 2016-01-16T22:06:10Z DEBUG Process finished, return code=0 > > 2016-01-16T22:06:10Z DEBUG stdout=Kerberos 5 version 1.14 > > 2016-01-16T22:06:10Z DEBUG stderr= > > 2016-01-16T22:06:10Z DEBUG importing plugin module > ipalib.plugins.radiusproxy > > 2016-01-16T22:06:10Z DEBUG importing plugin module > ipalib.plugins.realmdomains > > 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.role > > 2016-01-16T22:06:10Z DEBUG importing plugin module > ipalib.plugins.rpcclient > > 2016-01-16T22:06:10Z DEBUG importing plugin module > ipalib.plugins.selfservice > > 2016-01-16T22:06:10Z DEBUG importing plugin module > ipalib.plugins.selinuxusermap > > 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.server > > 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.service > > 2016-01-16T22:06:10Z DEBUG importing plugin module > ipalib.plugins.servicedelegation > > 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.session > > 2016-01-16T22:06:10Z WARNING session memcached servers not running > > 2016-01-16T22:06:10Z DEBUG importing plugin module > ipalib.plugins.stageuser > > 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.sudocmd > > 2016-01-16T22:06:10Z DEBUG importing plugin module > ipalib.plugins.sudocmdgroup > > 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.sudorule > > 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.topology > > 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.trust > > 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.user > > 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.vault > > 2016-01-16T22:06:10Z DEBUG importing plugin module ipalib.plugins.virtual > > 2016-01-16T22:06:10Z DEBUG importing all plugin modules in > ipaserver.plugins... > > 2016-01-16T22:06:10Z DEBUG importing plugin module > ipaserver.plugins.dogtag > > 2016-01-16T22:06:10Z DEBUG importing plugin module ipaserver.plugins.join > > 2016-01-16T22:06:10Z DEBUG importing plugin module ipaserver.plugins.ldap2 > > 2016-01-16T22:06:10Z DEBUG importing plugin module > ipaserver.plugins.rabase > > 2016-01-16T22:06:10Z DEBUG importing plugin module > ipaserver.plugins.xmlserver > > 2016-01-16T22:06:10Z DEBUG importing all plugin modules in > ipaserver.install.plugins... > > 2016-01-16T22:06:10Z DEBUG importing plugin module > ipaserver.install.plugins.adtrust > > 2016-01-16T22:06:10Z DEBUG importing plugin module > ipaserver.install.plugins.ca_renewal_master > > 2016-01-16T22:06:10Z DEBUG importing plugin module > ipaserver.install.plugins.dns > > 2016-01-16T22:06:10Z DEBUG importing plugin module > ipaserver.install.plugins.fix_replica_agreements > > 2016-01-16T22:06:10Z DEBUG importing plugin module > ipaserver.install.plugins.rename_managed > > 2016-01-16T22:06:10Z DEBUG importing plugin module > ipaserver.install.plugins.update_ca_topology > > 2016-01-16T22:06:10Z DEBUG importing plugin module > ipaserver.install.plugins.update_idranges > > 2016-01-16T22:06:10Z DEBUG importing plugin module > ipaserver.install.plugins.update_managed_permissions > > 2016-01-16T22:06:10Z DEBUG importing plugin module > ipaserver.install.plugins.update_pacs > > 2016-01-16T22:06:10Z DEBUG importing plugin module > ipaserver.install.plugins.update_passsync > > 2016-01-16T22:06:10Z DEBUG importing plugin module > ipaserver.install.plugins.update_referint > > 2016-01-16T22:06:10Z DEBUG importing plugin module > ipaserver.install.plugins.update_services > > 2016-01-16T22:06:10Z DEBUG importing plugin module > ipaserver.install.plugins.update_uniqueness > > 2016-01-16T22:06:10Z DEBUG importing plugin module > ipaserver.install.plugins.upload_cacrt > > 2016-01-16T22:06:10Z DEBUG SessionAuthManager.register: > name=jsonserver_session_139847657508816 > > 2016-01-16T22:06:10Z DEBUG SessionAuthManager.register: > name=xmlserver_session_139847657547472 > > 2016-01-16T22:06:11Z DEBUG Mounting ipaserver.rpcserver.sync_token() > at '/session/sync_token' > > 2016-01-16T22:06:11Z DEBUG Mounting > ipaserver.rpcserver.xmlserver_session() at '/session/xml' > > 2016-01-16T22:06:11Z DEBUG session_auth_duration: 0:20:00 > > 2016-01-16T22:06:11Z DEBUG session_auth_duration: 0:20:00 > > 2016-01-16T22:06:11Z DEBUG Mounting ipaserver.rpcserver.xmlserver() at > '/xml' > > 2016-01-16T22:06:11Z DEBUG session_auth_duration: 0:20:00 > > 2016-01-16T22:06:11Z DEBUG Mounting > ipaserver.rpcserver.login_password() at '/session/login_password' > > 2016-01-16T22:06:11Z DEBUG session_auth_duration: 0:20:00 > > 2016-01-16T22:06:11Z DEBUG Mounting > ipaserver.rpcserver.jsonserver_session() at '/session/json' > > 2016-01-16T22:06:11Z DEBUG session_auth_duration: 0:20:00 > > 2016-01-16T22:06:11Z DEBUG Mounting > ipaserver.rpcserver.change_password() at '/session/change_password' > > 2016-01-16T22:06:11Z DEBUG Mounting > ipaserver.rpcserver.jsonserver_kerb() at '/json' > > 2016-01-16T22:06:11Z DEBUG session_auth_duration: 0:20:00 > > 2016-01-16T22:06:11Z DEBUG Mounting > ipaserver.rpcserver.login_kerberos() at '/session/login_kerberos' > > 2016-01-16T22:06:11Z DEBUG session_auth_duration: 0:20:00 > > 2016-01-16T22:06:11Z DEBUG Check if dc1-ipa-dev-van.mydomain.net is a > primary hostname for localhost > > 2016-01-16T22:06:11Z DEBUG Primary hostname for localhost: > dc1-ipa-dev-van.mydomain.net > > 2016-01-16T22:06:11Z DEBUG Search DNS for dc1-ipa-dev-van.mydomain.net > > 2016-01-16T22:06:11Z DEBUG Check if dc1-ipa-dev-van.mydomain.net is > not a CNAME > > 2016-01-16T22:06:12Z DEBUG Check reverse address of 10.21.0.99 > > 2016-01-16T22:06:12Z DEBUG Found reverse name: > dc1-ipa-dev-van.mydomain.net > > 2016-01-16T22:06:12Z DEBUG importing all plugin modules in > ipalib.plugins... > > 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.aci > > 2016-01-16T22:06:12Z DEBUG importing plugin module > ipalib.plugins.automember > > 2016-01-16T22:06:12Z DEBUG importing plugin module > ipalib.plugins.automount > > 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.baseldap > > 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.baseuser > > 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.batch > > 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.caacl > > 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.cert > > 2016-01-16T22:06:12Z DEBUG importing plugin module > ipalib.plugins.certprofile > > 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.config > > 2016-01-16T22:06:12Z DEBUG importing plugin module > ipalib.plugins.delegation > > 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.dns > > 2016-01-16T22:06:12Z DEBUG importing plugin module > ipalib.plugins.domainlevel > > 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.group > > 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.hbacrule > > 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.hbacsvc > > 2016-01-16T22:06:12Z DEBUG importing plugin module > ipalib.plugins.hbacsvcgroup > > 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.hbactest > > 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.host > > 2016-01-16T22:06:12Z DEBUG importing plugin module > ipalib.plugins.hostgroup > > 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.idrange > > 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.idviews > > 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.internal > > 2016-01-16T22:06:12Z DEBUG importing plugin module > ipalib.plugins.krbtpolicy > > 2016-01-16T22:06:12Z DEBUG importing plugin module > ipalib.plugins.migration > > 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.misc > > 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.netgroup > > 2016-01-16T22:06:12Z DEBUG importing plugin module > ipalib.plugins.otpconfig > > 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.otptoken > > 2016-01-16T22:06:12Z DEBUG importing plugin module > ipalib.plugins.otptoken_yubikey > > 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.passwd > > 2016-01-16T22:06:12Z DEBUG importing plugin module > ipalib.plugins.permission > > 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.ping > > 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.pkinit > > 2016-01-16T22:06:12Z DEBUG importing plugin module > ipalib.plugins.privilege > > 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.pwpolicy > > 2016-01-16T22:06:12Z DEBUG importing plugin module > ipalib.plugins.radiusproxy > > 2016-01-16T22:06:12Z DEBUG importing plugin module > ipalib.plugins.realmdomains > > 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.role > > 2016-01-16T22:06:12Z DEBUG importing plugin module > ipalib.plugins.rpcclient > > 2016-01-16T22:06:12Z DEBUG importing plugin module > ipalib.plugins.selfservice > > 2016-01-16T22:06:12Z DEBUG importing plugin module > ipalib.plugins.selinuxusermap > > 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.server > > 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.service > > 2016-01-16T22:06:12Z DEBUG importing plugin module > ipalib.plugins.servicedelegation > > 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.session > > 2016-01-16T22:06:12Z DEBUG importing plugin module > ipalib.plugins.stageuser > > 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.sudocmd > > 2016-01-16T22:06:12Z DEBUG importing plugin module > ipalib.plugins.sudocmdgroup > > 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.sudorule > > 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.topology > > 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.trust > > 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.user > > 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.vault > > 2016-01-16T22:06:12Z DEBUG importing plugin module ipalib.plugins.virtual > > 2016-01-16T22:06:12Z DEBUG importing all plugin modules in > ipaserver.plugins... > > 2016-01-16T22:06:12Z DEBUG importing plugin module > ipaserver.plugins.dogtag > > 2016-01-16T22:06:12Z DEBUG importing plugin module ipaserver.plugins.join > > 2016-01-16T22:06:12Z DEBUG importing plugin module ipaserver.plugins.ldap2 > > 2016-01-16T22:06:12Z DEBUG importing plugin module > ipaserver.plugins.rabase > > 2016-01-16T22:06:12Z DEBUG importing plugin module > ipaserver.plugins.xmlserver > > 2016-01-16T22:06:12Z DEBUG importing all plugin modules in > ipaserver.install.plugins... > > 2016-01-16T22:06:12Z DEBUG importing plugin module > ipaserver.install.plugins.adtrust > > 2016-01-16T22:06:12Z DEBUG importing plugin module > ipaserver.install.plugins.ca_renewal_master > > 2016-01-16T22:06:12Z DEBUG importing plugin module > ipaserver.install.plugins.dns > > 2016-01-16T22:06:12Z DEBUG importing plugin module > ipaserver.install.plugins.fix_replica_agreements > > 2016-01-16T22:06:12Z DEBUG importing plugin module > ipaserver.install.plugins.rename_managed > > 2016-01-16T22:06:12Z DEBUG importing plugin module > ipaserver.install.plugins.update_ca_topology > > 2016-01-16T22:06:12Z DEBUG importing plugin module > ipaserver.install.plugins.update_idranges > > 2016-01-16T22:06:12Z DEBUG importing plugin module > ipaserver.install.plugins.update_managed_permissions > > 2016-01-16T22:06:12Z DEBUG importing plugin module > ipaserver.install.plugins.update_pacs > > 2016-01-16T22:06:12Z DEBUG importing plugin module > ipaserver.install.plugins.update_passsync > > 2016-01-16T22:06:12Z DEBUG importing plugin module > ipaserver.install.plugins.update_referint > > 2016-01-16T22:06:12Z DEBUG importing plugin module > ipaserver.install.plugins.update_services > > 2016-01-16T22:06:12Z DEBUG importing plugin module > ipaserver.install.plugins.update_uniqueness > > 2016-01-16T22:06:12Z DEBUG importing plugin module > ipaserver.install.plugins.upload_cacrt > > 2016-01-16T22:06:12Z DEBUG SessionAuthManager.register: > name=jsonserver_session_139847648179216 > > 2016-01-16T22:06:12Z DEBUG SessionAuthManager.register: > name=xmlserver_session_139847648180560 > > 2016-01-16T22:06:12Z DEBUG Mounting ipaserver.rpcserver.sync_token() > at '/session/sync_token' > > 2016-01-16T22:06:12Z DEBUG Mounting > ipaserver.rpcserver.xmlserver_session() at '/session/xml' > > 2016-01-16T22:06:12Z DEBUG session_auth_duration: 0:20:00 > > 2016-01-16T22:06:12Z DEBUG session_auth_duration: 0:20:00 > > 2016-01-16T22:06:13Z DEBUG Mounting ipaserver.rpcserver.xmlserver() at > '/xml' > > 2016-01-16T22:06:13Z DEBUG session_auth_duration: 0:20:00 > > 2016-01-16T22:06:13Z DEBUG Mounting > ipaserver.rpcserver.login_password() at '/session/login_password' > > 2016-01-16T22:06:13Z DEBUG session_auth_duration: 0:20:00 > > 2016-01-16T22:06:13Z DEBUG Mounting > ipaserver.rpcserver.jsonserver_session() at '/session/json' > > 2016-01-16T22:06:13Z DEBUG session_auth_duration: 0:20:00 > > 2016-01-16T22:06:13Z DEBUG Mounting > ipaserver.rpcserver.change_password() at '/session/change_password' > > 2016-01-16T22:06:13Z DEBUG Mounting > ipaserver.rpcserver.jsonserver_kerb() at '/json' > > 2016-01-16T22:06:13Z DEBUG session_auth_duration: 0:20:00 > > 2016-01-16T22:06:13Z DEBUG Mounting > ipaserver.rpcserver.login_kerberos() at '/session/login_kerberos' > > 2016-01-16T22:06:13Z DEBUG session_auth_duration: 0:20:00 > > 2016-01-16T22:06:13Z DEBUG Created connection > context.ldap2_139847648178768 > > 2016-01-16T22:06:13Z DEBUG raw: domainlevel_get(version=u'2.163') > > 2016-01-16T22:06:13Z DEBUG domainlevel_get(version=u'2.163') > > 2016-01-16T22:06:13Z DEBUG flushing > ldaps://dc1-ipa-dev-van.mydomain.net from SchemaCache > > 2016-01-16T22:06:13Z DEBUG retrieving schema for SchemaCache > url=ldaps://dc1-ipa-dev-van.mydomain.net > conn= > > 2016-01-16T22:06:14Z DEBUG Check forward/reverse DNS resolution > > 2016-01-16T22:06:14Z DEBUG Search DNS server > dc1-ipa-dev-van.mydomain.net (['10.21.0.99', '10.21.0.99', > '10.21.0.99']) for dc1-ipa-dev-van.mydomain.net > > 2016-01-16T22:06:14Z DEBUG Check reverse address 10.21.0.99 > (dc1-ipa-dev-van.mydomain.net) > > 2016-01-16T22:06:14Z DEBUG Address 10.21.0.99 resolves to: > dc1-ipa-dev-van.mydomain.net.. > > 2016-01-16T22:06:14Z DEBUG Search DNS server > dc1-ipa-dev-van.mydomain.net (['10.21.0.99', '10.21.0.99', > '10.21.0.99']) for dc2-ipa-dev-van.mydomain.net > > 2016-01-16T22:06:14Z DEBUG Check reverse address 10.21.0.98 > (dc2-ipa-dev-van.mydomain.net) > > 2016-01-16T22:06:14Z DEBUG Address 10.21.0.98 resolves to: > dc2-ipa-dev-van.mydomain.net.. > > 2016-01-16T22:06:14Z DEBUG Installing CA Replica from master with a > merged database > > 2016-01-16T22:06:14Z DEBUG Destroyed connection > context.ldap2_139847648178768 > > 2016-01-16T22:06:14Z DEBUG Loading Index file from > '/var/lib/ipa/sysrestore/sysrestore.index' > > 2016-01-16T22:06:14Z DEBUG File > "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, > in execute > > return_value = self.run() > > File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line > 318, in run > > cfgr.run() > > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", > line 308, in run > > self.validate() > > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", > line 317, in validate > > for nothing in self._validator(): > > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", > line 372, in __runner > > self._handle_exception(exc_info) > > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", > line 394, in _handle_exception > > six.reraise(*exc_info) > > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", > line 362, in __runner > > step() > > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", > line 359, in > > step = lambda: next(self.__gen) > > File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", > line 81, in run_generator_with_yield_from > > six.reraise(*exc_info) > > File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", > line 59, in run_generator_with_yield_from > > value = gen.send(prev_value) > > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", > line 549, in _configure > > next(validator) > > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", > line 372, in __runner > > self._handle_exception(exc_info) > > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", > line 449, in _handle_exception > > self.__parent._handle_exception(exc_info) > > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", > line 394, in _handle_exception > > six.reraise(*exc_info) > > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", > line 446, in _handle_exception > > super(ComponentBase, self)._handle_exception(exc_info) > > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", > line 394, in _handle_exception > > six.reraise(*exc_info) > > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", > line 362, in __runner > > step() > > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", > line 359, in > > step = lambda: next(self.__gen) > > File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", > line 81, in run_generator_with_yield_from > > six.reraise(*exc_info) > > File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", > line 59, in run_generator_with_yield_from > > value = gen.send(prev_value) > > File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", > line 63, in _install > > for nothing in self._installer(self.parent): > > File > "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", > line 1555, in main > > install_check(self) > > File > "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", > line 372, in decorated > > func(installer) > > File > "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", > line 656, in install_check > > dns.install_check(False, True, options, config.host_name) > > File "/usr/lib/python2.7/site-packages/ipaserver/install/dns.py", line > 125, in install_check > > if not replica or not check_dns_enabled(api): > > File "/usr/lib/python2.7/site-packages/ipaserver/install/dns.py", line > 111, in check_dns_enabled > > if api.Backend.rpcclient.isconnected(): > > 2016-01-16T22:06:14Z DEBUG The ipa-replica-install command failed, > exception: AttributeError: 'NameSpace' object has no attribute 'rpcclient' > > 2016-01-16T22:06:14Z ERROR 'NameSpace' object has no attribute 'rpcclient' > > 2016-01-16T22:06:14Z ERROR The ipa-replica-install command failed. See > /var/log/ipareplica-install.log for more information > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From pspacek at redhat.com Mon Jan 18 09:46:59 2016 From: pspacek at redhat.com (Petr Spacek) Date: Mon, 18 Jan 2016 10:46:59 +0100 Subject: [Freeipa-users] Announcing FreeIPA 4.3.0 - demo In-Reply-To: <569909E2.1090600@redhat.com> References: <5674413E.4000206@redhat.com> <5698B8F6.2070002@redhat.com> <569909E2.1090600@redhat.com> Message-ID: <569CB493.6030505@redhat.com> On 15.1.2016 16:01, Martin Kosek wrote: > Yeah, I think we should produce a How To on FreeIPA.org as this is what many > people would look for. It was slightly tricky as there were 2 hickups involved: > * SELinux policy bug (WIP) > * ipa-cacert-manage bug where I had to comment one line > > Petr/Jan, would you like to create the How To, since you provided me the > instructions? I would rather wait until the two bugs are fixed. If we produce howto and say 'setenforce 0' and comment out this if and that one ... people will copy that around to some blogs and we will never get rid of that. Petr^2 Spacek > > On 01/15/2016 03:47 PM, Prasun Gera wrote: >> This is great. Can you post instructions for getting Let's Encrypt working >> on 4.2.x ? I had created a thread, but I eventually got stuck, and it felt >> a bit risky to modify low level things on a production system. >> >> This is the thread for reference: >> https://www.redhat.com/archives/freeipa-users/2015-November/msg00048.html >> >> I got as far as adding the root cert manually, but it still didn't work >> after that. >> >> On Fri, Jan 15, 2016 at 4:16 AM, Martin Kosek wrote: >> >>> On 12/18/2015 06:24 PM, Petr Vobornik wrote: >>>> The FreeIPA team would like to announce FreeIPA v4.3.0 release! >>>> >>>> It can be downloaded from http://www.freeipa.org/page/Downloads. The >>> builds are >>>> available for Fedora rawhide. Builds for Fedora 23 are available in the >>>> official COPR repository >>>> . >>>> >>>> This announcement is also available at >>>> . >>>> >>>> == Highlights in 4.3.0 == >>>> * Simplified management of replication topology - control and display >>> your >>>> topology from CLI and UI >>>> * Simplified replica installation - install replica without ''replica >>> package'' >>>> via OTP, keytab or privileged user credentials. The new method is called >>>> ''replica promotion'' as it adds FreeIPA server capability to existing >>> or new >>>> client >>>> ... >>> >>> FreeIPA demo [1] was upgraded to version 4.3.0. Compared to previous Demo >>> version (4.2.x), you can now see the new Topology tab in "IPA Server" >>> section, >>> to get information about the FreeIPA servers in the realm, including a very >>> thrilling Topology Graph :-) >>> >>> The Apache service was also updated to use a trusted certificate from Let's >>> Encrypt, so you no longer need to waive the nasty Certificate Warning. >>> Thanks >>> to Petr Spacek and Jan Cholasta for helping me setting it up. >>> >>> [1] http://www.freeipa.org/page/Demo-- Petr^2 Spacek -- Petr^2 Spacek -- Petr^2 Spacek -- Petr^2 Spacek -- Petr^2 Spacek -- Petr^2 Spacek -- Petr^2 Spacek -- Petr^2 Spacek -- Petr^2 Spacek -- Petr^2 Spacek -- Petr^2 Spacek -- Petr^2 Spacek From lkrispen at redhat.com Mon Jan 18 10:04:09 2016 From: lkrispen at redhat.com (Ludwig Krispenz) Date: Mon, 18 Jan 2016 11:04:09 +0100 Subject: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists In-Reply-To: References: Message-ID: <569CB899.9040603@redhat.com> On 01/18/2016 04:47 AM, Nathan Peters wrote: > > This is another issue I'm not sure how to debug or solve in 4.3.0. A > failed replica installation left a replica with stuff in the tree, but > not configured properly on the localhost. I did ipa-server-install > --uninstall as suggested by the installation program and it deleted > the local copy of the data, but did not clean the tree. > > Now all subsequent installations are failing with some duplicate entry > error. > > All packages are up to date so this is not the pki-ca 10.2.6-13 fix > issue. I've checked the whole tree for any references to the old copy > of the master but I can't find them. > > That error log is typically unhelpful as it doesn't tell me what entry > or where it is looking or finding a duplicate or I would just go > delete it myself. > look at the DS access log, you should see an ADD operation with RESULT err=68 tag=105 > > 2016-01-18T03:29:55Z DEBUG Fetching nsDS5ReplicaId from master > [attempt 1/5] > > 2016-01-18T03:29:55Z DEBUG Successfully updated nsDS5ReplicaId. > > 2016-01-18T03:29:55Z DEBUG Traceback (most recent call last): > > File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", > line 447, in start_creation > > run_step(full_msg, method) > > File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", > line 437, in run_step > > method() > > File > "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", > line 413, in __setup_replica > > repl.setup_promote_replication(self.master_fqdn) > > File > "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", > line 1589, in setup_promote_replication > > self.basic_replication_setup(r_conn, r_id, self.repl_man_dn, None) > > File > "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", > line 983, in basic_replication_setup > > self.replica_config(conn, replica_id, repldn) > > File > "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", > line 467, in replica_config > > conn.add_entry(entry) > > File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line > 1442, in add_entry > > self.conn.add_s(str(entry.dn), list(attrs.items())) > > File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__ > > self.gen.throw(type, value, traceback) > > File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line > 947, in error_handler > > raise errors.DuplicateEntry() > > DuplicateEntry: This entry already exists > > 2016-01-18T03:29:55Z DEBUG [error] DuplicateEntry: This entry > already exists > > 2016-01-18T03:29:55Z DEBUG File > "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, > in execute > > return_value = self.run() > > File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line > 318, in run > > cfgr.run() > > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", > line 310, in run > > self.execute() > > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", > line 332, in execute > > for nothing in self._executor(): > > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", > line 372, in __runner > > self._handle_exception(exc_info) > > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", > line 394, in _handle_exception > > six.reraise(*exc_info) > > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", > line 362, in __runner > > step() > > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", > line 359, in > > step = lambda: next(self.__gen) > > File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", > line 81, in run_generator_with_yield_from > > six.reraise(*exc_info) > > File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", > line 59, in run_generator_with_yield_from > > value = gen.send(prev_value) > > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", > line 571, in _configure > > next(executor) > > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", > line 372, in __runner > > self._handle_exception(exc_info) > > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", > line 449, in _handle_exception > > self.__parent._handle_exception(exc_info) > > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", > line 394, in _handle_exception > > six.reraise(*exc_info) > > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", > line 446, in _handle_exception > > super(ComponentBase, self)._handle_exception(exc_info) > > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", > line 394, in _handle_exception > > six.reraise(*exc_info) > > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", > line 362, in __runner > > step() > > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", > line 359, in > > step = lambda: next(self.__gen) > > File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", > line 81, in run_generator_with_yield_from > > six.reraise(*exc_info) > > File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", > line 59, in run_generator_with_yield_from > > value = gen.send(prev_value) > > File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", > line 63, in _install > > for nothing in self._installer(self.parent): > > File > "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", > line 1553, in main > > promote(self) > > File > "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", > line 372, in decorated > > func(installer) > > File > "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", > line 1275, in promote > > promote=True, pkcs12_info=dirsrv_pkcs12_info) > > File > "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", > line 120, in install_replica_ds > > promote=promote, > > File > "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", > line 398, in create_replica > > self.start_creation(runtime=60) > > File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", > line 447, in start_creation > > run_step(full_msg, method) > > File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", > line 437, in run_step > > method() > > File > "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", > line 413, in __setup_replica > > repl.setup_promote_replication(self.master_fqdn) > > File > "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", > line 1589, in setup_promote_replication > > self.basic_replication_setup(r_conn, r_id, self.repl_man_dn, None) > > File > "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", > line 983, in basic_replication_setup > > self.replica_config(conn, replica_id, repldn) > > File > "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", > line 467, in replica_config > > conn.add_entry(entry) > > File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line > 1442, in add_entry > > self.conn.add_s(str(entry.dn), list(attrs.items())) > > File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__ > > self.gen.throw(type, value, traceback) > > File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line > 947, in error_handler > > raise errors.DuplicateEntry() > > 2016-01-18T03:29:55Z DEBUG The ipa-replica-install command failed, > exception: DuplicateEntry: This entry already exists > > 2016-01-18T03:29:55Z ERROR This entry already exists > > 2016-01-18T03:29:55Z ERROR The ipa-replica-install command failed. See > /var/log/ipareplica-install.log for more information > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From peter at pakos.pl Mon Jan 18 10:35:44 2016 From: peter at pakos.pl (Peter Pakos) Date: Mon, 18 Jan 2016 10:35:44 +0000 Subject: [Freeipa-users] Using 3rd party certificates for HTTP/LDAP In-Reply-To: <569C9F3C.8010504@redhat.com> References: <56782C27.3000102@pakos.pl> <568A6921.6000708@redhat.com> <5697E464.5040907@pakos.pl> <5697EE18.1090406@redhat.com> <56981097.4070501@pakos.pl> <56990A77.3020000@redhat.com> <56990D65.405@pakos.pl> <56991675.5010405@redhat.com> <56991F9E.9050104@pakos.pl> <569C9D45.1070209@redhat.com> <569C9F3C.8010504@redhat.com> Message-ID: <569CC000.6010903@pakos.pl> On 18/01/2016 08:15, Jan Cholasta wrote: >> CCing Honza. Do we have all the respective tickets filed, so that we can >> improve and speed up the user experience? > > There's for automatic CA > certificate distribution and > and > for > ipa-server-certinstall fixes. > > If there's anything missing, pleaes file a new ticket. I think that covers everything. Thank you. -- Kind regards, Peter Pakos From peter at pakos.pl Mon Jan 18 11:20:11 2016 From: peter at pakos.pl (Peter Pakos) Date: Mon, 18 Jan 2016 11:20:11 +0000 Subject: [Freeipa-users] ipa-certupdate not installing root certificates in /etc/pki/pki-tomcat/alias/ In-Reply-To: <569CA450.2050805@redhat.com> References: <569C3293.1080603@pakos.pl> <569CA450.2050805@redhat.com> Message-ID: <569CCA6B.2090008@pakos.pl> On 18/01/2016 08:37, Jan Cholasta wrote: >> Are the above steps correct for installing 3rd party certificates in >> FreeIPA 4.2? Should I change anything? > > Looks OK to me. Thanks for verifying my instructions. -- Kind regards, Peter Pakos From peter at pakos.pl Mon Jan 18 11:05:14 2016 From: peter at pakos.pl (Peter Pakos) Date: Mon, 18 Jan 2016 11:05:14 +0000 Subject: [Freeipa-users] CA-less vs CA-ful FreeIPA 4.2 installation In-Reply-To: <569C9CEC.7030109@redhat.com> References: <56991B9F.5060907@pakos.pl> <569C9CEC.7030109@redhat.com> Message-ID: <569CC6EA.2010304@pakos.pl> On 18/01/2016 08:06, Martin Kosek wrote: > I am hoping that this is well explained here: > > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/install-examples.html#install-ca-options > > Some useful notes are also Dmitri Pal's blog post: > http://rhelblog.redhat.com/2015/06/02/identity-management-and-certificates/ Thanks for the docs. I'm trying to get my head around this... if I have a working CA-ful FreeIPA setup and then install 3rd party SSL certificates for HTTP/LDAP only (including 3 root CA certs from the chain) - does this replace original self-signed CA that FreeIPA generated (and becomes External CA install) or does CA stay untouched and I can still take advantage of all the goodies that come with CA-ful install like automatic certificates renewals (apart from HTTP/LDAP ones)? Or does this became a multi CA install? BTW, I can see that the root certificates are getting added to /etc/ipa/ca.crt. >> I'm also thinking ahead, when it comes to renewing certificates when they >> expire in 1 year time, which install type would cause less problems? > > In CA-ful installation, client certificates or FreeIPA CA subsystem > certificates should just renew automatically. In CA-less, you need to take care > to renew them manually with your 3rd party certificate provider. So in my CA-ful install with 3rd party SSL certificate installed, how would the renewal look? I understand that I would have to install new HTTP/LDAP certificates manually as they were signed by external CA, but would all certificates issued by FreeIPA CA still renew automatically? >> I've failed to find any useful info covering the above points, so if you know >> anything, please just let me know. > > I think the important point is that even if you choose to install with CA-less > for now, you can switch to CA-ful later via ipa-ca-install: > > http://www.freeipa.org/page/V4/CA-less_to_CA-full_conversion Thank you, your help is much appreciated! -- Kind regards, Peter Pakos From arthur at deus.pro Mon Jan 18 11:22:33 2016 From: arthur at deus.pro (Arthur Fayzullin) Date: Mon, 18 Jan 2016 16:22:33 +0500 Subject: [Freeipa-users] FreeRadius and FreeIPA In-Reply-To: <20151214101204.GP4620@redhat.com> References: <56684014.9060001@chem.byu.edu> <20151214101204.GP4620@redhat.com> Message-ID: <569CCAF9.9050309@deus.pro> Thank for such good explanation! that has pointed my search. I have succeed in integration freeradius with freeipa by help of William Brown and his blog. Thanks to Him :-) Links to related articles in his blog: first part: https://firstyear.id.au/entry/22 second part: https://firstyear.id.au/entry/45 with a little difference taken from this guide: http://www.freeipa.org/page/Using_FreeIPA_and_FreeRadius_as_a_RADIUS_based_software_token_OTP_system_with_CentOS/RedHat_7 I additionally defined base_dn = server = parameters in /etc/raddb/mods-enabled/ldap file. everything works fine. now it would be fine to define different admin level for different users on different network devices. But anyway everything works!!! Thanks to all! 1 little question left: what does ipa radiusproxy-add command do? what is its purpose? why everything works without it? 14.12.2015 15:12, Alexander Bokovoy ?????: > On Wed, 09 Dec 2015, Randy Morgan wrote: >> Hello, >> >> We are setting up our wireless to authenticate against FreeRadius and >> FreeIPA. I am looking for any instructions on how to integrate >> radius with IPA. We can get them talking via kerberos, but when we >> have a wireless client attempt to authenticate against them, the >> password gets stripped out and only the username gets passed on, >> resulting in a failed logon attempt. >> >> As we have studied the problem we have identified the communication >> protocols used by wireless to pass on the user credentials to >> radius. Wireless uses EAP as it's primary protocol. We are running >> Xirrus wireless APs and from what we can learn, they act only as a >> pass through conduit for the client. Ideally we would like them to >> speak PEAP TTLS, this would allow kerberos to process from the client >> to the IPA server, we are still researching this. >> >> Are there any instructions on how to integrate FreeRadius 3.0.10 with >> FreeIPA 3.3.5? Any help would be appreciated. > We see this question asked periodically. What we ask always prior to > answering it is what it would be used for? What authentication > mechanisms RADIUS is supposed to provide to its clients? > > FreeRADIUS authenticating against IPA is easy. However, depending on > what authentication mechanisms are required it will be either not > possible to achieve or will definitely degrade security of the setup. > > A general approach is to use following setup to use PAP authentication: > 1. Installing the 'freeradius-ldap' rpm from yum > 2. chmod 775 /etc/raddb/certs (so radiusd can write cert files) > 3. Change your 'authorize' and 'authenticate' sections of > /etc/raddb/radiusd.conf to: > authorize { > ldap > } > authenticate { > Auth-Type LDAP { > ldap > } > } > > During PAP a plaintext password is passed to the RADIUS server > (encrypted with a weak MD5 shared secret). > > When the RADIUS server receives the users plaintext password in the > conventional configuration it simply compares the received password with > the stored password. The issue with IPA is there is no stored plaintext > password to compare to, therefore you cannot use conventional PAP with > IPA. > > But FreeRADIUS permits you to do other things with PAP besides just > comparing the received password against the stored password for the > user. You can instruct FreeRADIUS to use what they call an > "authentication oracle", or at the risk of loose terminology to "proxy" > the authentication to another authentication server (not to be confused > with radius proxy where the radius transaction is proxied to another > radius server). > > There are two authentication oracles FreeRADIUS can use > > * LDAP > * Kerberos > > In this scenario the plantext password received by the RADIUS server is > used to authenticate against the oracle. For LDAP it does a simple bind. > For Kerberos it does a kinit. If the authentication succeeds the RADIUS > server ACK's the PAP. The thing to note here is this is still occurring > with PAP but no password comparison is being performed. > > There is a third "oracle" FreeRADIUS can utilize, namely Active > Directory, but in this case the protocol is not PAP, the ntlm_auth > helper from Samba is used instead with the RADIUS server communicating > with ntlm_auth which communicates with AD. > > The suggestion of using strong passwords is always a good idea. The > password transmission between the client and the radius server only > enjoys weak protection so a strong password is especially important. > Communication between the RADIUS server and it's oracles can be quite > strong and is generally not a concern if things are configured properly. > > Now, there is an issue if you would want to authenticate Windows clients > using MS CHAPv2 because that implies that FreeRADIUS would want to fetch > a weak NTLM hash to do negotiation on its own side. > > To achieve that, one would need to give up the hashes to FreeRADIUS > instance. We consider them weak as they can be used to brute force > decryption of the passwords (trivially these days!) so a certain care > should be done to limit who can access them. We strongly not > recommending use of this but sometimes you are forced to provide > authentication for WiFi networks to Windows clients that only support > > 0. Run ipa-adtrust-install to configure IPA to generate NTLM hashes. > Make sure you'll run the task to generate SIDs, ipa-adtrust-install > will ask about it. > > 1. You need to create a system account for FreeRADIUS to acces the LDAP > server. Let's say, it is > uid=freeradius,cn=sysaccounts,cn=etc,dc=example,dc=com > > 2. Make the DN above a member of cn=adtrust > agents,cn=sysaccounts,dc=example,dc=com > Use the DN as in FreeRADIUS configuration. > > 3. For each user that needs to get NTLM hashes, a password change is > required to regenerate all hashes. We currently have no means > to generate them otherwise. > > If you use ldap auth I'd suggest the connection either be SSL or on the > loopback to prevent snooping. Missing from instructions above is the > configuration of the ldap server FreeRADIUS will connect to. > > This is done in /etc/raddb/mods-available/ldap and you'll need to make a > symlink to it in /etc/raddb/mods-enabled to activate it. The ldap config > file has lots of comments that explains all the options, like most > things in FreeRADIUS the doc is in the config files. > > It's not possible to use any RADIUS authentication mechanism that > requires the RADIUS server to lookup a cleartext password, refer to this > chart: > > http://deployingradius.com/documents/protocols/compatibility.html > > If you do step 0 from above and enable NTLM hashes you can utilize > column 2 from above because the server can lookup up the NTLM hash. The > attribute will be named ipaNTHash, so you would need to remap password > attribute for that in the ldap configuration. > > It is currently not possible to configure rlm_ldap module to do LDAP > authentication by SASL GSSAPI instead of using a system account in IPA > because while FreeRADIUS tries to search for SASL-enabled LDAP API, it > doesn't use it at all and always uses LDAP simple bind. This is > something we need to fix --- I'm unable right now to find out the reason > why previously supported SASL GSSAPI authentication is removed from > FreeRADIUS. > From pvoborni at redhat.com Mon Jan 18 11:24:13 2016 From: pvoborni at redhat.com (Petr Vobornik) Date: Mon, 18 Jan 2016 12:24:13 +0100 Subject: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists In-Reply-To: <569CB899.9040603@redhat.com> References: <569CB899.9040603@redhat.com> Message-ID: <569CCB5D.8040400@redhat.com> On 01/18/2016 11:04 AM, Ludwig Krispenz wrote: > > On 01/18/2016 04:47 AM, Nathan Peters wrote: >> >> This is another issue I'm not sure how to debug or solve in 4.3.0. A >> failed replica installation left a replica with stuff in the tree, but >> not configured properly on the localhost. I did ipa-server-install >> --uninstall as suggested by the installation program and it deleted >> the local copy of the data, but did not clean the tree. >> >> Now all subsequent installations are failing with some duplicate entry >> error. >> >> All packages are up to date so this is not the pki-ca 10.2.6-13 fix >> issue. I've checked the whole tree for any references to the old copy >> of the master but I can't find them. >> >> That error log is typically unhelpful as it doesn't tell me what entry >> or where it is looking or finding a duplicate or I would just go >> delete it myself. >> > look at the DS access log, you should see an ADD operation with > RESULT err=68 tag=105 According to code it's most likely cn=replica,cn=$DOMAIN_SUFFIX,cn=mapping tree,cn=config I don't know why it happens because installer should add it only if the entry does not exist. Would be worth to check the DS access log if base search(which should happen before the add) for the dn fails or succeeds. >> >> 2016-01-18T03:29:55Z DEBUG Fetching nsDS5ReplicaId from master >> [attempt 1/5] >> >> 2016-01-18T03:29:55Z DEBUG Successfully updated nsDS5ReplicaId. >> >> 2016-01-18T03:29:55Z DEBUG Traceback (most recent call last): >> >> File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", >> line 447, in start_creation >> >> run_step(full_msg, method) >> >> File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", >> line 437, in run_step >> >> method() >> >> File >> "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", >> line 413, in __setup_replica >> >> repl.setup_promote_replication(self.master_fqdn) >> >> File >> "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", >> line 1589, in setup_promote_replication >> >> self.basic_replication_setup(r_conn, r_id, self.repl_man_dn, None) >> >> File >> "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", >> line 983, in basic_replication_setup >> >> self.replica_config(conn, replica_id, repldn) >> >> File >> "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", >> line 467, in replica_config >> >> conn.add_entry(entry) >> >> File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line >> 1442, in add_entry >> >> self.conn.add_s(str(entry.dn), list(attrs.items())) >> >> File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__ >> >> self.gen.throw(type, value, traceback) >> >> File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line >> 947, in error_handler >> >> raise errors.DuplicateEntry() >> >> DuplicateEntry: This entry already exists >> >> 2016-01-18T03:29:55Z DEBUG [error] DuplicateEntry: This entry >> already exists >> >> 2016-01-18T03:29:55Z DEBUG File >> "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, >> in execute >> >> return_value = self.run() >> >> File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line >> 318, in run >> >> cfgr.run() >> >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >> line 310, in run >> >> self.execute() >> >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >> line 332, in execute >> >> for nothing in self._executor(): >> >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >> line 372, in __runner >> >> self._handle_exception(exc_info) >> >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >> line 394, in _handle_exception >> >> six.reraise(*exc_info) >> >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >> line 362, in __runner >> >> step() >> >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >> line 359, in >> >> step = lambda: next(self.__gen) >> >> File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", >> line 81, in run_generator_with_yield_from >> >> six.reraise(*exc_info) >> >> File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", >> line 59, in run_generator_with_yield_from >> >> value = gen.send(prev_value) >> >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >> line 571, in _configure >> >> next(executor) >> >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >> line 372, in __runner >> >> self._handle_exception(exc_info) >> >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >> line 449, in _handle_exception >> >> self.__parent._handle_exception(exc_info) >> >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >> line 394, in _handle_exception >> >> six.reraise(*exc_info) >> >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >> line 446, in _handle_exception >> >> super(ComponentBase, self)._handle_exception(exc_info) >> >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >> line 394, in _handle_exception >> >> six.reraise(*exc_info) >> >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >> line 362, in __runner >> >> step() >> >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >> line 359, in >> >> step = lambda: next(self.__gen) >> >> File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", >> line 81, in run_generator_with_yield_from >> >> six.reraise(*exc_info) >> >> File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", >> line 59, in run_generator_with_yield_from >> >> value = gen.send(prev_value) >> >> File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", >> line 63, in _install >> >> for nothing in self._installer(self.parent): >> >> File >> "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", >> line 1553, in main >> >> promote(self) >> >> File >> "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", >> line 372, in decorated >> >> func(installer) >> >> File >> "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", >> line 1275, in promote >> >> promote=True, pkcs12_info=dirsrv_pkcs12_info) >> >> File >> "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", >> line 120, in install_replica_ds >> >> promote=promote, >> >> File >> "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", >> line 398, in create_replica >> >> self.start_creation(runtime=60) >> >> File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", >> line 447, in start_creation >> >> run_step(full_msg, method) >> >> File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", >> line 437, in run_step >> >> method() >> >> File >> "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", >> line 413, in __setup_replica >> >> repl.setup_promote_replication(self.master_fqdn) >> >> File >> "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", >> line 1589, in setup_promote_replication >> >> self.basic_replication_setup(r_conn, r_id, self.repl_man_dn, None) >> >> File >> "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", >> line 983, in basic_replication_setup >> >> self.replica_config(conn, replica_id, repldn) >> >> File >> "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", >> line 467, in replica_config >> >> conn.add_entry(entry) >> >> File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line >> 1442, in add_entry >> >> self.conn.add_s(str(entry.dn), list(attrs.items())) >> >> File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__ >> >> self.gen.throw(type, value, traceback) >> >> File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line >> 947, in error_handler >> >> raise errors.DuplicateEntry() >> >> 2016-01-18T03:29:55Z DEBUG The ipa-replica-install command failed, >> exception: DuplicateEntry: This entry already exists >> >> 2016-01-18T03:29:55Z ERROR This entry already exists >> >> 2016-01-18T03:29:55Z ERROR The ipa-replica-install command failed. See >> /var/log/ipareplica-install.log for more information >> >> >> > > > > -- Petr Vobornik From abokovoy at redhat.com Mon Jan 18 11:37:14 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Mon, 18 Jan 2016 13:37:14 +0200 Subject: [Freeipa-users] FreeRadius and FreeIPA In-Reply-To: <569CCAF9.9050309@deus.pro> References: <56684014.9060001@chem.byu.edu> <20151214101204.GP4620@redhat.com> <569CCAF9.9050309@deus.pro> Message-ID: <20160118113714.GU4316@redhat.com> On Mon, 18 Jan 2016, Arthur Fayzullin wrote: >Thank for such good explanation! that has pointed my search. > I have succeed in integration freeradius with freeipa by help of >William Brown and his blog. Thanks to Him :-) >Links to related articles in his blog: >first part: https://firstyear.id.au/entry/22 >second part: https://firstyear.id.au/entry/45 > >with a little difference taken from this guide: >http://www.freeipa.org/page/Using_FreeIPA_and_FreeRadius_as_a_RADIUS_based_software_token_OTP_system_with_CentOS/RedHat_7 >I additionally defined >base_dn = >server = >parameters in /etc/raddb/mods-enabled/ldap file. > >everything works fine. now it would be fine to define different admin >level for different users on different network devices. >But anyway everything works!!! Thanks to all! > >1 little question left: what does >ipa radiusproxy-add >command do? what is its purpose? why everything works without it? This is for the other direction -- when 2FA tokens are defined in an external daemon that provides RADIUS interface to check against them. You don't need this if you want your RADIUS server to perform 2FA checks against FreeIPA, you want to define it only if your FreeIPA server should perform Kerberos authentication against that external RADIUS server. > >14.12.2015 15:12, Alexander Bokovoy ?????: >> On Wed, 09 Dec 2015, Randy Morgan wrote: >>> Hello, >>> >>> We are setting up our wireless to authenticate against FreeRadius and >>> FreeIPA. I am looking for any instructions on how to integrate >>> radius with IPA. We can get them talking via kerberos, but when we >>> have a wireless client attempt to authenticate against them, the >>> password gets stripped out and only the username gets passed on, >>> resulting in a failed logon attempt. >>> >>> As we have studied the problem we have identified the communication >>> protocols used by wireless to pass on the user credentials to >>> radius. Wireless uses EAP as it's primary protocol. We are running >>> Xirrus wireless APs and from what we can learn, they act only as a >>> pass through conduit for the client. Ideally we would like them to >>> speak PEAP TTLS, this would allow kerberos to process from the client >>> to the IPA server, we are still researching this. >>> >>> Are there any instructions on how to integrate FreeRadius 3.0.10 with >>> FreeIPA 3.3.5? Any help would be appreciated. >> We see this question asked periodically. What we ask always prior to >> answering it is what it would be used for? What authentication >> mechanisms RADIUS is supposed to provide to its clients? >> >> FreeRADIUS authenticating against IPA is easy. However, depending on >> what authentication mechanisms are required it will be either not >> possible to achieve or will definitely degrade security of the setup. >> >> A general approach is to use following setup to use PAP authentication: >> 1. Installing the 'freeradius-ldap' rpm from yum >> 2. chmod 775 /etc/raddb/certs (so radiusd can write cert files) >> 3. Change your 'authorize' and 'authenticate' sections of >> /etc/raddb/radiusd.conf to: >> authorize { >> ldap >> } >> authenticate { >> Auth-Type LDAP { >> ldap >> } >> } >> >> During PAP a plaintext password is passed to the RADIUS server >> (encrypted with a weak MD5 shared secret). >> >> When the RADIUS server receives the users plaintext password in the >> conventional configuration it simply compares the received password with >> the stored password. The issue with IPA is there is no stored plaintext >> password to compare to, therefore you cannot use conventional PAP with >> IPA. >> >> But FreeRADIUS permits you to do other things with PAP besides just >> comparing the received password against the stored password for the >> user. You can instruct FreeRADIUS to use what they call an >> "authentication oracle", or at the risk of loose terminology to "proxy" >> the authentication to another authentication server (not to be confused >> with radius proxy where the radius transaction is proxied to another >> radius server). >> >> There are two authentication oracles FreeRADIUS can use >> >> * LDAP >> * Kerberos >> >> In this scenario the plantext password received by the RADIUS server is >> used to authenticate against the oracle. For LDAP it does a simple bind. >> For Kerberos it does a kinit. If the authentication succeeds the RADIUS >> server ACK's the PAP. The thing to note here is this is still occurring >> with PAP but no password comparison is being performed. >> >> There is a third "oracle" FreeRADIUS can utilize, namely Active >> Directory, but in this case the protocol is not PAP, the ntlm_auth >> helper from Samba is used instead with the RADIUS server communicating >> with ntlm_auth which communicates with AD. >> >> The suggestion of using strong passwords is always a good idea. The >> password transmission between the client and the radius server only >> enjoys weak protection so a strong password is especially important. >> Communication between the RADIUS server and it's oracles can be quite >> strong and is generally not a concern if things are configured properly. >> >> Now, there is an issue if you would want to authenticate Windows clients >> using MS CHAPv2 because that implies that FreeRADIUS would want to fetch >> a weak NTLM hash to do negotiation on its own side. >> >> To achieve that, one would need to give up the hashes to FreeRADIUS >> instance. We consider them weak as they can be used to brute force >> decryption of the passwords (trivially these days!) so a certain care >> should be done to limit who can access them. We strongly not >> recommending use of this but sometimes you are forced to provide >> authentication for WiFi networks to Windows clients that only support >> >> 0. Run ipa-adtrust-install to configure IPA to generate NTLM hashes. >> Make sure you'll run the task to generate SIDs, ipa-adtrust-install >> will ask about it. >> >> 1. You need to create a system account for FreeRADIUS to acces the LDAP >> server. Let's say, it is >> uid=freeradius,cn=sysaccounts,cn=etc,dc=example,dc=com >> >> 2. Make the DN above a member of cn=adtrust >> agents,cn=sysaccounts,dc=example,dc=com >> Use the DN as in FreeRADIUS configuration. >> >> 3. For each user that needs to get NTLM hashes, a password change is >> required to regenerate all hashes. We currently have no means >> to generate them otherwise. >> >> If you use ldap auth I'd suggest the connection either be SSL or on the >> loopback to prevent snooping. Missing from instructions above is the >> configuration of the ldap server FreeRADIUS will connect to. >> >> This is done in /etc/raddb/mods-available/ldap and you'll need to make a >> symlink to it in /etc/raddb/mods-enabled to activate it. The ldap config >> file has lots of comments that explains all the options, like most >> things in FreeRADIUS the doc is in the config files. >> >> It's not possible to use any RADIUS authentication mechanism that >> requires the RADIUS server to lookup a cleartext password, refer to this >> chart: >> >> http://deployingradius.com/documents/protocols/compatibility.html >> >> If you do step 0 from above and enable NTLM hashes you can utilize >> column 2 from above because the server can lookup up the NTLM hash. The >> attribute will be named ipaNTHash, so you would need to remap password >> attribute for that in the ldap configuration. >> >> It is currently not possible to configure rlm_ldap module to do LDAP >> authentication by SASL GSSAPI instead of using a system account in IPA >> because while FreeRADIUS tries to search for SASL-enabled LDAP API, it >> doesn't use it at all and always uses LDAP simple bind. This is >> something we need to fix --- I'm unable right now to find out the reason >> why previously supported SASL GSSAPI authentication is removed from >> FreeRADIUS. >> > >-- >Manage your subscription for the Freeipa-users mailing list: >https://www.redhat.com/mailman/listinfo/freeipa-users >Go to http://freeipa.org for more info on the project -- / Alexander Bokovoy From pspacek at redhat.com Mon Jan 18 11:42:02 2016 From: pspacek at redhat.com (Petr Spacek) Date: Mon, 18 Jan 2016 12:42:02 +0100 Subject: [Freeipa-users] GID, groups and ipa group-show In-Reply-To: <56990863.3040705@redhat.com> References: <55DADD5D.60809@redhat.com> <56980EA3.9050001@redhat.com> <5698A443.90601@redhat.com> <5698AE4E.7080100@redhat.com> <56990863.3040705@redhat.com> Message-ID: <569CCF8A.2090608@redhat.com> On 15.1.2016 15:55, Rob Crittenden wrote: > Petr Spacek wrote: >> On 15.1.2016 08:48, David Kupka wrote: >>> On 14/01/16 22:09, Rob Crittenden wrote: >>>> Prasun Gera wrote: >>>>> This is an old thread, but I can confirm that this is still an issue on >>>>> RHEL 7.2 + 4.2. This creates problems when there are roles associated >>>>> with groups, but group membership through GID is broken. I had migrated >>>>> all old NIS accounts into ipa. I then added the host enrollment role to >>>>> a particular group. Now, unless I add the users to the group explicitly, >>>>> they won't get the role, even if their gid is the same as the gid of the >>>>> group. >>>> >>>> The user GIDNumber just sets the default group for POSIX. If you do >>>> groups on the user I'll bet it shows correctly. >>>> >>>> For the purposes of IPA access control, as you've seen, the user must >>>> have a memberOf for a given group, either directly or indirectly. >>>> >>>> rob >>>> >>> >>> Exactly, but the question is, shouldn't IPA add this membership automatically? >>> (Of course, only in case IPA has group with this GID.) >> >> IMHO we should. Currently, the user effectively has different group membership >> on POSIX systems and non-POSIX systems which read only member attribute. I >> think that this is surprising and inconsistent. > > Seems like next step is to open the RFE. > > I wouldn't characterize it as POSIX vs non-POSIX as that could confuse > things. It is just that if the user doesn't have a UPG then they > probably don't have a memberOf for their GID group. https://fedorahosted.org/freeipa/ticket/5613 -- Petr^2 Spacek From mkosek at redhat.com Mon Jan 18 11:42:42 2016 From: mkosek at redhat.com (Martin Kosek) Date: Mon, 18 Jan 2016 12:42:42 +0100 Subject: [Freeipa-users] CA-less vs CA-ful FreeIPA 4.2 installation In-Reply-To: <569CC6EA.2010304@pakos.pl> References: <56991B9F.5060907@pakos.pl> <569C9CEC.7030109@redhat.com> <569CC6EA.2010304@pakos.pl> Message-ID: <569CCFB2.5010307@redhat.com> On 01/18/2016 12:05 PM, Peter Pakos wrote: > On 18/01/2016 08:06, Martin Kosek wrote: >> I am hoping that this is well explained here: >> >> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/install-examples.html#install-ca-options >> >> >> Some useful notes are also Dmitri Pal's blog post: >> http://rhelblog.redhat.com/2015/06/02/identity-management-and-certificates/ > > Thanks for the docs. > > I'm trying to get my head around this... if I have a working CA-ful FreeIPA > setup and then install 3rd party SSL certificates for HTTP/LDAP only (including > 3 root CA certs from the chain) - does this replace original self-signed CA > that FreeIPA generated (and becomes External CA install) or does CA stay > untouched and I can still take advantage of all the goodies that come with > CA-ful install like automatic certificates renewals (apart from HTTP/LDAP ones)? > > Or does this became a multi CA install? > > BTW, I can see that the root certificates are getting added to /etc/ipa/ca.crt. You should be still able to benefit from all the goodies the CA-ful FreeIPA has. As you noticed above, all root CA certs should be added to ca.crt (see help for ipa-certupdate tool), it is used to update certs on server/client and add the new CA certificates. >>> I'm also thinking ahead, when it comes to renewing certificates when they >>> expire in 1 year time, which install type would cause less problems? >> >> In CA-ful installation, client certificates or FreeIPA CA subsystem >> certificates should just renew automatically. In CA-less, you need to take care >> to renew them manually with your 3rd party certificate provider. > > So in my CA-ful install with 3rd party SSL certificate installed, how would the > renewal look? All certificates issued by FreeIPA CA should be renewed automatically by certmonger (if configured). External certificates should needs to be renewed manually. Honza, does certmonger already warns about non-IPA certificates that are getting close to expiration date or is this rather an RFE for future? > I understand that I would have to install new HTTP/LDAP certificates manually > as they were signed by external CA, but would all certificates issued by > FreeIPA CA still renew automatically? They should, yes. >>> I've failed to find any useful info covering the above points, so if you know >>> anything, please just let me know. >> >> I think the important point is that even if you choose to install with CA-less >> for now, you can switch to CA-ful later via ipa-ca-install: >> >> http://www.freeipa.org/page/V4/CA-less_to_CA-full_conversion > > Thank you, your help is much appreciated! > From wibrown at redhat.com Mon Jan 18 12:01:49 2016 From: wibrown at redhat.com (William Brown) Date: Mon, 18 Jan 2016 22:01:49 +1000 Subject: [Freeipa-users] FreeRadius and FreeIPA In-Reply-To: <569CCAF9.9050309@deus.pro> References: <56684014.9060001@chem.byu.edu> <20151214101204.GP4620@redhat.com> <569CCAF9.9050309@deus.pro> Message-ID: <1453118509.2685.19.camel@redhat.com> On Mon, 2016-01-18 at 16:22 +0500, Arthur Fayzullin wrote: > Thank for such good explanation! that has pointed my search. > ?I have succeed in integration freeradius with freeipa by help of > William Brown and his blog. Thanks to Him :-) > Links to related articles in his blog: > first part: https://firstyear.id.au/entry/22 > second part: https://firstyear.id.au/entry/45 > Sorry, my certs are based on my IPA domain. Try these links if you dont want to temporarily accept. http://firstyear.id.au/entry/22 http://firstyear.id.au/entry/45 > > everything works fine. now it would be fine to define different admin > level for different users on different network devices. > But anyway everything works!!! Thanks to all! With the setup that I have here you cannot do this. mschapv2 doesn't let you insert vlan tags to the NAS, so as a result you can't do this. The way that cisco access points and other vendors get around this, is that they generally have a wireless controller that does part of the hankshake seperately to the NAS itself. So as a result, they CAN do vlan assignment based on tags in the access-accept packet, but it's a hack. If you want to do vlan assignment without access to cisco specific hardware, you'll need to use something that isn't eap. However, most devices require customer profiles in this scenarios (Windows, ios, osx etc). TTLS for example, cannot be configured on windows out of box, and ios / osx require enterprise deployment profiles iirc. You could always setup multiple SSID's, have them each auth to a different radius service (default, inner-tunnel ... make a new set) Then you can have * wifi -> inner-tunnel * wifi-admin -> inner-tunnel-admin You can define different authentication rules then, because you can specify different requirements for group memberships at this point. Hope this helps, -- Sincerely, William Brown Software Engineer Red Hat, Brisbane -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: This is a digitally signed message part URL: From wibrown at redhat.com Mon Jan 18 12:04:18 2016 From: wibrown at redhat.com (William Brown) Date: Mon, 18 Jan 2016 22:04:18 +1000 Subject: [Freeipa-users] FreeRadius and FreeIPA In-Reply-To: <1453118509.2685.19.camel@redhat.com> References: <56684014.9060001@chem.byu.edu> <20151214101204.GP4620@redhat.com> <569CCAF9.9050309@deus.pro> <1453118509.2685.19.camel@redhat.com> Message-ID: <1453118658.2685.21.camel@redhat.com> On Mon, 2016-01-18 at 22:01 +1000, William Brown wrote: > So as a result, they CAN do > vlan assignment based on tags in the access-accept packet, but it's a > hack. Sorry, I should say "They don't use the tags in the access-accept" they use an out-of-band mechanism to transmit the vlan id rather than the radius access-accept.? -- Sincerely, William Brown Software Engineer Red Hat, Brisbane -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: This is a digitally signed message part URL: From wibrown at redhat.com Mon Jan 18 12:05:54 2016 From: wibrown at redhat.com (William Brown) Date: Mon, 18 Jan 2016 22:05:54 +1000 Subject: [Freeipa-users] Issue with fresh install of FreeRADIUS In-Reply-To: References: Message-ID: <1453118754.2685.22.camel@redhat.com> On Wed, 2016-01-06 at 10:06 -0500, Anthony Cheng wrote: > Hi all, > > Just did a fresh install of FreeRADIUS following this guide on a > Centos 7 box - http://www.freeipa.org/page/Using_FreeIPA_and_FreeRadi > us_as_a_RADIUS_based_software_token_OTP_system_with_CentOS/RedHat_7 > > Local testing with radtest works, however radiusd have issues.??I do > find it odd that these line indicated success: > > Process: 1270 ExecStartPre=/bin/chown -R radiusd.radiusd > /var/run/radiusd (code=exited, status=0/SUCCESS) > Does your radius server depend on your ipa instance?? If so there is a bug open at the moment that freeradius should start AFTER ipa.service / dirsrv.target. At the moment radiusd starts before them, and will fail to start as it cannot connect to the directory server.? -- Sincerely, William Brown Software Engineer Red Hat, Brisbane -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: This is a digitally signed message part URL: From pspacek at redhat.com Mon Jan 18 12:20:15 2016 From: pspacek at redhat.com (Petr Spacek) Date: Mon, 18 Jan 2016 13:20:15 +0100 Subject: [Freeipa-users] FreeIPA 4.3.0 Replica Installation fails with the hostname is not the primary hostname In-Reply-To: References: Message-ID: <569CD87F.7070108@redhat.com> On 18.1.2016 04:23, Nathan Peters wrote: > 2016-01-18T03:00:07Z DEBUG Check if dc2-ipa-dev-van.mydomain.net is a primary hostname for localhost > 2016-01-18T03:00:07Z DEBUG Primary hostname for localhost: dc2-ipa-dev-van.mydomain.net > 2016-01-18T03:00:07Z DEBUG Search DNS for dc2-ipa-dev-van.mydomain.net > 2016-01-18T03:00:07Z DEBUG Check if dc2-ipa-dev-van.mydomain.net is not a CNAME > 2016-01-18T03:00:07Z DEBUG Check reverse address of 10.21.0.98 > 2016-01-18T03:00:07Z DEBUG Found reverse name: dc2-ipa-dev-van.mydomain.net > 2016-01-18T03:00:07Z DEBUG Check if dc1-ipa-dev-nvan.mydomain.net is a primary hostname for localhost > ------> This line here is strange ----> 2016-01-18T03:00:07Z DEBUG Primary hostname for localhost: dc1-ipa-dev-nvan.mydomain.net.mydomain.net > 2016-01-18T03:00:07Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in execute > return_value = self.run() > File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 318, in run > cfgr.run() > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 308, in run > self.validate() > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 317, in validate > for nothing in self._validator(): > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 372, in __runner > self._handle_exception(exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception > six.reraise(*exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 362, in __runner > step() > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 359, in > step = lambda: next(self.__gen) > File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from > six.reraise(*exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from > value = gen.send(prev_value) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 549, in _configure > next(validator) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 372, in __runner > self._handle_exception(exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 449, in _handle_exception > self.__parent._handle_exception(exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception > six.reraise(*exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 446, in _handle_exception > super(ComponentBase, self)._handle_exception(exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception > six.reraise(*exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 362, in __runner > step() > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 359, in > step = lambda: next(self.__gen) > File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from > six.reraise(*exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from > value = gen.send(prev_value) > File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 63, in _install > for nothing in self._installer(self.parent): > File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 1551, in main > promote_check(self) > File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 372, in decorated > func(installer) > File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 394, in decorated > func(installer) > File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 980, in promote_check > installutils.verify_fqdn(config.master_host_name, options.no_host_dns) > File "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line 168, in verify_fqdn > "Please check /etc/hosts or DNS name resolution" % (host_name, ex_name[0])) > > 2016-01-18T03:00:07Z DEBUG The ipa-replica-install command failed, exception: HostLookupError: The host name dc1-ipa-dev-nvan.mydomain.net does not match the primary host name dc1-ipa-dev-nvan.mydomain.net.mydomain.net. Please check /etc/hosts or DNS name resolution > 2016-01-18T03:00:07Z ERROR The host name dc1-ipa-dev-nvan.mydomain.net does not match the primary host name dc1-ipa-dev-nvan.mydomain.net.mydomain.net. Please check /etc/hosts or DNS name resolution > 2016-01-18T03:00:07Z ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information > > So 3 questions : > 1)Why does it first check if my hostname is ok, and then check if my hostname matches this other host, and why is it referring to the other remote host as localhost ? > 2)Where in the world is it getting the idea that the primary hostname for my host is actually the primary hostname for the other host in a strange format with the domain name on the end twice ? > 3)are there any workarounds for this? It seems rather buggy. I have triple checked hostnames on both hosts referenced in that log entry > > Here is the output that proves that my hostname is fine and not ending with a double domain > > [root at dc2-ipa-dev-van ~]# cat /etc/hosts > 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 > ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 > 10.21.0.98 dc2-ipa-dev-van.mydomain.net > [root at dc2-ipa-dev-van ~]# cat /etc/hostname > dc2-ipa-dev-van.mydomain.net > [root at dc2-ipa-dev-van ~]# hostname > dc2-ipa-dev-van.mydomain.net > > and on the other host : > > [root at dc1-ipa-dev-nvan ~]# hostname > dc1-ipa-dev-nvan.mydomain.net > [root at dc1-ipa-dev-nvan ~]# cat /etc/hostname > dc1-ipa-dev-nvan.mydomain.net > [root at dc1-ipa-dev-nvan ~]# cat /etc/hosts > 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 > ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 > 10.178.0.99 dc1-ipa-dev-nvan.mydomain.net > [root at dc1-ipa-dev-nvan ~]# Interesting ... Please send us information mentioned on page http://www.freeipa.org/page/Troubleshooting#Reporting_bugs + content of /etc/resolv.conf on the affected machine + /var/log/ipareplica-install.log Thank you. -- Petr^2 Spacek From akaczka86 at gmail.com Mon Jan 18 15:01:12 2016 From: akaczka86 at gmail.com (Adam Kaczka) Date: Mon, 18 Jan 2016 15:01:12 +0000 Subject: [Freeipa-users] Browser login to IPA "Authentication Required" prompt In-Reply-To: <569CA032.8050805@redhat.com> References: <569CA032.8050805@redhat.com> Message-ID: This happens with FreeIPA version 4.2.0 and also version 3.0.0 with latest Chrome (47.0.2526.111 m) and IE 11 (11.63.10586.0). The issue does not occur with FF (43.0.4). I tried the demo page and same thing happened. Also when using IE the login prompt is the Windows Security domain login prompt. On Mon, Jan 18, 2016 at 3:20 AM Martin Kosek wrote: > On 01/15/2016 09:20 PM, Adam Kaczka wrote: > > Hello, > > > > This has been bugging me for awhile but how do I turn off the > > "Authentication Required" prompt that pops up on the GUI when I login to > > IPA through browser? I can cancel it and lands on the /ipa/ui page but > I'd > > like to not see it by default. > > > > Also I take it that the prompt is related to Kerberos login; is the > prompt > > meant to be used as a 2 factor authentication for browser login? > > CCing Petr to be aware of this question. But first, I would be curious - > what > browser version do you use and what FreeIPA version do you use? Do you see > the > same troubling behavior with FreeIPA demo [1]? > > [1] http://www.freeipa.org/page/Demo > -- Best Regards, - Adam -------------- next part -------------- An HTML attachment was scrubbed... URL: From pvoborni at redhat.com Mon Jan 18 15:34:54 2016 From: pvoborni at redhat.com (Petr Vobornik) Date: Mon, 18 Jan 2016 16:34:54 +0100 Subject: [Freeipa-users] Browser login to IPA "Authentication Required" prompt In-Reply-To: References: <569CA032.8050805@redhat.com> Message-ID: <569D061E.7010504@redhat.com> On 01/18/2016 04:01 PM, Adam Kaczka wrote: > This happens with FreeIPA version 4.2.0 and also version 3.0.0 with latest > Chrome (47.0.2526.111 m) and IE 11 (11.63.10586.0). The issue does not > occur with FF (43.0.4). I tried the demo page and same thing happened. > > Also when using IE the login prompt is the Windows Security domain login > prompt. Hello Adam, First I thought that it might be caused by a custom apache auth modules or by installed gssntlmssp. I tried Chrome 47.0.2526.106 on Fedora with FreeIPA demo[1] and it doesn't show the dialog for me. Have you done any special browser configuration related to authentication? Does it happen on both Linux and Windows or just on Windows? > > On Mon, Jan 18, 2016 at 3:20 AM Martin Kosek wrote: > >> On 01/15/2016 09:20 PM, Adam Kaczka wrote: >>> Hello, >>> >>> This has been bugging me for awhile but how do I turn off the >>> "Authentication Required" prompt that pops up on the GUI when I login to >>> IPA through browser? I can cancel it and lands on the /ipa/ui page but >> I'd >>> like to not see it by default. >>> >>> Also I take it that the prompt is related to Kerberos login; is the >> prompt >>> meant to be used as a 2 factor authentication for browser login? >> >> CCing Petr to be aware of this question. But first, I would be curious - >> what >> browser version do you use and what FreeIPA version do you use? Do you see >> the >> same troubling behavior with FreeIPA demo [1]? >> >> [1] http://www.freeipa.org/page/Demo >> -- Petr Vobornik From pvoborni at redhat.com Mon Jan 18 15:52:35 2016 From: pvoborni at redhat.com (Petr Vobornik) Date: Mon, 18 Jan 2016 16:52:35 +0100 Subject: [Freeipa-users] Browser login to IPA "Authentication Required" prompt In-Reply-To: <569D061E.7010504@redhat.com> References: <569CA032.8050805@redhat.com> <569D061E.7010504@redhat.com> Message-ID: <569D0A43.6000704@redhat.com> On 01/18/2016 04:34 PM, Petr Vobornik wrote: > On 01/18/2016 04:01 PM, Adam Kaczka wrote: >> This happens with FreeIPA version 4.2.0 and also version 3.0.0 with >> latest >> Chrome (47.0.2526.111 m) and IE 11 (11.63.10586.0). The issue does not >> occur with FF (43.0.4). I tried the demo page and same thing happened. >> >> Also when using IE the login prompt is the Windows Security domain login >> prompt. > > Hello Adam, > > First I thought that it might be caused by a custom apache auth modules > or by installed gssntlmssp. > > I tried Chrome 47.0.2526.106 on Fedora with FreeIPA demo[1] and it > doesn't show the dialog for me. > > Have you done any special browser configuration related to authentication? > > Does it happen on both Linux and Windows or just on Windows? Rob just reported, https://fedorahosted.org/freeipa/ticket/5614 > >> >> On Mon, Jan 18, 2016 at 3:20 AM Martin Kosek wrote: >> >>> On 01/15/2016 09:20 PM, Adam Kaczka wrote: >>>> Hello, >>>> >>>> This has been bugging me for awhile but how do I turn off the >>>> "Authentication Required" prompt that pops up on the GUI when I >>>> login to >>>> IPA through browser? I can cancel it and lands on the /ipa/ui page but >>> I'd >>>> like to not see it by default. >>>> >>>> Also I take it that the prompt is related to Kerberos login; is the >>> prompt >>>> meant to be used as a 2 factor authentication for browser login? >>> >>> CCing Petr to be aware of this question. But first, I would be curious - >>> what >>> browser version do you use and what FreeIPA version do you use? Do >>> you see >>> the >>> same troubling behavior with FreeIPA demo [1]? >>> >>> [1] http://www.freeipa.org/page/Demo >>> > > -- Petr Vobornik From Nathan.Peters at globalrelay.net Mon Jan 18 16:52:02 2016 From: Nathan.Peters at globalrelay.net (Nathan Peters) Date: Mon, 18 Jan 2016 16:52:02 +0000 Subject: [Freeipa-users] FreeIPA 4.3.0 Replica Installation fails with the hostname is not the primary hostname In-Reply-To: <569CD87F.7070108@redhat.com> References: <569CD87F.7070108@redhat.com> Message-ID: Actually I was able to solve this one, but the error logging could certainly be improved to indicate what is actually happening Here is the actual issue along with the sequence of events: 1. DNS check for local host to be joined checks forward, cname, and PTR records against result of `hostname` command, those all came back ok 2. A second check is performed and I believe it is being performed on an existing FreeIPA server (in this case it was my CA master), but the logs say " DEBUG Check if dc1-ipa-dev-nvan.mydomain.net is a primary hostname for localhost" even though this check is actually being performed remotely on the Master. It almost seems like the log entry from the master is forwarded to use and that's why it says 'localhost' or something... 3. It performs the same forward, CNAME, and PTR checks as it did against the localhost, but doesn't log those checks. It fails on the PTR check because there actually was a second invalid PTR entry for dc1-ipa-dev-nvan.mydomain.net.mydomain.net. You can see from the logs that it actually warned us it was about to do a PTR check on the localhost " DEBUG Check reverse address of 10.21.0.98". But when it performs the remote check on the master, it just does the check without informing us what is about to happen, and because it claims that host is 'localhost' if the 2 hostnames are similar, you may not even realize its not performing the check locally Since the underlying technical issue that caused this was an actual invalid PTR record, the removal of the PTR record solved the issue; however, it would be nice if the logs let us know that 2nd PTR check was actually remote, not local, and if it logged that it was about to perform a PTR check so we could accurately know what the cause of the failure was. -----Original Message----- From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Petr Spacek Sent: January-18-16 4:23 AM To: freeipa-users at redhat.com Subject: Re: [Freeipa-users] FreeIPA 4.3.0 Replica Installation fails with the hostname is not the primary hostname On 18.1.2016 04:23, Nathan Peters wrote: > 2016-01-18T03:00:07Z DEBUG Check if dc2-ipa-dev-van.mydomain.net is a > primary hostname for localhost 2016-01-18T03:00:07Z DEBUG Primary > hostname for localhost: dc2-ipa-dev-van.mydomain.net > 2016-01-18T03:00:07Z DEBUG Search DNS for dc2-ipa-dev-van.mydomain.net > 2016-01-18T03:00:07Z DEBUG Check if dc2-ipa-dev-van.mydomain.net is > not a CNAME 2016-01-18T03:00:07Z DEBUG Check reverse address of > 10.21.0.98 2016-01-18T03:00:07Z DEBUG Found reverse name: > dc2-ipa-dev-van.mydomain.net 2016-01-18T03:00:07Z DEBUG Check if > dc1-ipa-dev-nvan.mydomain.net is a primary hostname for localhost > ------> This line here is strange ----> 2016-01-18T03:00:07Z DEBUG > ------> Primary hostname for localhost: > ------> dc1-ipa-dev-nvan.mydomain.net.mydomain.net > 2016-01-18T03:00:07Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in execute > return_value = self.run() > File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 318, in run > cfgr.run() > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 308, in run > self.validate() > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 317, in validate > for nothing in self._validator(): > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 372, in __runner > self._handle_exception(exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception > six.reraise(*exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 362, in __runner > step() > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 359, in > step = lambda: next(self.__gen) > File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from > six.reraise(*exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from > value = gen.send(prev_value) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 549, in _configure > next(validator) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 372, in __runner > self._handle_exception(exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 449, in _handle_exception > self.__parent._handle_exception(exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception > six.reraise(*exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 446, in _handle_exception > super(ComponentBase, self)._handle_exception(exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception > six.reraise(*exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 362, in __runner > step() > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 359, in > step = lambda: next(self.__gen) > File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from > six.reraise(*exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from > value = gen.send(prev_value) > File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 63, in _install > for nothing in self._installer(self.parent): > File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 1551, in main > promote_check(self) > File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 372, in decorated > func(installer) > File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 394, in decorated > func(installer) > File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 980, in promote_check > installutils.verify_fqdn(config.master_host_name, options.no_host_dns) > File "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line 168, in verify_fqdn > "Please check /etc/hosts or DNS name resolution" % (host_name, > ex_name[0])) > > 2016-01-18T03:00:07Z DEBUG The ipa-replica-install command failed, > exception: HostLookupError: The host name > dc1-ipa-dev-nvan.mydomain.net does not match the primary host name > dc1-ipa-dev-nvan.mydomain.net.mydomain.net. Please check /etc/hosts or > DNS name resolution 2016-01-18T03:00:07Z ERROR The host name > dc1-ipa-dev-nvan.mydomain.net does not match the primary host name > dc1-ipa-dev-nvan.mydomain.net.mydomain.net. Please check /etc/hosts or > DNS name resolution 2016-01-18T03:00:07Z ERROR The ipa-replica-install > command failed. See /var/log/ipareplica-install.log for more > information > > So 3 questions : > 1)Why does it first check if my hostname is ok, and then check if my hostname matches this other host, and why is it referring to the other remote host as localhost ? > 2)Where in the world is it getting the idea that the primary hostname for my host is actually the primary hostname for the other host in a strange format with the domain name on the end twice ? > 3)are there any workarounds for this? It seems rather buggy. I have > triple checked hostnames on both hosts referenced in that log entry > > Here is the output that proves that my hostname is fine and not ending > with a double domain > > [root at dc2-ipa-dev-van ~]# cat /etc/hosts > 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 > ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 > 10.21.0.98 dc2-ipa-dev-van.mydomain.net > [root at dc2-ipa-dev-van ~]# cat /etc/hostname > dc2-ipa-dev-van.mydomain.net [root at dc2-ipa-dev-van ~]# hostname > dc2-ipa-dev-van.mydomain.net > > and on the other host : > > [root at dc1-ipa-dev-nvan ~]# hostname > dc1-ipa-dev-nvan.mydomain.net > [root at dc1-ipa-dev-nvan ~]# cat /etc/hostname > dc1-ipa-dev-nvan.mydomain.net [root at dc1-ipa-dev-nvan ~]# cat > /etc/hosts > 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 > ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 > 10.178.0.99 dc1-ipa-dev-nvan.mydomain.net [root at dc1-ipa-dev-nvan ~]# Interesting ... Please send us information mentioned on page http://www.freeipa.org/page/Troubleshooting#Reporting_bugs + content of /etc/resolv.conf on the affected machine + /var/log/ipareplica-install.log Thank you. -- Petr^2 Spacek -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project From lslebodn at redhat.com Mon Jan 18 17:02:43 2016 From: lslebodn at redhat.com (Lukas Slebodnik) Date: Mon, 18 Jan 2016 18:02:43 +0100 Subject: [Freeipa-users] Cross Domain Trust In-Reply-To: <20160112101128.GD14430@mail.corp.redhat.com> References: <20151215123822.GB24928@p.redhat.com> <20160111183721.GA19957@mail.corp.redhat.com> <01E75E6E-4BF3-4996-9A26-6B182C460196@euroimmun.de> <20160112101128.GD14430@mail.corp.redhat.com> Message-ID: <20160118170243.GA32654@mail.corp.redhat.com> On (12/01/16 11:11), Lukas Slebodnik wrote: >On (12/01/16 08:25), Zoske, Fabian wrote: >>We recently upgraded our IPA-Server from CentOS 7.1 to CentOS 7.2. So far no differences. >> >Then please provide sssd logfiles (1.13.3) from client >and also log files from sssd on freeipa server (sssd on freeipa >server is used indirectly by extop plugin in 389-ds) > >Please provide log files from the same time when you reproduced an issue. > Thank you very much for log files. Authentication on client failed Due to following error: (Thu Jan 14 12:58:36 2016) [[sssd[krb5_child[992]]]] [sss_child_krb5_trace_cb] (0x4000): [992] 1452772716.736098: Sending request (173 bytes) to EUROIMMUN.TEST (master) (Thu Jan 14 12:58:37 2016) [[sssd[krb5_child[992]]]] [get_and_save_tgt] (0x0020): 1232: [-1765328230][Cannot find KDC for realm "EUROIMMUN.TEST"] (Thu Jan 14 12:58:37 2016) [[sssd[krb5_child[992]]]] [map_krb5_error] (0x0020): 1301: [-1765328230][Cannot find KDC for realm "EUROIMMUN.TEST"] (Thu Jan 14 12:58:37 2016) [[sssd[krb5_child[992]]]] [k5c_send_data] (0x0200): Received error code 1432158209 (Thu Jan 14 12:58:37 2016) [[sssd[krb5_child[992]]]] [pack_response_packet] (0x2000): response packet size: [4] (Thu Jan 14 12:58:37 2016) [[sssd[krb5_child[992]]]] [k5c_send_data] (0x4000): Response sent. (Thu Jan 14 12:58:37 2016) [[sssd[krb5_child[992]]]] [main] (0x0400): krb5_child completed successfully Do you have defineded the realm "EUROIMMUN.TEST" in your krb5.conf? It is possible that sssd wrote snippet to the directory /var/lib/sss/pubconf/krb5.include.d/ but this directory is not included in krb5.conf. $ grep includedir /etc/krb5.conf includedir /var/lib/sss/pubconf/krb5.include.d/ BTW you can test the same operation as sssd did from command line. KRB5_TRACE=/dev/stderr kinit f.zoske at EUROIMMUN.TEST or is this principal name an enterprise name? LS From jhrozek at redhat.com Mon Jan 18 17:45:36 2016 From: jhrozek at redhat.com (Jakub Hrozek) Date: Mon, 18 Jan 2016 18:45:36 +0100 Subject: [Freeipa-users] Cross Domain Trust In-Reply-To: <20160118170243.GA32654@mail.corp.redhat.com> References: <20151215123822.GB24928@p.redhat.com> <20160111183721.GA19957@mail.corp.redhat.com> <01E75E6E-4BF3-4996-9A26-6B182C460196@euroimmun.de> <20160112101128.GD14430@mail.corp.redhat.com> <20160118170243.GA32654@mail.corp.redhat.com> Message-ID: <20160118174536.GG4681@hendrix.arn.redhat.com> On Mon, Jan 18, 2016 at 06:02:43PM +0100, Lukas Slebodnik wrote: > On (12/01/16 11:11), Lukas Slebodnik wrote: > >On (12/01/16 08:25), Zoske, Fabian wrote: > >>We recently upgraded our IPA-Server from CentOS 7.1 to CentOS 7.2. So far no differences. > >> > >Then please provide sssd logfiles (1.13.3) from client > >and also log files from sssd on freeipa server (sssd on freeipa > >server is used indirectly by extop plugin in 389-ds) > > > >Please provide log files from the same time when you reproduced an issue. > > > Thank you very much for log files. > > Authentication on client failed Due to following error: > (Thu Jan 14 12:58:36 2016) [[sssd[krb5_child[992]]]] [sss_child_krb5_trace_cb] (0x4000): [992] 1452772716.736098: Sending request (173 bytes) to EUROIMMUN.TEST (master) > > (Thu Jan 14 12:58:37 2016) [[sssd[krb5_child[992]]]] [get_and_save_tgt] (0x0020): 1232: [-1765328230][Cannot find KDC for realm "EUROIMMUN.TEST"] > (Thu Jan 14 12:58:37 2016) [[sssd[krb5_child[992]]]] [map_krb5_error] (0x0020): 1301: [-1765328230][Cannot find KDC for realm "EUROIMMUN.TEST"] > (Thu Jan 14 12:58:37 2016) [[sssd[krb5_child[992]]]] [k5c_send_data] (0x0200): Received error code 1432158209 > (Thu Jan 14 12:58:37 2016) [[sssd[krb5_child[992]]]] [pack_response_packet] (0x2000): response packet size: [4] > (Thu Jan 14 12:58:37 2016) [[sssd[krb5_child[992]]]] [k5c_send_data] (0x4000): Response sent. > (Thu Jan 14 12:58:37 2016) [[sssd[krb5_child[992]]]] [main] (0x0400): krb5_child completed successfully > > > Do you have defineded the realm "EUROIMMUN.TEST" in your krb5.conf? > > It is possible that sssd wrote snippet to the directory > /var/lib/sss/pubconf/krb5.include.d/ > but this directory is not included in krb5.conf. > > $ grep includedir /etc/krb5.conf > includedir /var/lib/sss/pubconf/krb5.include.d/ > > BTW you can test the same operation as sssd did from command line. > > KRB5_TRACE=/dev/stderr kinit f.zoske at EUROIMMUN.TEST > > or is this principal name an enterprise name? IIRC this came up in a private conversation, too. In short, enterprise principals are not supported in a IPA-AD trust scenario, but one can work around that by using: subdomain_inherit = ldap_user_principal ldap_user_principal = nosuchattr and thus tricking sssd into 'deriving' the UPN from the domain name. From Nathan.Peters at globalrelay.net Mon Jan 18 17:48:57 2016 From: Nathan.Peters at globalrelay.net (Nathan Peters) Date: Mon, 18 Jan 2016 17:48:57 +0000 Subject: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists In-Reply-To: <569CCB5D.8040400@redhat.com> References: <569CB899.9040603@redhat.com> <569CCB5D.8040400@redhat.com> Message-ID: I assume you mean look at the DS log on the machine being installed? There is no "err=68" anywhere in the access file : [root at dc2-ipa-dev-van slapd-DEV-GLOBALRELAY-NET]# grep "err=68" access [root at dc2-ipa-dev-van slapd-DEV-GLOBALRELAY-NET]# Here is the last few lines of the latest attempt to join so we can see time for context : [27/43]: restarting directory server [28/43]: setting up initial replication [error] DuplicateEntry: This entry already exists Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. ipa.ipapython.install.cli.install_tool(Replica): ERROR This entry already exists ipa.ipapython.install.cli.install_tool(Replica): ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information [root at dc2-ipa-dev-van dirsrv]# tail /var/log/ipareplica-install.log File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1442, in add_entry self.conn.add_s(str(entry.dn), list(attrs.items())) File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__ self.gen.throw(type, value, traceback) File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 947, in error_handler raise errors.DuplicateEntry() 2016-01-18T17:28:33Z DEBUG The ipa-replica-install command failed, exception: DuplicateEntry: This entry already exists 2016-01-18T17:28:33Z ERROR This entry already exists 2016-01-18T17:28:33Z ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information And here is the access log (for some reason access is in PST and the install log is in UTC, but the equivalent time was 9:28:33 The last add result before the installation crash appears to be this one (which appears to happen successfully): [18/Jan/2016:09:28:32 -0800] conn=2 op=10 ADD dn="cn=Peer Master,cn=mapping,cn=sasl,cn=config" [18/Jan/2016:09:28:32 -0800] conn=2 op=10 RESULT err=0 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:32 -0800] conn=2 op=11 UNBIND As you can see from the logs below, the server keeps running ,and I have included another entry almost a minute after the crash, so it is obviously still logging, but just doesn't seem to log the failure. Also included is the ldapsearch of that branch on the master : [root at dc1-ipa-dev-nvan slapd-MYDOMAIN-NET]# ldapsearch -D "cn=directory manager" -W -b "cn=mapping,cn=sasl,cn=config" Enter LDAP Password: # extended LDIF # # LDAPv3 # base with scope subtree # filter: (objectclass=*) # requesting: ALL # # mapping, sasl, config dn: cn=mapping,cn=sasl,cn=config cn: mapping objectClass: top objectClass: nsContainer # Full Principal, mapping, sasl, config dn: cn=Full Principal,cn=mapping,cn=sasl,cn=config cn: Full Principal nsSaslMapBaseDNTemplate: dc=mydomain,dc=net nsSaslMapFilterTemplate: (krbPrincipalName=\1@\2) nsSaslMapPriority: 10 nsSaslMapRegexString: \(.*\)@\(.*\) objectClass: top objectClass: nsSaslMapping # Name Only, mapping, sasl, config dn: cn=Name Only,cn=mapping,cn=sasl,cn=config cn: Name Only nsSaslMapBaseDNTemplate: dc=mydomain,dc=net nsSaslMapFilterTemplate: (krbPrincipalName=&@MYDOMAIN.NET) nsSaslMapPriority: 10 nsSaslMapRegexString: ^[^:@]+$ objectClass: top objectClass: nsSaslMapping # search result search: 2 result: 0 Success # numResponses: 4 # numEntries: 3 --- access logs from the server I attempted to join --- [18/Jan/2016:09:28:17 -0800] conn=1 fd=64 slot=64 connection from 10.21.5.241 to 10.21.0.98 [18/Jan/2016:09:28:17 -0800] conn=1 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [18/Jan/2016:09:28:17 -0800] conn=1 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:18 -0800] conn=1 op=1 UNBIND [18/Jan/2016:09:28:18 -0800] conn=1 op=1 fd=64 closed - U1 [18/Jan/2016:09:28:19 -0800] conn=1 fd=64 slot=64 connection from ::1 to ::1 [18/Jan/2016:09:28:19 -0800] conn=1 op=-1 fd=64 closed - B1 [18/Jan/2016:09:28:19 -0800] conn=2 fd=64 slot=64 connection from 10.21.0.98 to 10.21.0.98 [18/Jan/2016:09:28:19 -0800] conn=2 op=0 BIND dn="cn=directory manager" method=128 version=3 [18/Jan/2016:09:28:19 -0800] conn=2 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" [18/Jan/2016:09:28:19 -0800] conn=3 fd=65 slot=65 connection from 10.21.0.98 to 10.21.0.98 [18/Jan/2016:09:28:19 -0800] conn=3 op=0 BIND dn="cn=Directory Manager" method=128 version=3 [18/Jan/2016:09:28:19 -0800] conn=3 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" [18/Jan/2016:09:28:19 -0800] conn=3 op=1 MOD dn="cn=MemberOf Plugin,cn=plugins,cn=config" [18/Jan/2016:09:28:19 -0800] conn=3 op=1 RESULT err=0 tag=103 nentries=0 etime=0 [18/Jan/2016:09:28:19 -0800] conn=3 op=2 UNBIND [18/Jan/2016:09:28:19 -0800] conn=3 op=2 fd=65 closed - U1 [18/Jan/2016:09:28:19 -0800] conn=4 fd=65 slot=65 connection from 10.21.0.98 to 10.21.0.98 [18/Jan/2016:09:28:19 -0800] conn=4 op=0 BIND dn="cn=Directory Manager" method=128 version=3 [18/Jan/2016:09:28:19 -0800] conn=4 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" [18/Jan/2016:09:28:19 -0800] conn=4 op=1 ADD dn="cn=ipa-winsync,cn=plugins,cn=config" [18/Jan/2016:09:28:19 -0800] conn=4 op=1 RESULT err=0 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:19 -0800] conn=4 op=2 UNBIND [18/Jan/2016:09:28:19 -0800] conn=4 op=2 fd=65 closed - U1 [18/Jan/2016:09:28:19 -0800] conn=5 fd=65 slot=65 connection from 10.21.0.98 to 10.21.0.98 [18/Jan/2016:09:28:19 -0800] conn=5 op=0 BIND dn="cn=Directory Manager" method=128 version=3 [18/Jan/2016:09:28:19 -0800] conn=5 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" [18/Jan/2016:09:28:19 -0800] conn=5 op=1 ADD dn="cn=IPA Version Replication,cn=plugins,cn=config" [18/Jan/2016:09:28:19 -0800] conn=5 op=1 RESULT err=0 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:19 -0800] conn=5 op=2 UNBIND [18/Jan/2016:09:28:19 -0800] conn=5 op=2 fd=65 closed - U1 [18/Jan/2016:09:28:19 -0800] conn=6 fd=65 slot=65 connection from 10.21.0.98 to 10.21.0.98 [18/Jan/2016:09:28:19 -0800] conn=6 op=0 BIND dn="cn=Directory Manager" method=128 version=3 [18/Jan/2016:09:28:19 -0800] conn=6 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" [18/Jan/2016:09:28:19 -0800] conn=6 op=1 ADD dn="cn=ipa_enrollment_extop,cn=plugins,cn=config" [18/Jan/2016:09:28:19 -0800] conn=6 op=1 RESULT err=0 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:20 -0800] conn=6 op=2 UNBIND [18/Jan/2016:09:28:20 -0800] conn=6 op=2 fd=65 closed - U1 [18/Jan/2016:09:28:20 -0800] conn=7 fd=65 slot=65 connection from 10.21.0.98 to 10.21.0.98 [18/Jan/2016:09:28:20 -0800] conn=7 op=0 BIND dn="cn=Directory Manager" method=128 version=3 [18/Jan/2016:09:28:20 -0800] conn=7 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" [18/Jan/2016:09:28:20 -0800] conn=7 op=1 MOD dn="cn=config" [18/Jan/2016:09:28:20 -0800] conn=7 op=1 RESULT err=0 tag=103 nentries=0 etime=0 [18/Jan/2016:09:28:20 -0800] conn=7 op=2 UNBIND [18/Jan/2016:09:28:20 -0800] conn=7 op=2 fd=65 closed - U1 [18/Jan/2016:09:28:20 -0800] conn=8 fd=66 slot=66 connection from 10.21.0.98 to 10.21.0.98 [18/Jan/2016:09:28:20 -0800] conn=8 op=0 BIND dn="cn=Directory Manager" method=128 version=3 [18/Jan/2016:09:28:20 -0800] conn=8 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" [18/Jan/2016:09:28:20 -0800] conn=8 op=1 ADD dn="cn=krbPrincipalName uniqueness,cn=plugins,cn=config" [18/Jan/2016:09:28:20 -0800] conn=8 op=1 RESULT err=0 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:20 -0800] conn=8 op=2 ADD dn="cn=krbCanonicalName uniqueness,cn=plugins,cn=config" [18/Jan/2016:09:28:20 -0800] conn=8 op=2 RESULT err=0 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:20 -0800] conn=8 op=3 ADD dn="cn=netgroup uniqueness,cn=plugins,cn=config" [18/Jan/2016:09:28:20 -0800] conn=8 op=3 RESULT err=0 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:20 -0800] conn=8 op=4 ADD dn="cn=ipaUniqueID uniqueness,cn=plugins,cn=config" [18/Jan/2016:09:28:20 -0800] conn=8 op=4 RESULT err=0 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:20 -0800] conn=8 op=5 ADD dn="cn=sudorule name uniqueness,cn=plugins,cn=config" [18/Jan/2016:09:28:20 -0800] conn=8 op=6 UNBIND [18/Jan/2016:09:28:20 -0800] conn=8 op=6 fd=66 closed - U1 [18/Jan/2016:09:28:20 -0800] conn=8 op=5 RESULT err=0 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:20 -0800] conn=9 fd=65 slot=65 connection from 10.21.0.98 to 10.21.0.98 [18/Jan/2016:09:28:20 -0800] conn=9 op=0 BIND dn="cn=Directory Manager" method=128 version=3 [18/Jan/2016:09:28:20 -0800] conn=9 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" [18/Jan/2016:09:28:20 -0800] conn=9 op=1 ADD dn="cn=IPA UUID,cn=plugins,cn=config" [18/Jan/2016:09:28:20 -0800] conn=9 op=1 RESULT err=0 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:20 -0800] conn=9 op=2 UNBIND [18/Jan/2016:09:28:20 -0800] conn=9 op=2 fd=65 closed - U1 [18/Jan/2016:09:28:20 -0800] conn=10 fd=66 slot=66 connection from 10.21.0.98 to 10.21.0.98 [18/Jan/2016:09:28:20 -0800] conn=10 op=0 BIND dn="cn=Directory Manager" method=128 version=3 [18/Jan/2016:09:28:20 -0800] conn=10 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" [18/Jan/2016:09:28:20 -0800] conn=10 op=1 ADD dn="cn=IPA Unique IDs,cn=IPA UUID,cn=plugins,cn=config" [18/Jan/2016:09:28:20 -0800] conn=10 op=1 RESULT err=0 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:20 -0800] conn=10 op=2 ADD dn="cn=IPK11 Unique IDs,cn=IPA UUID,cn=plugins,cn=config" [18/Jan/2016:09:28:20 -0800] conn=10 op=3 UNBIND [18/Jan/2016:09:28:20 -0800] conn=10 op=3 fd=66 closed - U1 [18/Jan/2016:09:28:20 -0800] conn=10 op=2 RESULT err=0 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:20 -0800] conn=11 fd=65 slot=65 connection from 10.21.0.98 to 10.21.0.98 [18/Jan/2016:09:28:20 -0800] conn=11 op=0 BIND dn="cn=Directory Manager" method=128 version=3 [18/Jan/2016:09:28:20 -0800] conn=11 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" [18/Jan/2016:09:28:20 -0800] conn=11 op=1 ADD dn="cn=IPA MODRDN,cn=plugins,cn=config" [18/Jan/2016:09:28:20 -0800] conn=11 op=2 UNBIND [18/Jan/2016:09:28:20 -0800] conn=11 op=2 fd=65 closed - U1 [18/Jan/2016:09:28:20 -0800] conn=11 op=1 RESULT err=0 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:20 -0800] conn=12 fd=66 slot=66 connection from 10.21.0.98 to 10.21.0.98 [18/Jan/2016:09:28:20 -0800] conn=12 op=0 BIND dn="cn=Directory Manager" method=128 version=3 [18/Jan/2016:09:28:20 -0800] conn=12 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" [18/Jan/2016:09:28:20 -0800] conn=12 op=1 ADD dn="cn=Kerberos Principal Name,cn=IPA MODRDN,cn=plugins,cn=config" [18/Jan/2016:09:28:20 -0800] conn=12 op=1 RESULT err=0 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:20 -0800] conn=12 op=2 UNBIND [18/Jan/2016:09:28:20 -0800] conn=12 op=2 fd=66 closed - U1 [18/Jan/2016:09:28:20 -0800] conn=13 fd=65 slot=65 connection from 10.21.0.98 to 10.21.0.98 [18/Jan/2016:09:28:20 -0800] conn=13 op=0 BIND dn="cn=Directory Manager" method=128 version=3 [18/Jan/2016:09:28:20 -0800] conn=13 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" [18/Jan/2016:09:28:20 -0800] conn=13 op=1 ADD dn="cn=IPA DNS,cn=plugins,cn=config" [18/Jan/2016:09:28:20 -0800] conn=13 op=1 RESULT err=0 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:20 -0800] conn=13 op=2 UNBIND [18/Jan/2016:09:28:20 -0800] conn=13 op=2 fd=65 closed - U1 [18/Jan/2016:09:28:20 -0800] conn=14 fd=66 slot=66 connection from 10.21.0.98 to 10.21.0.98 [18/Jan/2016:09:28:20 -0800] conn=14 op=0 BIND dn="cn=Directory Manager" method=128 version=3 [18/Jan/2016:09:28:20 -0800] conn=14 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" [18/Jan/2016:09:28:20 -0800] conn=14 op=1 MOD dn="cn=config" [18/Jan/2016:09:28:20 -0800] conn=14 op=1 RESULT err=0 tag=103 nentries=0 etime=0 [18/Jan/2016:09:28:20 -0800] conn=14 op=2 MOD dn="cn=config" [18/Jan/2016:09:28:20 -0800] conn=14 op=2 RESULT err=0 tag=103 nentries=0 etime=0 [18/Jan/2016:09:28:20 -0800] conn=14 op=3 MOD dn="cn=USN,cn=plugins,cn=config" [18/Jan/2016:09:28:20 -0800] conn=14 op=4 UNBIND [18/Jan/2016:09:28:20 -0800] conn=14 op=4 fd=66 closed - U1 [18/Jan/2016:09:28:20 -0800] conn=14 op=3 RESULT err=0 tag=103 nentries=0 etime=0 [18/Jan/2016:09:28:20 -0800] conn=15 fd=65 slot=65 connection from 10.21.0.98 to 10.21.0.98 [18/Jan/2016:09:28:20 -0800] conn=15 op=0 BIND dn="cn=Directory Manager" method=128 version=3 [18/Jan/2016:09:28:20 -0800] conn=15 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" [18/Jan/2016:09:28:20 -0800] conn=15 op=1 ADD dn="cn=IPA Lockout,cn=plugins,cn=config" [18/Jan/2016:09:28:20 -0800] conn=15 op=1 RESULT err=0 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:20 -0800] conn=15 op=2 UNBIND [18/Jan/2016:09:28:20 -0800] conn=15 op=2 fd=65 closed - U1 [18/Jan/2016:09:28:20 -0800] conn=16 fd=65 slot=65 connection from 10.21.0.98 to 10.21.0.98 [18/Jan/2016:09:28:20 -0800] conn=16 op=0 BIND dn="cn=Directory Manager" method=128 version=3 [18/Jan/2016:09:28:20 -0800] conn=16 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" [18/Jan/2016:09:28:20 -0800] conn=16 op=1 ADD dn="cn=IPA Topology Configuration,cn=plugins,cn=config" [18/Jan/2016:09:28:20 -0800] conn=16 op=1 RESULT err=0 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:20 -0800] conn=16 op=2 UNBIND [18/Jan/2016:09:28:20 -0800] conn=16 op=2 fd=65 closed - U1 [18/Jan/2016:09:28:20 -0800] conn=17 fd=65 slot=65 connection from 10.21.0.98 to 10.21.0.98 [18/Jan/2016:09:28:20 -0800] conn=17 op=0 BIND dn="cn=Directory Manager" method=128 version=3 [18/Jan/2016:09:28:20 -0800] conn=17 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" [18/Jan/2016:09:28:20 -0800] conn=17 op=1 ADD dn="cn=krbPrincipalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" [18/Jan/2016:09:28:20 -0800] conn=17 op=1 RESULT err=0 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:20 -0800] conn=17 op=2 ADD dn="cn=ou,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" [18/Jan/2016:09:28:20 -0800] conn=17 op=2 RESULT err=0 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:20 -0800] conn=17 op=3 ADD dn="cn=carLicense,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" [18/Jan/2016:09:28:20 -0800] conn=17 op=3 RESULT err=0 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:20 -0800] conn=17 op=4 ADD dn="cn=title,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" [18/Jan/2016:09:28:20 -0800] conn=17 op=4 RESULT err=0 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:20 -0800] conn=17 op=5 ADD dn="cn=manager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" [18/Jan/2016:09:28:20 -0800] conn=17 op=5 RESULT err=0 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:20 -0800] conn=17 op=6 ADD dn="cn=secretary,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" [18/Jan/2016:09:28:20 -0800] conn=17 op=6 RESULT err=0 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:20 -0800] conn=17 op=7 ADD dn="cn=displayname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" [18/Jan/2016:09:28:20 -0800] conn=17 op=7 RESULT err=0 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:20 -0800] conn=17 op=8 MOD dn="cn=uid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" [18/Jan/2016:09:28:20 -0800] conn=17 op=8 RESULT err=0 tag=103 nentries=0 etime=0 [18/Jan/2016:09:28:20 -0800] conn=17 op=9 ADD dn="cn=uidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" [18/Jan/2016:09:28:20 -0800] conn=17 op=9 RESULT err=0 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:20 -0800] conn=17 op=10 ADD dn="cn=gidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" [18/Jan/2016:09:28:20 -0800] conn=17 op=10 RESULT err=0 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:20 -0800] conn=17 op=11 MOD dn="cn=ntUniqueId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" [18/Jan/2016:09:28:20 -0800] conn=17 op=11 RESULT err=0 tag=103 nentries=0 etime=0 [18/Jan/2016:09:28:20 -0800] conn=17 op=12 MOD dn="cn=ntUserDomainId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" [18/Jan/2016:09:28:20 -0800] conn=17 op=12 RESULT err=0 tag=103 nentries=0 etime=0 [18/Jan/2016:09:28:20 -0800] conn=17 op=13 ADD dn="cn=fqdn,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" [18/Jan/2016:09:28:20 -0800] conn=17 op=13 RESULT err=0 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:20 -0800] conn=17 op=14 ADD dn="cn=macAddress,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" [18/Jan/2016:09:28:20 -0800] conn=17 op=14 RESULT err=0 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:20 -0800] conn=17 op=15 ADD dn="cn=memberHost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" [18/Jan/2016:09:28:20 -0800] conn=17 op=15 RESULT err=0 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:20 -0800] conn=17 op=16 ADD dn="cn=memberUser,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" [18/Jan/2016:09:28:20 -0800] conn=17 op=16 RESULT err=0 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:20 -0800] conn=17 op=17 ADD dn="cn=sourcehost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" [18/Jan/2016:09:28:20 -0800] conn=17 op=17 RESULT err=0 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:20 -0800] conn=17 op=18 ADD dn="cn=memberservice,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" [18/Jan/2016:09:28:20 -0800] conn=17 op=18 RESULT err=0 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:20 -0800] conn=17 op=19 ADD dn="cn=managedby,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" [18/Jan/2016:09:28:20 -0800] conn=17 op=19 RESULT err=0 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:20 -0800] conn=17 op=20 ADD dn="cn=memberallowcmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" [18/Jan/2016:09:28:20 -0800] conn=17 op=20 RESULT err=0 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:20 -0800] conn=17 op=21 ADD dn="cn=memberdenycmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" [18/Jan/2016:09:28:20 -0800] conn=17 op=21 RESULT err=0 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:20 -0800] conn=17 op=22 ADD dn="cn=ipasudorunas,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" [18/Jan/2016:09:28:20 -0800] conn=17 op=22 RESULT err=0 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:20 -0800] conn=17 op=23 ADD dn="cn=ipasudorunasgroup,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" [18/Jan/2016:09:28:20 -0800] conn=17 op=23 RESULT err=0 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:20 -0800] conn=17 op=24 ADD dn="cn=automountkey,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" [18/Jan/2016:09:28:20 -0800] conn=17 op=24 RESULT err=0 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:20 -0800] conn=17 op=25 ADD dn="cn=ipakrbprincipalalias,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" [18/Jan/2016:09:28:20 -0800] conn=17 op=25 RESULT err=0 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:20 -0800] conn=17 op=26 ADD dn="cn=ipauniqueid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" [18/Jan/2016:09:28:20 -0800] conn=17 op=26 RESULT err=0 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:20 -0800] conn=17 op=27 ADD dn="cn=ipaMemberCa,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" [18/Jan/2016:09:28:20 -0800] conn=17 op=27 RESULT err=0 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:20 -0800] conn=17 op=28 ADD dn="cn=ipaMemberCertProfile,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" [18/Jan/2016:09:28:20 -0800] conn=17 op=28 RESULT err=0 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:20 -0800] conn=17 op=29 ADD dn="cn=userCertificate,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" [18/Jan/2016:09:28:20 -0800] conn=17 op=29 RESULT err=0 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:20 -0800] conn=17 op=30 UNBIND [18/Jan/2016:09:28:20 -0800] conn=17 op=30 fd=65 closed - U1 [18/Jan/2016:09:28:20 -0800] conn=18 fd=65 slot=65 connection from 10.21.0.98 to 10.21.0.98 [18/Jan/2016:09:28:20 -0800] conn=18 op=0 BIND dn="cn=Directory Manager" method=128 version=3 [18/Jan/2016:09:28:20 -0800] conn=18 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" [18/Jan/2016:09:28:20 -0800] conn=18 op=1 MOD dn="cn=referential integrity postoperation,cn=plugins,cn=config" [18/Jan/2016:09:28:20 -0800] conn=18 op=1 RESULT err=0 tag=103 nentries=0 etime=0 [18/Jan/2016:09:28:20 -0800] conn=18 op=2 UNBIND [18/Jan/2016:09:28:20 -0800] conn=18 op=2 fd=65 closed - U1 [18/Jan/2016:09:28:20 -0800] conn=19 fd=65 slot=65 connection from 10.21.0.98 to 10.21.0.98 [18/Jan/2016:09:28:20 -0800] conn=19 op=0 BIND dn="cn=Directory Manager" method=128 version=3 [18/Jan/2016:09:28:20 -0800] conn=19 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" [18/Jan/2016:09:28:20 -0800] conn=19 op=1 ADD dn="cn=root-autobind,cn=config" [18/Jan/2016:09:28:20 -0800] conn=19 op=1 RESULT err=0 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:20 -0800] conn=19 op=2 MOD dn="cn=config" [18/Jan/2016:09:28:20 -0800] conn=19 op=2 RESULT err=0 tag=103 nentries=0 etime=0 [18/Jan/2016:09:28:20 -0800] conn=19 op=3 MOD dn="cn=config" [18/Jan/2016:09:28:20 -0800] conn=19 op=3 RESULT err=0 tag=103 nentries=0 etime=0 [18/Jan/2016:09:28:20 -0800] conn=19 op=4 UNBIND [18/Jan/2016:09:28:20 -0800] conn=19 op=4 fd=65 closed - U1 [18/Jan/2016:09:28:20 -0800] conn=20 fd=66 slot=66 connection from 10.21.0.98 to 10.21.0.98 [18/Jan/2016:09:28:20 -0800] conn=20 op=0 BIND dn="cn=Directory Manager" method=128 version=3 [18/Jan/2016:09:28:20 -0800] conn=20 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" [18/Jan/2016:09:28:20 -0800] conn=20 op=1 MOD dn="cn=Managed Entries,cn=plugins,cn=config" [18/Jan/2016:09:28:20 -0800] conn=20 op=2 UNBIND [18/Jan/2016:09:28:20 -0800] conn=20 op=2 fd=66 closed - U1 [18/Jan/2016:09:28:20 -0800] conn=20 op=1 RESULT err=0 tag=103 nentries=0 etime=0 [18/Jan/2016:09:28:20 -0800] conn=21 fd=65 slot=65 connection from 10.21.0.98 to 10.21.0.98 [18/Jan/2016:09:28:20 -0800] conn=21 op=0 BIND dn="cn=Directory Manager" method=128 version=3 [18/Jan/2016:09:28:20 -0800] conn=21 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" [18/Jan/2016:09:28:20 -0800] conn=21 op=1 MOD dn="cn=config" [18/Jan/2016:09:28:20 -0800] conn=21 op=2 UNBIND [18/Jan/2016:09:28:20 -0800] conn=21 op=2 fd=65 closed - U1 [18/Jan/2016:09:28:20 -0800] conn=21 op=1 RESULT err=0 tag=103 nentries=0 etime=0 [18/Jan/2016:09:28:20 -0800] conn=2 op=1 UNBIND [18/Jan/2016:09:28:20 -0800] conn=2 op=1 fd=64 closed - U1 [18/Jan/2016:09:28:21 -0800] conn=1 fd=64 slot=64 connection from ::1 to ::1 [18/Jan/2016:09:28:21 -0800] conn=1 op=-1 fd=64 closed - B1 [18/Jan/2016:09:28:27 -0800] conn=2 fd=64 slot=64 connection from local to /var/run/slapd-MYDOMAIN-NET.socket [18/Jan/2016:09:28:27 -0800] conn=2 AUTOBIND dn="cn=Directory Manager" [18/Jan/2016:09:28:27 -0800] conn=2 op=0 BIND dn="cn=Directory Manager" method=sasl version=3 mech=EXTERNAL [18/Jan/2016:09:28:27 -0800] conn=2 op=1 MOD dn="cn=encryption,cn=config" [18/Jan/2016:09:28:27 -0800] conn=2 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=Directory Manager" [18/Jan/2016:09:28:27 -0800] conn=2 op=1 RESULT err=0 tag=103 nentries=0 etime=0 [18/Jan/2016:09:28:27 -0800] conn=2 op=2 MOD dn="cn=config" [18/Jan/2016:09:28:27 -0800] conn=2 op=2 RESULT err=0 tag=103 nentries=0 etime=0 [18/Jan/2016:09:28:27 -0800] conn=2 op=3 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" [18/Jan/2016:09:28:27 -0800] conn=2 op=3 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:27 -0800] conn=2 op=4 ADD dn="cn=RSA,cn=encryption,cn=config" [18/Jan/2016:09:28:27 -0800] conn=2 op=4 RESULT err=0 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:27 -0800] conn=2 op=5 UNBIND [18/Jan/2016:09:28:27 -0800] conn=2 op=5 fd=64 closed - U1 [18/Jan/2016:09:28:29 -0800] conn=1 fd=64 slot=64 connection from ::1 to ::1 [18/Jan/2016:09:28:29 -0800] conn=1 op=-1 fd=64 closed - B1 [18/Jan/2016:09:28:29 -0800] conn=2 fd=64 slot=64 connection from local to /var/run/slapd-MYDOMAIN-NET.socket [18/Jan/2016:09:28:29 -0800] conn=2 op=0 BIND dn="cn=directory manager" method=128 version=3 [18/Jan/2016:09:28:29 -0800] conn=2 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" [18/Jan/2016:09:28:29 -0800] conn=2 op=1 SRCH base="cn=IPA Version Replication,cn=plugins,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:29 -0800] conn=2 op=1 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:29 -0800] conn=2 op=2 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" [18/Jan/2016:09:28:29 -0800] conn=2 op=2 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:30 -0800] conn=2 op=3 MOD dn="cn=IPA Version Replication,cn=plugins,cn=config" [18/Jan/2016:09:28:30 -0800] conn=2 op=3 RESULT err=0 tag=103 nentries=0 etime=0 [18/Jan/2016:09:28:30 -0800] conn=2 op=4 UNBIND [18/Jan/2016:09:28:30 -0800] conn=2 op=4 fd=64 closed - U1 [18/Jan/2016:09:28:31 -0800] conn=1 fd=64 slot=64 connection from ::1 to ::1 [18/Jan/2016:09:28:31 -0800] conn=2 fd=65 slot=65 connection from local to /var/run/slapd-MYDOMAIN-NET.socket [18/Jan/2016:09:28:31 -0800] conn=1 op=-1 fd=64 closed - B1 [18/Jan/2016:09:28:31 -0800] conn=2 AUTOBIND dn="cn=Directory Manager" [18/Jan/2016:09:28:31 -0800] conn=2 op=0 BIND dn="cn=Directory Manager" method=sasl version=3 mech=EXTERNAL [18/Jan/2016:09:28:31 -0800] conn=2 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=Directory Manager" [18/Jan/2016:09:28:31 -0800] conn=2 op=1 SRCH base="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:31 -0800] conn=2 op=1 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:32 -0800] conn=2 op=2 SRCH base="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:32 -0800] conn=2 op=2 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:32 -0800] conn=2 op=3 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" [18/Jan/2016:09:28:32 -0800] conn=2 op=3 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:32 -0800] conn=2 op=4 ADD dn="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" [18/Jan/2016:09:28:32 -0800] conn=2 op=4 RESULT err=0 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:32 -0800] conn=2 op=5 SRCH base="cn=config,cn=ldbm database,cn=plugins,cn=config" scope=0 filter="(objectClass=*)" attrs="nsslapd-directory" [18/Jan/2016:09:28:32 -0800] conn=2 op=5 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:32 -0800] conn=2 op=6 ADD dn="cn=changelog5,cn=config" [18/Jan/2016:09:28:32 -0800] conn=2 op=6 RESULT err=0 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:32 -0800] conn=2 op=7 ADD dn="cn=ldap/dc2-ipa-dev-nvan.mydomain.net at mydomain.NET,cn=config" [18/Jan/2016:09:28:32 -0800] conn=2 op=7 RESULT err=0 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:32 -0800] conn=2 op=8 SRCH base="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:32 -0800] conn=2 op=8 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:32 -0800] conn=2 op=9 MOD dn="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" [18/Jan/2016:09:28:32 -0800] conn=2 op=9 RESULT err=0 tag=103 nentries=0 etime=0 [18/Jan/2016:09:28:32 -0800] conn=2 op=10 ADD dn="cn=Peer Master,cn=mapping,cn=sasl,cn=config" [18/Jan/2016:09:28:32 -0800] conn=2 op=10 RESULT err=0 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:32 -0800] conn=2 op=11 UNBIND [18/Jan/2016:09:28:32 -0800] conn=2 op=11 fd=65 closed - U1 [18/Jan/2016:09:28:33 -0800] conn=3 fd=64 slot=64 connection from 10.178.6.56 to 10.21.0.98 [18/Jan/2016:09:28:33 -0800] conn=3 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [18/Jan/2016:09:28:33 -0800] conn=3 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:33 -0800] conn=3 op=1 UNBIND [18/Jan/2016:09:28:33 -0800] conn=3 op=1 fd=64 closed - U1 ==== INSTALLATION CRASHED HERE BUT CLEARLY THE DS SERVICE ITSELF IS STILL RUNNING BECAUSE MORE LOGS HAPPEN BELOW [18/Jan/2016:09:29:11 -0800] conn=4 fd=64 slot=64 connection from 10.21.5.132 to 10.21.0.98 -----Original Message----- From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Petr Vobornik Sent: January-18-16 3:57 AM To: freeipa-users at redhat.com Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists > look at the DS access log, you should see an ADD operation with RESULT > err=68 tag=105 According to code it's most likely cn=replica,cn=$DOMAIN_SUFFIX,cn=mapping tree,cn=config I don't know why it happens because installer should add it only if the entry does not exist. Would be worth to check the DS access log if base search(which should happen before the add) for the dn fails or succeeds. From rcritten at redhat.com Mon Jan 18 17:58:28 2016 From: rcritten at redhat.com (Rob Crittenden) Date: Mon, 18 Jan 2016 12:58:28 -0500 Subject: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists In-Reply-To: References: <569CB899.9040603@redhat.com> <569CCB5D.8040400@redhat.com> Message-ID: <569D27C4.10602@redhat.com> Nathan Peters wrote: > I assume you mean look at the DS log on the machine being installed?\ I think he meant on the master that generated the prepare file. There may be some left-over, unexpected entry. rob > > There is no "err=68" anywhere in the access file : > > [root at dc2-ipa-dev-van slapd-DEV-GLOBALRELAY-NET]# grep "err=68" access > [root at dc2-ipa-dev-van slapd-DEV-GLOBALRELAY-NET]# > > > Here is the last few lines of the latest attempt to join so we can see time for context : > > [27/43]: restarting directory server > [28/43]: setting up initial replication > [error] DuplicateEntry: This entry already exists > Your system may be partly configured. > Run /usr/sbin/ipa-server-install --uninstall to clean up. > > ipa.ipapython.install.cli.install_tool(Replica): ERROR This entry already exists > ipa.ipapython.install.cli.install_tool(Replica): ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information > [root at dc2-ipa-dev-van dirsrv]# tail /var/log/ipareplica-install.log > File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1442, in add_entry > self.conn.add_s(str(entry.dn), list(attrs.items())) > File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__ > self.gen.throw(type, value, traceback) > File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 947, in error_handler > raise errors.DuplicateEntry() > > 2016-01-18T17:28:33Z DEBUG The ipa-replica-install command failed, exception: DuplicateEntry: This entry already exists > 2016-01-18T17:28:33Z ERROR This entry already exists > 2016-01-18T17:28:33Z ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information > > And here is the access log (for some reason access is in PST and the install log is in UTC, but the equivalent time was 9:28:33 > > The last add result before the installation crash appears to be this one (which appears to happen successfully): > > [18/Jan/2016:09:28:32 -0800] conn=2 op=10 ADD dn="cn=Peer Master,cn=mapping,cn=sasl,cn=config" > [18/Jan/2016:09:28:32 -0800] conn=2 op=10 RESULT err=0 tag=105 nentries=0 etime=0 > [18/Jan/2016:09:28:32 -0800] conn=2 op=11 UNBIND > > As you can see from the logs below, the server keeps running ,and I have included another entry almost a minute after the crash, so it is obviously still logging, but just doesn't seem to log the failure. > > Also included is the ldapsearch of that branch on the master : > > [root at dc1-ipa-dev-nvan slapd-MYDOMAIN-NET]# ldapsearch -D "cn=directory manager" -W -b "cn=mapping,cn=sasl,cn=config" > Enter LDAP Password: > # extended LDIF > # > # LDAPv3 > # base with scope subtree > # filter: (objectclass=*) > # requesting: ALL > # > > # mapping, sasl, config > dn: cn=mapping,cn=sasl,cn=config > cn: mapping > objectClass: top > objectClass: nsContainer > > # Full Principal, mapping, sasl, config > dn: cn=Full Principal,cn=mapping,cn=sasl,cn=config > cn: Full Principal > nsSaslMapBaseDNTemplate: dc=mydomain,dc=net > nsSaslMapFilterTemplate: (krbPrincipalName=\1@\2) > nsSaslMapPriority: 10 > nsSaslMapRegexString: \(.*\)@\(.*\) > objectClass: top > objectClass: nsSaslMapping > > # Name Only, mapping, sasl, config > dn: cn=Name Only,cn=mapping,cn=sasl,cn=config > cn: Name Only > nsSaslMapBaseDNTemplate: dc=mydomain,dc=net > nsSaslMapFilterTemplate: (krbPrincipalName=&@MYDOMAIN.NET) > nsSaslMapPriority: 10 > nsSaslMapRegexString: ^[^:@]+$ > objectClass: top > objectClass: nsSaslMapping > > # search result > search: 2 > result: 0 Success > > # numResponses: 4 > # numEntries: 3 > > > --- access logs from the server I attempted to join --- > > [18/Jan/2016:09:28:17 -0800] conn=1 fd=64 slot=64 connection from 10.21.5.241 to 10.21.0.98 > [18/Jan/2016:09:28:17 -0800] conn=1 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" > [18/Jan/2016:09:28:17 -0800] conn=1 op=0 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:18 -0800] conn=1 op=1 UNBIND > [18/Jan/2016:09:28:18 -0800] conn=1 op=1 fd=64 closed - U1 > [18/Jan/2016:09:28:19 -0800] conn=1 fd=64 slot=64 connection from ::1 to ::1 > [18/Jan/2016:09:28:19 -0800] conn=1 op=-1 fd=64 closed - B1 > [18/Jan/2016:09:28:19 -0800] conn=2 fd=64 slot=64 connection from 10.21.0.98 to 10.21.0.98 > [18/Jan/2016:09:28:19 -0800] conn=2 op=0 BIND dn="cn=directory manager" method=128 version=3 > [18/Jan/2016:09:28:19 -0800] conn=2 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" > [18/Jan/2016:09:28:19 -0800] conn=3 fd=65 slot=65 connection from 10.21.0.98 to 10.21.0.98 > [18/Jan/2016:09:28:19 -0800] conn=3 op=0 BIND dn="cn=Directory Manager" method=128 version=3 > [18/Jan/2016:09:28:19 -0800] conn=3 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" > [18/Jan/2016:09:28:19 -0800] conn=3 op=1 MOD dn="cn=MemberOf Plugin,cn=plugins,cn=config" > [18/Jan/2016:09:28:19 -0800] conn=3 op=1 RESULT err=0 tag=103 nentries=0 etime=0 > [18/Jan/2016:09:28:19 -0800] conn=3 op=2 UNBIND > [18/Jan/2016:09:28:19 -0800] conn=3 op=2 fd=65 closed - U1 > [18/Jan/2016:09:28:19 -0800] conn=4 fd=65 slot=65 connection from 10.21.0.98 to 10.21.0.98 > [18/Jan/2016:09:28:19 -0800] conn=4 op=0 BIND dn="cn=Directory Manager" method=128 version=3 > [18/Jan/2016:09:28:19 -0800] conn=4 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" > [18/Jan/2016:09:28:19 -0800] conn=4 op=1 ADD dn="cn=ipa-winsync,cn=plugins,cn=config" > [18/Jan/2016:09:28:19 -0800] conn=4 op=1 RESULT err=0 tag=105 nentries=0 etime=0 > [18/Jan/2016:09:28:19 -0800] conn=4 op=2 UNBIND > [18/Jan/2016:09:28:19 -0800] conn=4 op=2 fd=65 closed - U1 > [18/Jan/2016:09:28:19 -0800] conn=5 fd=65 slot=65 connection from 10.21.0.98 to 10.21.0.98 > [18/Jan/2016:09:28:19 -0800] conn=5 op=0 BIND dn="cn=Directory Manager" method=128 version=3 > [18/Jan/2016:09:28:19 -0800] conn=5 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" > [18/Jan/2016:09:28:19 -0800] conn=5 op=1 ADD dn="cn=IPA Version Replication,cn=plugins,cn=config" > [18/Jan/2016:09:28:19 -0800] conn=5 op=1 RESULT err=0 tag=105 nentries=0 etime=0 > [18/Jan/2016:09:28:19 -0800] conn=5 op=2 UNBIND > [18/Jan/2016:09:28:19 -0800] conn=5 op=2 fd=65 closed - U1 > [18/Jan/2016:09:28:19 -0800] conn=6 fd=65 slot=65 connection from 10.21.0.98 to 10.21.0.98 > [18/Jan/2016:09:28:19 -0800] conn=6 op=0 BIND dn="cn=Directory Manager" method=128 version=3 > [18/Jan/2016:09:28:19 -0800] conn=6 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" > [18/Jan/2016:09:28:19 -0800] conn=6 op=1 ADD dn="cn=ipa_enrollment_extop,cn=plugins,cn=config" > [18/Jan/2016:09:28:19 -0800] conn=6 op=1 RESULT err=0 tag=105 nentries=0 etime=0 > [18/Jan/2016:09:28:20 -0800] conn=6 op=2 UNBIND > [18/Jan/2016:09:28:20 -0800] conn=6 op=2 fd=65 closed - U1 > [18/Jan/2016:09:28:20 -0800] conn=7 fd=65 slot=65 connection from 10.21.0.98 to 10.21.0.98 > [18/Jan/2016:09:28:20 -0800] conn=7 op=0 BIND dn="cn=Directory Manager" method=128 version=3 > [18/Jan/2016:09:28:20 -0800] conn=7 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" > [18/Jan/2016:09:28:20 -0800] conn=7 op=1 MOD dn="cn=config" > [18/Jan/2016:09:28:20 -0800] conn=7 op=1 RESULT err=0 tag=103 nentries=0 etime=0 > [18/Jan/2016:09:28:20 -0800] conn=7 op=2 UNBIND > [18/Jan/2016:09:28:20 -0800] conn=7 op=2 fd=65 closed - U1 > [18/Jan/2016:09:28:20 -0800] conn=8 fd=66 slot=66 connection from 10.21.0.98 to 10.21.0.98 > [18/Jan/2016:09:28:20 -0800] conn=8 op=0 BIND dn="cn=Directory Manager" method=128 version=3 > [18/Jan/2016:09:28:20 -0800] conn=8 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" > [18/Jan/2016:09:28:20 -0800] conn=8 op=1 ADD dn="cn=krbPrincipalName uniqueness,cn=plugins,cn=config" > [18/Jan/2016:09:28:20 -0800] conn=8 op=1 RESULT err=0 tag=105 nentries=0 etime=0 > [18/Jan/2016:09:28:20 -0800] conn=8 op=2 ADD dn="cn=krbCanonicalName uniqueness,cn=plugins,cn=config" > [18/Jan/2016:09:28:20 -0800] conn=8 op=2 RESULT err=0 tag=105 nentries=0 etime=0 > [18/Jan/2016:09:28:20 -0800] conn=8 op=3 ADD dn="cn=netgroup uniqueness,cn=plugins,cn=config" > [18/Jan/2016:09:28:20 -0800] conn=8 op=3 RESULT err=0 tag=105 nentries=0 etime=0 > [18/Jan/2016:09:28:20 -0800] conn=8 op=4 ADD dn="cn=ipaUniqueID uniqueness,cn=plugins,cn=config" > [18/Jan/2016:09:28:20 -0800] conn=8 op=4 RESULT err=0 tag=105 nentries=0 etime=0 > [18/Jan/2016:09:28:20 -0800] conn=8 op=5 ADD dn="cn=sudorule name uniqueness,cn=plugins,cn=config" > [18/Jan/2016:09:28:20 -0800] conn=8 op=6 UNBIND > [18/Jan/2016:09:28:20 -0800] conn=8 op=6 fd=66 closed - U1 > [18/Jan/2016:09:28:20 -0800] conn=8 op=5 RESULT err=0 tag=105 nentries=0 etime=0 > [18/Jan/2016:09:28:20 -0800] conn=9 fd=65 slot=65 connection from 10.21.0.98 to 10.21.0.98 > [18/Jan/2016:09:28:20 -0800] conn=9 op=0 BIND dn="cn=Directory Manager" method=128 version=3 > [18/Jan/2016:09:28:20 -0800] conn=9 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" > [18/Jan/2016:09:28:20 -0800] conn=9 op=1 ADD dn="cn=IPA UUID,cn=plugins,cn=config" > [18/Jan/2016:09:28:20 -0800] conn=9 op=1 RESULT err=0 tag=105 nentries=0 etime=0 > [18/Jan/2016:09:28:20 -0800] conn=9 op=2 UNBIND > [18/Jan/2016:09:28:20 -0800] conn=9 op=2 fd=65 closed - U1 > [18/Jan/2016:09:28:20 -0800] conn=10 fd=66 slot=66 connection from 10.21.0.98 to 10.21.0.98 > [18/Jan/2016:09:28:20 -0800] conn=10 op=0 BIND dn="cn=Directory Manager" method=128 version=3 > [18/Jan/2016:09:28:20 -0800] conn=10 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" > [18/Jan/2016:09:28:20 -0800] conn=10 op=1 ADD dn="cn=IPA Unique IDs,cn=IPA UUID,cn=plugins,cn=config" > [18/Jan/2016:09:28:20 -0800] conn=10 op=1 RESULT err=0 tag=105 nentries=0 etime=0 > [18/Jan/2016:09:28:20 -0800] conn=10 op=2 ADD dn="cn=IPK11 Unique IDs,cn=IPA UUID,cn=plugins,cn=config" > [18/Jan/2016:09:28:20 -0800] conn=10 op=3 UNBIND > [18/Jan/2016:09:28:20 -0800] conn=10 op=3 fd=66 closed - U1 > [18/Jan/2016:09:28:20 -0800] conn=10 op=2 RESULT err=0 tag=105 nentries=0 etime=0 > [18/Jan/2016:09:28:20 -0800] conn=11 fd=65 slot=65 connection from 10.21.0.98 to 10.21.0.98 > [18/Jan/2016:09:28:20 -0800] conn=11 op=0 BIND dn="cn=Directory Manager" method=128 version=3 > [18/Jan/2016:09:28:20 -0800] conn=11 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" > [18/Jan/2016:09:28:20 -0800] conn=11 op=1 ADD dn="cn=IPA MODRDN,cn=plugins,cn=config" > [18/Jan/2016:09:28:20 -0800] conn=11 op=2 UNBIND > [18/Jan/2016:09:28:20 -0800] conn=11 op=2 fd=65 closed - U1 > [18/Jan/2016:09:28:20 -0800] conn=11 op=1 RESULT err=0 tag=105 nentries=0 etime=0 > [18/Jan/2016:09:28:20 -0800] conn=12 fd=66 slot=66 connection from 10.21.0.98 to 10.21.0.98 > [18/Jan/2016:09:28:20 -0800] conn=12 op=0 BIND dn="cn=Directory Manager" method=128 version=3 > [18/Jan/2016:09:28:20 -0800] conn=12 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" > [18/Jan/2016:09:28:20 -0800] conn=12 op=1 ADD dn="cn=Kerberos Principal Name,cn=IPA MODRDN,cn=plugins,cn=config" > [18/Jan/2016:09:28:20 -0800] conn=12 op=1 RESULT err=0 tag=105 nentries=0 etime=0 > [18/Jan/2016:09:28:20 -0800] conn=12 op=2 UNBIND > [18/Jan/2016:09:28:20 -0800] conn=12 op=2 fd=66 closed - U1 > [18/Jan/2016:09:28:20 -0800] conn=13 fd=65 slot=65 connection from 10.21.0.98 to 10.21.0.98 > [18/Jan/2016:09:28:20 -0800] conn=13 op=0 BIND dn="cn=Directory Manager" method=128 version=3 > [18/Jan/2016:09:28:20 -0800] conn=13 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" > [18/Jan/2016:09:28:20 -0800] conn=13 op=1 ADD dn="cn=IPA DNS,cn=plugins,cn=config" > [18/Jan/2016:09:28:20 -0800] conn=13 op=1 RESULT err=0 tag=105 nentries=0 etime=0 > [18/Jan/2016:09:28:20 -0800] conn=13 op=2 UNBIND > [18/Jan/2016:09:28:20 -0800] conn=13 op=2 fd=65 closed - U1 > [18/Jan/2016:09:28:20 -0800] conn=14 fd=66 slot=66 connection from 10.21.0.98 to 10.21.0.98 > [18/Jan/2016:09:28:20 -0800] conn=14 op=0 BIND dn="cn=Directory Manager" method=128 version=3 > [18/Jan/2016:09:28:20 -0800] conn=14 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" > [18/Jan/2016:09:28:20 -0800] conn=14 op=1 MOD dn="cn=config" > [18/Jan/2016:09:28:20 -0800] conn=14 op=1 RESULT err=0 tag=103 nentries=0 etime=0 > [18/Jan/2016:09:28:20 -0800] conn=14 op=2 MOD dn="cn=config" > [18/Jan/2016:09:28:20 -0800] conn=14 op=2 RESULT err=0 tag=103 nentries=0 etime=0 > [18/Jan/2016:09:28:20 -0800] conn=14 op=3 MOD dn="cn=USN,cn=plugins,cn=config" > [18/Jan/2016:09:28:20 -0800] conn=14 op=4 UNBIND > [18/Jan/2016:09:28:20 -0800] conn=14 op=4 fd=66 closed - U1 > [18/Jan/2016:09:28:20 -0800] conn=14 op=3 RESULT err=0 tag=103 nentries=0 etime=0 > [18/Jan/2016:09:28:20 -0800] conn=15 fd=65 slot=65 connection from 10.21.0.98 to 10.21.0.98 > [18/Jan/2016:09:28:20 -0800] conn=15 op=0 BIND dn="cn=Directory Manager" method=128 version=3 > [18/Jan/2016:09:28:20 -0800] conn=15 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" > [18/Jan/2016:09:28:20 -0800] conn=15 op=1 ADD dn="cn=IPA Lockout,cn=plugins,cn=config" > [18/Jan/2016:09:28:20 -0800] conn=15 op=1 RESULT err=0 tag=105 nentries=0 etime=0 > [18/Jan/2016:09:28:20 -0800] conn=15 op=2 UNBIND > [18/Jan/2016:09:28:20 -0800] conn=15 op=2 fd=65 closed - U1 > [18/Jan/2016:09:28:20 -0800] conn=16 fd=65 slot=65 connection from 10.21.0.98 to 10.21.0.98 > [18/Jan/2016:09:28:20 -0800] conn=16 op=0 BIND dn="cn=Directory Manager" method=128 version=3 > [18/Jan/2016:09:28:20 -0800] conn=16 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" > [18/Jan/2016:09:28:20 -0800] conn=16 op=1 ADD dn="cn=IPA Topology Configuration,cn=plugins,cn=config" > [18/Jan/2016:09:28:20 -0800] conn=16 op=1 RESULT err=0 tag=105 nentries=0 etime=0 > [18/Jan/2016:09:28:20 -0800] conn=16 op=2 UNBIND > [18/Jan/2016:09:28:20 -0800] conn=16 op=2 fd=65 closed - U1 > [18/Jan/2016:09:28:20 -0800] conn=17 fd=65 slot=65 connection from 10.21.0.98 to 10.21.0.98 > [18/Jan/2016:09:28:20 -0800] conn=17 op=0 BIND dn="cn=Directory Manager" method=128 version=3 > [18/Jan/2016:09:28:20 -0800] conn=17 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" > [18/Jan/2016:09:28:20 -0800] conn=17 op=1 ADD dn="cn=krbPrincipalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" > [18/Jan/2016:09:28:20 -0800] conn=17 op=1 RESULT err=0 tag=105 nentries=0 etime=0 > [18/Jan/2016:09:28:20 -0800] conn=17 op=2 ADD dn="cn=ou,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" > [18/Jan/2016:09:28:20 -0800] conn=17 op=2 RESULT err=0 tag=105 nentries=0 etime=0 > [18/Jan/2016:09:28:20 -0800] conn=17 op=3 ADD dn="cn=carLicense,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" > [18/Jan/2016:09:28:20 -0800] conn=17 op=3 RESULT err=0 tag=105 nentries=0 etime=0 > [18/Jan/2016:09:28:20 -0800] conn=17 op=4 ADD dn="cn=title,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" > [18/Jan/2016:09:28:20 -0800] conn=17 op=4 RESULT err=0 tag=105 nentries=0 etime=0 > [18/Jan/2016:09:28:20 -0800] conn=17 op=5 ADD dn="cn=manager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" > [18/Jan/2016:09:28:20 -0800] conn=17 op=5 RESULT err=0 tag=105 nentries=0 etime=0 > [18/Jan/2016:09:28:20 -0800] conn=17 op=6 ADD dn="cn=secretary,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" > [18/Jan/2016:09:28:20 -0800] conn=17 op=6 RESULT err=0 tag=105 nentries=0 etime=0 > [18/Jan/2016:09:28:20 -0800] conn=17 op=7 ADD dn="cn=displayname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" > [18/Jan/2016:09:28:20 -0800] conn=17 op=7 RESULT err=0 tag=105 nentries=0 etime=0 > [18/Jan/2016:09:28:20 -0800] conn=17 op=8 MOD dn="cn=uid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" > [18/Jan/2016:09:28:20 -0800] conn=17 op=8 RESULT err=0 tag=103 nentries=0 etime=0 > [18/Jan/2016:09:28:20 -0800] conn=17 op=9 ADD dn="cn=uidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" > [18/Jan/2016:09:28:20 -0800] conn=17 op=9 RESULT err=0 tag=105 nentries=0 etime=0 > [18/Jan/2016:09:28:20 -0800] conn=17 op=10 ADD dn="cn=gidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" > [18/Jan/2016:09:28:20 -0800] conn=17 op=10 RESULT err=0 tag=105 nentries=0 etime=0 > [18/Jan/2016:09:28:20 -0800] conn=17 op=11 MOD dn="cn=ntUniqueId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" > [18/Jan/2016:09:28:20 -0800] conn=17 op=11 RESULT err=0 tag=103 nentries=0 etime=0 > [18/Jan/2016:09:28:20 -0800] conn=17 op=12 MOD dn="cn=ntUserDomainId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" > [18/Jan/2016:09:28:20 -0800] conn=17 op=12 RESULT err=0 tag=103 nentries=0 etime=0 > [18/Jan/2016:09:28:20 -0800] conn=17 op=13 ADD dn="cn=fqdn,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" > [18/Jan/2016:09:28:20 -0800] conn=17 op=13 RESULT err=0 tag=105 nentries=0 etime=0 > [18/Jan/2016:09:28:20 -0800] conn=17 op=14 ADD dn="cn=macAddress,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" > [18/Jan/2016:09:28:20 -0800] conn=17 op=14 RESULT err=0 tag=105 nentries=0 etime=0 > [18/Jan/2016:09:28:20 -0800] conn=17 op=15 ADD dn="cn=memberHost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" > [18/Jan/2016:09:28:20 -0800] conn=17 op=15 RESULT err=0 tag=105 nentries=0 etime=0 > [18/Jan/2016:09:28:20 -0800] conn=17 op=16 ADD dn="cn=memberUser,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" > [18/Jan/2016:09:28:20 -0800] conn=17 op=16 RESULT err=0 tag=105 nentries=0 etime=0 > [18/Jan/2016:09:28:20 -0800] conn=17 op=17 ADD dn="cn=sourcehost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" > [18/Jan/2016:09:28:20 -0800] conn=17 op=17 RESULT err=0 tag=105 nentries=0 etime=0 > [18/Jan/2016:09:28:20 -0800] conn=17 op=18 ADD dn="cn=memberservice,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" > [18/Jan/2016:09:28:20 -0800] conn=17 op=18 RESULT err=0 tag=105 nentries=0 etime=0 > [18/Jan/2016:09:28:20 -0800] conn=17 op=19 ADD dn="cn=managedby,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" > [18/Jan/2016:09:28:20 -0800] conn=17 op=19 RESULT err=0 tag=105 nentries=0 etime=0 > [18/Jan/2016:09:28:20 -0800] conn=17 op=20 ADD dn="cn=memberallowcmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" > [18/Jan/2016:09:28:20 -0800] conn=17 op=20 RESULT err=0 tag=105 nentries=0 etime=0 > [18/Jan/2016:09:28:20 -0800] conn=17 op=21 ADD dn="cn=memberdenycmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" > [18/Jan/2016:09:28:20 -0800] conn=17 op=21 RESULT err=0 tag=105 nentries=0 etime=0 > [18/Jan/2016:09:28:20 -0800] conn=17 op=22 ADD dn="cn=ipasudorunas,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" > [18/Jan/2016:09:28:20 -0800] conn=17 op=22 RESULT err=0 tag=105 nentries=0 etime=0 > [18/Jan/2016:09:28:20 -0800] conn=17 op=23 ADD dn="cn=ipasudorunasgroup,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" > [18/Jan/2016:09:28:20 -0800] conn=17 op=23 RESULT err=0 tag=105 nentries=0 etime=0 > [18/Jan/2016:09:28:20 -0800] conn=17 op=24 ADD dn="cn=automountkey,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" > [18/Jan/2016:09:28:20 -0800] conn=17 op=24 RESULT err=0 tag=105 nentries=0 etime=0 > [18/Jan/2016:09:28:20 -0800] conn=17 op=25 ADD dn="cn=ipakrbprincipalalias,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" > [18/Jan/2016:09:28:20 -0800] conn=17 op=25 RESULT err=0 tag=105 nentries=0 etime=0 > [18/Jan/2016:09:28:20 -0800] conn=17 op=26 ADD dn="cn=ipauniqueid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" > [18/Jan/2016:09:28:20 -0800] conn=17 op=26 RESULT err=0 tag=105 nentries=0 etime=0 > [18/Jan/2016:09:28:20 -0800] conn=17 op=27 ADD dn="cn=ipaMemberCa,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" > [18/Jan/2016:09:28:20 -0800] conn=17 op=27 RESULT err=0 tag=105 nentries=0 etime=0 > [18/Jan/2016:09:28:20 -0800] conn=17 op=28 ADD dn="cn=ipaMemberCertProfile,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" > [18/Jan/2016:09:28:20 -0800] conn=17 op=28 RESULT err=0 tag=105 nentries=0 etime=0 > [18/Jan/2016:09:28:20 -0800] conn=17 op=29 ADD dn="cn=userCertificate,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" > [18/Jan/2016:09:28:20 -0800] conn=17 op=29 RESULT err=0 tag=105 nentries=0 etime=0 > [18/Jan/2016:09:28:20 -0800] conn=17 op=30 UNBIND > [18/Jan/2016:09:28:20 -0800] conn=17 op=30 fd=65 closed - U1 > [18/Jan/2016:09:28:20 -0800] conn=18 fd=65 slot=65 connection from 10.21.0.98 to 10.21.0.98 > [18/Jan/2016:09:28:20 -0800] conn=18 op=0 BIND dn="cn=Directory Manager" method=128 version=3 > [18/Jan/2016:09:28:20 -0800] conn=18 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" > [18/Jan/2016:09:28:20 -0800] conn=18 op=1 MOD dn="cn=referential integrity postoperation,cn=plugins,cn=config" > [18/Jan/2016:09:28:20 -0800] conn=18 op=1 RESULT err=0 tag=103 nentries=0 etime=0 > [18/Jan/2016:09:28:20 -0800] conn=18 op=2 UNBIND > [18/Jan/2016:09:28:20 -0800] conn=18 op=2 fd=65 closed - U1 > [18/Jan/2016:09:28:20 -0800] conn=19 fd=65 slot=65 connection from 10.21.0.98 to 10.21.0.98 > [18/Jan/2016:09:28:20 -0800] conn=19 op=0 BIND dn="cn=Directory Manager" method=128 version=3 > [18/Jan/2016:09:28:20 -0800] conn=19 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" > [18/Jan/2016:09:28:20 -0800] conn=19 op=1 ADD dn="cn=root-autobind,cn=config" > [18/Jan/2016:09:28:20 -0800] conn=19 op=1 RESULT err=0 tag=105 nentries=0 etime=0 > [18/Jan/2016:09:28:20 -0800] conn=19 op=2 MOD dn="cn=config" > [18/Jan/2016:09:28:20 -0800] conn=19 op=2 RESULT err=0 tag=103 nentries=0 etime=0 > [18/Jan/2016:09:28:20 -0800] conn=19 op=3 MOD dn="cn=config" > [18/Jan/2016:09:28:20 -0800] conn=19 op=3 RESULT err=0 tag=103 nentries=0 etime=0 > [18/Jan/2016:09:28:20 -0800] conn=19 op=4 UNBIND > [18/Jan/2016:09:28:20 -0800] conn=19 op=4 fd=65 closed - U1 > [18/Jan/2016:09:28:20 -0800] conn=20 fd=66 slot=66 connection from 10.21.0.98 to 10.21.0.98 > [18/Jan/2016:09:28:20 -0800] conn=20 op=0 BIND dn="cn=Directory Manager" method=128 version=3 > [18/Jan/2016:09:28:20 -0800] conn=20 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" > [18/Jan/2016:09:28:20 -0800] conn=20 op=1 MOD dn="cn=Managed Entries,cn=plugins,cn=config" > [18/Jan/2016:09:28:20 -0800] conn=20 op=2 UNBIND > [18/Jan/2016:09:28:20 -0800] conn=20 op=2 fd=66 closed - U1 > [18/Jan/2016:09:28:20 -0800] conn=20 op=1 RESULT err=0 tag=103 nentries=0 etime=0 > [18/Jan/2016:09:28:20 -0800] conn=21 fd=65 slot=65 connection from 10.21.0.98 to 10.21.0.98 > [18/Jan/2016:09:28:20 -0800] conn=21 op=0 BIND dn="cn=Directory Manager" method=128 version=3 > [18/Jan/2016:09:28:20 -0800] conn=21 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" > [18/Jan/2016:09:28:20 -0800] conn=21 op=1 MOD dn="cn=config" > [18/Jan/2016:09:28:20 -0800] conn=21 op=2 UNBIND > [18/Jan/2016:09:28:20 -0800] conn=21 op=2 fd=65 closed - U1 > [18/Jan/2016:09:28:20 -0800] conn=21 op=1 RESULT err=0 tag=103 nentries=0 etime=0 > [18/Jan/2016:09:28:20 -0800] conn=2 op=1 UNBIND > [18/Jan/2016:09:28:20 -0800] conn=2 op=1 fd=64 closed - U1 > [18/Jan/2016:09:28:21 -0800] conn=1 fd=64 slot=64 connection from ::1 to ::1 > [18/Jan/2016:09:28:21 -0800] conn=1 op=-1 fd=64 closed - B1 > [18/Jan/2016:09:28:27 -0800] conn=2 fd=64 slot=64 connection from local to /var/run/slapd-MYDOMAIN-NET.socket > [18/Jan/2016:09:28:27 -0800] conn=2 AUTOBIND dn="cn=Directory Manager" > [18/Jan/2016:09:28:27 -0800] conn=2 op=0 BIND dn="cn=Directory Manager" method=sasl version=3 mech=EXTERNAL > [18/Jan/2016:09:28:27 -0800] conn=2 op=1 MOD dn="cn=encryption,cn=config" > [18/Jan/2016:09:28:27 -0800] conn=2 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=Directory Manager" > [18/Jan/2016:09:28:27 -0800] conn=2 op=1 RESULT err=0 tag=103 nentries=0 etime=0 > [18/Jan/2016:09:28:27 -0800] conn=2 op=2 MOD dn="cn=config" > [18/Jan/2016:09:28:27 -0800] conn=2 op=2 RESULT err=0 tag=103 nentries=0 etime=0 > [18/Jan/2016:09:28:27 -0800] conn=2 op=3 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" > [18/Jan/2016:09:28:27 -0800] conn=2 op=3 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:27 -0800] conn=2 op=4 ADD dn="cn=RSA,cn=encryption,cn=config" > [18/Jan/2016:09:28:27 -0800] conn=2 op=4 RESULT err=0 tag=105 nentries=0 etime=0 > [18/Jan/2016:09:28:27 -0800] conn=2 op=5 UNBIND > [18/Jan/2016:09:28:27 -0800] conn=2 op=5 fd=64 closed - U1 > [18/Jan/2016:09:28:29 -0800] conn=1 fd=64 slot=64 connection from ::1 to ::1 > [18/Jan/2016:09:28:29 -0800] conn=1 op=-1 fd=64 closed - B1 > [18/Jan/2016:09:28:29 -0800] conn=2 fd=64 slot=64 connection from local to /var/run/slapd-MYDOMAIN-NET.socket > [18/Jan/2016:09:28:29 -0800] conn=2 op=0 BIND dn="cn=directory manager" method=128 version=3 > [18/Jan/2016:09:28:29 -0800] conn=2 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" > [18/Jan/2016:09:28:29 -0800] conn=2 op=1 SRCH base="cn=IPA Version Replication,cn=plugins,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:29 -0800] conn=2 op=1 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:29 -0800] conn=2 op=2 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" > [18/Jan/2016:09:28:29 -0800] conn=2 op=2 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:30 -0800] conn=2 op=3 MOD dn="cn=IPA Version Replication,cn=plugins,cn=config" > [18/Jan/2016:09:28:30 -0800] conn=2 op=3 RESULT err=0 tag=103 nentries=0 etime=0 > [18/Jan/2016:09:28:30 -0800] conn=2 op=4 UNBIND > [18/Jan/2016:09:28:30 -0800] conn=2 op=4 fd=64 closed - U1 > [18/Jan/2016:09:28:31 -0800] conn=1 fd=64 slot=64 connection from ::1 to ::1 > [18/Jan/2016:09:28:31 -0800] conn=2 fd=65 slot=65 connection from local to /var/run/slapd-MYDOMAIN-NET.socket > [18/Jan/2016:09:28:31 -0800] conn=1 op=-1 fd=64 closed - B1 > [18/Jan/2016:09:28:31 -0800] conn=2 AUTOBIND dn="cn=Directory Manager" > [18/Jan/2016:09:28:31 -0800] conn=2 op=0 BIND dn="cn=Directory Manager" method=sasl version=3 mech=EXTERNAL > [18/Jan/2016:09:28:31 -0800] conn=2 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=Directory Manager" > [18/Jan/2016:09:28:31 -0800] conn=2 op=1 SRCH base="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:31 -0800] conn=2 op=1 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:32 -0800] conn=2 op=2 SRCH base="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:32 -0800] conn=2 op=2 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:32 -0800] conn=2 op=3 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" > [18/Jan/2016:09:28:32 -0800] conn=2 op=3 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:32 -0800] conn=2 op=4 ADD dn="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" > [18/Jan/2016:09:28:32 -0800] conn=2 op=4 RESULT err=0 tag=105 nentries=0 etime=0 > [18/Jan/2016:09:28:32 -0800] conn=2 op=5 SRCH base="cn=config,cn=ldbm database,cn=plugins,cn=config" scope=0 filter="(objectClass=*)" attrs="nsslapd-directory" > [18/Jan/2016:09:28:32 -0800] conn=2 op=5 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:32 -0800] conn=2 op=6 ADD dn="cn=changelog5,cn=config" > [18/Jan/2016:09:28:32 -0800] conn=2 op=6 RESULT err=0 tag=105 nentries=0 etime=0 > [18/Jan/2016:09:28:32 -0800] conn=2 op=7 ADD dn="cn=ldap/dc2-ipa-dev-nvan.mydomain.net at mydomain.NET,cn=config" > [18/Jan/2016:09:28:32 -0800] conn=2 op=7 RESULT err=0 tag=105 nentries=0 etime=0 > [18/Jan/2016:09:28:32 -0800] conn=2 op=8 SRCH base="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:32 -0800] conn=2 op=8 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:32 -0800] conn=2 op=9 MOD dn="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" > [18/Jan/2016:09:28:32 -0800] conn=2 op=9 RESULT err=0 tag=103 nentries=0 etime=0 > [18/Jan/2016:09:28:32 -0800] conn=2 op=10 ADD dn="cn=Peer Master,cn=mapping,cn=sasl,cn=config" > [18/Jan/2016:09:28:32 -0800] conn=2 op=10 RESULT err=0 tag=105 nentries=0 etime=0 > [18/Jan/2016:09:28:32 -0800] conn=2 op=11 UNBIND > [18/Jan/2016:09:28:32 -0800] conn=2 op=11 fd=65 closed - U1 > [18/Jan/2016:09:28:33 -0800] conn=3 fd=64 slot=64 connection from 10.178.6.56 to 10.21.0.98 > [18/Jan/2016:09:28:33 -0800] conn=3 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" > [18/Jan/2016:09:28:33 -0800] conn=3 op=0 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:33 -0800] conn=3 op=1 UNBIND > [18/Jan/2016:09:28:33 -0800] conn=3 op=1 fd=64 closed - U1 > ==== INSTALLATION CRASHED HERE BUT CLEARLY THE DS SERVICE ITSELF IS STILL RUNNING BECAUSE MORE LOGS HAPPEN BELOW > [18/Jan/2016:09:29:11 -0800] conn=4 fd=64 slot=64 connection from 10.21.5.132 to 10.21.0.98 > > > > > -----Original Message----- > From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Petr Vobornik > Sent: January-18-16 3:57 AM > To: freeipa-users at redhat.com > Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists > >> look at the DS access log, you should see an ADD operation with RESULT >> err=68 tag=105 > > According to code it's most likely > cn=replica,cn=$DOMAIN_SUFFIX,cn=mapping tree,cn=config > > I don't know why it happens because installer should add it only if the entry does not exist. Would be worth to check the DS access log if base search(which should happen before the add) for the dn fails or succeeds. > > From Nathan.Peters at globalrelay.net Mon Jan 18 18:10:20 2016 From: Nathan.Peters at globalrelay.net (Nathan Peters) Date: Mon, 18 Jan 2016 18:10:20 +0000 Subject: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists In-Reply-To: <569D27C4.10602@redhat.com> References: <569CB899.9040603@redhat.com> <569CCB5D.8040400@redhat.com> <569D27C4.10602@redhat.com> Message-ID: This is FreeIPA 4.3.0. There is no master generating the prepare file (unless its still handled in the background invisibly to the user). Ipa-replica-install is run directly from an unjoined client (or joined client, I have tried both). However, after tracking the logs of all 3 existing IPA servers during the attempted installation, the CA master appears to be the one doing something. Here are the logs for that time period. Note that there is no "err=68" anywhere in here: [root at dc1-ipa-dev-nvan slapd-MYDOMAIN-NET]# tail -f access [18/Jan/2016:09:27:44 -0800] conn=28024 op=138553 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:44 -0800] conn=28024 op=138553 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d206f000600110000 [18/Jan/2016:09:27:44 -0800] conn=28024 op=138554 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:44 -0800] conn=28024 op=138554 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d21f1000a00110000 [18/Jan/2016:09:27:44 -0800] conn=28024 op=138555 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:27:44 -0800] conn=28024 op=138555 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:44 -0800] conn=28024 op=138556 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:27:44 -0800] conn=28024 op=138556 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:44 -0800] conn=28024 op=138557 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:44 -0800] conn=28024 op=138557 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7ac1000b00110000 [18/Jan/2016:09:27:45 -0800] conn=29597 op=6 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=appdeployer)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey" [18/Jan/2016:09:27:45 -0800] conn=29597 op=6 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:45 -0800] conn=29597 op=7 SRCH base="cn=ipausers,cn=groups,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(&(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*))" attrs="objectClass posixgroup cn userPassword gidNumber member ipaNTSecurityIdentifier modifyTimestamp entryusn" [18/Jan/2016:09:27:45 -0800] conn=29597 op=7 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:45 -0800] conn=29597 op=8 SRCH base="ipaUniqueID=873ddd78-088c-11e5-b588-005056b71d17,cn=hbac,dc=mydomain,dc=net" scope=0 filter="(&(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*))" attrs="objectClass posixgroup cn userPassword gidNumber member ipaNTSecurityIdentifier modifyTimestamp entryusn" [18/Jan/2016:09:27:45 -0800] conn=29597 op=8 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:45 -0800] conn=29597 op=9 SRCH base="cn=gr_service_accounts,cn=groups,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(&(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*))" attrs="objectClass posixgroup cn userPassword gidNumber member ipaNTSecurityIdentifier modifyTimestamp entryusn" [18/Jan/2016:09:27:45 -0800] conn=29597 op=9 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:45 -0800] conn=29597 op=10 SRCH base="ipaUniqueID=3fbec37a-b3f6-11e5-bcb5-005056b71d17,cn=sudorules,cn=sudo,dc=mydomain,dc=net" scope=0 filter="(&(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*))" attrs="objectClass posixgroup cn userPassword gidNumber member ipaNTSecurityIdentifier modifyTimestamp entryusn" [18/Jan/2016:09:27:45 -0800] conn=29597 op=10 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:45 -0800] conn=29597 op=11 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(gidNumber=756600622)(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*)(&(gidNumber=*)(!(gidNumber=0))))" attrs="objectClass posixgroup cn userPassword gidNumber member ipaNTSecurityIdentifier modifyTimestamp entryusn" [18/Jan/2016:09:27:45 -0800] conn=29597 op=11 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:46 -0800] conn=29357 op=5 UNBIND [18/Jan/2016:09:27:46 -0800] conn=29357 op=5 fd=114 closed - U1 [18/Jan/2016:09:27:46 -0800] conn=28024 op=138558 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:46 -0800] conn=28024 op=138558 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7c09001b00110000 [18/Jan/2016:09:27:46 -0800] conn=28024 op=138559 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:46 -0800] conn=28024 op=138559 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7c09001c00110000 [18/Jan/2016:09:27:46 -0800] conn=28024 op=138560 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:46 -0800] conn=28024 op=138560 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7da4000500110000 [18/Jan/2016:09:27:46 -0800] conn=28024 op=138561 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:46 -0800] conn=28024 op=138561 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7da4000600110000 [18/Jan/2016:09:27:46 -0800] conn=28024 op=138562 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:46 -0800] conn=28024 op=138562 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7ec8000e00110000 [18/Jan/2016:09:27:46 -0800] conn=28024 op=138563 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:46 -0800] conn=28024 op=138563 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c804f000600110000 [18/Jan/2016:09:27:46 -0800] conn=28024 op=138564 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:46 -0800] conn=28024 op=138564 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c804f000700110000 [18/Jan/2016:09:27:46 -0800] conn=28024 op=138565 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:46 -0800] conn=28024 op=138565 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8169001900110000 [18/Jan/2016:09:27:46 -0800] conn=28024 op=138566 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:46 -0800] conn=28024 op=138566 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8169001a00110000 [18/Jan/2016:09:27:46 -0800] conn=28024 op=138567 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:46 -0800] conn=28024 op=138567 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c82c6000600110000 [18/Jan/2016:09:27:46 -0800] conn=28024 op=138568 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:46 -0800] conn=28024 op=138568 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8416000800110000 [18/Jan/2016:09:27:46 -0800] conn=28024 op=138569 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:46 -0800] conn=28024 op=138569 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8416000900110000 [18/Jan/2016:09:27:46 -0800] conn=28024 op=138570 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:46 -0800] conn=28024 op=138570 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c854a000700110000 [18/Jan/2016:09:27:46 -0800] conn=28024 op=138571 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:46 -0800] conn=28024 op=138571 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c854a000800110000 [18/Jan/2016:09:27:46 -0800] conn=28024 op=138572 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:46 -0800] conn=28024 op=138572 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8696002500110000 [18/Jan/2016:09:27:46 -0800] conn=28024 op=138573 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:46 -0800] conn=28024 op=138573 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8696002600110000 [18/Jan/2016:09:27:46 -0800] conn=28024 op=138574 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:46 -0800] conn=28024 op=138574 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8833000d00110000 [18/Jan/2016:09:27:46 -0800] conn=28024 op=138575 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:46 -0800] conn=28024 op=138575 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8833000e00110000 [18/Jan/2016:09:27:46 -0800] conn=28024 op=138576 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:46 -0800] conn=28024 op=138576 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8964000f00110000 [18/Jan/2016:09:27:46 -0800] conn=28024 op=138577 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:46 -0800] conn=28024 op=138577 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8ae4000600110000 [18/Jan/2016:09:27:46 -0800] conn=28024 op=138578 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:46 -0800] conn=28024 op=138578 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8c17000900110000 [18/Jan/2016:09:27:46 -0800] conn=28024 op=138579 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:46 -0800] conn=28024 op=138579 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8d72000500110000 [18/Jan/2016:09:27:46 -0800] conn=28024 op=138580 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:46 -0800] conn=28024 op=138580 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8ece000a00110000 [18/Jan/2016:09:27:46 -0800] conn=28024 op=138581 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:46 -0800] conn=28024 op=138581 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9023001800110000 [18/Jan/2016:09:27:46 -0800] conn=28024 op=138582 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:46 -0800] conn=28024 op=138582 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9023001900110000 [18/Jan/2016:09:27:46 -0800] conn=28024 op=138583 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:46 -0800] conn=28024 op=138583 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9192001400110000 [18/Jan/2016:09:27:46 -0800] conn=28024 op=138584 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:46 -0800] conn=28024 op=138584 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9192001500110000 [18/Jan/2016:09:27:46 -0800] conn=28024 op=138585 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:46 -0800] conn=28024 op=138585 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c92e8000400110000 [18/Jan/2016:09:27:46 -0800] conn=28024 op=138586 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:46 -0800] conn=28024 op=138586 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9463000500110000 [18/Jan/2016:09:27:46 -0800] conn=28024 op=138587 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:46 -0800] conn=28024 op=138587 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c95c0000500110000 [18/Jan/2016:09:27:46 -0800] conn=28024 op=138588 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:46 -0800] conn=28024 op=138588 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c95c0000600110000 [18/Jan/2016:09:27:46 -0800] conn=28024 op=138589 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:46 -0800] conn=28024 op=138589 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c96de001100110000 [18/Jan/2016:09:27:46 -0800] conn=28024 op=138590 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:46 -0800] conn=28024 op=138590 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c989b000a00110000 [18/Jan/2016:09:27:46 -0800] conn=28024 op=138591 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:46 -0800] conn=28024 op=138591 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c989b000b00110000 [18/Jan/2016:09:27:46 -0800] conn=28024 op=138592 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:46 -0800] conn=28024 op=138592 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c99d4000c00110000 [18/Jan/2016:09:27:46 -0800] conn=28024 op=138593 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:46 -0800] conn=28024 op=138593 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c99d4000d00110000 [18/Jan/2016:09:27:46 -0800] conn=28024 op=138594 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:46 -0800] conn=28024 op=138594 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9b07000a00110000 [18/Jan/2016:09:27:46 -0800] conn=28024 op=138595 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:46 -0800] conn=28024 op=138595 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9ca8000800110000 [18/Jan/2016:09:27:46 -0800] conn=28024 op=138596 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:46 -0800] conn=28024 op=138596 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9ca8000900110000 [18/Jan/2016:09:27:46 -0800] conn=28024 op=138597 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:46 -0800] conn=28024 op=138597 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9dca001500110000 [18/Jan/2016:09:27:46 -0800] conn=28024 op=138598 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:46 -0800] conn=28024 op=138598 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9f15001e00110000 [18/Jan/2016:09:27:46 -0800] conn=28024 op=138599 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:46 -0800] conn=28024 op=138599 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9f15001f00110000 [18/Jan/2016:09:27:46 -0800] conn=28024 op=138600 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:46 -0800] conn=28024 op=138600 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca0bf000a00110000 [18/Jan/2016:09:27:46 -0800] conn=28024 op=138601 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:46 -0800] conn=28024 op=138601 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca0bf000b00110000 [18/Jan/2016:09:27:46 -0800] conn=28024 op=138602 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:46 -0800] conn=28024 op=138602 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca21a000d00110000 [18/Jan/2016:09:27:46 -0800] conn=28024 op=138603 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:46 -0800] conn=28024 op=138603 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca3a6001a00110000 [18/Jan/2016:09:27:46 -0800] conn=28024 op=138604 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:46 -0800] conn=28024 op=138604 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca3a6001b00110000 [18/Jan/2016:09:27:46 -0800] conn=28024 op=138605 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:46 -0800] conn=28024 op=138605 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca4f9000200110000 [18/Jan/2016:09:27:46 -0800] conn=28024 op=138606 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:46 -0800] conn=28024 op=138606 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca638001a00110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138607 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138607 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca638001b00110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138608 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138608 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca7b4000c00110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138609 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138609 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca7b4000d00110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138610 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138610 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca922000d00110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138611 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138611 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca922000e00110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138612 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138612 RESULT err=32 tag=103 nentries=0 etime=0 csn=569caa84000a00110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138613 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138613 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cabf6000d00110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138614 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138614 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cabf6000e00110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138615 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138615 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cad23000800110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138616 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138616 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cae86001100110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138617 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138617 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cae86001200110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138618 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138618 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb02b000e00110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138619 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138619 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb02b000f00110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138620 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138620 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb19e000600110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138621 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138621 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb302000800110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138622 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138622 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb463000400110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138623 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138623 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb5b6002300110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138624 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138624 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb733000d00110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138625 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138625 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb733000e00110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138626 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138626 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb8a4000600110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138627 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138627 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cba11000900110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138628 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138628 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cba11000a00110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138629 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138629 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbb52001a00110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138630 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138630 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbcc4001c00110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138631 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138631 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbcc4001d00110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138632 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138632 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbe3a000f00110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138633 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138633 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbfa9000500110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138634 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138634 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc10e001000110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138635 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138635 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc10e001100110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138636 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138636 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc240001e00110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138637 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138637 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc3a0001000110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138638 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138638 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc3a0001100110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138639 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138639 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc543000d00110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138640 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138640 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc6a5000f00110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138641 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138641 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc6a5001000110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138642 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138642 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc80d001000110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138643 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138643 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc943000800110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138644 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138644 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cca94000e00110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138645 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138645 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccc35001000110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138646 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138646 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccc35001100110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138647 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138647 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccd8a000600110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138648 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138648 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccec0000c00110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138649 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138649 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccec0000d00110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138650 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138650 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd040000700110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138651 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138651 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd040000800110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138652 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138652 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd185001200110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138653 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138653 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd33d000700110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138654 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138654 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd493000400110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138655 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138655 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd5ed000d00110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138656 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138656 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd749000900110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138657 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138657 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd893000500110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138658 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138658 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cda30001600110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138659 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138659 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cda30001700110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138660 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138660 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdb92000a00110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138661 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138661 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdcdc000500110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138662 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138662 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cde51000a00110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138663 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138663 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdfab000f00110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138664 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138664 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce157000700110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138665 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138665 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce2f5001000110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138666 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138666 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce2f5001100110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138667 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138667 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce42d000900110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138668 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138668 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce585000f00110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138669 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138669 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce6cf003500110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138670 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138670 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce6cf003600110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138671 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138671 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce860000900110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138672 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138672 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce9ce000900110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138673 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138673 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ceaf9002400110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138674 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138674 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cec51002100110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138675 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138675 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cedb6000900110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138676 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138676 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cedb6000a00110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138677 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138677 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cef2a000500110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138678 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138678 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf0af000800110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138679 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138679 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf1cc000c00110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138680 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138680 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf1cc000d00110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138681 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138681 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf359002000110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138682 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138682 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf4b4000700110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138683 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138683 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf4b4000800110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138684 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138684 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf625000a00110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138685 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138685 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf625000b00110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138686 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138686 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf7ba000500110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138687 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138687 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf8d4000a00110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138688 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138688 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfa64001d00110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138689 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138689 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfbb2000800110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138690 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138690 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfd39000700110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138691 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138691 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfed1000a00110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138692 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138692 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cffea001000110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138693 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138693 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d018b000600110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138694 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138694 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d02cf001c00110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138695 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138695 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d02cf001d00110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138696 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138696 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0489001300110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138697 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138697 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d061e000a00110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138698 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138698 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0792000200110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138699 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138699 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d092f001500110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138700 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138700 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d092f001600110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138701 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138701 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0a69000800110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138702 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138702 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0c05001200110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138703 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138703 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0d5b001600110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138704 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138704 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0f13000f00110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138705 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138705 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0f13001000110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138706 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138706 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1087000b00110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138707 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138707 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d121d000500110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138708 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138708 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d13a4001200110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138709 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138709 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d14d5000500110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138710 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138710 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1693000300110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138711 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138711 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d17c4000c00110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138712 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138712 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d17c4000d00110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138713 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138713 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d194d000900110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138714 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138714 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1add000400110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138715 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138715 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1bef000500110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138716 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138716 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1d9b000500110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138717 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138717 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1edb000900110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138718 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138718 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d206f000600110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138719 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138719 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d21f1000a00110000 [18/Jan/2016:09:27:47 -0800] conn=28024 op=138720 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:27:47 -0800] conn=28024 op=138720 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:47 -0800] conn=29623 fd=110 slot=110 connection from 10.21.12.10 to 10.178.0.99 [18/Jan/2016:09:27:47 -0800] conn=29623 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS" [18/Jan/2016:09:27:47 -0800] conn=29623 op=0 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:47 -0800] conn=29623 op=-1 fd=110 closed - Peer reports failure of signature verification or key exchange. [18/Jan/2016:09:27:49 -0800] conn=29624 fd=110 slot=110 connection from 10.178.35.217 to 10.178.0.99 [18/Jan/2016:09:27:49 -0800] conn=29624 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [18/Jan/2016:09:27:49 -0800] conn=29624 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:49 -0800] conn=29472 op=87 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(ipServicePort=44044)(ipServiceProtocol=tcp)(objectClass=ipService))" attrs="objectClass cn ipServicePort ipServiceProtocol entryusn" [18/Jan/2016:09:27:49 -0800] conn=29472 op=87 RESULT err=0 tag=101 nentries=0 etime=0 notes=U [18/Jan/2016:09:27:49 -0800] conn=8 op=67910 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/fe2-arch-cpqa2-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/fe2-arch-cpqa2-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:49 -0800] conn=8 op=67910 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:49 -0800] conn=8 op=67911 SRCH base="cn=ipaConfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaConfigString ipaKrbAuthzData ipaUserAuthType" [18/Jan/2016:09:27:49 -0800] conn=8 op=67911 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:49 -0800] conn=8 op=67912 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:49 -0800] conn=8 op=67912 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:49 -0800] conn=8 op=67913 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:49 -0800] conn=8 op=67913 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:49 -0800] conn=8 op=67914 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:27:49 -0800] conn=8 op=67914 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:49 -0800] conn=8 op=67915 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/fe2-arch-cpqa2-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/fe2-arch-cpqa2-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:49 -0800] conn=8 op=67915 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:49 -0800] conn=8 op=67916 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:49 -0800] conn=8 op=67916 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:49 -0800] conn=8 op=67917 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:49 -0800] conn=8 op=67917 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:49 -0800] conn=8 op=67918 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:27:49 -0800] conn=8 op=67918 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:49 -0800] conn=8 op=67919 SRCH base="fqdn=fe2-arch-cpqa2-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:27:49 -0800] conn=8 op=67919 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:49 -0800] conn=8 op=67920 SRCH base="cn=fe2-arch-cpqa2-nvan.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:27:49 -0800] conn=8 op=67920 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:49 -0800] conn=8 op=67921 MOD dn="fqdn=fe2-arch-cpqa2-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:49 -0800] conn=8 op=67921 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d21fa000e00100000 [18/Jan/2016:09:27:49 -0800] conn=8 op=67922 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:49 -0800] conn=8 op=67922 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:49 -0800] conn=8 op=67923 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:49 -0800] conn=8 op=67923 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:49 -0800] conn=8 op=67924 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:49 -0800] conn=8 op=67924 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:49 -0800] conn=8 op=67925 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/fe2-arch-cpqa2-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:49 -0800] conn=8 op=67925 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:49 -0800] conn=8 op=67926 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:49 -0800] conn=8 op=67926 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:49 -0800] conn=29624 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:49 -0800] conn=29624 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:49 -0800] conn=29624 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:49 -0800] conn=29624 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:49 -0800] conn=29624 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:49 -0800] conn=29624 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=fe2-arch-cpqa2-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:49 -0800] conn=29624 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2)(!(entryusn=2)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=fe2-arch-cpqa2-nvan.mydomain.net)(sudoHost=fe2-arch-cpqa2-nvan)(sudoHost=10.178.35.217)(sudoHost=10.178.0.0/16)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" [18/Jan/2016:09:27:49 -0800] conn=29624 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 [18/Jan/2016:09:27:49 -0800] conn=29360 op=5 UNBIND [18/Jan/2016:09:27:49 -0800] conn=29360 op=5 fd=115 closed - U1 [18/Jan/2016:09:27:49 -0800] conn=29361 op=5 UNBIND [18/Jan/2016:09:27:49 -0800] conn=29361 op=5 fd=116 closed - U1 [18/Jan/2016:09:27:50 -0800] conn=8852 op=29390 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:27:50 -0800] conn=8852 op=29390 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:50 -0800] conn=8852 op=29391 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:27:50 -0800] conn=8852 op=29391 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:50 -0800] conn=8852 op=29392 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:27:50 -0800] conn=8852 op=29392 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:50 -0800] conn=8852 op=29393 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:27:50 -0800] conn=8852 op=29393 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:51 -0800] conn=29362 op=11 UNBIND [18/Jan/2016:09:27:51 -0800] conn=29362 op=11 fd=151 closed - U1 [18/Jan/2016:09:27:51 -0800] conn=29363 op=6 UNBIND [18/Jan/2016:09:27:51 -0800] conn=29363 op=6 fd=203 closed - U1 [18/Jan/2016:09:27:53 -0800] conn=29625 fd=114 slot=114 connection from 10.21.5.101 to 10.178.0.99 [18/Jan/2016:09:27:53 -0800] conn=29625 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [18/Jan/2016:09:27:53 -0800] conn=29625 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:53 -0800] conn=4 op=60071 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/van-test-login-bamboo.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/van-test-login-bamboo.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:53 -0800] conn=4 op=60071 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:53 -0800] conn=4 op=60072 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:53 -0800] conn=4 op=60072 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:53 -0800] conn=4 op=60073 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:53 -0800] conn=4 op=60073 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:53 -0800] conn=4 op=60074 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:27:53 -0800] conn=4 op=60074 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:53 -0800] conn=8 op=67927 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/van-test-login-bamboo.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/van-test-login-bamboo.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:53 -0800] conn=8 op=67927 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:53 -0800] conn=8 op=67928 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:53 -0800] conn=8 op=67928 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:53 -0800] conn=8 op=67929 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:53 -0800] conn=8 op=67929 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:53 -0800] conn=8 op=67930 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:27:53 -0800] conn=8 op=67930 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:53 -0800] conn=8 op=67931 SRCH base="fqdn=van-test-login-bamboo.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:27:53 -0800] conn=8 op=67931 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:53 -0800] conn=8 op=67932 SRCH base="cn=van-test-login-bamboo.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:27:53 -0800] conn=8 op=67932 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:53 -0800] conn=8 op=67933 MOD dn="fqdn=van-test-login-bamboo.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:53 -0800] conn=8 op=67933 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2202000600100000 [18/Jan/2016:09:27:53 -0800] conn=8 op=67934 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:53 -0800] conn=8 op=67934 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:53 -0800] conn=8 op=67935 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:53 -0800] conn=8 op=67935 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:53 -0800] conn=8 op=67936 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:53 -0800] conn=8 op=67936 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:53 -0800] conn=8 op=67937 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/van-test-login-bamboo.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:53 -0800] conn=8 op=67937 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:53 -0800] conn=8 op=67938 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:53 -0800] conn=8 op=67938 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:53 -0800] conn=29625 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:53 -0800] conn=29625 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:53 -0800] conn=29625 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:53 -0800] conn=29625 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:53 -0800] conn=29625 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:53 -0800] conn=29625 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=van-test-login-bamboo.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:53 -0800] conn=29625 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2)(!(entryusn=2)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=van-test-login-bamboo.mydomain.net)(sudoHost=van-test-login-bamboo)(sudoHost=10.21.5.101)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:26fc)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" [18/Jan/2016:09:27:53 -0800] conn=29625 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 [18/Jan/2016:09:27:54 -0800] conn=29626 fd=115 slot=115 connection from 10.21.13.22 to 10.178.0.99 [18/Jan/2016:09:27:54 -0800] conn=29626 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [18/Jan/2016:09:27:54 -0800] conn=29626 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=5 op=87301 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/zimbra2-perf1-flex-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/zimbra2-perf1-flex-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:54 -0800] conn=5 op=87301 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=5 op=87302 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:54 -0800] conn=5 op=87302 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=5 op=87303 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:54 -0800] conn=5 op=87303 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=5 op=87304 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:27:54 -0800] conn=5 op=87304 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=5 op=87305 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/zimbra2-perf1-flex-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/zimbra2-perf1-flex-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:54 -0800] conn=5 op=87305 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=5 op=87306 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:54 -0800] conn=5 op=87306 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=5 op=87307 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:54 -0800] conn=5 op=87307 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=5 op=87308 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:27:54 -0800] conn=5 op=87308 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=5 op=87309 SRCH base="fqdn=zimbra2-perf1-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:27:54 -0800] conn=5 op=87309 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=5 op=87310 SRCH base="cn=zimbra2-perf1-flex-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:27:54 -0800] conn=5 op=87310 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:54 -0800] conn=5 op=87311 MOD dn="fqdn=zimbra2-perf1-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:54 -0800] conn=5 op=87311 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2202000c00100000 [18/Jan/2016:09:27:54 -0800] conn=12 op=76462 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:54 -0800] conn=12 op=76462 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=12 op=76463 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:54 -0800] conn=12 op=76463 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=12 op=76464 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:54 -0800] conn=12 op=76464 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=12 op=76465 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/zimbra2-perf1-flex-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:54 -0800] conn=12 op=76465 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=12 op=76466 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:54 -0800] conn=12 op=76466 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=29626 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:54 -0800] conn=29626 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:54 -0800] conn=29626 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:54 -0800] conn=29626 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:54 -0800] conn=29626 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:54 -0800] conn=29626 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=zimbra2-perf1-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:54 -0800] conn=29626 op=4 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey" [18/Jan/2016:09:27:54 -0800] conn=29626 op=4 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:54 -0800] conn=29626 op=5 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey" [18/Jan/2016:09:27:54 -0800] conn=29626 op=5 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:54 -0800] conn=29626 op=6 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey" [18/Jan/2016:09:27:54 -0800] conn=29626 op=6 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:54 -0800] conn=29626 op=7 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey" [18/Jan/2016:09:27:54 -0800] conn=29626 op=7 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:54 -0800] conn=29626 op=8 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey" [18/Jan/2016:09:27:54 -0800] conn=29626 op=8 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:54 -0800] conn=29626 op=9 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey" [18/Jan/2016:09:27:54 -0800] conn=29626 op=9 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:54 -0800] conn=8852 op=29394 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:27:54 -0800] conn=8852 op=29394 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:54 -0800] conn=8852 op=29395 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:27:54 -0800] conn=8852 op=29395 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:54 -0800] conn=8852 op=29396 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:27:54 -0800] conn=8852 op=29396 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:54 -0800] conn=8852 op=29397 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:27:54 -0800] conn=8852 op=29397 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:55 -0800] conn=29472 op=88 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(ipServicePort=44045)(ipServiceProtocol=tcp)(objectClass=ipService))" attrs="objectClass cn ipServicePort ipServiceProtocol entryusn" [18/Jan/2016:09:27:55 -0800] conn=29472 op=88 RESULT err=0 tag=101 nentries=0 etime=0 notes=U [18/Jan/2016:09:27:55 -0800] conn=8852 op=29398 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:27:55 -0800] conn=8852 op=29398 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:55 -0800] conn=8852 op=29399 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:27:55 -0800] conn=8852 op=29399 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:55 -0800] conn=8852 op=29400 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:27:55 -0800] conn=8852 op=29400 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:55 -0800] conn=8852 op=29401 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:27:55 -0800] conn=8852 op=29401 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:55 -0800] conn=8852 op=29402 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:27:55 -0800] conn=8852 op=29402 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:55 -0800] conn=8852 op=29403 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:27:55 -0800] conn=8852 op=29403 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:55 -0800] conn=8852 op=29404 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:27:55 -0800] conn=8852 op=29404 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:55 -0800] conn=8852 op=29405 ADD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:55 -0800] conn=8852 op=29405 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d22070008000f0000 [18/Jan/2016:09:27:55 -0800] conn=28024 op=138721 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:27:55 -0800] conn=28024 op=138721 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:55 -0800] conn=29627 fd=116 slot=116 connection from 10.21.12.10 to 10.178.0.99 [18/Jan/2016:09:27:55 -0800] conn=29627 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS" [18/Jan/2016:09:27:55 -0800] conn=29627 op=0 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:55 -0800] conn=29627 op=-1 fd=116 closed - Peer reports failure of signature verification or key exchange. [18/Jan/2016:09:27:55 -0800] conn=29365 op=5 UNBIND [18/Jan/2016:09:27:55 -0800] conn=29365 op=5 fd=209 closed - U1 [18/Jan/2016:09:27:55 -0800] conn=29364 op=5 UNBIND [18/Jan/2016:09:27:55 -0800] conn=29364 op=5 fd=118 closed - U1 [18/Jan/2016:09:27:56 -0800] conn=29628 fd=116 slot=116 connection from 10.21.20.125 to 10.178.0.99 [18/Jan/2016:09:27:56 -0800] conn=29628 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [18/Jan/2016:09:27:56 -0800] conn=29628 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:56 -0800] conn=8 op=67939 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/pg1-msg-msgci1-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/pg1-msg-msgci1-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:56 -0800] conn=29629 fd=118 slot=118 connection from 10.21.8.117 to 10.178.0.99 [18/Jan/2016:09:27:56 -0800] conn=8 op=67939 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:56 -0800] conn=8 op=67940 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:56 -0800] conn=8 op=67940 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:56 -0800] conn=29629 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [18/Jan/2016:09:27:56 -0800] conn=8 op=67941 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:56 -0800] conn=29629 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:56 -0800] conn=8 op=67941 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:56 -0800] conn=8 op=67942 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:27:56 -0800] conn=8 op=67942 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:56 -0800] conn=4 op=60075 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/pg1-msg-msgci1-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/pg1-msg-msgci1-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:56 -0800] conn=8 op=67943 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/hadoop7-li-lisnap1-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/hadoop7-li-lisnap1-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:56 -0800] conn=8 op=67943 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:56 -0800] conn=8 op=67944 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:56 -0800] conn=8 op=67944 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:56 -0800] conn=8 op=67945 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:56 -0800] conn=4 op=60075 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:56 -0800] conn=4 op=60076 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:56 -0800] conn=4 op=60076 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:56 -0800] conn=4 op=60077 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:56 -0800] conn=8 op=67945 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:56 -0800] conn=8 op=67946 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:27:56 -0800] conn=8 op=67946 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:56 -0800] conn=4 op=60077 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:56 -0800] conn=4 op=60078 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:27:56 -0800] conn=4 op=60078 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:56 -0800] conn=4 op=60079 SRCH base="fqdn=pg1-msg-msgci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:27:56 -0800] conn=4 op=60079 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:56 -0800] conn=8 op=67947 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/hadoop7-li-lisnap1-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/hadoop7-li-lisnap1-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:56 -0800] conn=4 op=60080 SRCH base="cn=pg1-msg-msgci1-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:27:56 -0800] conn=4 op=60080 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:56 -0800] conn=4 op=60081 MOD dn="fqdn=pg1-msg-msgci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:56 -0800] conn=8 op=67947 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:56 -0800] conn=8 op=67948 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:56 -0800] conn=8 op=67948 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:56 -0800] conn=8 op=67949 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:56 -0800] conn=8 op=67949 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:56 -0800] conn=8 op=67950 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:27:56 -0800] conn=8 op=67950 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:56 -0800] conn=8 op=67951 SRCH base="fqdn=hadoop7-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:27:56 -0800] conn=4 op=60081 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2207000d00100000 [18/Jan/2016:09:27:56 -0800] conn=8 op=67951 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:56 -0800] conn=8 op=67952 SRCH base="cn=hadoop7-li-lisnap1-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:27:56 -0800] conn=8 op=67952 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:56 -0800] conn=8 op=67953 MOD dn="fqdn=hadoop7-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:56 -0800] conn=8 op=67953 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2207000f00100000 [18/Jan/2016:09:27:56 -0800] conn=5 op=87312 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:56 -0800] conn=8 op=67954 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:56 -0800] conn=5 op=87312 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:56 -0800] conn=5 op=87313 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:56 -0800] conn=8 op=67954 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:56 -0800] conn=8 op=67955 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:56 -0800] conn=8 op=67955 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:56 -0800] conn=8 op=67956 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:56 -0800] conn=8 op=67956 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:56 -0800] conn=8 op=67957 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/hadoop7-li-lisnap1-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:56 -0800] conn=8 op=67957 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:56 -0800] conn=8 op=67958 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:56 -0800] conn=8 op=67958 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:56 -0800] conn=5 op=87313 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:56 -0800] conn=5 op=87314 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:56 -0800] conn=5 op=87314 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:56 -0800] conn=5 op=87315 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/pg1-msg-msgci1-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:56 -0800] conn=5 op=87315 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:56 -0800] conn=5 op=87316 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:56 -0800] conn=5 op=87316 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:56 -0800] conn=29628 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:56 -0800] conn=29628 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:56 -0800] conn=29628 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:56 -0800] conn=29628 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:56 -0800] conn=29628 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:56 -0800] conn=29628 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=pg1-msg-msgci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:56 -0800] conn=29628 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2)(!(entryusn=2)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=pg1-msg-msgci1-van.mydomain.net)(sudoHost=pg1-msg-msgci1-van)(sudoHost=10.21.20.125)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:feb7:6120)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" [18/Jan/2016:09:27:56 -0800] conn=29628 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 [18/Jan/2016:09:27:56 -0800] conn=29629 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:56 -0800] conn=29629 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:56 -0800] conn=29629 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:56 -0800] conn=29629 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:56 -0800] conn=29629 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:56 -0800] conn=29629 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=hadoop7-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:56 -0800] conn=29629 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2)(!(entryusn=2)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=hadoop7-li-lisnap1-van.mydomain.net)(sudoHost=hadoop7-li-lisnap1-van)(sudoHost=10.21.8.117)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:57a2)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" [18/Jan/2016:09:27:56 -0800] conn=29629 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 [18/Jan/2016:09:27:57 -0800] conn=8852 op=29406 MOD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=8852 op=29406 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22070010000f0000 [18/Jan/2016:09:27:57 -0800] conn=8852 op=29407 MOD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=8852 op=29407 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22070011000f0000 [18/Jan/2016:09:27:57 -0800] conn=8852 op=29408 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:27:57 -0800] conn=8852 op=29408 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:57 -0800] conn=8852 op=29409 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:27:57 -0800] conn=8852 op=29409 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:57 -0800] conn=8852 op=29410 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:27:57 -0800] conn=8852 op=29410 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:57 -0800] conn=8852 op=29411 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:27:57 -0800] conn=8852 op=29411 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:57 -0800] conn=8852 op=29412 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:27:57 -0800] conn=8852 op=29412 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:57 -0800] conn=8852 op=29413 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:27:57 -0800] conn=8852 op=29413 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:57 -0800] conn=8852 op=29414 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:27:57 -0800] conn=8852 op=29414 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:57 -0800] conn=8852 op=29415 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:27:57 -0800] conn=8852 op=29415 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:57 -0800] conn=8852 op=29416 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:27:57 -0800] conn=8852 op=29416 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:57 -0800] conn=12 op=76467 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:57 -0800] conn=12 op=76467 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=12 op=76468 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:57 -0800] conn=12 op=76469 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:57 -0800] conn=12 op=76468 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=12 op=76469 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=12 op=76470 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:57 -0800] conn=12 op=76470 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=12 op=76471 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:57 -0800] conn=12 op=76471 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=8852 op=29417 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:27:57 -0800] conn=8852 op=29417 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:57 -0800] conn=8852 op=29418 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:27:57 -0800] conn=8852 op=29418 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:58 -0800] conn=8852 op=29419 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:27:58 -0800] conn=8852 op=29419 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:58 -0800] conn=8852 op=29420 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:27:58 -0800] conn=8852 op=29420 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:58 -0800] conn=8852 op=29421 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:27:58 -0800] conn=8852 op=29421 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:58 -0800] conn=8852 op=29422 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:27:58 -0800] conn=8852 op=29422 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:58 -0800] conn=29630 fd=151 slot=151 connection from 10.178.6.132 to 10.178.0.99 [18/Jan/2016:09:27:58 -0800] conn=29630 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [18/Jan/2016:09:27:58 -0800] conn=29630 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:58 -0800] conn=4 op=60082 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/fe7-arch-snap4-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/fe7-arch-snap4-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:58 -0800] conn=4 op=60082 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:58 -0800] conn=4 op=60083 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:58 -0800] conn=4 op=60083 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:58 -0800] conn=4 op=60084 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:58 -0800] conn=4 op=60084 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:58 -0800] conn=4 op=60085 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:27:58 -0800] conn=4 op=60085 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:58 -0800] conn=8 op=67959 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/fe7-arch-snap4-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/fe7-arch-snap4-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:58 -0800] conn=8 op=67959 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:58 -0800] conn=8 op=67960 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:58 -0800] conn=8 op=67960 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:58 -0800] conn=8 op=67961 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:58 -0800] conn=8 op=67961 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:58 -0800] conn=8 op=67962 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:27:58 -0800] conn=8 op=67962 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:58 -0800] conn=8 op=67963 SRCH base="fqdn=fe7-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:27:58 -0800] conn=8 op=67963 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:58 -0800] conn=8 op=67964 SRCH base="cn=fe7-arch-snap4-nvan.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:27:58 -0800] conn=8 op=67964 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:58 -0800] conn=8 op=67965 MOD dn="fqdn=fe7-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:58 -0800] conn=8 op=67965 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220a000300100000 [18/Jan/2016:09:27:58 -0800] conn=5 op=87317 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:58 -0800] conn=5 op=87317 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:58 -0800] conn=5 op=87318 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:58 -0800] conn=5 op=87318 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:58 -0800] conn=5 op=87319 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:58 -0800] conn=5 op=87319 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:58 -0800] conn=5 op=87320 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/fe7-arch-snap4-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:58 -0800] conn=5 op=87320 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:58 -0800] conn=5 op=87321 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:58 -0800] conn=5 op=87321 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:58 -0800] conn=29630 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:58 -0800] conn=29630 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:58 -0800] conn=29630 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:58 -0800] conn=29630 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:58 -0800] conn=29630 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:58 -0800] conn=29630 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=fe7-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:58 -0800] conn=29630 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2)(!(entryusn=2)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=fe7-arch-snap4-nvan.mydomain.net)(sudoHost=fe7-arch-snap4-nvan)(sudoHost=10.178.6.132)(sudoHost=10.178.0.0/16)(sudoHost=fe80::250:56ff:feb7:7ea)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" [18/Jan/2016:09:27:58 -0800] conn=29630 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 [18/Jan/2016:09:27:59 -0800] conn=28024 op=138722 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:27:59 -0800] conn=28024 op=138722 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:59 -0800] conn=28024 op=138723 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=28024 op=138723 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7ac1000b00110000 [18/Jan/2016:09:27:59 -0800] conn=8852 op=29423 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:27:59 -0800] conn=8852 op=29423 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:01 -0800] conn=29631 fd=203 slot=203 connection from 10.21.0.98 to 10.178.0.99 [18/Jan/2016:09:28:01 -0800] conn=29631 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [18/Jan/2016:09:28:01 -0800] conn=29631 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:01 -0800] conn=29472 op=89 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(ipServicePort=44046)(ipServiceProtocol=tcp)(objectClass=ipService))" attrs="objectClass cn ipServicePort ipServiceProtocol entryusn" [18/Jan/2016:09:28:01 -0800] conn=29472 op=89 RESULT err=0 tag=101 nentries=0 etime=0 notes=U [18/Jan/2016:09:28:01 -0800] conn=8 op=67966 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:01 -0800] conn=8 op=67966 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:01 -0800] conn=8 op=67967 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:01 -0800] conn=8 op=67967 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:01 -0800] conn=8 op=67968 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:01 -0800] conn=8 op=67968 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:01 -0800] conn=8 op=67969 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:28:01 -0800] conn=8 op=67969 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:01 -0800] conn=5 op=87322 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:01 -0800] conn=5 op=87322 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:01 -0800] conn=5 op=87323 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:01 -0800] conn=5 op=87323 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:01 -0800] conn=5 op=87324 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:01 -0800] conn=5 op=87324 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:01 -0800] conn=5 op=87325 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:28:01 -0800] conn=5 op=87325 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:01 -0800] conn=5 op=87326 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:28:01 -0800] conn=5 op=87326 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:01 -0800] conn=5 op=87327 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:01 -0800] conn=5 op=87327 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:01 -0800] conn=5 op=87328 MOD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=5 op=87328 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000300100000 [18/Jan/2016:09:28:01 -0800] conn=5 op=87329 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:01 -0800] conn=5 op=87329 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:01 -0800] conn=5 op=87330 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:01 -0800] conn=5 op=87330 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:01 -0800] conn=5 op=87331 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:01 -0800] conn=5 op=87331 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:01 -0800] conn=5 op=87332 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:01 -0800] conn=5 op=87332 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:01 -0800] conn=5 op=87333 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:01 -0800] conn=5 op=87333 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:01 -0800] conn=29631 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:01 -0800] conn=29631 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:01 -0800] conn=29631 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:01 -0800] conn=29631 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:01 -0800] conn=29631 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:01 -0800] conn=29631 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=29631 op=4 SRCH base="cn=ranges,cn=etc,dc=mydomain,dc=net" scope=2 filter="(objectClass=ipaIDRange)" attrs="objectClass cn ipaBaseID ipaBaseRID ipaSecondaryBaseRID ipaIDRangeSize ipaNTTrustedDomainSID ipaRangeType" [18/Jan/2016:09:28:01 -0800] conn=29631 op=5 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=sudoRole)(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=dc2-ipa-dev-van.mydomain.net)(sudoHost=dc2-ipa-dev-van)(sudoHost=10.21.0.98)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:feb7:1208)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" [18/Jan/2016:09:28:01 -0800] conn=29631 op=4 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:01 -0800] conn=29631 op=5 RESULT err=0 tag=101 nentries=7 etime=0 notes=P pr_idx=0 [18/Jan/2016:09:28:01 -0800] conn=29631 op=6 SRCH base="cn=ad,cn=etc,dc=mydomain,dc=net" scope=2 filter="(objectClass=ipaNTDomainAttrs)" attrs="cn ipaNTFlatName ipaNTSecurityIdentifier" [18/Jan/2016:09:28:01 -0800] conn=29631 op=6 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:01 -0800] conn=29631 op=7 SRCH base="cn=ranges,cn=etc,dc=mydomain,dc=net" scope=2 filter="(objectClass=ipaIDRange)" attrs="objectClass cn ipaBaseID ipaBaseRID ipaSecondaryBaseRID ipaIDRangeSize ipaNTTrustedDomainSID ipaRangeType" [18/Jan/2016:09:28:01 -0800] conn=29631 op=7 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:01 -0800] conn=29631 op=8 SRCH base="cn=trusts,dc=mydomain,dc=net" scope=2 filter="(objectClass=ipaNTTrustedDomain)" attrs="cn ipaNTFlatName ipaNTTrustedDomainSID ipaNTTrustDirection" [18/Jan/2016:09:28:01 -0800] conn=29631 op=8 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:01 -0800] conn=29631 op=9 SRCH base="cn=trusts,dc=mydomain,dc=net" scope=2 filter="(objectClass=ipaNTTrustedDomain)" attrs="cn ipaNTFlatName ipaNTTrustedDomainSID ipaNTTrustDirection" [18/Jan/2016:09:28:01 -0800] conn=29631 op=9 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:01 -0800] conn=29631 op=10 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaHost)(fqdn=dc2-ipa-dev-van.mydomain.net))" attrs="cn objectClass" [18/Jan/2016:09:28:01 -0800] conn=29631 op=10 RESULT err=0 tag=101 nentries=1 etime=0 notes=P pr_idx=1 [18/Jan/2016:09:28:01 -0800] conn=29631 op=11 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaHost)(fqdn=dc2-ipa-dev-van.mydomain.net))" attrs="cn objectClass" [18/Jan/2016:09:28:01 -0800] conn=29631 op=11 RESULT err=0 tag=101 nentries=1 etime=0 notes=P pr_idx=1 [18/Jan/2016:09:28:01 -0800] conn=29631 op=12 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=admin)(objectClass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType usercertificate;binary" [18/Jan/2016:09:28:01 -0800] conn=29631 op=12 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:01 -0800] conn=29631 op=13 SRCH base="cn=Default Trust View,cn=views,cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:mydomain.net:56d306a6-d31f-11e4-93de-005056b71d17))" attrs=ALL [18/Jan/2016:09:28:01 -0800] conn=29631 op=13 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138724 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138724 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7c09001b00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138725 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138725 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7c09001c00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138726 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138726 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7da4000500110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138727 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138727 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7da4000600110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138728 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138728 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7ec8000e00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138729 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138729 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c804f000600110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138730 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138730 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c804f000700110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138731 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138731 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8169001900110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138732 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138732 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8169001a00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138733 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138733 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c82c6000600110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138734 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138734 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8416000800110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138735 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138735 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8416000900110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138736 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138736 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c854a000700110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138737 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138737 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c854a000800110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138738 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138738 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8696002500110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138739 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138739 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8696002600110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138740 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138740 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8833000d00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138741 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138741 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8833000e00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138742 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138742 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8964000f00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138743 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138743 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8ae4000600110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138744 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138744 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8c17000900110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138745 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138745 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8d72000500110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138746 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138746 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8ece000a00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138747 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138747 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9023001800110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138748 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138748 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9023001900110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138749 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138749 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9192001400110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138750 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138750 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9192001500110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138751 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138751 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c92e8000400110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138752 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138752 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9463000500110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138753 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138753 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c95c0000500110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138754 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138754 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c95c0000600110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138755 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138755 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c96de001100110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138756 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138756 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c989b000a00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138757 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138757 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c989b000b00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138758 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138758 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c99d4000c00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138759 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138759 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c99d4000d00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138760 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138760 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9b07000a00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138761 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138761 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9ca8000800110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138762 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138762 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9ca8000900110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138763 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138763 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9dca001500110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138764 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138764 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9f15001e00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138765 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138765 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9f15001f00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138766 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138766 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca0bf000a00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138767 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138767 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca0bf000b00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138768 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138768 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca21a000d00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138769 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138769 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca3a6001a00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138770 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138770 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca3a6001b00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138771 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138771 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca4f9000200110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138772 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138772 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca638001a00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138773 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138773 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca638001b00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138774 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138774 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca7b4000c00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138775 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138775 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca7b4000d00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138776 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138776 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca922000d00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138777 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138777 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca922000e00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138778 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138778 RESULT err=32 tag=103 nentries=0 etime=0 csn=569caa84000a00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138779 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138779 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cabf6000d00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138780 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138780 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cabf6000e00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138781 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138781 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cad23000800110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138782 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138782 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cae86001100110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138783 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138783 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cae86001200110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138784 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138784 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb02b000e00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138785 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138785 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb02b000f00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138786 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138786 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb19e000600110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138787 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138787 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb302000800110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138788 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138788 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb463000400110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138789 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138789 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb5b6002300110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138790 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138790 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb733000d00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138791 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138791 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb733000e00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138792 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138792 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb8a4000600110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138793 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138793 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cba11000900110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138794 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138794 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cba11000a00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138795 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138795 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbb52001a00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138796 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138796 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbcc4001c00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138797 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138797 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbcc4001d00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138798 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138798 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbe3a000f00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138799 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138799 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbfa9000500110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138800 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138800 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc10e001000110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138801 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138801 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc10e001100110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138802 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138802 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc240001e00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138803 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138803 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc3a0001000110000 [18/Jan/2016:09:28:01 -0800] conn=29631 op=14 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=ntp)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType usercertificate;binary" [18/Jan/2016:09:28:01 -0800] conn=29631 op=14 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138804 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138804 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc3a0001100110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138805 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138805 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc543000d00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138806 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138806 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc6a5000f00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138807 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138807 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc6a5001000110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138808 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138808 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc80d001000110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138809 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138809 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc943000800110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138810 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138810 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cca94000e00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138811 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138811 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccc35001000110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138812 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138812 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccc35001100110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138813 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138813 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccd8a000600110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138814 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138814 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccec0000c00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138815 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138815 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccec0000d00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138816 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138816 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd040000700110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138817 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138817 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd040000800110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138818 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138818 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd185001200110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138819 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138819 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd33d000700110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138820 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138820 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd493000400110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138821 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138821 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd5ed000d00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138822 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138822 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd749000900110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138823 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138823 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd893000500110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138824 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138824 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cda30001600110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138825 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138825 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cda30001700110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138826 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138826 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdb92000a00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138827 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138827 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdcdc000500110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138828 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138828 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cde51000a00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138829 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138829 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdfab000f00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138830 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138830 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce157000700110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138831 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138831 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce2f5001000110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138832 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138832 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce2f5001100110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138833 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138833 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce42d000900110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138834 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138834 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce585000f00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138835 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138835 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce6cf003500110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138836 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138836 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce6cf003600110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138837 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138837 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce860000900110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138838 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138838 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce9ce000900110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138839 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138839 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ceaf9002400110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138840 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138840 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cec51002100110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138841 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138841 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cedb6000900110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138842 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138842 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cedb6000a00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138843 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138843 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cef2a000500110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138844 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138844 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf0af000800110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138845 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138845 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf1cc000c00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138846 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138846 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf1cc000d00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138847 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138847 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf359002000110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138848 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138848 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf4b4000700110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138849 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138849 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf4b4000800110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138850 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138850 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf625000a00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138851 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138851 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf625000b00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138852 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138852 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf7ba000500110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138853 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138853 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf8d4000a00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138854 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138854 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfa64001d00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138855 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138855 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfbb2000800110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138856 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138856 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfd39000700110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138857 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138857 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfed1000a00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138858 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138858 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cffea001000110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138859 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138859 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d018b000600110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138860 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138860 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d02cf001c00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138861 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138861 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d02cf001d00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138862 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138862 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0489001300110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138863 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138863 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d061e000a00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138864 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138864 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0792000200110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138865 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138865 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d092f001500110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138866 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138866 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d092f001600110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138867 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138867 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0a69000800110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138868 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138868 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0c05001200110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138869 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138869 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0d5b001600110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138870 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138870 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0f13000f00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138871 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138871 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0f13001000110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138872 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138872 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1087000b00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138873 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138873 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d121d000500110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138874 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138874 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d13a4001200110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138875 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138875 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d14d5000500110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138876 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138876 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1693000300110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138877 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138877 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d17c4000c00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138878 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138878 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d17c4000d00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138879 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138879 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d194d000900110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138880 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138880 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1add000400110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138881 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138881 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1bef000500110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138882 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138882 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1d9b000500110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138883 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138883 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1edb000900110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138884 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138884 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d206f000600110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138885 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138885 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d21f1000a00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138886 ADD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138886 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d220b000500110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138887 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138887 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000600110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138888 MOD dn="idnsname=0.21.10.in-addr.arpa.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138888 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000700110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138889 ADD dn="idnsName=98,idnsname=0.21.10.in-addr.arpa.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138889 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d220b000800110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138890 MOD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138890 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000c000f0000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138891 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138891 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000f00110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138892 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138892 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001000110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138893 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138893 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001100110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138894 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138894 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001200110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138895 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138895 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001300110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138896 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138896 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001400110000 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138897 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138897 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001500110000 [18/Jan/2016:09:28:01 -0800] conn=29626 op=10 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey" [18/Jan/2016:09:28:01 -0800] conn=29626 op=10 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:01 -0800] conn=29626 op=11 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey" [18/Jan/2016:09:28:01 -0800] conn=29626 op=11 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138898 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138898 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138899 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138899 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:01 -0800] conn=28024 op=138900 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:01 -0800] conn=28024 op=138900 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:01 -0800] conn=29377 op=134 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType" [18/Jan/2016:09:28:01 -0800] conn=29377 op=134 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:01 -0800] conn=29377 op=135 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType" [18/Jan/2016:09:28:01 -0800] conn=29377 op=135 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:01 -0800] conn=74 op=256 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=74 op=256 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001d00100000 [18/Jan/2016:09:28:02 -0800] conn=29632 fd=209 slot=209 connection from 10.178.39.50 to 10.178.0.99 [18/Jan/2016:09:28:02 -0800] conn=29632 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [18/Jan/2016:09:28:02 -0800] conn=29632 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:02 -0800] conn=12 op=76472 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/pres1-msg-msgqa1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/pres1-msg-msgqa1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:02 -0800] conn=12 op=76473 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:02 -0800] conn=12 op=76472 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:02 -0800] conn=12 op=76473 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:02 -0800] conn=12 op=76474 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:02 -0800] conn=12 op=76475 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:28:02 -0800] conn=12 op=76474 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:02 -0800] conn=12 op=76475 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:02 -0800] conn=12 op=76476 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/pres1-msg-msgqa1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/pres1-msg-msgqa1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:02 -0800] conn=12 op=76477 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:02 -0800] conn=12 op=76476 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:02 -0800] conn=12 op=76477 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:02 -0800] conn=12 op=76478 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:02 -0800] conn=12 op=76478 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:02 -0800] conn=12 op=76479 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:28:02 -0800] conn=12 op=76479 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:02 -0800] conn=12 op=76480 SRCH base="fqdn=pres1-msg-msgqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:28:02 -0800] conn=12 op=76480 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:02 -0800] conn=12 op=76481 SRCH base="cn=pres1-msg-msgqa1-nvan.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:02 -0800] conn=12 op=76481 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=12 op=76482 MOD dn="fqdn=pres1-msg-msgqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:02 -0800] conn=12 op=76482 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001e00100000 [18/Jan/2016:09:28:02 -0800] conn=12 op=76483 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:02 -0800] conn=12 op=76483 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:02 -0800] conn=12 op=76484 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:02 -0800] conn=12 op=76485 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:02 -0800] conn=12 op=76484 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:02 -0800] conn=12 op=76485 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:02 -0800] conn=12 op=76486 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/pres1-msg-msgqa1-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:02 -0800] conn=12 op=76487 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:02 -0800] conn=12 op=76486 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:02 -0800] conn=12 op=76487 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:02 -0800] conn=29632 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:02 -0800] conn=29632 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:02 -0800] conn=29632 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:02 -0800] conn=29632 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:02 -0800] conn=29632 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:02 -0800] conn=29632 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=pres1-msg-msgqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:02 -0800] conn=29632 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2)(!(entryusn=2)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=pres1-msg-msgqa1-nvan.mydomain.net)(sudoHost=pres1-msg-msgqa1-nvan)(sudoHost=10.178.39.50)(sudoHost=10.178.0.0/16)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" [18/Jan/2016:09:28:02 -0800] conn=29632 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 [18/Jan/2016:09:28:02 -0800] conn=29633 fd=272 slot=272 connection from 10.21.0.65 to 10.178.0.99 [18/Jan/2016:09:28:02 -0800] conn=29633 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [18/Jan/2016:09:28:02 -0800] conn=29633 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:02 -0800] conn=8 op=67970 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/centos65.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/centos65.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:02 -0800] conn=8 op=67970 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:02 -0800] conn=8 op=67971 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:02 -0800] conn=8 op=67971 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:02 -0800] conn=8 op=67972 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:02 -0800] conn=8 op=67972 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:02 -0800] conn=8 op=67973 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:28:02 -0800] conn=8 op=67973 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:02 -0800] conn=8 op=67974 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/centos65.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/centos65.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:02 -0800] conn=8 op=67974 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:02 -0800] conn=8 op=67975 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:02 -0800] conn=8 op=67975 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:02 -0800] conn=8 op=67976 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:02 -0800] conn=8 op=67976 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:02 -0800] conn=8 op=67977 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:28:02 -0800] conn=8 op=67977 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:02 -0800] conn=8 op=67978 SRCH base="fqdn=centos65.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:28:02 -0800] conn=8 op=67978 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:02 -0800] conn=8 op=67979 SRCH base="cn=centos65.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:02 -0800] conn=8 op=67979 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=8 op=67980 MOD dn="fqdn=centos65.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:02 -0800] conn=8 op=67980 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d000e00100000 [18/Jan/2016:09:28:02 -0800] conn=5 op=87334 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:02 -0800] conn=5 op=87334 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:02 -0800] conn=5 op=87335 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:02 -0800] conn=5 op=87335 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:02 -0800] conn=5 op=87336 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:02 -0800] conn=5 op=87336 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:02 -0800] conn=5 op=87337 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/centos65.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:02 -0800] conn=5 op=87337 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:02 -0800] conn=5 op=87338 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:02 -0800] conn=5 op=87338 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:02 -0800] conn=29633 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:02 -0800] conn=29633 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:02 -0800] conn=29633 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:02 -0800] conn=29633 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:02 -0800] conn=29633 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:02 -0800] conn=29633 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=centos65.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:02 -0800] conn=29633 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2)(!(entryusn=2)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=centos65.mydomain.net)(sudoHost=centos65)(sudoHost=10.21.0.65)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:feb7:3942)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" [18/Jan/2016:09:28:02 -0800] conn=29633 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 [18/Jan/2016:09:28:02 -0800] conn=74 op=257 MOD dn="idnsname=0.21.10.in-addr.arpa.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:02 -0800] conn=74 op=257 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d001200100000 [18/Jan/2016:09:28:02 -0800] conn=74 op=258 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:02 -0800] conn=74 op=258 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d001400100000 [18/Jan/2016:09:28:02 -0800] conn=74 op=259 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:02 -0800] conn=74 op=259 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d001500100000 [18/Jan/2016:09:28:02 -0800] conn=74 op=260 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:02 -0800] conn=74 op=260 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d001700100000 [18/Jan/2016:09:28:02 -0800] conn=74 op=261 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:02 -0800] conn=74 op=261 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d001900100000 [18/Jan/2016:09:28:02 -0800] conn=74 op=262 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:02 -0800] conn=74 op=262 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d001c00100000 [18/Jan/2016:09:28:02 -0800] conn=74 op=263 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:02 -0800] conn=74 op=263 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d001d00100000 [18/Jan/2016:09:28:02 -0800] conn=8852 op=29424 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:02 -0800] conn=8852 op=29424 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=8852 op=29425 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:02 -0800] conn=8852 op=29425 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:04 -0800] conn=28024 op=138901 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:04 -0800] conn=28024 op=138901 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:04 -0800] conn=28024 op=138902 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:04 -0800] conn=28024 op=138902 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:04 -0800] conn=28024 op=138903 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:04 -0800] conn=28024 op=138903 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:04 -0800] conn=28024 op=138904 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:04 -0800] conn=28024 op=138904 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:04 -0800] conn=8852 op=29426 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:04 -0800] conn=8852 op=29426 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:04 -0800] conn=8852 op=29427 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:04 -0800] conn=8852 op=29427 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:04 -0800] conn=8852 op=29428 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:04 -0800] conn=8852 op=29428 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:04 -0800] conn=8852 op=29429 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:04 -0800] conn=8852 op=29429 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:04 -0800] conn=4 op=60086 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:04 -0800] conn=4 op=60086 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:04 -0800] conn=4 op=60087 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:04 -0800] conn=4 op=60087 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:04 -0800] conn=4 op=60088 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:04 -0800] conn=4 op=60088 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:04 -0800] conn=4 op=60089 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:28:04 -0800] conn=4 op=60089 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:04 -0800] conn=5 op=87339 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:04 -0800] conn=5 op=87339 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:04 -0800] conn=5 op=87340 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:04 -0800] conn=5 op=87340 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:04 -0800] conn=5 op=87341 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:04 -0800] conn=5 op=87341 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:04 -0800] conn=5 op=87342 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:28:04 -0800] conn=5 op=87342 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:04 -0800] conn=5 op=87343 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:28:04 -0800] conn=5 op=87343 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:04 -0800] conn=5 op=87344 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:04 -0800] conn=5 op=87344 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:04 -0800] conn=5 op=87345 MOD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:04 -0800] conn=5 op=87345 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2210000600100000 [18/Jan/2016:09:28:04 -0800] conn=29634 fd=298 slot=298 connection from 10.21.0.34 to 10.178.0.99 [18/Jan/2016:09:28:04 -0800] conn=29634 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [18/Jan/2016:09:28:04 -0800] conn=29634 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:04 -0800] conn=4 op=60090 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/zubincentos6vditest-ops-int-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/zubincentos6vditest-ops-int-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:04 -0800] conn=28024 op=138905 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:04 -0800] conn=28024 op=138905 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:04 -0800] conn=4 op=60090 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:04 -0800] conn=28024 op=138906 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:04 -0800] conn=28024 op=138906 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:04 -0800] conn=29634 op=1 UNBIND [18/Jan/2016:09:28:04 -0800] conn=29634 op=1 fd=298 closed - U1 [18/Jan/2016:09:28:04 -0800] conn=28024 op=138907 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:04 -0800] conn=28024 op=138907 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:04 -0800] conn=29635 fd=298 slot=298 connection from 10.21.0.34 to 10.178.0.99 [18/Jan/2016:09:28:04 -0800] conn=29635 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [18/Jan/2016:09:28:04 -0800] conn=29635 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:04 -0800] conn=28024 op=138908 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:04 -0800] conn=28024 op=138908 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:04 -0800] conn=5 op=87346 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/zubincentos6vditest-ops-int-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/zubincentos6vditest-ops-int-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:04 -0800] conn=5 op=87346 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:04 -0800] conn=29635 op=1 UNBIND [18/Jan/2016:09:28:04 -0800] conn=29635 op=1 fd=298 closed - U1 [18/Jan/2016:09:28:05 -0800] conn=28024 op=138909 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:05 -0800] conn=28024 op=138909 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:05 -0800] conn=28024 op=138910 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:05 -0800] conn=28024 op=138910 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:05 -0800] conn=28024 op=138911 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:05 -0800] conn=28024 op=138911 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:05 -0800] conn=28024 op=138912 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:05 -0800] conn=28024 op=138912 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:06 -0800] conn=12 op=76488 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:06 -0800] conn=12 op=76488 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:06 -0800] conn=12 op=76489 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:06 -0800] conn=12 op=76489 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:06 -0800] conn=12 op=76490 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:06 -0800] conn=12 op=76490 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:06 -0800] conn=12 op=76491 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:06 -0800] conn=12 op=76491 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:06 -0800] conn=12 op=76492 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:06 -0800] conn=12 op=76492 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:06 -0800] conn=8852 op=29430 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:06 -0800] conn=8852 op=29430 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:06 -0800] conn=8852 op=29431 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:06 -0800] conn=8852 op=29431 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:06 -0800] conn=8852 op=29432 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:06 -0800] conn=8852 op=29432 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:06 -0800] conn=8852 op=29433 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:06 -0800] conn=8852 op=29433 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:06 -0800] conn=8852 op=29434 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:06 -0800] conn=8852 op=29434 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:06 -0800] conn=8852 op=29435 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:06 -0800] conn=8852 op=29435 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:06 -0800] conn=29626 op=12 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey" [18/Jan/2016:09:28:06 -0800] conn=29626 op=12 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:06 -0800] conn=29626 op=13 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey" [18/Jan/2016:09:28:06 -0800] conn=29626 op=13 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:06 -0800] conn=29626 op=14 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey" [18/Jan/2016:09:28:06 -0800] conn=29626 op=14 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:06 -0800] conn=29626 op=15 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey" [18/Jan/2016:09:28:06 -0800] conn=29626 op=15 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:06 -0800] conn=24917 op=559 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(gidNumber=10002)(objectClass=posixGroup)(cn=*)(&(gidNumber=*)(!(gidNumber=0))))" attrs="objectClass cn userPassword gidNumber member nsUniqueId modifyTimestamp entryusn" [18/Jan/2016:09:28:06 -0800] conn=24917 op=559 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:06 -0800] conn=8852 op=29436 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:06 -0800] conn=8852 op=29436 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:06 -0800] conn=8852 op=29437 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:06 -0800] conn=8852 op=29437 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:07 -0800] conn=29472 op=90 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(ipServicePort=44047)(ipServiceProtocol=tcp)(objectClass=ipService))" attrs="objectClass cn ipServicePort ipServiceProtocol entryusn" [18/Jan/2016:09:28:07 -0800] conn=29472 op=90 RESULT err=0 tag=101 nentries=0 etime=0 notes=U [18/Jan/2016:09:28:07 -0800] conn=12 op=76493 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:07 -0800] conn=12 op=76493 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=12 op=76494 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:07 -0800] conn=12 op=76494 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=12 op=76495 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:07 -0800] conn=12 op=76495 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=12 op=76496 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:07 -0800] conn=12 op=76496 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=12 op=76497 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:07 -0800] conn=12 op=76497 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=8852 op=29438 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:07 -0800] conn=8852 op=29438 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:07 -0800] conn=8852 op=29439 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:07 -0800] conn=8852 op=29439 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:07 -0800] conn=8852 op=29440 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:07 -0800] conn=8852 op=29440 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:07 -0800] conn=8852 op=29441 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:07 -0800] conn=8852 op=29441 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:07 -0800] conn=12 op=76498 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:07 -0800] conn=12 op=76498 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=12 op=76499 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:07 -0800] conn=12 op=76499 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=12 op=76500 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:07 -0800] conn=12 op=76500 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=12 op=76501 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:28:07 -0800] conn=12 op=76501 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=8 op=67981 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:07 -0800] conn=8 op=67981 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=8 op=67982 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:07 -0800] conn=8 op=67982 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=8 op=67983 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:07 -0800] conn=8 op=67983 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=8 op=67984 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:28:07 -0800] conn=8 op=67984 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=8 op=67985 SRCH base="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:28:07 -0800] conn=8 op=67985 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=8 op=67986 MOD dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:07 -0800] conn=8 op=67986 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2213000400100000 [18/Jan/2016:09:28:07 -0800] conn=5 op=87347 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:07 -0800] conn=5 op=87347 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=5 op=87348 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:07 -0800] conn=5 op=87348 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=5 op=87349 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:07 -0800] conn=5 op=87349 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=5 op=87350 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:07 -0800] conn=5 op=87350 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=5 op=87351 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:07 -0800] conn=5 op=87351 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:08 -0800] conn=29377 op=136 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType" [18/Jan/2016:09:28:08 -0800] conn=29377 op=136 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:08 -0800] conn=29377 op=137 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType" [18/Jan/2016:09:28:08 -0800] conn=29377 op=137 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:08 -0800] conn=29377 op=138 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType" [18/Jan/2016:09:28:08 -0800] conn=29377 op=138 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:08 -0800] conn=29377 op=139 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType" [18/Jan/2016:09:28:08 -0800] conn=29377 op=139 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:10 -0800] conn=8852 op=29442 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:10 -0800] conn=8852 op=29442 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:10 -0800] conn=8852 op=29443 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:10 -0800] conn=8852 op=29443 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:10 -0800] conn=8852 op=29444 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:10 -0800] conn=8852 op=29444 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:10 -0800] conn=8852 op=29445 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:10 -0800] conn=8852 op=29445 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:10 -0800] conn=8852 op=29446 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:10 -0800] conn=8852 op=29446 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:10 -0800] conn=8852 op=29447 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:10 -0800] conn=8852 op=29447 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:10 -0800] conn=29369 op=5 UNBIND [18/Jan/2016:09:28:10 -0800] conn=29369 op=5 fd=119 closed - U1 [18/Jan/2016:09:28:11 -0800] conn=29636 fd=119 slot=119 connection from 10.21.12.10 to 10.178.0.99 [18/Jan/2016:09:28:11 -0800] conn=29636 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS" [18/Jan/2016:09:28:11 -0800] conn=29636 op=0 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:11 -0800] conn=29636 op=-1 fd=119 closed - Peer reports failure of signature verification or key exchange. [18/Jan/2016:09:28:11 -0800] conn=28024 op=138913 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:11 -0800] conn=28024 op=138913 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:11 -0800] conn=28024 op=138914 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:11 -0800] conn=28024 op=138914 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:11 -0800] conn=28024 op=138915 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:11 -0800] conn=28024 op=138915 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:11 -0800] conn=28024 op=138916 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:11 -0800] conn=28024 op=138916 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:11 -0800] conn=29370 op=5 UNBIND [18/Jan/2016:09:28:11 -0800] conn=29370 op=5 fd=166 closed - U1 [18/Jan/2016:09:28:11 -0800] conn=29377 op=140 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType" [18/Jan/2016:09:28:11 -0800] conn=29377 op=140 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:11 -0800] conn=29377 op=141 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType" [18/Jan/2016:09:28:11 -0800] conn=29377 op=141 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:12 -0800] conn=29377 op=142 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType" [18/Jan/2016:09:28:12 -0800] conn=29377 op=142 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:12 -0800] conn=29377 op=143 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType" [18/Jan/2016:09:28:12 -0800] conn=29377 op=143 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:12 -0800] conn=29377 op=144 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType" [18/Jan/2016:09:28:12 -0800] conn=29377 op=144 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:12 -0800] conn=29377 op=145 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType" [18/Jan/2016:09:28:12 -0800] conn=29377 op=145 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:12 -0800] conn=8852 op=29448 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:12 -0800] conn=8852 op=29448 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:12 -0800] conn=8852 op=29449 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:12 -0800] conn=8852 op=29449 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:12 -0800] conn=8852 op=29450 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:12 -0800] conn=8852 op=29450 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:12 -0800] conn=8852 op=29451 MOD dn="cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:12 -0800] conn=8852 op=29451 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22180003000f0000 [18/Jan/2016:09:28:12 -0800] conn=28024 op=138917 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:12 -0800] conn=28024 op=138917 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:12 -0800] conn=24917 op=560 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(gidNumber=10002)(objectClass=posixGroup)(cn=*)(&(gidNumber=*)(!(gidNumber=0))))" attrs="objectClass cn userPassword gidNumber member nsUniqueId modifyTimestamp entryusn" [18/Jan/2016:09:28:12 -0800] conn=24917 op=560 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:13 -0800] conn=12 op=76502 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:13 -0800] conn=29472 op=91 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(ipServicePort=44048)(ipServiceProtocol=tcp)(objectClass=ipService))" attrs="objectClass cn ipServicePort ipServiceProtocol entryusn" [18/Jan/2016:09:28:13 -0800] conn=29472 op=91 RESULT err=0 tag=101 nentries=0 etime=0 notes=U [18/Jan/2016:09:28:13 -0800] conn=12 op=76502 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:13 -0800] conn=12 op=76503 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:13 -0800] conn=12 op=76503 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:13 -0800] conn=12 op=76504 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:13 -0800] conn=12 op=76504 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:13 -0800] conn=12 op=76505 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:28:13 -0800] conn=12 op=76505 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:13 -0800] conn=12 op=76506 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:13 -0800] conn=12 op=76506 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:13 -0800] conn=12 op=76507 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:13 -0800] conn=12 op=76507 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:13 -0800] conn=12 op=76508 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:13 -0800] conn=12 op=76508 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:13 -0800] conn=12 op=76509 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:28:13 -0800] conn=12 op=76509 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:13 -0800] conn=12 op=76510 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:28:13 -0800] conn=12 op=76510 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:13 -0800] conn=12 op=76511 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:13 -0800] conn=12 op=76511 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:13 -0800] conn=12 op=76512 MOD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:13 -0800] conn=12 op=76512 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2218000a00100000 [18/Jan/2016:09:28:13 -0800] conn=12 op=76513 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:13 -0800] conn=12 op=76513 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:13 -0800] conn=12 op=76514 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:13 -0800] conn=12 op=76514 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:13 -0800] conn=12 op=76515 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:13 -0800] conn=12 op=76515 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:13 -0800] conn=12 op=76516 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:13 -0800] conn=12 op=76516 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:13 -0800] conn=12 op=76517 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:13 -0800] conn=12 op=76517 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:14 -0800] conn=8852 op=29452 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:14 -0800] conn=8852 op=29452 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:14 -0800] conn=8852 op=29453 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:14 -0800] conn=8852 op=29453 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:14 -0800] conn=8852 op=29454 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:14 -0800] conn=8852 op=29454 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:15 -0800] conn=8852 op=29455 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:15 -0800] conn=8852 op=29455 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:15 -0800] conn=8852 op=29456 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:15 -0800] conn=8852 op=29456 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:15 -0800] conn=8852 op=29457 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:15 -0800] conn=8852 op=29457 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:15 -0800] conn=8852 op=29458 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:15 -0800] conn=8852 op=29458 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:15 -0800] conn=29631 op=15 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=ntp)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType usercertificate;binary" [18/Jan/2016:09:28:15 -0800] conn=29631 op=15 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:15 -0800] conn=24917 op=561 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(gidNumber=10002)(objectClass=posixGroup)(cn=*)(&(gidNumber=*)(!(gidNumber=0))))" attrs="objectClass cn userPassword gidNumber member nsUniqueId modifyTimestamp entryusn" [18/Jan/2016:09:28:15 -0800] conn=24917 op=561 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:15 -0800] conn=29371 op=5 UNBIND [18/Jan/2016:09:28:15 -0800] conn=29371 op=5 fd=217 closed - U1 [18/Jan/2016:09:28:16 -0800] conn=8852 op=29459 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:16 -0800] conn=8852 op=29459 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:16 -0800] conn=8852 op=29460 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:16 -0800] conn=8852 op=29460 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:16 -0800] conn=8852 op=29461 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:16 -0800] conn=8852 op=29461 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:16 -0800] conn=8852 op=29462 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:16 -0800] conn=8852 op=29462 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:16 -0800] conn=24917 op=562 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(gidNumber=10002)(objectClass=posixGroup)(cn=*)(&(gidNumber=*)(!(gidNumber=0))))" attrs="objectClass cn userPassword gidNumber member nsUniqueId modifyTimestamp entryusn" [18/Jan/2016:09:28:16 -0800] conn=24917 op=562 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:16 -0800] conn=24917 op=563 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(gidNumber=10002)(objectClass=posixGroup)(cn=*)(&(gidNumber=*)(!(gidNumber=0))))" attrs="objectClass cn userPassword gidNumber member nsUniqueId modifyTimestamp entryusn" [18/Jan/2016:09:28:16 -0800] conn=24917 op=563 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:16 -0800] conn=28024 op=138918 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:16 -0800] conn=28024 op=138918 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:16 -0800] conn=28024 op=138919 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:16 -0800] conn=28024 op=138919 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:16 -0800] conn=29372 op=5 UNBIND [18/Jan/2016:09:28:16 -0800] conn=29372 op=5 fd=264 closed - U1 [18/Jan/2016:09:28:16 -0800] conn=29373 op=5 UNBIND [18/Jan/2016:09:28:16 -0800] conn=29373 op=5 fd=265 closed - U1 [18/Jan/2016:09:28:17 -0800] conn=29637 fd=119 slot=119 connection from 10.21.5.100 to 10.178.0.99 [18/Jan/2016:09:28:17 -0800] conn=29637 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [18/Jan/2016:09:28:17 -0800] conn=29637 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:17 -0800] conn=5 op=87352 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/fe1-gas-msgci1-van.login.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/fe1-gas-msgci1-van.login.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:17 -0800] conn=5 op=87352 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:17 -0800] conn=5 op=87353 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:17 -0800] conn=5 op=87353 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:17 -0800] conn=5 op=87354 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:17 -0800] conn=5 op=87354 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:17 -0800] conn=5 op=87355 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:28:17 -0800] conn=5 op=87355 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:17 -0800] conn=5 op=87356 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/fe1-gas-msgci1-van.login.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/fe1-gas-msgci1-van.login.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:17 -0800] conn=5 op=87356 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:17 -0800] conn=5 op=87357 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:17 -0800] conn=5 op=87357 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:17 -0800] conn=5 op=87358 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:17 -0800] conn=5 op=87358 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:17 -0800] conn=5 op=87359 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:28:17 -0800] conn=5 op=87359 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:17 -0800] conn=5 op=87360 SRCH base="fqdn=fe1-gas-msgci1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:28:17 -0800] conn=5 op=87360 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:17 -0800] conn=5 op=87361 SRCH base="cn=fe1-gas-msgci1-van.login.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:17 -0800] conn=5 op=87361 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:17 -0800] conn=5 op=87362 MOD dn="fqdn=fe1-gas-msgci1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:17 -0800] conn=5 op=87362 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d221c000600100000 [18/Jan/2016:09:28:17 -0800] conn=5 op=87363 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:17 -0800] conn=5 op=87363 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:17 -0800] conn=5 op=87364 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:17 -0800] conn=5 op=87364 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:17 -0800] conn=5 op=87365 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:17 -0800] conn=5 op=87365 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:17 -0800] conn=5 op=87366 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/fe1-gas-msgci1-van.login.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:17 -0800] conn=5 op=87366 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:17 -0800] conn=5 op=87367 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:17 -0800] conn=5 op=87367 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:17 -0800] conn=29637 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:17 -0800] conn=29637 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:17 -0800] conn=29637 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:17 -0800] conn=29637 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:17 -0800] conn=29637 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:17 -0800] conn=29637 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=fe1-gas-msgci1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:17 -0800] conn=29637 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2)(!(entryusn=2)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=fe1-gas-msgci1-van.login.mydomain.net)(sudoHost=fe1-gas-msgci1-van)(sudoHost=10.21.5.100)(sudoHost=10.21.0.0/16)(sudoHost=fe80::226:55ff:fe22:6572)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" [18/Jan/2016:09:28:17 -0800] conn=29637 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 [18/Jan/2016:09:28:17 -0800] conn=28024 op=138920 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:17 -0800] conn=28024 op=138920 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:17 -0800] conn=28024 op=138921 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:17 -0800] conn=28024 op=138921 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:17 -0800] conn=28024 op=138922 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:17 -0800] conn=28024 op=138922 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:17 -0800] conn=28024 op=138923 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:17 -0800] conn=28024 op=138923 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:18 -0800] conn=29638 fd=166 slot=166 connection from 10.21.28.70 to 10.178.0.99 [18/Jan/2016:09:28:18 -0800] conn=29638 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [18/Jan/2016:09:28:18 -0800] conn=29638 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:18 -0800] conn=12 op=76518 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/all-mre-masnap1-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/all-mre-masnap1-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:18 -0800] conn=12 op=76518 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:18 -0800] conn=12 op=76519 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:18 -0800] conn=12 op=76519 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:18 -0800] conn=12 op=76520 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:18 -0800] conn=12 op=76520 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:18 -0800] conn=12 op=76521 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:28:18 -0800] conn=12 op=76521 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:18 -0800] conn=5 op=87368 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/all-mre-masnap1-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/all-mre-masnap1-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:18 -0800] conn=5 op=87368 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:18 -0800] conn=5 op=87369 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:18 -0800] conn=5 op=87369 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:18 -0800] conn=5 op=87370 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:18 -0800] conn=5 op=87370 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:18 -0800] conn=5 op=87371 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:28:18 -0800] conn=5 op=87371 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:18 -0800] conn=5 op=87372 SRCH base="fqdn=all-mre-masnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:28:18 -0800] conn=5 op=87372 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:18 -0800] conn=5 op=87373 SRCH base="cn=all-mre-masnap1-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:18 -0800] conn=5 op=87373 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:18 -0800] conn=5 op=87374 MOD dn="fqdn=all-mre-masnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:18 -0800] conn=5 op=87374 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d221c001100100000 [18/Jan/2016:09:28:18 -0800] conn=5 op=87375 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:18 -0800] conn=5 op=87375 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:18 -0800] conn=5 op=87376 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:18 -0800] conn=5 op=87376 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:18 -0800] conn=5 op=87377 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:18 -0800] conn=5 op=87377 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:18 -0800] conn=5 op=87378 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/all-mre-masnap1-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:18 -0800] conn=29639 fd=217 slot=217 connection from 10.21.5.241 to 10.178.0.99 [18/Jan/2016:09:28:18 -0800] conn=29639 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [18/Jan/2016:09:28:18 -0800] conn=5 op=87378 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:18 -0800] conn=29639 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:18 -0800] conn=5 op=87379 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:18 -0800] conn=5 op=87379 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:18 -0800] conn=29638 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:18 -0800] conn=29638 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:18 -0800] conn=29639 op=1 UNBIND [18/Jan/2016:09:28:18 -0800] conn=29639 op=1 fd=217 closed - U1 [18/Jan/2016:09:28:18 -0800] conn=29638 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:18 -0800] conn=29638 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:18 -0800] conn=29638 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:18 -0800] conn=29638 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=all-mre-masnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:18 -0800] conn=29638 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2)(!(entryusn=2)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=all-mre-masnap1-van.mydomain.net)(sudoHost=all-mre-masnap1-van)(sudoHost=10.21.28.70)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:2935)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" [18/Jan/2016:09:28:18 -0800] conn=29638 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 [18/Jan/2016:09:28:19 -0800] conn=24917 op=564 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(gidNumber=10002)(objectClass=posixGroup)(cn=*)(&(gidNumber=*)(!(gidNumber=0))))" attrs="objectClass cn userPassword gidNumber member nsUniqueId modifyTimestamp entryusn" [18/Jan/2016:09:28:19 -0800] conn=24917 op=564 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:19 -0800] conn=29472 op=92 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(ipServicePort=44049)(ipServiceProtocol=tcp)(objectClass=ipService))" attrs="objectClass cn ipServicePort ipServiceProtocol entryusn" [18/Jan/2016:09:28:19 -0800] conn=29472 op=92 RESULT err=0 tag=101 nentries=0 etime=0 notes=U [18/Jan/2016:09:28:21 -0800] conn=28024 op=138924 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:21 -0800] conn=28024 op=138924 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:21 -0800] conn=28024 op=138925 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:21 -0800] conn=28024 op=138925 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:21 -0800] conn=28024 op=138926 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:21 -0800] conn=28024 op=138926 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:21 -0800] conn=28024 op=138927 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:21 -0800] conn=28024 op=138927 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:22 -0800] conn=29640 fd=217 slot=217 connection from 10.21.8.64 to 10.178.0.99 [18/Jan/2016:09:28:22 -0800] conn=29640 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [18/Jan/2016:09:28:22 -0800] conn=29640 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=12 op=76522 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/van-test-conv4.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/van-test-conv4.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:22 -0800] conn=12 op=76522 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=12 op=76523 SRCH base="cn=ipaConfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaConfigString ipaKrbAuthzData ipaUserAuthType" [18/Jan/2016:09:28:22 -0800] conn=12 op=76523 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=12 op=76524 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:22 -0800] conn=12 op=76524 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=12 op=76525 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:22 -0800] conn=12 op=76525 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=12 op=76526 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:28:22 -0800] conn=12 op=76526 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=5 op=87380 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/van-test-conv4.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/van-test-conv4.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:22 -0800] conn=5 op=87380 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=5 op=87381 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:22 -0800] conn=5 op=87381 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=5 op=87382 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:22 -0800] conn=5 op=87382 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=5 op=87383 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:28:22 -0800] conn=5 op=87383 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=5 op=87384 SRCH base="fqdn=van-test-conv4.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:28:22 -0800] conn=5 op=87384 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=5 op=87385 SRCH base="cn=van-test-conv4.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:22 -0800] conn=5 op=87385 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:22 -0800] conn=5 op=87386 MOD dn="fqdn=van-test-conv4.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:22 -0800] conn=5 op=87386 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d221c001b00100000 [18/Jan/2016:09:28:22 -0800] conn=4 op=60091 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:22 -0800] conn=4 op=60091 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=4 op=60092 SRCH base="cn=ipaConfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaConfigString ipaKrbAuthzData ipaUserAuthType" [18/Jan/2016:09:28:22 -0800] conn=4 op=60092 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=4 op=60093 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:22 -0800] conn=4 op=60093 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=4 op=60094 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:22 -0800] conn=4 op=60094 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=4 op=60095 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/van-test-conv4.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:22 -0800] conn=4 op=60095 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=4 op=60096 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:22 -0800] conn=4 op=60096 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=29640 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:22 -0800] conn=29640 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:22 -0800] conn=29640 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:22 -0800] conn=29640 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:22 -0800] conn=29640 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:22 -0800] conn=29640 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=van-test-conv4.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:22 -0800] conn=29640 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2)(!(entryusn=2)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=van-test-conv4.mydomain.net)(sudoHost=van-test-conv4)(sudoHost=10.21.8.64)(sudoHost=10.21.0.0/16)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" [18/Jan/2016:09:28:22 -0800] conn=29640 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 [18/Jan/2016:09:28:22 -0800] conn=8852 op=29463 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:22 -0800] conn=8852 op=29463 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:22 -0800] conn=8852 op=29464 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:22 -0800] conn=8852 op=29464 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:22 -0800] conn=8852 op=29465 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:22 -0800] conn=8852 op=29465 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:22 -0800] conn=8852 op=29466 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:22 -0800] conn=8852 op=29466 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:22 -0800] conn=8852 op=29467 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:22 -0800] conn=8852 op=29467 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:22 -0800] conn=8852 op=29468 ADD dn="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:22 -0800] conn=8852 op=29468 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d22220006000f0000 [18/Jan/2016:09:28:22 -0800] conn=28024 op=138928 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:22 -0800] conn=28024 op=138928 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:22 -0800] conn=29641 fd=264 slot=264 connection from 10.21.23.163 to 10.178.0.99 [18/Jan/2016:09:28:22 -0800] conn=29641 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [18/Jan/2016:09:28:22 -0800] conn=29641 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=12 op=76527 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/report1-urs-cpqa1-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/report1-urs-cpqa1-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:22 -0800] conn=12 op=76527 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=12 op=76528 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:22 -0800] conn=12 op=76528 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=12 op=76529 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:23 -0800] conn=12 op=76530 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:28:23 -0800] conn=12 op=76529 RESULT err=0 tag=101 nentries=1 etime=1 [18/Jan/2016:09:28:23 -0800] conn=12 op=76530 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=4 op=60097 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/report1-urs-cpqa1-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/report1-urs-cpqa1-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:23 -0800] conn=4 op=60097 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=4 op=60098 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:23 -0800] conn=4 op=60098 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=4 op=60099 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:23 -0800] conn=4 op=60099 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=4 op=60100 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:28:23 -0800] conn=4 op=60100 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=4 op=60101 SRCH base="fqdn=report1-urs-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:28:23 -0800] conn=4 op=60101 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=4 op=60102 SRCH base="cn=report1-urs-cpqa1-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:23 -0800] conn=4 op=60102 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:23 -0800] conn=4 op=60103 MOD dn="fqdn=report1-urs-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:23 -0800] conn=4 op=60103 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2222000a00100000 [18/Jan/2016:09:28:23 -0800] conn=5 op=87387 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:23 -0800] conn=5 op=87388 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:23 -0800] conn=5 op=87387 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=5 op=87389 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:23 -0800] conn=5 op=87388 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=5 op=87389 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=5 op=87390 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/report1-urs-cpqa1-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:23 -0800] conn=5 op=87391 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:23 -0800] conn=5 op=87391 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=5 op=87390 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=29641 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:23 -0800] conn=29641 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:23 -0800] conn=29641 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:23 -0800] conn=29641 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:23 -0800] conn=29641 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:23 -0800] conn=29641 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=report1-urs-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:23 -0800] conn=29641 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2)(!(entryusn=2)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=report1-urs-cpqa1-van.mydomain.net)(sudoHost=report1-urs-cpqa1-van)(sudoHost=10.21.23.163)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:5137)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" [18/Jan/2016:09:28:23 -0800] conn=29641 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 [18/Jan/2016:09:28:23 -0800] conn=8 op=67987 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:23 -0800] conn=8 op=67987 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=8 op=67988 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:23 -0800] conn=8 op=67989 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:23 -0800] conn=8 op=67988 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=8 op=67989 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=8 op=67990 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:28:23 -0800] conn=8 op=67990 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=4 op=60104 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:23 -0800] conn=4 op=60104 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=4 op=60105 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:23 -0800] conn=4 op=60105 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=4 op=60106 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:23 -0800] conn=4 op=60106 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=4 op=60107 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:28:23 -0800] conn=4 op=60107 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=4 op=60108 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:28:23 -0800] conn=4 op=60108 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=4 op=60109 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:23 -0800] conn=4 op=60109 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:23 -0800] conn=4 op=60110 MOD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:23 -0800] conn=4 op=60110 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2222001100100000 [18/Jan/2016:09:28:23 -0800] conn=29642 fd=265 slot=265 connection from 10.21.23.61 to 10.178.0.99 [18/Jan/2016:09:28:23 -0800] conn=29642 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [18/Jan/2016:09:28:23 -0800] conn=29642 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=8 op=67991 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/fe1-sin-cpqa1-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/fe1-sin-cpqa1-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:23 -0800] conn=8 op=67991 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=8 op=67992 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:23 -0800] conn=8 op=67992 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=8 op=67993 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:23 -0800] conn=8 op=67993 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=8 op=67994 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:28:23 -0800] conn=8 op=67994 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=4 op=60111 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/fe1-sin-cpqa1-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/fe1-sin-cpqa1-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:23 -0800] conn=4 op=60111 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=4 op=60112 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:23 -0800] conn=4 op=60112 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=4 op=60113 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:23 -0800] conn=4 op=60113 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=4 op=60114 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:28:23 -0800] conn=4 op=60114 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=4 op=60115 SRCH base="fqdn=fe1-sin-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:28:23 -0800] conn=4 op=60115 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=4 op=60116 SRCH base="cn=fe1-sin-cpqa1-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:23 -0800] conn=4 op=60116 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:23 -0800] conn=4 op=60117 MOD dn="fqdn=fe1-sin-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:23 -0800] conn=4 op=60117 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2222001200100000 [18/Jan/2016:09:28:23 -0800] conn=4 op=60118 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:23 -0800] conn=4 op=60118 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=4 op=60119 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:23 -0800] conn=4 op=60119 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=4 op=60120 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:23 -0800] conn=4 op=60120 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=4 op=60121 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/fe1-sin-cpqa1-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:23 -0800] conn=4 op=60121 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=4 op=60122 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:23 -0800] conn=4 op=60122 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=29642 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:23 -0800] conn=29642 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:23 -0800] conn=29642 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:23 -0800] conn=29642 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:23 -0800] conn=4 op=60123 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:23 -0800] conn=29642 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:23 -0800] conn=4 op=60123 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=4 op=60124 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:23 -0800] conn=29642 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=fe1-sin-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:23 -0800] conn=29642 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2)(!(entryusn=2)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=fe1-sin-cpqa1-van.mydomain.net)(sudoHost=fe1-sin-cpqa1-van)(sudoHost=10.21.23.61)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:6)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" [18/Jan/2016:09:28:23 -0800] conn=29642 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 [18/Jan/2016:09:28:23 -0800] conn=4 op=60124 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=4 op=60125 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:23 -0800] conn=4 op=60125 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=4 op=60126 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:23 -0800] conn=4 op=60126 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=4 op=60127 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:23 -0800] conn=4 op=60127 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=5 op=87392 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:23 -0800] conn=5 op=87392 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=5 op=87393 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:23 -0800] conn=5 op=87393 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=5 op=87394 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:23 -0800] conn=5 op=87394 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=5 op=87395 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:23 -0800] conn=5 op=87395 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=24917 op=565 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(gidNumber=10002)(objectClass=posixGroup)(cn=*)(&(gidNumber=*)(!(gidNumber=0))))" attrs="objectClass cn userPassword gidNumber member nsUniqueId modifyTimestamp entryusn" [18/Jan/2016:09:28:23 -0800] conn=24917 op=565 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:23 -0800] conn=29643 fd=298 slot=298 connection from 10.178.0.98 to 10.178.0.99 [18/Jan/2016:09:28:23 -0800] conn=29643 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:23 -0800] conn=29643 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:23 -0800] conn=29643 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:23 -0800] conn=29643 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:23 -0800] conn=29643 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:23 -0800] conn=29643 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="krbprincipalname=ldap/dc2-ipa-dev-nvan.mydomain.net at mydomain.net,cn=services,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:23 -0800] conn=29643 op=3 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension" [18/Jan/2016:09:28:23 -0800] conn=29643 op=3 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=29643 op=4 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension" [18/Jan/2016:09:28:23 -0800] conn=29643 op=4 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=29643 op=5 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:23 -0800] conn=29643 op=5 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:23 -0800] conn=29643 op=6 ADD dn="cn=99990009,ou=ca,ou=requests,o=ipaca" [18/Jan/2016:09:28:23 -0800] conn=29643 op=6 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d2323000004470000 [18/Jan/2016:09:28:23 -0800] conn=29643 op=7 ADD dn="cn=2684289033,ou=certificateRepository,ou=ca,o=ipaca" [18/Jan/2016:09:28:23 -0800] conn=29643 op=7 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d2323000104470000 [18/Jan/2016:09:28:23 -0800] conn=29644 fd=315 slot=315 connection from 10.21.0.99 to 10.178.0.99 [18/Jan/2016:09:28:23 -0800] conn=29644 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:28 -0800] conn=29643 op=8 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:28 -0800] conn=29546 op=6 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=mapred)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey" [18/Jan/2016:09:28:28 -0800] conn=29546 op=6 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:28 -0800] conn=29472 op=93 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(ipServicePort=44050)(ipServiceProtocol=tcp)(objectClass=ipService))" attrs="objectClass cn ipServicePort ipServiceProtocol entryusn" [18/Jan/2016:09:28:28 -0800] conn=29472 op=93 RESULT err=0 tag=101 nentries=0 etime=0 notes=U [18/Jan/2016:09:28:28 -0800] conn=28024 op=138929 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:28 -0800] conn=8852 op=29469 MOD dn="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:28 -0800] conn=28024 op=138929 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:28 -0800] conn=29644 op=0 RESULT err=14 tag=97 nentries=0 etime=5, SASL bind in progress [18/Jan/2016:09:28:28 -0800] conn=29643 op=8 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:28 -0800] conn=29644 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:28 -0800] conn=29644 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:28 -0800] conn=8852 op=29469 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2222000c000f0000 [18/Jan/2016:09:28:28 -0800] conn=8852 op=29470 MOD dn="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:28 -0800] conn=29644 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:28 -0800] conn=29644 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="krbprincipalname=ldap/dc1-ipa-dev-van.mydomain.net at mydomain.net,cn=services,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:28 -0800] conn=8852 op=29470 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2222000d000f0000 [18/Jan/2016:09:28:28 -0800] conn=8852 op=29471 MOD dn="cn=repl keep alive 16,dc=mydomain,dc=net" [18/Jan/2016:09:28:28 -0800] conn=8852 op=29471 RESULT err=0 tag=103 nentries=0 etime=0 [18/Jan/2016:09:28:28 -0800] conn=29644 op=3 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension" [18/Jan/2016:09:28:28 -0800] conn=29644 op=3 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:28 -0800] conn=8852 op=29472 MOD dn="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:28 -0800] conn=29644 op=4 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension" [18/Jan/2016:09:28:28 -0800] conn=8852 op=29472 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22230001000f0000 [18/Jan/2016:09:28:28 -0800] conn=29644 op=4 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:28 -0800] conn=29644 op=5 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:28 -0800] conn=29644 op=5 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:28 -0800] conn=29644 op=6 MOD dn="cn=99990009,ou=ca,ou=requests,o=ipaca" [18/Jan/2016:09:28:28 -0800] conn=29644 op=6 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2323000304470000 [18/Jan/2016:09:28:28 -0800] conn=29644 op=7 MOD dn="ou=ca,ou=requests,o=ipaca" [18/Jan/2016:09:28:28 -0800] conn=29644 op=7 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2323000504470000 [18/Jan/2016:09:28:28 -0800] conn=28024 op=138930 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:28 -0800] conn=28024 op=138930 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:28 -0800] conn=29644 op=8 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:28 -0800] conn=29644 op=8 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:28 -0800] conn=29644 op=9 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:28 -0800] conn=29644 op=9 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:28 -0800] conn=29644 op=10 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:28 -0800] conn=29644 op=10 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:28 -0800] conn=8852 op=29473 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:28 -0800] conn=8852 op=29473 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:28 -0800] conn=8852 op=29474 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:28 -0800] conn=8852 op=29474 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:28 -0800] conn=8852 op=29475 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:28 -0800] conn=8852 op=29475 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:28 -0800] conn=29643 op=9 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:28 -0800] conn=29643 op=9 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:28 -0800] conn=29643 op=10 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:28 -0800] conn=29643 op=10 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:30 -0800] conn=29546 op=7 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=spark)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey" [18/Jan/2016:09:28:30 -0800] conn=29546 op=7 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:31 -0800] conn=28024 op=138931 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:31 -0800] conn=28024 op=138931 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:31 -0800] conn=28024 op=138932 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:31 -0800] conn=28024 op=138932 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:32 -0800] conn=8852 op=29476 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:32 -0800] conn=8852 op=29476 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:32 -0800] conn=8852 op=29477 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:32 -0800] conn=8852 op=29477 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:32 -0800] conn=28024 op=138933 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:32 -0800] conn=28024 op=138933 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:32 -0800] conn=28024 op=138934 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:32 -0800] conn=28024 op=138934 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:32 -0800] conn=28024 op=138935 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:32 -0800] conn=28024 op=138935 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:32 -0800] conn=28024 op=138936 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:32 -0800] conn=28024 op=138936 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:32 -0800] conn=8852 op=29478 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:32 -0800] conn=8852 op=29478 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:32 -0800] conn=8852 op=29479 MOD dn="cn=replication,cn=etc,dc=mydomain,dc=net" [18/Jan/2016:09:28:32 -0800] conn=8852 op=29479 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d222c0007000f0000 [18/Jan/2016:09:28:32 -0800] conn=28024 op=138937 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:32 -0800] conn=28024 op=138937 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:33 -0800] conn=29645 fd=314 slot=314 connection from 10.178.6.56 to 10.178.0.99 [18/Jan/2016:09:28:33 -0800] conn=29645 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [18/Jan/2016:09:28:33 -0800] conn=29645 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:33 -0800] conn=5 op=87396 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:33 -0800] conn=5 op=87396 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:33 -0800] conn=29645 op=1 UNBIND [18/Jan/2016:09:28:33 -0800] conn=29645 op=1 fd=314 closed - U1 [18/Jan/2016:09:28:33 -0800] conn=29646 fd=314 slot=314 connection from 10.178.6.56 to 10.178.0.99 [18/Jan/2016:09:28:33 -0800] conn=29646 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [18/Jan/2016:09:28:33 -0800] conn=29646 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:33 -0800] conn=5 op=87397 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:33 -0800] conn=5 op=87397 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:33 -0800] conn=29646 op=1 UNBIND [18/Jan/2016:09:28:33 -0800] conn=29646 op=1 fd=314 closed - U1 [18/Jan/2016:09:28:34 -0800] conn=29472 op=94 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(ipServicePort=44051)(ipServiceProtocol=tcp)(objectClass=ipService))" attrs="objectClass cn ipServicePort ipServiceProtocol entryusn" [18/Jan/2016:09:28:34 -0800] conn=29472 op=94 RESULT err=0 tag=101 nentries=0 etime=0 notes=U [18/Jan/2016:09:28:34 -0800] conn=29376 op=5 UNBIND [18/Jan/2016:09:28:34 -0800] conn=29376 op=5 fd=218 closed - U1 [18/Jan/2016:09:28:34 -0800] conn=8852 op=29480 MOD dn="cn=replication,cn=etc,dc=mydomain,dc=net" [18/Jan/2016:09:28:34 -0800] conn=8852 op=29480 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d222d0000000f0000 [18/Jan/2016:09:28:35 -0800] conn=8852 op=29481 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:35 -0800] conn=8852 op=29481 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:35 -0800] conn=8852 op=29482 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:35 -0800] conn=8852 op=29482 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:35 -0800] conn=8852 op=29483 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:35 -0800] conn=8852 op=29483 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:35 -0800] conn=29546 op=8 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2)(!(entryusn=2)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=van-test-conv2.mydomain.net)(sudoHost=van-test-conv2)(sudoHost=10.21.8.62)(sudoHost=10.21.0.0/16)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" [18/Jan/2016:09:28:35 -0800] conn=29546 op=8 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 [18/Jan/2016:09:28:36 -0800] conn=28024 op=138938 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:36 -0800] conn=28024 op=138938 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:36 -0800] conn=28024 op=138939 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:36 -0800] conn=28024 op=138939 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:37 -0800] conn=8852 op=29484 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:37 -0800] conn=8852 op=29484 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:37 -0800] conn=8852 op=29485 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:37 -0800] conn=8852 op=29485 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:37 -0800] conn=8852 op=29486 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:37 -0800] conn=8852 op=29486 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:37 -0800] conn=8852 op=29487 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:37 -0800] conn=8852 op=29487 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:40 -0800] conn=29472 op=95 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(ipServicePort=44052)(ipServiceProtocol=tcp)(objectClass=ipService))" attrs="objectClass cn ipServicePort ipServiceProtocol entryusn" [18/Jan/2016:09:28:40 -0800] conn=29472 op=95 RESULT err=0 tag=101 nentries=0 etime=0 notes=U [18/Jan/2016:09:28:40 -0800] conn=29472 op=96 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2)(!(entryusn=2)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=katello1-ops-int-nvan.mydomain.net)(sudoHost=katello1-ops-int-nvan)(sudoHost=10.178.0.110)(sudoHost=10.178.0.0/16)(sudoHost=fe80::250:56ff:feb7:6972)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" [18/Jan/2016:09:28:40 -0800] conn=29472 op=96 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=1 [18/Jan/2016:09:28:41 -0800] conn=24881 op=28 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=mailer-daemon)(objectClass=posixAccount))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf nsUniqueId modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock" [18/Jan/2016:09:28:41 -0800] conn=24881 op=28 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:41 -0800] conn=29647 fd=218 slot=218 connection from 10.21.8.151 to 10.178.0.99 [18/Jan/2016:09:28:41 -0800] conn=29647 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [18/Jan/2016:09:28:41 -0800] conn=29647 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:41 -0800] conn=4 op=60128 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/proxy1-pr-mcsnap2-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/proxy1-pr-mcsnap2-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:41 -0800] conn=4 op=60128 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:41 -0800] conn=4 op=60129 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:41 -0800] conn=4 op=60129 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:41 -0800] conn=4 op=60130 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:41 -0800] conn=4 op=60130 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:41 -0800] conn=4 op=60131 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:28:41 -0800] conn=4 op=60131 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:41 -0800] conn=5 op=87398 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/proxy1-pr-mcsnap2-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/proxy1-pr-mcsnap2-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:41 -0800] conn=5 op=87398 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:41 -0800] conn=5 op=87399 SRCH base="cn=ipaConfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaConfigString ipaKrbAuthzData ipaUserAuthType" [18/Jan/2016:09:28:41 -0800] conn=5 op=87399 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:41 -0800] conn=5 op=87400 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:41 -0800] conn=5 op=87400 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:41 -0800] conn=5 op=87401 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:41 -0800] conn=5 op=87401 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:41 -0800] conn=5 op=87402 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:28:41 -0800] conn=5 op=87402 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:41 -0800] conn=5 op=87403 SRCH base="fqdn=proxy1-pr-mcsnap2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:28:41 -0800] conn=5 op=87403 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:41 -0800] conn=5 op=87404 SRCH base="cn=proxy1-pr-mcsnap2-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:41 -0800] conn=5 op=87404 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:41 -0800] conn=5 op=87405 MOD dn="fqdn=proxy1-pr-mcsnap2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:41 -0800] conn=5 op=87405 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2231000500100000 [18/Jan/2016:09:28:41 -0800] conn=5 op=87406 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:41 -0800] conn=5 op=87406 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:41 -0800] conn=5 op=87407 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:41 -0800] conn=5 op=87407 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:41 -0800] conn=5 op=87408 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:41 -0800] conn=5 op=87408 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:41 -0800] conn=5 op=87409 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/proxy1-pr-mcsnap2-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:41 -0800] conn=5 op=87409 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:41 -0800] conn=5 op=87410 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:41 -0800] conn=5 op=87410 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:41 -0800] conn=29647 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:41 -0800] conn=29647 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:41 -0800] conn=29647 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:41 -0800] conn=29647 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:41 -0800] conn=29647 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:41 -0800] conn=29647 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=proxy1-pr-mcsnap2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:41 -0800] conn=29647 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2)(!(entryusn=2)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=proxy1-pr-mcsnap2-van.mydomain.net)(sudoHost=proxy1-pr-mcsnap2-van)(sudoHost=10.21.8.151)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:5770)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" [18/Jan/2016:09:28:41 -0800] conn=29647 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 [18/Jan/2016:09:28:41 -0800] conn=29377 op=146 UNBIND [18/Jan/2016:09:28:41 -0800] conn=29377 op=146 fd=281 closed - U1 [18/Jan/2016:09:28:43 -0800] conn=29648 fd=281 slot=281 connection from 10.21.12.10 to 10.178.0.99 [18/Jan/2016:09:28:43 -0800] conn=29648 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS" [18/Jan/2016:09:28:43 -0800] conn=29648 op=0 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:43 -0800] conn=29648 op=-1 fd=281 closed - Peer reports failure of signature verification or key exchange. [18/Jan/2016:09:28:43 -0800] conn=8852 op=29488 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:43 -0800] conn=8852 op=29488 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:43 -0800] conn=8852 op=29489 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:43 -0800] conn=8852 op=29489 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:44 -0800] conn=8852 op=29490 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:44 -0800] conn=8852 op=29490 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:44 -0800] conn=8852 op=29491 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:44 -0800] conn=8852 op=29491 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:44 -0800] conn=28024 op=138940 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:44 -0800] conn=28024 op=138940 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:44 -0800] conn=28024 op=138941 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:44 -0800] conn=28024 op=138941 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:44 -0800] conn=28024 op=138942 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:44 -0800] conn=28024 op=138942 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:44 -0800] conn=28024 op=138943 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:44 -0800] conn=28024 op=138943 RESULT err=0 tag=120 nentries=0 etime=0 ^C -----Original Message----- From: Rob Crittenden [mailto:rcritten at redhat.com] Sent: January-18-16 9:59 AM To: Nathan Peters; Petr Vobornik; freeipa-users at redhat.com Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists Nathan Peters wrote: > I assume you mean look at the DS log on the machine being installed?\ I think he meant on the master that generated the prepare file. There may be some left-over, unexpected entry. rob From pvoborni at redhat.com Mon Jan 18 18:30:07 2016 From: pvoborni at redhat.com (Petr Vobornik) Date: Mon, 18 Jan 2016 19:30:07 +0100 Subject: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists In-Reply-To: References: <569CB899.9040603@redhat.com> <569CCB5D.8040400@redhat.com> <569D27C4.10602@redhat.com> Message-ID: <569D2F2F.6080806@redhat.com> On 01/18/2016 07:10 PM, Nathan Peters wrote: > This is FreeIPA 4.3.0. There is no master generating the prepare file (unless its still handled in the background invisibly to the user). Right. But the replica installer picks some server as a master. Ipa-replica-install is run directly from an unjoined client (or joined client, I have tried both). > > However, after tracking the logs of all 3 existing IPA servers during the attempted installation, the CA master appears to be the one doing something. Here are the logs for that time period. Note that there is no "err=68" anywhere in here: Are all 3 existing server functioning well, e.g with working replication? Could you check `ipa server-find` if there is no left-over server - e.g. failed installation. Could be check also in `ipa-replica-manage list` if there is some leftover, please remove it with `ipa-replica-manage del $FQDN` command. Wrt the logs. I did not meant that but Rob was right. The installer tries to update "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" entry on both master and the replica. If the entry does not exist, the installer also creates it. On replica it behaves correctly: [18/Jan/2016:09:28:32 -0800] conn=2 op=8 SRCH base="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:32 -0800] conn=2 op=8 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:32 -0800] conn=2 op=9 MOD dn="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" [18/Jan/2016:09:28:32 -0800] conn=2 op=9 RESULT err=0 tag=103 nentries=0 etime=0 It would be good to see the same log from a master which it tries to use in installation. - In 4.3 the server is picked automatically. I don't see any searches for "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" in the logs below which makes me wonder, what server the installer tries to use as a master. Could be find out, e.g. by: $ cat /var/log/ipareplica-install.log | grep "Forwarding 'service_add'" > > [root at dc1-ipa-dev-nvan slapd-MYDOMAIN-NET]# tail -f access > [18/Jan/2016:09:27:44 -0800] conn=28024 op=138553 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:44 -0800] conn=28024 op=138553 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d206f000600110000 > [18/Jan/2016:09:27:44 -0800] conn=28024 op=138554 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:44 -0800] conn=28024 op=138554 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d21f1000a00110000 > [18/Jan/2016:09:27:44 -0800] conn=28024 op=138555 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:27:44 -0800] conn=28024 op=138555 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:44 -0800] conn=28024 op=138556 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:27:44 -0800] conn=28024 op=138556 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:44 -0800] conn=28024 op=138557 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:44 -0800] conn=28024 op=138557 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7ac1000b00110000 > [18/Jan/2016:09:27:45 -0800] conn=29597 op=6 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=appdeployer)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey" > [18/Jan/2016:09:27:45 -0800] conn=29597 op=6 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:45 -0800] conn=29597 op=7 SRCH base="cn=ipausers,cn=groups,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(&(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*))" attrs="objectClass posixgroup cn userPassword gidNumber member ipaNTSecurityIdentifier modifyTimestamp entryusn" > [18/Jan/2016:09:27:45 -0800] conn=29597 op=7 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:45 -0800] conn=29597 op=8 SRCH base="ipaUniqueID=873ddd78-088c-11e5-b588-005056b71d17,cn=hbac,dc=mydomain,dc=net" scope=0 filter="(&(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*))" attrs="objectClass posixgroup cn userPassword gidNumber member ipaNTSecurityIdentifier modifyTimestamp entryusn" > [18/Jan/2016:09:27:45 -0800] conn=29597 op=8 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:27:45 -0800] conn=29597 op=9 SRCH base="cn=gr_service_accounts,cn=groups,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(&(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*))" attrs="objectClass posixgroup cn userPassword gidNumber member ipaNTSecurityIdentifier modifyTimestamp entryusn" > [18/Jan/2016:09:27:45 -0800] conn=29597 op=9 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:45 -0800] conn=29597 op=10 SRCH base="ipaUniqueID=3fbec37a-b3f6-11e5-bcb5-005056b71d17,cn=sudorules,cn=sudo,dc=mydomain,dc=net" scope=0 filter="(&(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*))" attrs="objectClass posixgroup cn userPassword gidNumber member ipaNTSecurityIdentifier modifyTimestamp entryusn" > [18/Jan/2016:09:27:45 -0800] conn=29597 op=10 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:27:45 -0800] conn=29597 op=11 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(gidNumber=756600622)(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*)(&(gidNumber=*)(!(gidNumber=0))))" attrs="objectClass posixgroup cn userPassword gidNumber member ipaNTSecurityIdentifier modifyTimestamp entryusn" > [18/Jan/2016:09:27:45 -0800] conn=29597 op=11 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:46 -0800] conn=29357 op=5 UNBIND > [18/Jan/2016:09:27:46 -0800] conn=29357 op=5 fd=114 closed - U1 > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138558 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138558 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7c09001b00110000 > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138559 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138559 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7c09001c00110000 > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138560 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138560 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7da4000500110000 > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138561 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138561 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7da4000600110000 > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138562 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138562 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7ec8000e00110000 > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138563 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138563 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c804f000600110000 > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138564 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138564 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c804f000700110000 > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138565 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138565 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8169001900110000 > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138566 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138566 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8169001a00110000 > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138567 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138567 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c82c6000600110000 > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138568 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138568 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8416000800110000 > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138569 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138569 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8416000900110000 > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138570 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138570 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c854a000700110000 > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138571 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138571 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c854a000800110000 > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138572 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138572 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8696002500110000 > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138573 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138573 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8696002600110000 > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138574 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138574 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8833000d00110000 > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138575 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138575 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8833000e00110000 > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138576 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138576 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8964000f00110000 > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138577 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138577 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8ae4000600110000 > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138578 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138578 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8c17000900110000 > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138579 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138579 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8d72000500110000 > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138580 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138580 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8ece000a00110000 > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138581 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138581 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9023001800110000 > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138582 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138582 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9023001900110000 > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138583 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138583 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9192001400110000 > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138584 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138584 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9192001500110000 > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138585 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138585 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c92e8000400110000 > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138586 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138586 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9463000500110000 > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138587 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138587 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c95c0000500110000 > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138588 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138588 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c95c0000600110000 > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138589 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138589 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c96de001100110000 > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138590 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138590 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c989b000a00110000 > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138591 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138591 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c989b000b00110000 > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138592 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138592 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c99d4000c00110000 > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138593 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138593 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c99d4000d00110000 > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138594 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138594 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9b07000a00110000 > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138595 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138595 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9ca8000800110000 > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138596 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138596 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9ca8000900110000 > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138597 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138597 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9dca001500110000 > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138598 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138598 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9f15001e00110000 > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138599 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138599 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9f15001f00110000 > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138600 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138600 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca0bf000a00110000 > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138601 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138601 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca0bf000b00110000 > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138602 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138602 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca21a000d00110000 > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138603 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138603 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca3a6001a00110000 > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138604 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138604 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca3a6001b00110000 > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138605 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138605 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca4f9000200110000 > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138606 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:46 -0800] conn=28024 op=138606 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca638001a00110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138607 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138607 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca638001b00110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138608 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138608 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca7b4000c00110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138609 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138609 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca7b4000d00110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138610 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138610 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca922000d00110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138611 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138611 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca922000e00110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138612 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138612 RESULT err=32 tag=103 nentries=0 etime=0 csn=569caa84000a00110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138613 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138613 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cabf6000d00110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138614 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138614 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cabf6000e00110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138615 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138615 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cad23000800110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138616 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138616 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cae86001100110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138617 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138617 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cae86001200110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138618 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138618 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb02b000e00110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138619 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138619 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb02b000f00110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138620 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138620 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb19e000600110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138621 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138621 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb302000800110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138622 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138622 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb463000400110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138623 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138623 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb5b6002300110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138624 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138624 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb733000d00110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138625 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138625 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb733000e00110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138626 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138626 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb8a4000600110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138627 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138627 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cba11000900110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138628 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138628 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cba11000a00110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138629 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138629 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbb52001a00110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138630 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138630 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbcc4001c00110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138631 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138631 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbcc4001d00110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138632 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138632 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbe3a000f00110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138633 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138633 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbfa9000500110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138634 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138634 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc10e001000110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138635 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138635 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc10e001100110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138636 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138636 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc240001e00110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138637 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138637 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc3a0001000110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138638 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138638 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc3a0001100110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138639 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138639 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc543000d00110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138640 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138640 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc6a5000f00110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138641 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138641 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc6a5001000110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138642 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138642 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc80d001000110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138643 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138643 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc943000800110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138644 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138644 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cca94000e00110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138645 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138645 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccc35001000110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138646 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138646 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccc35001100110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138647 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138647 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccd8a000600110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138648 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138648 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccec0000c00110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138649 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138649 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccec0000d00110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138650 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138650 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd040000700110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138651 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138651 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd040000800110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138652 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138652 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd185001200110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138653 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138653 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd33d000700110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138654 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138654 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd493000400110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138655 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138655 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd5ed000d00110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138656 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138656 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd749000900110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138657 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138657 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd893000500110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138658 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138658 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cda30001600110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138659 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138659 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cda30001700110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138660 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138660 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdb92000a00110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138661 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138661 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdcdc000500110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138662 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138662 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cde51000a00110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138663 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138663 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdfab000f00110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138664 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138664 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce157000700110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138665 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138665 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce2f5001000110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138666 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138666 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce2f5001100110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138667 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138667 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce42d000900110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138668 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138668 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce585000f00110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138669 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138669 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce6cf003500110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138670 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138670 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce6cf003600110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138671 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138671 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce860000900110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138672 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138672 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce9ce000900110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138673 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138673 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ceaf9002400110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138674 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138674 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cec51002100110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138675 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138675 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cedb6000900110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138676 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138676 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cedb6000a00110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138677 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138677 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cef2a000500110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138678 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138678 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf0af000800110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138679 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138679 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf1cc000c00110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138680 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138680 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf1cc000d00110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138681 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138681 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf359002000110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138682 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138682 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf4b4000700110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138683 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138683 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf4b4000800110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138684 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138684 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf625000a00110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138685 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138685 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf625000b00110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138686 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138686 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf7ba000500110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138687 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138687 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf8d4000a00110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138688 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138688 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfa64001d00110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138689 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138689 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfbb2000800110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138690 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138690 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfd39000700110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138691 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138691 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfed1000a00110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138692 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138692 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cffea001000110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138693 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138693 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d018b000600110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138694 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138694 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d02cf001c00110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138695 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138695 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d02cf001d00110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138696 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138696 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0489001300110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138697 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138697 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d061e000a00110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138698 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138698 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0792000200110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138699 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138699 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d092f001500110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138700 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138700 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d092f001600110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138701 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138701 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0a69000800110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138702 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138702 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0c05001200110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138703 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138703 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0d5b001600110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138704 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138704 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0f13000f00110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138705 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138705 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0f13001000110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138706 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138706 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1087000b00110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138707 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138707 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d121d000500110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138708 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138708 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d13a4001200110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138709 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138709 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d14d5000500110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138710 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138710 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1693000300110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138711 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138711 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d17c4000c00110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138712 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138712 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d17c4000d00110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138713 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138713 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d194d000900110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138714 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138714 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1add000400110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138715 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138715 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1bef000500110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138716 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138716 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1d9b000500110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138717 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138717 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1edb000900110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138718 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138718 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d206f000600110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138719 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138719 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d21f1000a00110000 > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138720 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:27:47 -0800] conn=28024 op=138720 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:47 -0800] conn=29623 fd=110 slot=110 connection from 10.21.12.10 to 10.178.0.99 > [18/Jan/2016:09:27:47 -0800] conn=29623 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS" > [18/Jan/2016:09:27:47 -0800] conn=29623 op=0 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:47 -0800] conn=29623 op=-1 fd=110 closed - Peer reports failure of signature verification or key exchange. > [18/Jan/2016:09:27:49 -0800] conn=29624 fd=110 slot=110 connection from 10.178.35.217 to 10.178.0.99 > [18/Jan/2016:09:27:49 -0800] conn=29624 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" > [18/Jan/2016:09:27:49 -0800] conn=29624 op=0 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:49 -0800] conn=29472 op=87 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(ipServicePort=44044)(ipServiceProtocol=tcp)(objectClass=ipService))" attrs="objectClass cn ipServicePort ipServiceProtocol entryusn" > [18/Jan/2016:09:27:49 -0800] conn=29472 op=87 RESULT err=0 tag=101 nentries=0 etime=0 notes=U > [18/Jan/2016:09:27:49 -0800] conn=8 op=67910 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/fe2-arch-cpqa2-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/fe2-arch-cpqa2-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:49 -0800] conn=8 op=67910 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:49 -0800] conn=8 op=67911 SRCH base="cn=ipaConfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaConfigString ipaKrbAuthzData ipaUserAuthType" > [18/Jan/2016:09:27:49 -0800] conn=8 op=67911 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:49 -0800] conn=8 op=67912 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:49 -0800] conn=8 op=67912 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:49 -0800] conn=8 op=67913 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:49 -0800] conn=8 op=67913 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:49 -0800] conn=8 op=67914 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:27:49 -0800] conn=8 op=67914 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:49 -0800] conn=8 op=67915 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/fe2-arch-cpqa2-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/fe2-arch-cpqa2-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:49 -0800] conn=8 op=67915 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:49 -0800] conn=8 op=67916 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:49 -0800] conn=8 op=67916 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:49 -0800] conn=8 op=67917 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:49 -0800] conn=8 op=67917 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:49 -0800] conn=8 op=67918 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:27:49 -0800] conn=8 op=67918 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:49 -0800] conn=8 op=67919 SRCH base="fqdn=fe2-arch-cpqa2-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:27:49 -0800] conn=8 op=67919 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:49 -0800] conn=8 op=67920 SRCH base="cn=fe2-arch-cpqa2-nvan.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:27:49 -0800] conn=8 op=67920 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:27:49 -0800] conn=8 op=67921 MOD dn="fqdn=fe2-arch-cpqa2-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:27:49 -0800] conn=8 op=67921 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d21fa000e00100000 > [18/Jan/2016:09:27:49 -0800] conn=8 op=67922 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:49 -0800] conn=8 op=67922 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:49 -0800] conn=8 op=67923 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:49 -0800] conn=8 op=67923 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:49 -0800] conn=8 op=67924 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:49 -0800] conn=8 op=67924 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:49 -0800] conn=8 op=67925 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/fe2-arch-cpqa2-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:49 -0800] conn=8 op=67925 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:49 -0800] conn=8 op=67926 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:49 -0800] conn=8 op=67926 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:49 -0800] conn=29624 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:49 -0800] conn=29624 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:27:49 -0800] conn=29624 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:49 -0800] conn=29624 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:27:49 -0800] conn=29624 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:49 -0800] conn=29624 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=fe2-arch-cpqa2-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:27:49 -0800] conn=29624 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2)(!(entryusn=2)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=fe2-arch-cpqa2-nvan.mydomain.net)(sudoHost=fe2-arch-cpqa2-nvan)(sudoHost=10.178.35.217)(sudoHost=10.178.0.0/16)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" > [18/Jan/2016:09:27:49 -0800] conn=29624 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 > [18/Jan/2016:09:27:49 -0800] conn=29360 op=5 UNBIND > [18/Jan/2016:09:27:49 -0800] conn=29360 op=5 fd=115 closed - U1 > [18/Jan/2016:09:27:49 -0800] conn=29361 op=5 UNBIND > [18/Jan/2016:09:27:49 -0800] conn=29361 op=5 fd=116 closed - U1 > [18/Jan/2016:09:27:50 -0800] conn=8852 op=29390 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:27:50 -0800] conn=8852 op=29390 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:50 -0800] conn=8852 op=29391 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:27:50 -0800] conn=8852 op=29391 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:50 -0800] conn=8852 op=29392 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:27:50 -0800] conn=8852 op=29392 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:50 -0800] conn=8852 op=29393 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:27:50 -0800] conn=8852 op=29393 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:51 -0800] conn=29362 op=11 UNBIND > [18/Jan/2016:09:27:51 -0800] conn=29362 op=11 fd=151 closed - U1 > [18/Jan/2016:09:27:51 -0800] conn=29363 op=6 UNBIND > [18/Jan/2016:09:27:51 -0800] conn=29363 op=6 fd=203 closed - U1 > [18/Jan/2016:09:27:53 -0800] conn=29625 fd=114 slot=114 connection from 10.21.5.101 to 10.178.0.99 > [18/Jan/2016:09:27:53 -0800] conn=29625 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" > [18/Jan/2016:09:27:53 -0800] conn=29625 op=0 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:53 -0800] conn=4 op=60071 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/van-test-login-bamboo.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/van-test-login-bamboo.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:53 -0800] conn=4 op=60071 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:53 -0800] conn=4 op=60072 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:53 -0800] conn=4 op=60072 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:53 -0800] conn=4 op=60073 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:53 -0800] conn=4 op=60073 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:53 -0800] conn=4 op=60074 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:27:53 -0800] conn=4 op=60074 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:53 -0800] conn=8 op=67927 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/van-test-login-bamboo.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/van-test-login-bamboo.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:53 -0800] conn=8 op=67927 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:53 -0800] conn=8 op=67928 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:53 -0800] conn=8 op=67928 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:53 -0800] conn=8 op=67929 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:53 -0800] conn=8 op=67929 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:53 -0800] conn=8 op=67930 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:27:53 -0800] conn=8 op=67930 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:53 -0800] conn=8 op=67931 SRCH base="fqdn=van-test-login-bamboo.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:27:53 -0800] conn=8 op=67931 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:53 -0800] conn=8 op=67932 SRCH base="cn=van-test-login-bamboo.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:27:53 -0800] conn=8 op=67932 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:27:53 -0800] conn=8 op=67933 MOD dn="fqdn=van-test-login-bamboo.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:27:53 -0800] conn=8 op=67933 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2202000600100000 > [18/Jan/2016:09:27:53 -0800] conn=8 op=67934 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:53 -0800] conn=8 op=67934 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:53 -0800] conn=8 op=67935 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:53 -0800] conn=8 op=67935 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:53 -0800] conn=8 op=67936 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:53 -0800] conn=8 op=67936 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:53 -0800] conn=8 op=67937 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/van-test-login-bamboo.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:53 -0800] conn=8 op=67937 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:53 -0800] conn=8 op=67938 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:53 -0800] conn=8 op=67938 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:53 -0800] conn=29625 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:53 -0800] conn=29625 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:27:53 -0800] conn=29625 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:53 -0800] conn=29625 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:27:53 -0800] conn=29625 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:53 -0800] conn=29625 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=van-test-login-bamboo.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:27:53 -0800] conn=29625 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2)(!(entryusn=2)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=van-test-login-bamboo.mydomain.net)(sudoHost=van-test-login-bamboo)(sudoHost=10.21.5.101)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:26fc)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" > [18/Jan/2016:09:27:53 -0800] conn=29625 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 > [18/Jan/2016:09:27:54 -0800] conn=29626 fd=115 slot=115 connection from 10.21.13.22 to 10.178.0.99 > [18/Jan/2016:09:27:54 -0800] conn=29626 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" > [18/Jan/2016:09:27:54 -0800] conn=29626 op=0 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=5 op=87301 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/zimbra2-perf1-flex-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/zimbra2-perf1-flex-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:54 -0800] conn=5 op=87301 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=5 op=87302 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:54 -0800] conn=5 op=87302 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=5 op=87303 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:54 -0800] conn=5 op=87303 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=5 op=87304 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:27:54 -0800] conn=5 op=87304 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=5 op=87305 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/zimbra2-perf1-flex-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/zimbra2-perf1-flex-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:54 -0800] conn=5 op=87305 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=5 op=87306 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:54 -0800] conn=5 op=87306 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=5 op=87307 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:54 -0800] conn=5 op=87307 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=5 op=87308 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:27:54 -0800] conn=5 op=87308 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=5 op=87309 SRCH base="fqdn=zimbra2-perf1-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:27:54 -0800] conn=5 op=87309 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=5 op=87310 SRCH base="cn=zimbra2-perf1-flex-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:27:54 -0800] conn=5 op=87310 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=5 op=87311 MOD dn="fqdn=zimbra2-perf1-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:27:54 -0800] conn=5 op=87311 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2202000c00100000 > [18/Jan/2016:09:27:54 -0800] conn=12 op=76462 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:54 -0800] conn=12 op=76462 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=12 op=76463 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:54 -0800] conn=12 op=76463 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=12 op=76464 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:54 -0800] conn=12 op=76464 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=12 op=76465 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/zimbra2-perf1-flex-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:54 -0800] conn=12 op=76465 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=12 op=76466 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:54 -0800] conn=12 op=76466 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=29626 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:54 -0800] conn=29626 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:27:54 -0800] conn=29626 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:54 -0800] conn=29626 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:27:54 -0800] conn=29626 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:54 -0800] conn=29626 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=zimbra2-perf1-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:27:54 -0800] conn=29626 op=4 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey" > [18/Jan/2016:09:27:54 -0800] conn=29626 op=4 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=29626 op=5 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey" > [18/Jan/2016:09:27:54 -0800] conn=29626 op=5 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=29626 op=6 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey" > [18/Jan/2016:09:27:54 -0800] conn=29626 op=6 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=29626 op=7 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey" > [18/Jan/2016:09:27:54 -0800] conn=29626 op=7 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=29626 op=8 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey" > [18/Jan/2016:09:27:54 -0800] conn=29626 op=8 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=29626 op=9 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey" > [18/Jan/2016:09:27:54 -0800] conn=29626 op=9 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=8852 op=29394 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:27:54 -0800] conn=8852 op=29394 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=8852 op=29395 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:27:54 -0800] conn=8852 op=29395 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=8852 op=29396 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:27:54 -0800] conn=8852 op=29396 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=8852 op=29397 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:27:54 -0800] conn=8852 op=29397 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=29472 op=88 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(ipServicePort=44045)(ipServiceProtocol=tcp)(objectClass=ipService))" attrs="objectClass cn ipServicePort ipServiceProtocol entryusn" > [18/Jan/2016:09:27:55 -0800] conn=29472 op=88 RESULT err=0 tag=101 nentries=0 etime=0 notes=U > [18/Jan/2016:09:27:55 -0800] conn=8852 op=29398 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:27:55 -0800] conn=8852 op=29398 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=8852 op=29399 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:27:55 -0800] conn=8852 op=29399 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=8852 op=29400 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:27:55 -0800] conn=8852 op=29400 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=8852 op=29401 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:27:55 -0800] conn=8852 op=29401 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=8852 op=29402 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:27:55 -0800] conn=8852 op=29402 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=8852 op=29403 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:27:55 -0800] conn=8852 op=29403 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=8852 op=29404 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:27:55 -0800] conn=8852 op=29404 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=8852 op=29405 ADD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:27:55 -0800] conn=8852 op=29405 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d22070008000f0000 > [18/Jan/2016:09:27:55 -0800] conn=28024 op=138721 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:27:55 -0800] conn=28024 op=138721 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=29627 fd=116 slot=116 connection from 10.21.12.10 to 10.178.0.99 > [18/Jan/2016:09:27:55 -0800] conn=29627 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS" > [18/Jan/2016:09:27:55 -0800] conn=29627 op=0 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=29627 op=-1 fd=116 closed - Peer reports failure of signature verification or key exchange. > [18/Jan/2016:09:27:55 -0800] conn=29365 op=5 UNBIND > [18/Jan/2016:09:27:55 -0800] conn=29365 op=5 fd=209 closed - U1 > [18/Jan/2016:09:27:55 -0800] conn=29364 op=5 UNBIND > [18/Jan/2016:09:27:55 -0800] conn=29364 op=5 fd=118 closed - U1 > [18/Jan/2016:09:27:56 -0800] conn=29628 fd=116 slot=116 connection from 10.21.20.125 to 10.178.0.99 > [18/Jan/2016:09:27:56 -0800] conn=29628 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" > [18/Jan/2016:09:27:56 -0800] conn=29628 op=0 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:56 -0800] conn=8 op=67939 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/pg1-msg-msgci1-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/pg1-msg-msgci1-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:56 -0800] conn=29629 fd=118 slot=118 connection from 10.21.8.117 to 10.178.0.99 > [18/Jan/2016:09:27:56 -0800] conn=8 op=67939 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:56 -0800] conn=8 op=67940 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:56 -0800] conn=8 op=67940 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:56 -0800] conn=29629 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" > [18/Jan/2016:09:27:56 -0800] conn=8 op=67941 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:56 -0800] conn=29629 op=0 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:56 -0800] conn=8 op=67941 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:56 -0800] conn=8 op=67942 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:27:56 -0800] conn=8 op=67942 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:56 -0800] conn=4 op=60075 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/pg1-msg-msgci1-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/pg1-msg-msgci1-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:56 -0800] conn=8 op=67943 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/hadoop7-li-lisnap1-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/hadoop7-li-lisnap1-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:56 -0800] conn=8 op=67943 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:56 -0800] conn=8 op=67944 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:56 -0800] conn=8 op=67944 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:56 -0800] conn=8 op=67945 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:56 -0800] conn=4 op=60075 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:56 -0800] conn=4 op=60076 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:56 -0800] conn=4 op=60076 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:56 -0800] conn=4 op=60077 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:56 -0800] conn=8 op=67945 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:56 -0800] conn=8 op=67946 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:27:56 -0800] conn=8 op=67946 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:56 -0800] conn=4 op=60077 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:56 -0800] conn=4 op=60078 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:27:56 -0800] conn=4 op=60078 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:56 -0800] conn=4 op=60079 SRCH base="fqdn=pg1-msg-msgci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:27:56 -0800] conn=4 op=60079 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:56 -0800] conn=8 op=67947 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/hadoop7-li-lisnap1-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/hadoop7-li-lisnap1-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:56 -0800] conn=4 op=60080 SRCH base="cn=pg1-msg-msgci1-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:27:56 -0800] conn=4 op=60080 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:27:56 -0800] conn=4 op=60081 MOD dn="fqdn=pg1-msg-msgci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:27:56 -0800] conn=8 op=67947 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:56 -0800] conn=8 op=67948 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:56 -0800] conn=8 op=67948 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:56 -0800] conn=8 op=67949 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:56 -0800] conn=8 op=67949 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:56 -0800] conn=8 op=67950 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:27:56 -0800] conn=8 op=67950 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:56 -0800] conn=8 op=67951 SRCH base="fqdn=hadoop7-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:27:56 -0800] conn=4 op=60081 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2207000d00100000 > [18/Jan/2016:09:27:56 -0800] conn=8 op=67951 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:56 -0800] conn=8 op=67952 SRCH base="cn=hadoop7-li-lisnap1-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:27:56 -0800] conn=8 op=67952 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:27:56 -0800] conn=8 op=67953 MOD dn="fqdn=hadoop7-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:27:56 -0800] conn=8 op=67953 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2207000f00100000 > [18/Jan/2016:09:27:56 -0800] conn=5 op=87312 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:56 -0800] conn=8 op=67954 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:56 -0800] conn=5 op=87312 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:56 -0800] conn=5 op=87313 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:56 -0800] conn=8 op=67954 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:56 -0800] conn=8 op=67955 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:56 -0800] conn=8 op=67955 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:56 -0800] conn=8 op=67956 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:56 -0800] conn=8 op=67956 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:56 -0800] conn=8 op=67957 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/hadoop7-li-lisnap1-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:56 -0800] conn=8 op=67957 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:56 -0800] conn=8 op=67958 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:56 -0800] conn=8 op=67958 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:56 -0800] conn=5 op=87313 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:56 -0800] conn=5 op=87314 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:56 -0800] conn=5 op=87314 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:56 -0800] conn=5 op=87315 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/pg1-msg-msgci1-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:56 -0800] conn=5 op=87315 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:56 -0800] conn=5 op=87316 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:56 -0800] conn=5 op=87316 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:56 -0800] conn=29628 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:56 -0800] conn=29628 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:27:56 -0800] conn=29628 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:56 -0800] conn=29628 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:27:56 -0800] conn=29628 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:56 -0800] conn=29628 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=pg1-msg-msgci1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:27:56 -0800] conn=29628 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2)(!(entryusn=2)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=pg1-msg-msgci1-van.mydomain.net)(sudoHost=pg1-msg-msgci1-van)(sudoHost=10.21.20.125)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:feb7:6120)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" > [18/Jan/2016:09:27:56 -0800] conn=29628 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 > [18/Jan/2016:09:27:56 -0800] conn=29629 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:56 -0800] conn=29629 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:27:56 -0800] conn=29629 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:56 -0800] conn=29629 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:27:56 -0800] conn=29629 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:56 -0800] conn=29629 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=hadoop7-li-lisnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:27:56 -0800] conn=29629 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2)(!(entryusn=2)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=hadoop7-li-lisnap1-van.mydomain.net)(sudoHost=hadoop7-li-lisnap1-van)(sudoHost=10.21.8.117)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:57a2)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" > [18/Jan/2016:09:27:56 -0800] conn=29629 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 > [18/Jan/2016:09:27:57 -0800] conn=8852 op=29406 MOD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=8852 op=29406 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22070010000f0000 > [18/Jan/2016:09:27:57 -0800] conn=8852 op=29407 MOD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=8852 op=29407 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22070011000f0000 > [18/Jan/2016:09:27:57 -0800] conn=8852 op=29408 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:27:57 -0800] conn=8852 op=29408 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=8852 op=29409 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:27:57 -0800] conn=8852 op=29409 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=8852 op=29410 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:27:57 -0800] conn=8852 op=29410 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=8852 op=29411 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:27:57 -0800] conn=8852 op=29411 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=8852 op=29412 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:27:57 -0800] conn=8852 op=29412 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=8852 op=29413 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:27:57 -0800] conn=8852 op=29413 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=8852 op=29414 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:27:57 -0800] conn=8852 op=29414 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=8852 op=29415 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:27:57 -0800] conn=8852 op=29415 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=8852 op=29416 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:27:57 -0800] conn=8852 op=29416 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=12 op=76467 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:57 -0800] conn=12 op=76467 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=12 op=76468 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:57 -0800] conn=12 op=76469 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:57 -0800] conn=12 op=76468 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=12 op=76469 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=12 op=76470 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:57 -0800] conn=12 op=76470 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=12 op=76471 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:57 -0800] conn=12 op=76471 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=8852 op=29417 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:27:57 -0800] conn=8852 op=29417 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=8852 op=29418 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:27:57 -0800] conn=8852 op=29418 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:58 -0800] conn=8852 op=29419 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:27:58 -0800] conn=8852 op=29419 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:58 -0800] conn=8852 op=29420 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:27:58 -0800] conn=8852 op=29420 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:58 -0800] conn=8852 op=29421 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:27:58 -0800] conn=8852 op=29421 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:58 -0800] conn=8852 op=29422 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:27:58 -0800] conn=8852 op=29422 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:58 -0800] conn=29630 fd=151 slot=151 connection from 10.178.6.132 to 10.178.0.99 > [18/Jan/2016:09:27:58 -0800] conn=29630 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" > [18/Jan/2016:09:27:58 -0800] conn=29630 op=0 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:58 -0800] conn=4 op=60082 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/fe7-arch-snap4-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/fe7-arch-snap4-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:58 -0800] conn=4 op=60082 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:58 -0800] conn=4 op=60083 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:58 -0800] conn=4 op=60083 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:58 -0800] conn=4 op=60084 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:58 -0800] conn=4 op=60084 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:58 -0800] conn=4 op=60085 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:27:58 -0800] conn=4 op=60085 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:58 -0800] conn=8 op=67959 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/fe7-arch-snap4-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/fe7-arch-snap4-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:58 -0800] conn=8 op=67959 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:58 -0800] conn=8 op=67960 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:58 -0800] conn=8 op=67960 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:58 -0800] conn=8 op=67961 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:58 -0800] conn=8 op=67961 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:58 -0800] conn=8 op=67962 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:27:58 -0800] conn=8 op=67962 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:58 -0800] conn=8 op=67963 SRCH base="fqdn=fe7-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:27:58 -0800] conn=8 op=67963 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:58 -0800] conn=8 op=67964 SRCH base="cn=fe7-arch-snap4-nvan.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:27:58 -0800] conn=8 op=67964 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:27:58 -0800] conn=8 op=67965 MOD dn="fqdn=fe7-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:27:58 -0800] conn=8 op=67965 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220a000300100000 > [18/Jan/2016:09:27:58 -0800] conn=5 op=87317 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:58 -0800] conn=5 op=87317 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:58 -0800] conn=5 op=87318 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:58 -0800] conn=5 op=87318 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:58 -0800] conn=5 op=87319 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:58 -0800] conn=5 op=87319 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:58 -0800] conn=5 op=87320 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/fe7-arch-snap4-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:58 -0800] conn=5 op=87320 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:58 -0800] conn=5 op=87321 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:58 -0800] conn=5 op=87321 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:58 -0800] conn=29630 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:58 -0800] conn=29630 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:27:58 -0800] conn=29630 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:58 -0800] conn=29630 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:27:58 -0800] conn=29630 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:58 -0800] conn=29630 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=fe7-arch-snap4-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:27:58 -0800] conn=29630 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2)(!(entryusn=2)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=fe7-arch-snap4-nvan.mydomain.net)(sudoHost=fe7-arch-snap4-nvan)(sudoHost=10.178.6.132)(sudoHost=10.178.0.0/16)(sudoHost=fe80::250:56ff:feb7:7ea)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" > [18/Jan/2016:09:27:58 -0800] conn=29630 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 > [18/Jan/2016:09:27:59 -0800] conn=28024 op=138722 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:27:59 -0800] conn=28024 op=138722 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=28024 op=138723 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=28024 op=138723 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7ac1000b00110000 > [18/Jan/2016:09:27:59 -0800] conn=8852 op=29423 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:27:59 -0800] conn=8852 op=29423 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:01 -0800] conn=29631 fd=203 slot=203 connection from 10.21.0.98 to 10.178.0.99 > [18/Jan/2016:09:28:01 -0800] conn=29631 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" > [18/Jan/2016:09:28:01 -0800] conn=29631 op=0 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:01 -0800] conn=29472 op=89 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(ipServicePort=44046)(ipServiceProtocol=tcp)(objectClass=ipService))" attrs="objectClass cn ipServicePort ipServiceProtocol entryusn" > [18/Jan/2016:09:28:01 -0800] conn=29472 op=89 RESULT err=0 tag=101 nentries=0 etime=0 notes=U > [18/Jan/2016:09:28:01 -0800] conn=8 op=67966 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:01 -0800] conn=8 op=67966 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:01 -0800] conn=8 op=67967 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:01 -0800] conn=8 op=67967 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:01 -0800] conn=8 op=67968 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:01 -0800] conn=8 op=67968 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:01 -0800] conn=8 op=67969 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:28:01 -0800] conn=8 op=67969 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:01 -0800] conn=5 op=87322 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:01 -0800] conn=5 op=87322 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:01 -0800] conn=5 op=87323 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:01 -0800] conn=5 op=87323 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:01 -0800] conn=5 op=87324 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:01 -0800] conn=5 op=87324 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:01 -0800] conn=5 op=87325 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:28:01 -0800] conn=5 op=87325 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:01 -0800] conn=5 op=87326 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:28:01 -0800] conn=5 op=87326 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:01 -0800] conn=5 op=87327 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:01 -0800] conn=5 op=87327 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:01 -0800] conn=5 op=87328 MOD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=5 op=87328 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000300100000 > [18/Jan/2016:09:28:01 -0800] conn=5 op=87329 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:01 -0800] conn=5 op=87329 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:01 -0800] conn=5 op=87330 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:01 -0800] conn=5 op=87330 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:01 -0800] conn=5 op=87331 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:01 -0800] conn=5 op=87331 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:01 -0800] conn=5 op=87332 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:01 -0800] conn=5 op=87332 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:01 -0800] conn=5 op=87333 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:01 -0800] conn=5 op=87333 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:01 -0800] conn=29631 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:01 -0800] conn=29631 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:01 -0800] conn=29631 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:01 -0800] conn=29631 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:01 -0800] conn=29631 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:01 -0800] conn=29631 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=29631 op=4 SRCH base="cn=ranges,cn=etc,dc=mydomain,dc=net" scope=2 filter="(objectClass=ipaIDRange)" attrs="objectClass cn ipaBaseID ipaBaseRID ipaSecondaryBaseRID ipaIDRangeSize ipaNTTrustedDomainSID ipaRangeType" > [18/Jan/2016:09:28:01 -0800] conn=29631 op=5 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=sudoRole)(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=dc2-ipa-dev-van.mydomain.net)(sudoHost=dc2-ipa-dev-van)(sudoHost=10.21.0.98)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:feb7:1208)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" > [18/Jan/2016:09:28:01 -0800] conn=29631 op=4 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:01 -0800] conn=29631 op=5 RESULT err=0 tag=101 nentries=7 etime=0 notes=P pr_idx=0 > [18/Jan/2016:09:28:01 -0800] conn=29631 op=6 SRCH base="cn=ad,cn=etc,dc=mydomain,dc=net" scope=2 filter="(objectClass=ipaNTDomainAttrs)" attrs="cn ipaNTFlatName ipaNTSecurityIdentifier" > [18/Jan/2016:09:28:01 -0800] conn=29631 op=6 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:01 -0800] conn=29631 op=7 SRCH base="cn=ranges,cn=etc,dc=mydomain,dc=net" scope=2 filter="(objectClass=ipaIDRange)" attrs="objectClass cn ipaBaseID ipaBaseRID ipaSecondaryBaseRID ipaIDRangeSize ipaNTTrustedDomainSID ipaRangeType" > [18/Jan/2016:09:28:01 -0800] conn=29631 op=7 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:01 -0800] conn=29631 op=8 SRCH base="cn=trusts,dc=mydomain,dc=net" scope=2 filter="(objectClass=ipaNTTrustedDomain)" attrs="cn ipaNTFlatName ipaNTTrustedDomainSID ipaNTTrustDirection" > [18/Jan/2016:09:28:01 -0800] conn=29631 op=8 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:01 -0800] conn=29631 op=9 SRCH base="cn=trusts,dc=mydomain,dc=net" scope=2 filter="(objectClass=ipaNTTrustedDomain)" attrs="cn ipaNTFlatName ipaNTTrustedDomainSID ipaNTTrustDirection" > [18/Jan/2016:09:28:01 -0800] conn=29631 op=9 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:01 -0800] conn=29631 op=10 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaHost)(fqdn=dc2-ipa-dev-van.mydomain.net))" attrs="cn objectClass" > [18/Jan/2016:09:28:01 -0800] conn=29631 op=10 RESULT err=0 tag=101 nentries=1 etime=0 notes=P pr_idx=1 > [18/Jan/2016:09:28:01 -0800] conn=29631 op=11 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaHost)(fqdn=dc2-ipa-dev-van.mydomain.net))" attrs="cn objectClass" > [18/Jan/2016:09:28:01 -0800] conn=29631 op=11 RESULT err=0 tag=101 nentries=1 etime=0 notes=P pr_idx=1 > [18/Jan/2016:09:28:01 -0800] conn=29631 op=12 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=admin)(objectClass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType usercertificate;binary" > [18/Jan/2016:09:28:01 -0800] conn=29631 op=12 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:01 -0800] conn=29631 op=13 SRCH base="cn=Default Trust View,cn=views,cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:mydomain.net:56d306a6-d31f-11e4-93de-005056b71d17))" attrs=ALL > [18/Jan/2016:09:28:01 -0800] conn=29631 op=13 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138724 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138724 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7c09001b00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138725 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138725 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7c09001c00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138726 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138726 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7da4000500110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138727 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138727 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7da4000600110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138728 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138728 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7ec8000e00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138729 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138729 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c804f000600110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138730 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138730 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c804f000700110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138731 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138731 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8169001900110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138732 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138732 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8169001a00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138733 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138733 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c82c6000600110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138734 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138734 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8416000800110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138735 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138735 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8416000900110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138736 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138736 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c854a000700110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138737 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138737 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c854a000800110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138738 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138738 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8696002500110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138739 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138739 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8696002600110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138740 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138740 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8833000d00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138741 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138741 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8833000e00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138742 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138742 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8964000f00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138743 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138743 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8ae4000600110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138744 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138744 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8c17000900110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138745 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138745 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8d72000500110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138746 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138746 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8ece000a00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138747 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138747 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9023001800110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138748 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138748 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9023001900110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138749 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138749 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9192001400110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138750 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138750 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9192001500110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138751 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138751 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c92e8000400110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138752 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138752 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9463000500110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138753 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138753 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c95c0000500110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138754 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138754 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c95c0000600110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138755 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138755 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c96de001100110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138756 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138756 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c989b000a00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138757 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138757 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c989b000b00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138758 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138758 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c99d4000c00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138759 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138759 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c99d4000d00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138760 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138760 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9b07000a00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138761 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138761 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9ca8000800110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138762 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138762 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9ca8000900110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138763 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138763 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9dca001500110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138764 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138764 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9f15001e00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138765 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138765 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9f15001f00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138766 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138766 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca0bf000a00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138767 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138767 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca0bf000b00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138768 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138768 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca21a000d00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138769 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138769 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca3a6001a00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138770 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138770 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca3a6001b00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138771 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138771 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca4f9000200110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138772 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138772 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca638001a00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138773 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138773 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca638001b00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138774 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138774 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca7b4000c00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138775 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138775 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca7b4000d00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138776 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138776 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca922000d00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138777 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138777 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca922000e00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138778 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138778 RESULT err=32 tag=103 nentries=0 etime=0 csn=569caa84000a00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138779 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138779 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cabf6000d00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138780 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138780 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cabf6000e00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138781 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138781 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cad23000800110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138782 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138782 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cae86001100110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138783 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138783 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cae86001200110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138784 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138784 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb02b000e00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138785 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138785 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb02b000f00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138786 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138786 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb19e000600110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138787 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138787 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb302000800110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138788 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138788 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb463000400110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138789 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138789 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb5b6002300110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138790 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138790 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb733000d00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138791 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138791 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb733000e00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138792 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138792 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb8a4000600110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138793 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138793 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cba11000900110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138794 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138794 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cba11000a00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138795 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138795 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbb52001a00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138796 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138796 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbcc4001c00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138797 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138797 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbcc4001d00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138798 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138798 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbe3a000f00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138799 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138799 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbfa9000500110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138800 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138800 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc10e001000110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138801 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138801 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc10e001100110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138802 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138802 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc240001e00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138803 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138803 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc3a0001000110000 > [18/Jan/2016:09:28:01 -0800] conn=29631 op=14 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=ntp)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType usercertificate;binary" > [18/Jan/2016:09:28:01 -0800] conn=29631 op=14 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138804 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138804 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc3a0001100110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138805 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138805 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc543000d00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138806 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138806 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc6a5000f00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138807 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138807 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc6a5001000110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138808 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138808 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc80d001000110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138809 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138809 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc943000800110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138810 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138810 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cca94000e00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138811 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138811 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccc35001000110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138812 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138812 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccc35001100110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138813 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138813 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccd8a000600110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138814 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138814 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccec0000c00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138815 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138815 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccec0000d00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138816 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138816 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd040000700110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138817 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138817 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd040000800110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138818 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138818 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd185001200110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138819 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138819 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd33d000700110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138820 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138820 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd493000400110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138821 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138821 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd5ed000d00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138822 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138822 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd749000900110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138823 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138823 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd893000500110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138824 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138824 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cda30001600110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138825 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138825 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cda30001700110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138826 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138826 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdb92000a00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138827 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138827 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdcdc000500110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138828 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138828 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cde51000a00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138829 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138829 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdfab000f00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138830 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138830 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce157000700110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138831 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138831 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce2f5001000110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138832 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138832 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce2f5001100110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138833 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138833 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce42d000900110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138834 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138834 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce585000f00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138835 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138835 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce6cf003500110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138836 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138836 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce6cf003600110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138837 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138837 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce860000900110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138838 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138838 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce9ce000900110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138839 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138839 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ceaf9002400110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138840 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138840 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cec51002100110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138841 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138841 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cedb6000900110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138842 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138842 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cedb6000a00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138843 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138843 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cef2a000500110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138844 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138844 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf0af000800110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138845 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138845 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf1cc000c00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138846 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138846 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf1cc000d00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138847 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138847 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf359002000110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138848 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138848 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf4b4000700110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138849 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138849 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf4b4000800110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138850 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138850 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf625000a00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138851 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138851 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf625000b00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138852 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138852 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf7ba000500110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138853 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138853 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf8d4000a00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138854 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138854 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfa64001d00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138855 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138855 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfbb2000800110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138856 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138856 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfd39000700110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138857 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138857 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfed1000a00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138858 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138858 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cffea001000110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138859 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138859 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d018b000600110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138860 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138860 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d02cf001c00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138861 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138861 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d02cf001d00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138862 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138862 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0489001300110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138863 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138863 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d061e000a00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138864 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138864 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0792000200110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138865 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138865 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d092f001500110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138866 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138866 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d092f001600110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138867 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138867 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0a69000800110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138868 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138868 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0c05001200110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138869 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138869 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0d5b001600110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138870 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138870 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0f13000f00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138871 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138871 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0f13001000110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138872 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138872 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1087000b00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138873 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138873 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d121d000500110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138874 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138874 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d13a4001200110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138875 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138875 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d14d5000500110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138876 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138876 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1693000300110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138877 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138877 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d17c4000c00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138878 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138878 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d17c4000d00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138879 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138879 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d194d000900110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138880 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138880 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1add000400110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138881 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138881 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1bef000500110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138882 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138882 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1d9b000500110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138883 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138883 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1edb000900110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138884 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138884 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d206f000600110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138885 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138885 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d21f1000a00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138886 ADD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138886 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d220b000500110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138887 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138887 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000600110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138888 MOD dn="idnsname=0.21.10.in-addr.arpa.,cn=dns,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138888 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000700110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138889 ADD dn="idnsName=98,idnsname=0.21.10.in-addr.arpa.,cn=dns,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138889 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d220b000800110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138890 MOD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138890 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000c000f0000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138891 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138891 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000f00110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138892 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138892 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001000110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138893 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138893 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001100110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138894 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138894 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001200110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138895 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138895 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001300110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138896 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138896 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001400110000 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138897 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138897 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001500110000 > [18/Jan/2016:09:28:01 -0800] conn=29626 op=10 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey" > [18/Jan/2016:09:28:01 -0800] conn=29626 op=10 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:01 -0800] conn=29626 op=11 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey" > [18/Jan/2016:09:28:01 -0800] conn=29626 op=11 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138898 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138898 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138899 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138899 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138900 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:01 -0800] conn=28024 op=138900 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:01 -0800] conn=29377 op=134 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType" > [18/Jan/2016:09:28:01 -0800] conn=29377 op=134 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:01 -0800] conn=29377 op=135 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType" > [18/Jan/2016:09:28:01 -0800] conn=29377 op=135 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:01 -0800] conn=74 op=256 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=74 op=256 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001d00100000 > [18/Jan/2016:09:28:02 -0800] conn=29632 fd=209 slot=209 connection from 10.178.39.50 to 10.178.0.99 > [18/Jan/2016:09:28:02 -0800] conn=29632 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" > [18/Jan/2016:09:28:02 -0800] conn=29632 op=0 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=12 op=76472 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/pres1-msg-msgqa1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/pres1-msg-msgqa1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:02 -0800] conn=12 op=76473 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:02 -0800] conn=12 op=76472 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=12 op=76473 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=12 op=76474 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:02 -0800] conn=12 op=76475 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:28:02 -0800] conn=12 op=76474 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=12 op=76475 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=12 op=76476 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/pres1-msg-msgqa1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/pres1-msg-msgqa1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:02 -0800] conn=12 op=76477 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:02 -0800] conn=12 op=76476 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=12 op=76477 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=12 op=76478 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:02 -0800] conn=12 op=76478 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=12 op=76479 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:28:02 -0800] conn=12 op=76479 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=12 op=76480 SRCH base="fqdn=pres1-msg-msgqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:28:02 -0800] conn=12 op=76480 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=12 op=76481 SRCH base="cn=pres1-msg-msgqa1-nvan.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:02 -0800] conn=12 op=76481 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=12 op=76482 MOD dn="fqdn=pres1-msg-msgqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:02 -0800] conn=12 op=76482 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001e00100000 > [18/Jan/2016:09:28:02 -0800] conn=12 op=76483 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:02 -0800] conn=12 op=76483 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=12 op=76484 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:02 -0800] conn=12 op=76485 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:02 -0800] conn=12 op=76484 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=12 op=76485 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=12 op=76486 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/pres1-msg-msgqa1-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:02 -0800] conn=12 op=76487 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:02 -0800] conn=12 op=76486 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=12 op=76487 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=29632 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:02 -0800] conn=29632 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:02 -0800] conn=29632 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:02 -0800] conn=29632 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:02 -0800] conn=29632 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:02 -0800] conn=29632 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=pres1-msg-msgqa1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:02 -0800] conn=29632 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2)(!(entryusn=2)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=pres1-msg-msgqa1-nvan.mydomain.net)(sudoHost=pres1-msg-msgqa1-nvan)(sudoHost=10.178.39.50)(sudoHost=10.178.0.0/16)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" > [18/Jan/2016:09:28:02 -0800] conn=29632 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 > [18/Jan/2016:09:28:02 -0800] conn=29633 fd=272 slot=272 connection from 10.21.0.65 to 10.178.0.99 > [18/Jan/2016:09:28:02 -0800] conn=29633 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" > [18/Jan/2016:09:28:02 -0800] conn=29633 op=0 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=8 op=67970 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/centos65.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/centos65.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:02 -0800] conn=8 op=67970 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=8 op=67971 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:02 -0800] conn=8 op=67971 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=8 op=67972 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:02 -0800] conn=8 op=67972 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=8 op=67973 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:28:02 -0800] conn=8 op=67973 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=8 op=67974 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/centos65.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/centos65.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:02 -0800] conn=8 op=67974 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=8 op=67975 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:02 -0800] conn=8 op=67975 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=8 op=67976 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:02 -0800] conn=8 op=67976 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=8 op=67977 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:28:02 -0800] conn=8 op=67977 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=8 op=67978 SRCH base="fqdn=centos65.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:28:02 -0800] conn=8 op=67978 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=8 op=67979 SRCH base="cn=centos65.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:02 -0800] conn=8 op=67979 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=8 op=67980 MOD dn="fqdn=centos65.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:02 -0800] conn=8 op=67980 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d000e00100000 > [18/Jan/2016:09:28:02 -0800] conn=5 op=87334 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:02 -0800] conn=5 op=87334 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=5 op=87335 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:02 -0800] conn=5 op=87335 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=5 op=87336 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:02 -0800] conn=5 op=87336 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=5 op=87337 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/centos65.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:02 -0800] conn=5 op=87337 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=5 op=87338 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:02 -0800] conn=5 op=87338 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=29633 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:02 -0800] conn=29633 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:02 -0800] conn=29633 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:02 -0800] conn=29633 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:02 -0800] conn=29633 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:02 -0800] conn=29633 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=centos65.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:02 -0800] conn=29633 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2)(!(entryusn=2)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=centos65.mydomain.net)(sudoHost=centos65)(sudoHost=10.21.0.65)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:feb7:3942)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" > [18/Jan/2016:09:28:02 -0800] conn=29633 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 > [18/Jan/2016:09:28:02 -0800] conn=74 op=257 MOD dn="idnsname=0.21.10.in-addr.arpa.,cn=dns,dc=mydomain,dc=net" > [18/Jan/2016:09:28:02 -0800] conn=74 op=257 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d001200100000 > [18/Jan/2016:09:28:02 -0800] conn=74 op=258 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" > [18/Jan/2016:09:28:02 -0800] conn=74 op=258 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d001400100000 > [18/Jan/2016:09:28:02 -0800] conn=74 op=259 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" > [18/Jan/2016:09:28:02 -0800] conn=74 op=259 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d001500100000 > [18/Jan/2016:09:28:02 -0800] conn=74 op=260 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" > [18/Jan/2016:09:28:02 -0800] conn=74 op=260 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d001700100000 > [18/Jan/2016:09:28:02 -0800] conn=74 op=261 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" > [18/Jan/2016:09:28:02 -0800] conn=74 op=261 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d001900100000 > [18/Jan/2016:09:28:02 -0800] conn=74 op=262 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" > [18/Jan/2016:09:28:02 -0800] conn=74 op=262 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d001c00100000 > [18/Jan/2016:09:28:02 -0800] conn=74 op=263 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" > [18/Jan/2016:09:28:02 -0800] conn=74 op=263 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d001d00100000 > [18/Jan/2016:09:28:02 -0800] conn=8852 op=29424 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:02 -0800] conn=8852 op=29424 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=8852 op=29425 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:02 -0800] conn=8852 op=29425 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=28024 op=138901 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:04 -0800] conn=28024 op=138901 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=28024 op=138902 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:04 -0800] conn=28024 op=138902 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=28024 op=138903 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:04 -0800] conn=28024 op=138903 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=28024 op=138904 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:04 -0800] conn=28024 op=138904 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=8852 op=29426 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:04 -0800] conn=8852 op=29426 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=8852 op=29427 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:04 -0800] conn=8852 op=29427 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=8852 op=29428 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:04 -0800] conn=8852 op=29428 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=8852 op=29429 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:04 -0800] conn=8852 op=29429 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=4 op=60086 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:04 -0800] conn=4 op=60086 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=4 op=60087 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:04 -0800] conn=4 op=60087 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=4 op=60088 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:04 -0800] conn=4 op=60088 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=4 op=60089 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:28:04 -0800] conn=4 op=60089 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=5 op=87339 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:04 -0800] conn=5 op=87339 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=5 op=87340 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:04 -0800] conn=5 op=87340 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=5 op=87341 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:04 -0800] conn=5 op=87341 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=5 op=87342 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:28:04 -0800] conn=5 op=87342 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=5 op=87343 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:28:04 -0800] conn=5 op=87343 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=5 op=87344 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:04 -0800] conn=5 op=87344 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=5 op=87345 MOD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:04 -0800] conn=5 op=87345 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2210000600100000 > [18/Jan/2016:09:28:04 -0800] conn=29634 fd=298 slot=298 connection from 10.21.0.34 to 10.178.0.99 > [18/Jan/2016:09:28:04 -0800] conn=29634 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" > [18/Jan/2016:09:28:04 -0800] conn=29634 op=0 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=4 op=60090 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/zubincentos6vditest-ops-int-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/zubincentos6vditest-ops-int-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:04 -0800] conn=28024 op=138905 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:04 -0800] conn=28024 op=138905 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=4 op=60090 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=28024 op=138906 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:04 -0800] conn=28024 op=138906 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=29634 op=1 UNBIND > [18/Jan/2016:09:28:04 -0800] conn=29634 op=1 fd=298 closed - U1 > [18/Jan/2016:09:28:04 -0800] conn=28024 op=138907 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:04 -0800] conn=28024 op=138907 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=29635 fd=298 slot=298 connection from 10.21.0.34 to 10.178.0.99 > [18/Jan/2016:09:28:04 -0800] conn=29635 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" > [18/Jan/2016:09:28:04 -0800] conn=29635 op=0 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=28024 op=138908 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:04 -0800] conn=28024 op=138908 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=5 op=87346 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/zubincentos6vditest-ops-int-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/zubincentos6vditest-ops-int-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:04 -0800] conn=5 op=87346 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=29635 op=1 UNBIND > [18/Jan/2016:09:28:04 -0800] conn=29635 op=1 fd=298 closed - U1 > [18/Jan/2016:09:28:05 -0800] conn=28024 op=138909 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:05 -0800] conn=28024 op=138909 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:05 -0800] conn=28024 op=138910 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:05 -0800] conn=28024 op=138910 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:05 -0800] conn=28024 op=138911 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:05 -0800] conn=28024 op=138911 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:05 -0800] conn=28024 op=138912 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:05 -0800] conn=28024 op=138912 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:06 -0800] conn=12 op=76488 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:06 -0800] conn=12 op=76488 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:06 -0800] conn=12 op=76489 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:06 -0800] conn=12 op=76489 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:06 -0800] conn=12 op=76490 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:06 -0800] conn=12 op=76490 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:06 -0800] conn=12 op=76491 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:06 -0800] conn=12 op=76491 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:06 -0800] conn=12 op=76492 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:06 -0800] conn=12 op=76492 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:06 -0800] conn=8852 op=29430 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:06 -0800] conn=8852 op=29430 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:06 -0800] conn=8852 op=29431 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:06 -0800] conn=8852 op=29431 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:06 -0800] conn=8852 op=29432 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:06 -0800] conn=8852 op=29432 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:06 -0800] conn=8852 op=29433 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:06 -0800] conn=8852 op=29433 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:06 -0800] conn=8852 op=29434 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:06 -0800] conn=8852 op=29434 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:06 -0800] conn=8852 op=29435 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:06 -0800] conn=8852 op=29435 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:06 -0800] conn=29626 op=12 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey" > [18/Jan/2016:09:28:06 -0800] conn=29626 op=12 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:06 -0800] conn=29626 op=13 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey" > [18/Jan/2016:09:28:06 -0800] conn=29626 op=13 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:06 -0800] conn=29626 op=14 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey" > [18/Jan/2016:09:28:06 -0800] conn=29626 op=14 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:06 -0800] conn=29626 op=15 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey" > [18/Jan/2016:09:28:06 -0800] conn=29626 op=15 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:06 -0800] conn=24917 op=559 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(gidNumber=10002)(objectClass=posixGroup)(cn=*)(&(gidNumber=*)(!(gidNumber=0))))" attrs="objectClass cn userPassword gidNumber member nsUniqueId modifyTimestamp entryusn" > [18/Jan/2016:09:28:06 -0800] conn=24917 op=559 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:06 -0800] conn=8852 op=29436 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:06 -0800] conn=8852 op=29436 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:06 -0800] conn=8852 op=29437 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:06 -0800] conn=8852 op=29437 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=29472 op=90 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(ipServicePort=44047)(ipServiceProtocol=tcp)(objectClass=ipService))" attrs="objectClass cn ipServicePort ipServiceProtocol entryusn" > [18/Jan/2016:09:28:07 -0800] conn=29472 op=90 RESULT err=0 tag=101 nentries=0 etime=0 notes=U > [18/Jan/2016:09:28:07 -0800] conn=12 op=76493 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:07 -0800] conn=12 op=76493 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=12 op=76494 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:07 -0800] conn=12 op=76494 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=12 op=76495 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:07 -0800] conn=12 op=76495 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=12 op=76496 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:07 -0800] conn=12 op=76496 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=12 op=76497 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:07 -0800] conn=12 op=76497 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=8852 op=29438 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:07 -0800] conn=8852 op=29438 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=8852 op=29439 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:07 -0800] conn=8852 op=29439 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=8852 op=29440 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:07 -0800] conn=8852 op=29440 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=8852 op=29441 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:07 -0800] conn=8852 op=29441 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=12 op=76498 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:07 -0800] conn=12 op=76498 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=12 op=76499 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:07 -0800] conn=12 op=76499 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=12 op=76500 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:07 -0800] conn=12 op=76500 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=12 op=76501 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:28:07 -0800] conn=12 op=76501 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=8 op=67981 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:07 -0800] conn=8 op=67981 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=8 op=67982 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:07 -0800] conn=8 op=67982 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=8 op=67983 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:07 -0800] conn=8 op=67983 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=8 op=67984 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:28:07 -0800] conn=8 op=67984 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=8 op=67985 SRCH base="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:28:07 -0800] conn=8 op=67985 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=8 op=67986 MOD dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:07 -0800] conn=8 op=67986 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2213000400100000 > [18/Jan/2016:09:28:07 -0800] conn=5 op=87347 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:07 -0800] conn=5 op=87347 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=5 op=87348 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:07 -0800] conn=5 op=87348 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=5 op=87349 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:07 -0800] conn=5 op=87349 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=5 op=87350 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:07 -0800] conn=5 op=87350 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=5 op=87351 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:07 -0800] conn=5 op=87351 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:08 -0800] conn=29377 op=136 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType" > [18/Jan/2016:09:28:08 -0800] conn=29377 op=136 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:08 -0800] conn=29377 op=137 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType" > [18/Jan/2016:09:28:08 -0800] conn=29377 op=137 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:08 -0800] conn=29377 op=138 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType" > [18/Jan/2016:09:28:08 -0800] conn=29377 op=138 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:08 -0800] conn=29377 op=139 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType" > [18/Jan/2016:09:28:08 -0800] conn=29377 op=139 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:10 -0800] conn=8852 op=29442 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:10 -0800] conn=8852 op=29442 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:10 -0800] conn=8852 op=29443 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:10 -0800] conn=8852 op=29443 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:10 -0800] conn=8852 op=29444 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:10 -0800] conn=8852 op=29444 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:10 -0800] conn=8852 op=29445 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:10 -0800] conn=8852 op=29445 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:10 -0800] conn=8852 op=29446 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:10 -0800] conn=8852 op=29446 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:10 -0800] conn=8852 op=29447 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:10 -0800] conn=8852 op=29447 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:10 -0800] conn=29369 op=5 UNBIND > [18/Jan/2016:09:28:10 -0800] conn=29369 op=5 fd=119 closed - U1 > [18/Jan/2016:09:28:11 -0800] conn=29636 fd=119 slot=119 connection from 10.21.12.10 to 10.178.0.99 > [18/Jan/2016:09:28:11 -0800] conn=29636 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS" > [18/Jan/2016:09:28:11 -0800] conn=29636 op=0 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:11 -0800] conn=29636 op=-1 fd=119 closed - Peer reports failure of signature verification or key exchange. > [18/Jan/2016:09:28:11 -0800] conn=28024 op=138913 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:11 -0800] conn=28024 op=138913 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:11 -0800] conn=28024 op=138914 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:11 -0800] conn=28024 op=138914 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:11 -0800] conn=28024 op=138915 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:11 -0800] conn=28024 op=138915 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:11 -0800] conn=28024 op=138916 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:11 -0800] conn=28024 op=138916 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:11 -0800] conn=29370 op=5 UNBIND > [18/Jan/2016:09:28:11 -0800] conn=29370 op=5 fd=166 closed - U1 > [18/Jan/2016:09:28:11 -0800] conn=29377 op=140 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType" > [18/Jan/2016:09:28:11 -0800] conn=29377 op=140 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:11 -0800] conn=29377 op=141 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType" > [18/Jan/2016:09:28:11 -0800] conn=29377 op=141 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:12 -0800] conn=29377 op=142 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType" > [18/Jan/2016:09:28:12 -0800] conn=29377 op=142 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:12 -0800] conn=29377 op=143 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType" > [18/Jan/2016:09:28:12 -0800] conn=29377 op=143 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:12 -0800] conn=29377 op=144 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType" > [18/Jan/2016:09:28:12 -0800] conn=29377 op=144 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:12 -0800] conn=29377 op=145 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType" > [18/Jan/2016:09:28:12 -0800] conn=29377 op=145 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:12 -0800] conn=8852 op=29448 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:12 -0800] conn=8852 op=29448 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:12 -0800] conn=8852 op=29449 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:12 -0800] conn=8852 op=29449 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:12 -0800] conn=8852 op=29450 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:12 -0800] conn=8852 op=29450 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:12 -0800] conn=8852 op=29451 MOD dn="cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:12 -0800] conn=8852 op=29451 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22180003000f0000 > [18/Jan/2016:09:28:12 -0800] conn=28024 op=138917 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:12 -0800] conn=28024 op=138917 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:12 -0800] conn=24917 op=560 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(gidNumber=10002)(objectClass=posixGroup)(cn=*)(&(gidNumber=*)(!(gidNumber=0))))" attrs="objectClass cn userPassword gidNumber member nsUniqueId modifyTimestamp entryusn" > [18/Jan/2016:09:28:12 -0800] conn=24917 op=560 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:13 -0800] conn=12 op=76502 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:13 -0800] conn=29472 op=91 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(ipServicePort=44048)(ipServiceProtocol=tcp)(objectClass=ipService))" attrs="objectClass cn ipServicePort ipServiceProtocol entryusn" > [18/Jan/2016:09:28:13 -0800] conn=29472 op=91 RESULT err=0 tag=101 nentries=0 etime=0 notes=U > [18/Jan/2016:09:28:13 -0800] conn=12 op=76502 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:13 -0800] conn=12 op=76503 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:13 -0800] conn=12 op=76503 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:13 -0800] conn=12 op=76504 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:13 -0800] conn=12 op=76504 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:13 -0800] conn=12 op=76505 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:28:13 -0800] conn=12 op=76505 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:13 -0800] conn=12 op=76506 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:13 -0800] conn=12 op=76506 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:13 -0800] conn=12 op=76507 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:13 -0800] conn=12 op=76507 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:13 -0800] conn=12 op=76508 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:13 -0800] conn=12 op=76508 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:13 -0800] conn=12 op=76509 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:28:13 -0800] conn=12 op=76509 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:13 -0800] conn=12 op=76510 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:28:13 -0800] conn=12 op=76510 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:13 -0800] conn=12 op=76511 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:13 -0800] conn=12 op=76511 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:13 -0800] conn=12 op=76512 MOD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:13 -0800] conn=12 op=76512 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2218000a00100000 > [18/Jan/2016:09:28:13 -0800] conn=12 op=76513 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:13 -0800] conn=12 op=76513 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:13 -0800] conn=12 op=76514 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:13 -0800] conn=12 op=76514 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:13 -0800] conn=12 op=76515 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:13 -0800] conn=12 op=76515 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:13 -0800] conn=12 op=76516 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:13 -0800] conn=12 op=76516 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:13 -0800] conn=12 op=76517 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:13 -0800] conn=12 op=76517 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:14 -0800] conn=8852 op=29452 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:14 -0800] conn=8852 op=29452 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:14 -0800] conn=8852 op=29453 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:14 -0800] conn=8852 op=29453 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:14 -0800] conn=8852 op=29454 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:14 -0800] conn=8852 op=29454 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:15 -0800] conn=8852 op=29455 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:15 -0800] conn=8852 op=29455 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:15 -0800] conn=8852 op=29456 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:15 -0800] conn=8852 op=29456 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:15 -0800] conn=8852 op=29457 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:15 -0800] conn=8852 op=29457 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:15 -0800] conn=8852 op=29458 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:15 -0800] conn=8852 op=29458 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:15 -0800] conn=29631 op=15 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=ntp)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType usercertificate;binary" > [18/Jan/2016:09:28:15 -0800] conn=29631 op=15 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:15 -0800] conn=24917 op=561 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(gidNumber=10002)(objectClass=posixGroup)(cn=*)(&(gidNumber=*)(!(gidNumber=0))))" attrs="objectClass cn userPassword gidNumber member nsUniqueId modifyTimestamp entryusn" > [18/Jan/2016:09:28:15 -0800] conn=24917 op=561 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:15 -0800] conn=29371 op=5 UNBIND > [18/Jan/2016:09:28:15 -0800] conn=29371 op=5 fd=217 closed - U1 > [18/Jan/2016:09:28:16 -0800] conn=8852 op=29459 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:16 -0800] conn=8852 op=29459 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:16 -0800] conn=8852 op=29460 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:16 -0800] conn=8852 op=29460 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:16 -0800] conn=8852 op=29461 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:16 -0800] conn=8852 op=29461 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:16 -0800] conn=8852 op=29462 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:16 -0800] conn=8852 op=29462 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:16 -0800] conn=24917 op=562 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(gidNumber=10002)(objectClass=posixGroup)(cn=*)(&(gidNumber=*)(!(gidNumber=0))))" attrs="objectClass cn userPassword gidNumber member nsUniqueId modifyTimestamp entryusn" > [18/Jan/2016:09:28:16 -0800] conn=24917 op=562 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:16 -0800] conn=24917 op=563 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(gidNumber=10002)(objectClass=posixGroup)(cn=*)(&(gidNumber=*)(!(gidNumber=0))))" attrs="objectClass cn userPassword gidNumber member nsUniqueId modifyTimestamp entryusn" > [18/Jan/2016:09:28:16 -0800] conn=24917 op=563 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:16 -0800] conn=28024 op=138918 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:16 -0800] conn=28024 op=138918 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:16 -0800] conn=28024 op=138919 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:16 -0800] conn=28024 op=138919 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:16 -0800] conn=29372 op=5 UNBIND > [18/Jan/2016:09:28:16 -0800] conn=29372 op=5 fd=264 closed - U1 > [18/Jan/2016:09:28:16 -0800] conn=29373 op=5 UNBIND > [18/Jan/2016:09:28:16 -0800] conn=29373 op=5 fd=265 closed - U1 > [18/Jan/2016:09:28:17 -0800] conn=29637 fd=119 slot=119 connection from 10.21.5.100 to 10.178.0.99 > [18/Jan/2016:09:28:17 -0800] conn=29637 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" > [18/Jan/2016:09:28:17 -0800] conn=29637 op=0 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:17 -0800] conn=5 op=87352 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/fe1-gas-msgci1-van.login.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/fe1-gas-msgci1-van.login.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:17 -0800] conn=5 op=87352 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:17 -0800] conn=5 op=87353 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:17 -0800] conn=5 op=87353 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:17 -0800] conn=5 op=87354 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:17 -0800] conn=5 op=87354 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:17 -0800] conn=5 op=87355 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:28:17 -0800] conn=5 op=87355 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:17 -0800] conn=5 op=87356 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/fe1-gas-msgci1-van.login.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/fe1-gas-msgci1-van.login.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:17 -0800] conn=5 op=87356 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:17 -0800] conn=5 op=87357 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:17 -0800] conn=5 op=87357 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:17 -0800] conn=5 op=87358 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:17 -0800] conn=5 op=87358 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:17 -0800] conn=5 op=87359 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:28:17 -0800] conn=5 op=87359 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:17 -0800] conn=5 op=87360 SRCH base="fqdn=fe1-gas-msgci1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:28:17 -0800] conn=5 op=87360 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:17 -0800] conn=5 op=87361 SRCH base="cn=fe1-gas-msgci1-van.login.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:17 -0800] conn=5 op=87361 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:17 -0800] conn=5 op=87362 MOD dn="fqdn=fe1-gas-msgci1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:17 -0800] conn=5 op=87362 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d221c000600100000 > [18/Jan/2016:09:28:17 -0800] conn=5 op=87363 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:17 -0800] conn=5 op=87363 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:17 -0800] conn=5 op=87364 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:17 -0800] conn=5 op=87364 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:17 -0800] conn=5 op=87365 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:17 -0800] conn=5 op=87365 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:17 -0800] conn=5 op=87366 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/fe1-gas-msgci1-van.login.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:17 -0800] conn=5 op=87366 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:17 -0800] conn=5 op=87367 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:17 -0800] conn=5 op=87367 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:17 -0800] conn=29637 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:17 -0800] conn=29637 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:17 -0800] conn=29637 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:17 -0800] conn=29637 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:17 -0800] conn=29637 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:17 -0800] conn=29637 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=fe1-gas-msgci1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:17 -0800] conn=29637 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2)(!(entryusn=2)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=fe1-gas-msgci1-van.login.mydomain.net)(sudoHost=fe1-gas-msgci1-van)(sudoHost=10.21.5.100)(sudoHost=10.21.0.0/16)(sudoHost=fe80::226:55ff:fe22:6572)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" > [18/Jan/2016:09:28:17 -0800] conn=29637 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 > [18/Jan/2016:09:28:17 -0800] conn=28024 op=138920 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:17 -0800] conn=28024 op=138920 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:17 -0800] conn=28024 op=138921 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:17 -0800] conn=28024 op=138921 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:17 -0800] conn=28024 op=138922 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:17 -0800] conn=28024 op=138922 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:17 -0800] conn=28024 op=138923 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:17 -0800] conn=28024 op=138923 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:18 -0800] conn=29638 fd=166 slot=166 connection from 10.21.28.70 to 10.178.0.99 > [18/Jan/2016:09:28:18 -0800] conn=29638 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" > [18/Jan/2016:09:28:18 -0800] conn=29638 op=0 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:18 -0800] conn=12 op=76518 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/all-mre-masnap1-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/all-mre-masnap1-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:18 -0800] conn=12 op=76518 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:18 -0800] conn=12 op=76519 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:18 -0800] conn=12 op=76519 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:18 -0800] conn=12 op=76520 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:18 -0800] conn=12 op=76520 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:18 -0800] conn=12 op=76521 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:28:18 -0800] conn=12 op=76521 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:18 -0800] conn=5 op=87368 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/all-mre-masnap1-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/all-mre-masnap1-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:18 -0800] conn=5 op=87368 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:18 -0800] conn=5 op=87369 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:18 -0800] conn=5 op=87369 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:18 -0800] conn=5 op=87370 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:18 -0800] conn=5 op=87370 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:18 -0800] conn=5 op=87371 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:28:18 -0800] conn=5 op=87371 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:18 -0800] conn=5 op=87372 SRCH base="fqdn=all-mre-masnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:28:18 -0800] conn=5 op=87372 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:18 -0800] conn=5 op=87373 SRCH base="cn=all-mre-masnap1-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:18 -0800] conn=5 op=87373 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:18 -0800] conn=5 op=87374 MOD dn="fqdn=all-mre-masnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:18 -0800] conn=5 op=87374 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d221c001100100000 > [18/Jan/2016:09:28:18 -0800] conn=5 op=87375 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:18 -0800] conn=5 op=87375 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:18 -0800] conn=5 op=87376 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:18 -0800] conn=5 op=87376 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:18 -0800] conn=5 op=87377 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:18 -0800] conn=5 op=87377 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:18 -0800] conn=5 op=87378 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/all-mre-masnap1-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:18 -0800] conn=29639 fd=217 slot=217 connection from 10.21.5.241 to 10.178.0.99 > [18/Jan/2016:09:28:18 -0800] conn=29639 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" > [18/Jan/2016:09:28:18 -0800] conn=5 op=87378 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:18 -0800] conn=29639 op=0 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:18 -0800] conn=5 op=87379 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:18 -0800] conn=5 op=87379 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:18 -0800] conn=29638 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:18 -0800] conn=29638 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:18 -0800] conn=29639 op=1 UNBIND > [18/Jan/2016:09:28:18 -0800] conn=29639 op=1 fd=217 closed - U1 > [18/Jan/2016:09:28:18 -0800] conn=29638 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:18 -0800] conn=29638 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:18 -0800] conn=29638 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:18 -0800] conn=29638 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=all-mre-masnap1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:18 -0800] conn=29638 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2)(!(entryusn=2)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=all-mre-masnap1-van.mydomain.net)(sudoHost=all-mre-masnap1-van)(sudoHost=10.21.28.70)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:2935)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" > [18/Jan/2016:09:28:18 -0800] conn=29638 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 > [18/Jan/2016:09:28:19 -0800] conn=24917 op=564 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(gidNumber=10002)(objectClass=posixGroup)(cn=*)(&(gidNumber=*)(!(gidNumber=0))))" attrs="objectClass cn userPassword gidNumber member nsUniqueId modifyTimestamp entryusn" > [18/Jan/2016:09:28:19 -0800] conn=24917 op=564 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:19 -0800] conn=29472 op=92 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(ipServicePort=44049)(ipServiceProtocol=tcp)(objectClass=ipService))" attrs="objectClass cn ipServicePort ipServiceProtocol entryusn" > [18/Jan/2016:09:28:19 -0800] conn=29472 op=92 RESULT err=0 tag=101 nentries=0 etime=0 notes=U > [18/Jan/2016:09:28:21 -0800] conn=28024 op=138924 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:21 -0800] conn=28024 op=138924 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:21 -0800] conn=28024 op=138925 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:21 -0800] conn=28024 op=138925 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:21 -0800] conn=28024 op=138926 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:21 -0800] conn=28024 op=138926 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:21 -0800] conn=28024 op=138927 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:21 -0800] conn=28024 op=138927 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=29640 fd=217 slot=217 connection from 10.21.8.64 to 10.178.0.99 > [18/Jan/2016:09:28:22 -0800] conn=29640 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" > [18/Jan/2016:09:28:22 -0800] conn=29640 op=0 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=12 op=76522 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/van-test-conv4.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/van-test-conv4.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:22 -0800] conn=12 op=76522 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=12 op=76523 SRCH base="cn=ipaConfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaConfigString ipaKrbAuthzData ipaUserAuthType" > [18/Jan/2016:09:28:22 -0800] conn=12 op=76523 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=12 op=76524 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:22 -0800] conn=12 op=76524 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=12 op=76525 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:22 -0800] conn=12 op=76525 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=12 op=76526 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:28:22 -0800] conn=12 op=76526 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=5 op=87380 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/van-test-conv4.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/van-test-conv4.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:22 -0800] conn=5 op=87380 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=5 op=87381 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:22 -0800] conn=5 op=87381 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=5 op=87382 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:22 -0800] conn=5 op=87382 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=5 op=87383 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:28:22 -0800] conn=5 op=87383 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=5 op=87384 SRCH base="fqdn=van-test-conv4.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:28:22 -0800] conn=5 op=87384 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=5 op=87385 SRCH base="cn=van-test-conv4.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:22 -0800] conn=5 op=87385 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=5 op=87386 MOD dn="fqdn=van-test-conv4.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:22 -0800] conn=5 op=87386 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d221c001b00100000 > [18/Jan/2016:09:28:22 -0800] conn=4 op=60091 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:22 -0800] conn=4 op=60091 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=4 op=60092 SRCH base="cn=ipaConfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaConfigString ipaKrbAuthzData ipaUserAuthType" > [18/Jan/2016:09:28:22 -0800] conn=4 op=60092 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=4 op=60093 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:22 -0800] conn=4 op=60093 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=4 op=60094 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:22 -0800] conn=4 op=60094 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=4 op=60095 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/van-test-conv4.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:22 -0800] conn=4 op=60095 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=4 op=60096 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:22 -0800] conn=4 op=60096 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=29640 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:22 -0800] conn=29640 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:22 -0800] conn=29640 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:22 -0800] conn=29640 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:22 -0800] conn=29640 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:22 -0800] conn=29640 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=van-test-conv4.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:22 -0800] conn=29640 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2)(!(entryusn=2)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=van-test-conv4.mydomain.net)(sudoHost=van-test-conv4)(sudoHost=10.21.8.64)(sudoHost=10.21.0.0/16)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" > [18/Jan/2016:09:28:22 -0800] conn=29640 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 > [18/Jan/2016:09:28:22 -0800] conn=8852 op=29463 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:22 -0800] conn=8852 op=29463 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=8852 op=29464 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:22 -0800] conn=8852 op=29464 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=8852 op=29465 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:22 -0800] conn=8852 op=29465 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=8852 op=29466 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:22 -0800] conn=8852 op=29466 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=8852 op=29467 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:22 -0800] conn=8852 op=29467 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=8852 op=29468 ADD dn="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:22 -0800] conn=8852 op=29468 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d22220006000f0000 > [18/Jan/2016:09:28:22 -0800] conn=28024 op=138928 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:22 -0800] conn=28024 op=138928 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=29641 fd=264 slot=264 connection from 10.21.23.163 to 10.178.0.99 > [18/Jan/2016:09:28:22 -0800] conn=29641 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" > [18/Jan/2016:09:28:22 -0800] conn=29641 op=0 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=12 op=76527 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/report1-urs-cpqa1-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/report1-urs-cpqa1-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:22 -0800] conn=12 op=76527 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=12 op=76528 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:22 -0800] conn=12 op=76528 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=12 op=76529 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:23 -0800] conn=12 op=76530 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:28:23 -0800] conn=12 op=76529 RESULT err=0 tag=101 nentries=1 etime=1 > [18/Jan/2016:09:28:23 -0800] conn=12 op=76530 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=4 op=60097 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/report1-urs-cpqa1-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/report1-urs-cpqa1-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:23 -0800] conn=4 op=60097 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=4 op=60098 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:23 -0800] conn=4 op=60098 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=4 op=60099 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:23 -0800] conn=4 op=60099 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=4 op=60100 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:28:23 -0800] conn=4 op=60100 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=4 op=60101 SRCH base="fqdn=report1-urs-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:28:23 -0800] conn=4 op=60101 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=4 op=60102 SRCH base="cn=report1-urs-cpqa1-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:23 -0800] conn=4 op=60102 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=4 op=60103 MOD dn="fqdn=report1-urs-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:23 -0800] conn=4 op=60103 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2222000a00100000 > [18/Jan/2016:09:28:23 -0800] conn=5 op=87387 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:23 -0800] conn=5 op=87388 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:23 -0800] conn=5 op=87387 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=5 op=87389 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:23 -0800] conn=5 op=87388 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=5 op=87389 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=5 op=87390 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/report1-urs-cpqa1-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:23 -0800] conn=5 op=87391 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:23 -0800] conn=5 op=87391 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=5 op=87390 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=29641 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:23 -0800] conn=29641 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:23 -0800] conn=29641 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:23 -0800] conn=29641 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:23 -0800] conn=29641 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:23 -0800] conn=29641 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=report1-urs-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:23 -0800] conn=29641 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2)(!(entryusn=2)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=report1-urs-cpqa1-van.mydomain.net)(sudoHost=report1-urs-cpqa1-van)(sudoHost=10.21.23.163)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:5137)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" > [18/Jan/2016:09:28:23 -0800] conn=29641 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 > [18/Jan/2016:09:28:23 -0800] conn=8 op=67987 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:23 -0800] conn=8 op=67987 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=8 op=67988 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:23 -0800] conn=8 op=67989 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:23 -0800] conn=8 op=67988 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=8 op=67989 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=8 op=67990 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:28:23 -0800] conn=8 op=67990 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=4 op=60104 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:23 -0800] conn=4 op=60104 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=4 op=60105 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:23 -0800] conn=4 op=60105 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=4 op=60106 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:23 -0800] conn=4 op=60106 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=4 op=60107 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:28:23 -0800] conn=4 op=60107 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=4 op=60108 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:28:23 -0800] conn=4 op=60108 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=4 op=60109 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:23 -0800] conn=4 op=60109 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=4 op=60110 MOD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:23 -0800] conn=4 op=60110 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2222001100100000 > [18/Jan/2016:09:28:23 -0800] conn=29642 fd=265 slot=265 connection from 10.21.23.61 to 10.178.0.99 > [18/Jan/2016:09:28:23 -0800] conn=29642 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" > [18/Jan/2016:09:28:23 -0800] conn=29642 op=0 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=8 op=67991 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/fe1-sin-cpqa1-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/fe1-sin-cpqa1-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:23 -0800] conn=8 op=67991 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=8 op=67992 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:23 -0800] conn=8 op=67992 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=8 op=67993 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:23 -0800] conn=8 op=67993 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=8 op=67994 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:28:23 -0800] conn=8 op=67994 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=4 op=60111 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/fe1-sin-cpqa1-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/fe1-sin-cpqa1-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:23 -0800] conn=4 op=60111 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=4 op=60112 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:23 -0800] conn=4 op=60112 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=4 op=60113 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:23 -0800] conn=4 op=60113 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=4 op=60114 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:28:23 -0800] conn=4 op=60114 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=4 op=60115 SRCH base="fqdn=fe1-sin-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:28:23 -0800] conn=4 op=60115 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=4 op=60116 SRCH base="cn=fe1-sin-cpqa1-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:23 -0800] conn=4 op=60116 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=4 op=60117 MOD dn="fqdn=fe1-sin-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:23 -0800] conn=4 op=60117 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2222001200100000 > [18/Jan/2016:09:28:23 -0800] conn=4 op=60118 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:23 -0800] conn=4 op=60118 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=4 op=60119 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:23 -0800] conn=4 op=60119 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=4 op=60120 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:23 -0800] conn=4 op=60120 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=4 op=60121 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/fe1-sin-cpqa1-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:23 -0800] conn=4 op=60121 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=4 op=60122 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:23 -0800] conn=4 op=60122 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=29642 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:23 -0800] conn=29642 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:23 -0800] conn=29642 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:23 -0800] conn=29642 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:23 -0800] conn=4 op=60123 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:23 -0800] conn=29642 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:23 -0800] conn=4 op=60123 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=4 op=60124 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:23 -0800] conn=29642 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=fe1-sin-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:23 -0800] conn=29642 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2)(!(entryusn=2)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=fe1-sin-cpqa1-van.mydomain.net)(sudoHost=fe1-sin-cpqa1-van)(sudoHost=10.21.23.61)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:6)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" > [18/Jan/2016:09:28:23 -0800] conn=29642 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 > [18/Jan/2016:09:28:23 -0800] conn=4 op=60124 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=4 op=60125 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:23 -0800] conn=4 op=60125 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=4 op=60126 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:23 -0800] conn=4 op=60126 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=4 op=60127 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:23 -0800] conn=4 op=60127 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=5 op=87392 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:23 -0800] conn=5 op=87392 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=5 op=87393 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:23 -0800] conn=5 op=87393 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=5 op=87394 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:23 -0800] conn=5 op=87394 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=5 op=87395 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:23 -0800] conn=5 op=87395 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=24917 op=565 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(gidNumber=10002)(objectClass=posixGroup)(cn=*)(&(gidNumber=*)(!(gidNumber=0))))" attrs="objectClass cn userPassword gidNumber member nsUniqueId modifyTimestamp entryusn" > [18/Jan/2016:09:28:23 -0800] conn=24917 op=565 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=29643 fd=298 slot=298 connection from 10.178.0.98 to 10.178.0.99 > [18/Jan/2016:09:28:23 -0800] conn=29643 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:23 -0800] conn=29643 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:23 -0800] conn=29643 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:23 -0800] conn=29643 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:23 -0800] conn=29643 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:23 -0800] conn=29643 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="krbprincipalname=ldap/dc2-ipa-dev-nvan.mydomain.net at mydomain.net,cn=services,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:23 -0800] conn=29643 op=3 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension" > [18/Jan/2016:09:28:23 -0800] conn=29643 op=3 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=29643 op=4 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension" > [18/Jan/2016:09:28:23 -0800] conn=29643 op=4 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=29643 op=5 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:23 -0800] conn=29643 op=5 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=29643 op=6 ADD dn="cn=99990009,ou=ca,ou=requests,o=ipaca" > [18/Jan/2016:09:28:23 -0800] conn=29643 op=6 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d2323000004470000 > [18/Jan/2016:09:28:23 -0800] conn=29643 op=7 ADD dn="cn=2684289033,ou=certificateRepository,ou=ca,o=ipaca" > [18/Jan/2016:09:28:23 -0800] conn=29643 op=7 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d2323000104470000 > [18/Jan/2016:09:28:23 -0800] conn=29644 fd=315 slot=315 connection from 10.21.0.99 to 10.178.0.99 > [18/Jan/2016:09:28:23 -0800] conn=29644 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:28 -0800] conn=29643 op=8 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:28 -0800] conn=29546 op=6 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=mapred)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey" > [18/Jan/2016:09:28:28 -0800] conn=29546 op=6 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:28 -0800] conn=29472 op=93 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(ipServicePort=44050)(ipServiceProtocol=tcp)(objectClass=ipService))" attrs="objectClass cn ipServicePort ipServiceProtocol entryusn" > [18/Jan/2016:09:28:28 -0800] conn=29472 op=93 RESULT err=0 tag=101 nentries=0 etime=0 notes=U > [18/Jan/2016:09:28:28 -0800] conn=28024 op=138929 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:28 -0800] conn=8852 op=29469 MOD dn="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:28 -0800] conn=28024 op=138929 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:28 -0800] conn=29644 op=0 RESULT err=14 tag=97 nentries=0 etime=5, SASL bind in progress > [18/Jan/2016:09:28:28 -0800] conn=29643 op=8 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:28 -0800] conn=29644 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:28 -0800] conn=29644 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:28 -0800] conn=8852 op=29469 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2222000c000f0000 > [18/Jan/2016:09:28:28 -0800] conn=8852 op=29470 MOD dn="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:28 -0800] conn=29644 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:28 -0800] conn=29644 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="krbprincipalname=ldap/dc1-ipa-dev-van.mydomain.net at mydomain.net,cn=services,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:28 -0800] conn=8852 op=29470 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2222000d000f0000 > [18/Jan/2016:09:28:28 -0800] conn=8852 op=29471 MOD dn="cn=repl keep alive 16,dc=mydomain,dc=net" > [18/Jan/2016:09:28:28 -0800] conn=8852 op=29471 RESULT err=0 tag=103 nentries=0 etime=0 > [18/Jan/2016:09:28:28 -0800] conn=29644 op=3 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension" > [18/Jan/2016:09:28:28 -0800] conn=29644 op=3 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:28 -0800] conn=8852 op=29472 MOD dn="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:28 -0800] conn=29644 op=4 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension" > [18/Jan/2016:09:28:28 -0800] conn=8852 op=29472 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22230001000f0000 > [18/Jan/2016:09:28:28 -0800] conn=29644 op=4 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:28 -0800] conn=29644 op=5 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:28 -0800] conn=29644 op=5 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:28 -0800] conn=29644 op=6 MOD dn="cn=99990009,ou=ca,ou=requests,o=ipaca" > [18/Jan/2016:09:28:28 -0800] conn=29644 op=6 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2323000304470000 > [18/Jan/2016:09:28:28 -0800] conn=29644 op=7 MOD dn="ou=ca,ou=requests,o=ipaca" > [18/Jan/2016:09:28:28 -0800] conn=29644 op=7 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2323000504470000 > [18/Jan/2016:09:28:28 -0800] conn=28024 op=138930 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:28 -0800] conn=28024 op=138930 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:28 -0800] conn=29644 op=8 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:28 -0800] conn=29644 op=8 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:28 -0800] conn=29644 op=9 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:28 -0800] conn=29644 op=9 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:28 -0800] conn=29644 op=10 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:28 -0800] conn=29644 op=10 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:28 -0800] conn=8852 op=29473 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:28 -0800] conn=8852 op=29473 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:28 -0800] conn=8852 op=29474 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:28 -0800] conn=8852 op=29474 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:28 -0800] conn=8852 op=29475 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:28 -0800] conn=8852 op=29475 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:28 -0800] conn=29643 op=9 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:28 -0800] conn=29643 op=9 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:28 -0800] conn=29643 op=10 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:28 -0800] conn=29643 op=10 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:30 -0800] conn=29546 op=7 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=spark)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey" > [18/Jan/2016:09:28:30 -0800] conn=29546 op=7 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:31 -0800] conn=28024 op=138931 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:31 -0800] conn=28024 op=138931 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:31 -0800] conn=28024 op=138932 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:31 -0800] conn=28024 op=138932 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:32 -0800] conn=8852 op=29476 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:32 -0800] conn=8852 op=29476 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:32 -0800] conn=8852 op=29477 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:32 -0800] conn=8852 op=29477 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:32 -0800] conn=28024 op=138933 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:32 -0800] conn=28024 op=138933 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:32 -0800] conn=28024 op=138934 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:32 -0800] conn=28024 op=138934 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:32 -0800] conn=28024 op=138935 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:32 -0800] conn=28024 op=138935 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:32 -0800] conn=28024 op=138936 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:32 -0800] conn=28024 op=138936 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:32 -0800] conn=8852 op=29478 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:32 -0800] conn=8852 op=29478 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:32 -0800] conn=8852 op=29479 MOD dn="cn=replication,cn=etc,dc=mydomain,dc=net" > [18/Jan/2016:09:28:32 -0800] conn=8852 op=29479 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d222c0007000f0000 > [18/Jan/2016:09:28:32 -0800] conn=28024 op=138937 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:32 -0800] conn=28024 op=138937 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:33 -0800] conn=29645 fd=314 slot=314 connection from 10.178.6.56 to 10.178.0.99 > [18/Jan/2016:09:28:33 -0800] conn=29645 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" > [18/Jan/2016:09:28:33 -0800] conn=29645 op=0 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:33 -0800] conn=5 op=87396 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:33 -0800] conn=5 op=87396 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:33 -0800] conn=29645 op=1 UNBIND > [18/Jan/2016:09:28:33 -0800] conn=29645 op=1 fd=314 closed - U1 > [18/Jan/2016:09:28:33 -0800] conn=29646 fd=314 slot=314 connection from 10.178.6.56 to 10.178.0.99 > [18/Jan/2016:09:28:33 -0800] conn=29646 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" > [18/Jan/2016:09:28:33 -0800] conn=29646 op=0 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:33 -0800] conn=5 op=87397 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:33 -0800] conn=5 op=87397 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:33 -0800] conn=29646 op=1 UNBIND > [18/Jan/2016:09:28:33 -0800] conn=29646 op=1 fd=314 closed - U1 > [18/Jan/2016:09:28:34 -0800] conn=29472 op=94 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(ipServicePort=44051)(ipServiceProtocol=tcp)(objectClass=ipService))" attrs="objectClass cn ipServicePort ipServiceProtocol entryusn" > [18/Jan/2016:09:28:34 -0800] conn=29472 op=94 RESULT err=0 tag=101 nentries=0 etime=0 notes=U > [18/Jan/2016:09:28:34 -0800] conn=29376 op=5 UNBIND > [18/Jan/2016:09:28:34 -0800] conn=29376 op=5 fd=218 closed - U1 > [18/Jan/2016:09:28:34 -0800] conn=8852 op=29480 MOD dn="cn=replication,cn=etc,dc=mydomain,dc=net" > [18/Jan/2016:09:28:34 -0800] conn=8852 op=29480 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d222d0000000f0000 > [18/Jan/2016:09:28:35 -0800] conn=8852 op=29481 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:35 -0800] conn=8852 op=29481 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:35 -0800] conn=8852 op=29482 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:35 -0800] conn=8852 op=29482 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:35 -0800] conn=8852 op=29483 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:35 -0800] conn=8852 op=29483 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:35 -0800] conn=29546 op=8 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2)(!(entryusn=2)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=van-test-conv2.mydomain.net)(sudoHost=van-test-conv2)(sudoHost=10.21.8.62)(sudoHost=10.21.0.0/16)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" > [18/Jan/2016:09:28:35 -0800] conn=29546 op=8 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 > [18/Jan/2016:09:28:36 -0800] conn=28024 op=138938 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:36 -0800] conn=28024 op=138938 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:36 -0800] conn=28024 op=138939 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:36 -0800] conn=28024 op=138939 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:37 -0800] conn=8852 op=29484 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:37 -0800] conn=8852 op=29484 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:37 -0800] conn=8852 op=29485 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:37 -0800] conn=8852 op=29485 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:37 -0800] conn=8852 op=29486 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:37 -0800] conn=8852 op=29486 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:37 -0800] conn=8852 op=29487 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:37 -0800] conn=8852 op=29487 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:40 -0800] conn=29472 op=95 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(ipServicePort=44052)(ipServiceProtocol=tcp)(objectClass=ipService))" attrs="objectClass cn ipServicePort ipServiceProtocol entryusn" > [18/Jan/2016:09:28:40 -0800] conn=29472 op=95 RESULT err=0 tag=101 nentries=0 etime=0 notes=U > [18/Jan/2016:09:28:40 -0800] conn=29472 op=96 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2)(!(entryusn=2)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=katello1-ops-int-nvan.mydomain.net)(sudoHost=katello1-ops-int-nvan)(sudoHost=10.178.0.110)(sudoHost=10.178.0.0/16)(sudoHost=fe80::250:56ff:feb7:6972)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" > [18/Jan/2016:09:28:40 -0800] conn=29472 op=96 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=1 > [18/Jan/2016:09:28:41 -0800] conn=24881 op=28 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=mailer-daemon)(objectClass=posixAccount))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf nsUniqueId modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock" > [18/Jan/2016:09:28:41 -0800] conn=24881 op=28 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:41 -0800] conn=29647 fd=218 slot=218 connection from 10.21.8.151 to 10.178.0.99 > [18/Jan/2016:09:28:41 -0800] conn=29647 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" > [18/Jan/2016:09:28:41 -0800] conn=29647 op=0 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:41 -0800] conn=4 op=60128 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/proxy1-pr-mcsnap2-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/proxy1-pr-mcsnap2-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:41 -0800] conn=4 op=60128 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:41 -0800] conn=4 op=60129 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:41 -0800] conn=4 op=60129 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:41 -0800] conn=4 op=60130 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:41 -0800] conn=4 op=60130 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:41 -0800] conn=4 op=60131 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:28:41 -0800] conn=4 op=60131 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:41 -0800] conn=5 op=87398 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/proxy1-pr-mcsnap2-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/proxy1-pr-mcsnap2-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:41 -0800] conn=5 op=87398 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:41 -0800] conn=5 op=87399 SRCH base="cn=ipaConfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaConfigString ipaKrbAuthzData ipaUserAuthType" > [18/Jan/2016:09:28:41 -0800] conn=5 op=87399 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:41 -0800] conn=5 op=87400 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:41 -0800] conn=5 op=87400 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:41 -0800] conn=5 op=87401 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:41 -0800] conn=5 op=87401 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:41 -0800] conn=5 op=87402 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:28:41 -0800] conn=5 op=87402 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:41 -0800] conn=5 op=87403 SRCH base="fqdn=proxy1-pr-mcsnap2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:28:41 -0800] conn=5 op=87403 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:41 -0800] conn=5 op=87404 SRCH base="cn=proxy1-pr-mcsnap2-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:41 -0800] conn=5 op=87404 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:41 -0800] conn=5 op=87405 MOD dn="fqdn=proxy1-pr-mcsnap2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:41 -0800] conn=5 op=87405 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2231000500100000 > [18/Jan/2016:09:28:41 -0800] conn=5 op=87406 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:41 -0800] conn=5 op=87406 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:41 -0800] conn=5 op=87407 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc1-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:41 -0800] conn=5 op=87407 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:41 -0800] conn=5 op=87408 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:41 -0800] conn=5 op=87408 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:41 -0800] conn=5 op=87409 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/proxy1-pr-mcsnap2-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:41 -0800] conn=5 op=87409 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:41 -0800] conn=5 op=87410 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:41 -0800] conn=5 op=87410 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:41 -0800] conn=29647 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:41 -0800] conn=29647 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:41 -0800] conn=29647 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:41 -0800] conn=29647 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:41 -0800] conn=29647 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:41 -0800] conn=29647 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=proxy1-pr-mcsnap2-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:41 -0800] conn=29647 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2)(!(entryusn=2)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=proxy1-pr-mcsnap2-van.mydomain.net)(sudoHost=proxy1-pr-mcsnap2-van)(sudoHost=10.21.8.151)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:5770)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" > [18/Jan/2016:09:28:41 -0800] conn=29647 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 > [18/Jan/2016:09:28:41 -0800] conn=29377 op=146 UNBIND > [18/Jan/2016:09:28:41 -0800] conn=29377 op=146 fd=281 closed - U1 > [18/Jan/2016:09:28:43 -0800] conn=29648 fd=281 slot=281 connection from 10.21.12.10 to 10.178.0.99 > [18/Jan/2016:09:28:43 -0800] conn=29648 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS" > [18/Jan/2016:09:28:43 -0800] conn=29648 op=0 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:43 -0800] conn=29648 op=-1 fd=281 closed - Peer reports failure of signature verification or key exchange. > [18/Jan/2016:09:28:43 -0800] conn=8852 op=29488 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:43 -0800] conn=8852 op=29488 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:43 -0800] conn=8852 op=29489 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:43 -0800] conn=8852 op=29489 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:44 -0800] conn=8852 op=29490 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:44 -0800] conn=8852 op=29490 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:44 -0800] conn=8852 op=29491 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:44 -0800] conn=8852 op=29491 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:44 -0800] conn=28024 op=138940 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:44 -0800] conn=28024 op=138940 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:44 -0800] conn=28024 op=138941 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:44 -0800] conn=28024 op=138941 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:44 -0800] conn=28024 op=138942 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:44 -0800] conn=28024 op=138942 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:44 -0800] conn=28024 op=138943 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:44 -0800] conn=28024 op=138943 RESULT err=0 tag=120 nentries=0 etime=0 > ^C > > > -----Original Message----- > From: Rob Crittenden [mailto:rcritten at redhat.com] > Sent: January-18-16 9:59 AM > To: Nathan Peters; Petr Vobornik; freeipa-users at redhat.com > Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists > > Nathan Peters wrote: >> I assume you mean look at the DS log on the machine being installed?\ > > I think he meant on the master that generated the prepare file. There may be some left-over, unexpected entry. > > rob > -- Petr Vobornik From Nathan.Peters at globalrelay.net Mon Jan 18 19:39:35 2016 From: Nathan.Peters at globalrelay.net (Nathan Peters) Date: Mon, 18 Jan 2016 19:39:35 +0000 Subject: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists In-Reply-To: <569D2F2F.6080806@redhat.com> References: <569CB899.9040603@redhat.com> <569CCB5D.8040400@redhat.com> <569D27C4.10602@redhat.com> <569D2F2F.6080806@redhat.com> Message-ID: Answers to questions : 1) All 3 servers are working fine. Error logs show only the expected replication keepalive entries and no other entries for the last 24 hours. Replication works. 2) ipa server-find output is identical on all 3 servers : [root at dc1-ipa-dev-nvan slapd-DEV-GLOBALRELAY-NET]# ipa server-find --------------------- 3 IPA servers matched --------------------- Server name: dc1-ipa-dev-nvan.dev-globalrelay.net Managed suffixes: domain, ca Min domain level: 0 Max domain level: 1 Server name: dc1-ipa-dev-van.dev-globalrelay.net Managed suffixes: domain, ca Min domain level: 0 Max domain level: 1 Server name: dc2-ipa-dev-nvan.dev-globalrelay.net Managed suffixes: domain, ca Min domain level: 0 Max domain level: 1 ---------------------------- Number of entries returned 3 ---------------------------- 3)ipa-replica-manage list is the same on all 3 servers : [root at dc1-ipa-dev-van slapd-DEV-GLOBALRELAY-NET]# ipa-replica-manage list dc2-ipa-dev-nvan.dev-globalrelay.net: master dc1-ipa-dev-nvan.dev-globalrelay.net: master dc1-ipa-dev-van.dev-globalrelay.net: master 3.5)I actually tried running the remove command anyway in case there were any type of lingering records and it came back with nothing found : [root at dc2-ipa-dev-nvan slapd-DEV-GLOBALRELAY-NET]# ipa-replica-manage del dc2-ipa-dev-van.dev-globalrelay.net dc2-ipa-dev-van.dev-globalrelay.net is not listed among IPA masters. Please specify an actual server or add the --cleanup option to force clean up. [root at dc2-ipa-dev-nvan slapd-DEV-GLOBALRELAY-NET]# ipa-replica-manage del dc2-ipa-dev-van.dev-globalrelay.net --cleanup Checking connectivity in topology suffix 'ca' 'dc2-ipa-dev-van.dev-globalrelay.net' is not a part of topology suffix 'ca' Not checking connectivity Checking connectivity in topology suffix 'domain' 'dc2-ipa-dev-van.dev-globalrelay.net' is not a part of topology suffix 'domain' Not checking connectivity No RUV records found. 4) The command revealed it went to a different master than I thought. It was not the CA master, but a differnet one. [root at dc2-ipa-dev-van slapd-DEV-GLOBALRELAY-NET]# cat /var/log/ipareplica-install.log | grep "Forwarding 'service_add'" 2016-01-18T17:28:22Z INFO Forwarding 'service_add' to json server 'https://dc2-ipa-dev-nvan.dev-globalrelay.net/ipa/json' For some reason, when I was monitoring the logs, nothing had been logged on the dc2-ipa-dev-nvan in the dirsrv log but it must have been buffering to disk, because when I checked the logs 5 minutes later, all the data was there. You can actually see the err=68 here : [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 ADD dn="cn=replica,cn=dc\3Ddev-globalrelay\2Cdc\3Dnet,cn=mapping tree,cn=config" [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 RESULT err=68 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:33 -0800] conn=18732 op=11 UNBIND I'm not sure why it would fail that call though... Here are the ldapsearch for that cn=replica branch performed on the master it was joining to, as well as the complete logs from that master with the err=68 in it. I'm not sure if this has anything to do with it, but inside the replica branch are already 2 sub branches for replication agreements. These agreements have what appears to be old ruvs for the server I am trying to join, however, because the ipa-replica-install clean-ruv command only applies to domain level 0, I cannot clean those ruvs... I also cannot lower my domain level back down to 0 so I can clean them. [root at dc2-ipa-dev-nvan slapd-DEV-GLOBALRELAY-NET]# ipa-replica-manage clean-ruv 14 No RUV records found. ==== LDAP SEARCH OF SECTION OF TREE THAT ADD FAILS ON ===== [root at dc2-ipa-dev-nvan slapd-MYDOMAIN-NET]# ldapsearch -D "cn=directory manager" -W -b "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" Enter LDAP Password: # extended LDIF # # LDAPv3 # base with scope subtree # filter: (objectclass=*) # requesting: ALL # # replica, dc\3Dmydomain\2Cdc\3Dnet, mapping tree, config dn: cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config cn: replica nsDS5Flags: 1 nsDS5ReplicaBindDN: cn=replication manager,cn=config nsDS5ReplicaBindDN: krbprincipalname=ldap/dc1-ipa-dev-nvan.mydomain.net @MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net nsDS5ReplicaBindDN: krbprincipalname=ldap/dc1-ipa-dev-van.mydomain.net@ MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net nsDS5ReplicaId: 15 nsDS5ReplicaName: 74d8b993-bcb911e5-ba5283c7-2a40cd64 nsDS5ReplicaRoot: dc=mydomain,dc=net nsDS5ReplicaType: 3 nsState:: DwAAAAAAAAC/OZ1WAAAAAAAAAAAAAAAAbAEAAAAAAAAAAAAAAAAAAA== nsds5ReplicaLegacyConsumer: off nsds5replicabinddngroup: cn=replication managers,cn=sysaccounts,cn=etc,dc=mydomain,dc=net nsds5replicabinddngroupcheckinterval: 60 objectClass: nsds5replica objectClass: top objectClass: extensibleobject nsds5ReplicaChangeCount: 37386 nsds5replicareapactive: 0 # meTodc1-ipa-dev-nvan.mydomain.net, replica, dc\3Dmydomain\2Cdc\ 3Dnet, mapping tree, config dn: cn=meTodc1-ipa-dev-nvan.mydomain.net,cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config cn: meTodc1-ipa-dev-nvan.mydomain.net description: me to dc1-ipa-dev-nvan.mydomain.net nsDS5ReplicaBindMethod: SASL/GSSAPI nsDS5ReplicaHost: dc1-ipa-dev-nvan.mydomain.net nsDS5ReplicaPort: 389 nsDS5ReplicaRoot: dc=mydomain,dc=net nsDS5ReplicaTransportInfo: LDAP nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts uccessfulauth krblastfailedauth krbloginfailedcount nsds50ruv: {replicageneration} 553fe9bb000000040000 nsds50ruv: {replica 16 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 569afd 26000000100000 569b9201002200100000 nsds50ruv: {replica 17 ldap://dc1-ipa-dev-van.mydomain.net:389} 569b124 b000000110000 569b91af000d00110000 nsds50ruv: {replica 15 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 569aee 040000000f0000 569b92010002000f0000 nsds50ruv: {replica 14 ldap://dc2-ipa-dev-van.mydomain.net:389} 569ae7b b0000000e0000 569b91320014000e0000 nsds5ReplicaEnabled: on nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in ternalModifyTimestamp nsds5replicaTimeout: 120 nsruvReplicaLastModified: {replica 16 ldap://dc1-ipa-dev-nvan.mydomain. net:389} 00000000 nsruvReplicaLastModified: {replica 17 ldap://dc1-ipa-dev-van.mydomain.n et:389} 00000000 nsruvReplicaLastModified: {replica 15 ldap://dc2-ipa-dev-nvan.mydomain. net:389} 00000000 nsruvReplicaLastModified: {replica 14 ldap://dc2-ipa-dev-van.mydomain.n et:389} 00000000 objectClass: nsds5replicationagreement objectClass: top objectClass: ipaReplTopoManagedAgreement ipaReplTopoManagedAgreementState: managed agreement - controlled by topology p lugin nsds5replicareapactive: 0 nsds5replicaLastUpdateStart: 20160118191523Z nsds5replicaLastUpdateEnd: 20160118191523Z nsds5replicaChangesSentSinceStartup:: MTU6Mjc0LzgyNzY5NiAxNDoxLzAgMTc6MTQvMCAx NjoyLzAg nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd ate succeeded nsds5replicaUpdateInProgress: FALSE nsds5replicaLastInitStart: 19700101000000Z nsds5replicaLastInitEnd: 19700101000000Z # meTodc1-ipa-dev-van.mydomain.net, replica, dc\3Dmydomain\2Cdc\3 Dnet, mapping tree, config dn: cn=meTodc1-ipa-dev-van.mydomain.net,cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config cn: meTodc1-ipa-dev-van.mydomain.net description: me to dc1-ipa-dev-van.mydomain.net nsDS5ReplicaBindMethod: SASL/GSSAPI nsDS5ReplicaHost: dc1-ipa-dev-van.mydomain.net nsDS5ReplicaPort: 389 nsDS5ReplicaRoot: dc=mydomain,dc=net nsDS5ReplicaTransportInfo: LDAP nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts uccessfulauth krblastfailedauth krbloginfailedcount nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in ternalModifyTimestamp nsds5replicaTimeout: 120 objectClass: nsds5replicationagreement objectClass: top objectClass: ipaReplTopoManagedAgreement ipaReplTopoManagedAgreementState: managed agreement - controlled by topology p lugin nsds50ruv: {replicageneration} 553fe9bb000000040000 nsds50ruv: {replica 17 ldap://dc1-ipa-dev-van.mydomain.net:389} 569b124 b000000110000 569b9201000500110000 nsds50ruv: {replica 16 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 569afd 26000000100000 569b918d004a00100000 nsds50ruv: {replica 15 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 569aee 040000000f0000 569b92010002000f0000 nsds50ruv: {replica 14 ldap://dc2-ipa-dev-van.mydomain.net:389} 569ae7b b0000000e0000 569b91320014000e0000 nsruvReplicaLastModified: {replica 17 ldap://dc1-ipa-dev-van.mydomain.n et:389} 00000000 nsruvReplicaLastModified: {replica 16 ldap://dc1-ipa-dev-nvan.mydomain. net:389} 00000000 nsruvReplicaLastModified: {replica 15 ldap://dc2-ipa-dev-nvan.mydomain. net:389} 00000000 nsruvReplicaLastModified: {replica 14 ldap://dc2-ipa-dev-van.mydomain.n et:389} 00000000 nsds5replicareapactive: 0 nsds5replicaLastUpdateStart: 20160118191523Z nsds5replicaLastUpdateEnd: 20160118191523Z nsds5replicaChangesSentSinceStartup:: MTU6MzY2LzE0MTg1NjkgMTY6OTYvMCAxNzoyLzAg nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd ate succeeded nsds5replicaUpdateInProgress: FALSE nsds5replicaLastInitStart: 19700101000000Z nsds5replicaLastInitEnd: 19700101000000Z # search result search: 2 result: 0 Success # numResponses: 4 # numEntries: 3 ===== LOGS FROM MASTER DURING REPLICA INSTALLATION ATTEMPT ==== [18/Jan/2016:09:27:54 -0800] conn=18695 fd=144 slot=144 connection from 10.21.0.98 to 10.178.0.98 [18/Jan/2016:09:27:54 -0800] conn=18695 op=0 BIND dn="" method=128 version=3 [18/Jan/2016:09:27:54 -0800] conn=18695 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="" [18/Jan/2016:09:27:54 -0800] conn=18695 op=1 SRCH base="" scope=0 filter="(objectClass=*)" attrs="namingContexts defaultnamingcontext" [18/Jan/2016:09:27:54 -0800] conn=18695 op=1 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=18695 op=2 SRCH base="dc=mydomain,dc=net" scope=0 filter="(info=IPA*)" attrs=ALL [18/Jan/2016:09:27:54 -0800] conn=18695 op=2 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=18695 op=3 SRCH base="cn=kerberos,dc=mydomain,dc=net" scope=2 filter="(objectClass=krbRealmContainer)" attrs=ALL [18/Jan/2016:09:27:54 -0800] conn=18695 op=3 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=14994 op=9086 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:27:54 -0800] conn=14994 op=9086 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:54 -0800] conn=14994 op=9087 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:27:54 -0800] conn=14994 op=9087 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:54 -0800] conn=14994 op=9088 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:27:54 -0800] conn=14994 op=9088 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:54 -0800] conn=14994 op=9089 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:27:54 -0800] conn=14994 op=9089 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:54 -0800] conn=7 op=36490 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:54 -0800] conn=7 op=36490 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=7 op=36491 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:54 -0800] conn=7 op=36491 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=7 op=36492 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:54 -0800] conn=7 op=36492 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=7 op=36493 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:27:54 -0800] conn=7 op=36493 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=6 op=38858 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:54 -0800] conn=6 op=38858 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=6 op=38859 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:54 -0800] conn=6 op=38859 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=6 op=38860 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:54 -0800] conn=6 op=38860 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=6 op=38861 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:27:54 -0800] conn=6 op=38861 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=6 op=38862 SRCH base="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:27:54 -0800] conn=6 op=38862 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=6 op=38863 MOD dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:54 -0800] conn=6 op=38863 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22060000000f0000 [18/Jan/2016:09:27:54 -0800] conn=18696 fd=145 slot=145 connection from 10.21.0.98 to 10.178.0.98 [18/Jan/2016:09:27:54 -0800] conn=6 op=38864 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:54 -0800] conn=6 op=38864 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=6 op=38865 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:54 -0800] conn=6 op=38865 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=6 op=38866 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:54 -0800] conn=6 op=38866 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=6 op=38867 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:54 -0800] conn=6 op=38867 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=6 op=38868 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:54 -0800] conn=6 op=38868 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=18696 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:54 -0800] conn=18696 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:54 -0800] conn=18696 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:54 -0800] conn=18696 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:54 -0800] conn=18696 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:54 -0800] conn=18696 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:54 -0800] conn=18696 op=3 SRCH base="cn=certificates,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaCertificate)(objectClass=pkiCA))" attrs="ipaKeyExtUsage cn ipaCertSubject ipaPublicKey cacertificate;binary ipaKeyTrust ipaCertIssuerSerial" [18/Jan/2016:09:27:54 -0800] conn=18696 op=3 RESULT err=0 tag=101 nentries=2 etime=0 [18/Jan/2016:09:27:54 -0800] conn=18696 op=4 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" [18/Jan/2016:09:27:54 -0800] conn=18696 op=4 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=18696 op=5 UNBIND [18/Jan/2016:09:27:54 -0800] conn=18696 op=5 fd=145 closed - U1 [18/Jan/2016:09:27:54 -0800] conn=6 op=38869 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:54 -0800] conn=6 op=38869 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=6 op=38870 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:54 -0800] conn=6 op=38870 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=6 op=38871 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:54 -0800] conn=6 op=38871 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=6 op=38872 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:54 -0800] conn=6 op=38872 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=6 op=38873 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:54 -0800] conn=6 op=38873 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=3 op=82445 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:54 -0800] conn=3 op=82446 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:54 -0800] conn=3 op=82445 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=3 op=82447 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:55 -0800] conn=3 op=82446 RESULT err=0 tag=101 nentries=1 etime=1 [18/Jan/2016:09:27:55 -0800] conn=3 op=82447 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=3 op=82448 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:55 -0800] conn=3 op=82448 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=13 op=56316 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:55 -0800] conn=13 op=56316 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=13 op=56317 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:55 -0800] conn=13 op=56317 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=13 op=56318 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:55 -0800] conn=13 op=56318 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=13 op=56319 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:27:55 -0800] conn=13 op=56319 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=7 op=36494 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:55 -0800] conn=7 op=36494 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=18697 fd=145 slot=145 connection from 10.21.5.248 to 10.178.0.98 [18/Jan/2016:09:27:55 -0800] conn=18697 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [18/Jan/2016:09:27:55 -0800] conn=18697 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=7 op=36495 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:55 -0800] conn=7 op=36495 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=7 op=36496 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:55 -0800] conn=7 op=36496 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=7 op=36497 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:27:55 -0800] conn=7 op=36497 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=7 op=36498 SRCH base="cn=ad,cn=trusts,dc=mydomain,dc=net" scope=2 filter="(objectClass=ipaNTTrustedDomain)" attrs=ALL [18/Jan/2016:09:27:55 -0800] conn=7 op=36499 SRCH base="dc=mydomain,dc=net" scope=2 filter="(objectClass=ipaNTDomainAttrs)" attrs="ipaNTFlatName ipaNTFallbackPrimaryGroup ipaNTSecurityIdentifier" [18/Jan/2016:09:27:55 -0800] conn=7 op=36498 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:55 -0800] conn=7 op=36499 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=7 op=36500 SRCH base="cn=Default SMB Group,cn=groups,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=posixGroup)" attrs="ipaNTSecurityIdentifier" [18/Jan/2016:09:27:55 -0800] conn=7 op=36501 SRCH base="cn=ad,cn=trusts,dc=mydomain,dc=net" scope=2 filter="(objectClass=ipaNTTrustedDomain)" attrs="cn ipaNTTrustPartner ipaNTFlatName ipaNTTrustedDomainSID ipaNTSIDBlacklistIncoming ipaNTSIDBlacklistOutgoing" [18/Jan/2016:09:27:55 -0800] conn=7 op=36500 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=7 op=36501 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:55 -0800] conn=7 op=36502 SRCH base="krbprincipalname=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:27:55 -0800] conn=7 op=36502 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=7 op=36503 SRCH base="cn=dc2-ipa-dev-nvan.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:27:55 -0800] conn=7 op=36503 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=7 op=36504 MOD dn="krbprincipalname=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:55 -0800] conn=7 op=36504 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22070000000f0000 [18/Jan/2016:09:27:55 -0800] conn=3 op=82449 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/fe1-gas-gasqa3-van.login.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/fe1-gas-gasqa3-van.login.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:55 -0800] conn=18698 fd=278 slot=278 connection from 10.178.0.98 to 10.178.0.98 [18/Jan/2016:09:27:55 -0800] conn=13 op=56320 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:55 -0800] conn=3 op=82449 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=3 op=82450 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:55 -0800] conn=3 op=82450 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=3 op=82451 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:55 -0800] conn=13 op=56320 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=13 op=56321 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:55 -0800] conn=3 op=82451 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=3 op=82452 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:27:55 -0800] conn=3 op=82452 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=13 op=56321 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=13 op=56322 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:55 -0800] conn=13 op=56322 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=13 op=56323 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:55 -0800] conn=6 op=38874 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/fe1-gas-gasqa3-van.login.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/fe1-gas-gasqa3-van.login.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:55 -0800] conn=13 op=56323 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=13 op=56324 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:55 -0800] conn=13 op=56324 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=18698 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:55 -0800] conn=6 op=38874 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=6 op=38875 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:55 -0800] conn=6 op=38875 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=6 op=38876 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:55 -0800] conn=18698 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:55 -0800] conn=18698 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:55 -0800] conn=18698 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:55 -0800] conn=18698 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:55 -0800] conn=6 op=38876 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=6 op=38877 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:27:55 -0800] conn=6 op=38877 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=18698 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:55 -0800] conn=6 op=38878 SRCH base="fqdn=fe1-gas-gasqa3-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:27:55 -0800] conn=6 op=38878 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=18698 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:27:55 -0800] conn=6 op=38879 SRCH base="cn=fe1-gas-gasqa3-van.login.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:27:55 -0800] conn=6 op=38879 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:55 -0800] conn=6 op=38880 MOD dn="fqdn=fe1-gas-gasqa3-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:55 -0800] conn=18698 op=3 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=18698 op=4 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" [18/Jan/2016:09:27:55 -0800] conn=18698 op=4 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:55 -0800] conn=18698 op=5 SRCH base="cn=computers,cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=ipaobject)(objectClass=nshost)(objectClass=ipahost)(objectClass=pkiuser)(objectClass=ipaservice))(serverHostName=dc2-ipa-dev-van.mydomain.net))" attrs="" [18/Jan/2016:09:27:55 -0800] conn=18698 op=5 RESULT err=0 tag=101 nentries=0 etime=0 notes=U [18/Jan/2016:09:27:55 -0800] conn=18698 op=6 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="macAddress memberofindirect description nsHardwarePlatform userCertificate ipaAllowedToPerform * l nsOsVersion fqdn managedBy ipaAssignedIDView memberOf krbPrincipalName nsHostLocation userClass aci" [18/Jan/2016:09:27:55 -0800] conn=18698 op=6 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:55 -0800] conn=18698 op=7 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" [18/Jan/2016:09:27:55 -0800] conn=18698 op=7 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:55 -0800] conn=18698 op=8 SRCH base="cn=computers,cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=ipaobject)(objectClass=nshost)(objectClass=ipahost)(objectClass=pkiuser)(objectClass=ipaservice))(serverHostName=dc2-ipa-dev-van.mydomain.net))" attrs="" [18/Jan/2016:09:27:55 -0800] conn=18698 op=8 RESULT err=0 tag=101 nentries=0 etime=0 notes=U [18/Jan/2016:09:27:55 -0800] conn=18698 op=9 ADD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:55 -0800] conn=6 op=38880 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22070004000f0000 [18/Jan/2016:09:27:55 -0800] conn=6 op=38881 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:55 -0800] conn=18698 op=9 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d22070008000f0000 [18/Jan/2016:09:27:55 -0800] conn=6 op=38881 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=6 op=38882 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:55 -0800] conn=18698 op=10 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="macAddress memberOf description nsHardwarePlatform objectClass ipaAllowedToPerform memberofindirect l nsOsVersion fqdn managedBy ipaAssignedIDView ipaUniqueID userCertificate krbPrincipalName nsHostLocation userClass" [18/Jan/2016:09:27:55 -0800] conn=18698 op=10 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=18698 op=11 SRCH base="dc=mydomain,dc=net" scope=2 filter="(|(member=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberUser=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberHost=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net))" attrs="" [18/Jan/2016:09:27:55 -0800] conn=18698 op=11 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:55 -0800] conn=18698 op=12 SRCH base="cn=dns,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:27:55 -0800] conn=18698 op=12 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=6 op=38882 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=6 op=38883 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:55 -0800] conn=6 op=38883 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=18698 op=13 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(userPassword=*)" attrs="userPassword" [18/Jan/2016:09:27:55 -0800] conn=18698 op=13 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:55 -0800] conn=6 op=38884 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/fe1-gas-gasqa3-van.login.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:55 -0800] conn=6 op=38884 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=18698 op=14 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(krbPrincipalKey=*)" attrs="krbPrincipalKey" [18/Jan/2016:09:27:55 -0800] conn=18698 op=14 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:55 -0800] conn=6 op=38885 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:55 -0800] conn=6 op=38885 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=18698 op=15 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaSshPubKey" [18/Jan/2016:09:27:55 -0800] conn=18698 op=15 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=18698 op=16 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaDefaultLoginShell ipaCertificateSubjectBase ipaUserSearchFields ipaSELinuxUserMapDefault ipaUserAuthType ipaDefaultPrimaryGroup ipaPwdExpAdvNotify ipaGroupSearchFields ipaDefaultEmailDomain ipaHomesRootDir ipaSearchTimeLimit ipaKrbAuthzData ipaMigrationEnabled ipaSearchRecordsLimit ipaConfigString ipaMaxUsernameLength ipaSELinuxUserMapOrder" [18/Jan/2016:09:27:55 -0800] conn=18698 op=16 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=14994 op=9090 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:27:55 -0800] conn=14994 op=9090 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:55 -0800] conn=18697 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:55 -0800] conn=18697 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:55 -0800] conn=14994 op=9091 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:27:55 -0800] conn=14994 op=9091 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:55 -0800] conn=18698 op=17 UNBIND [18/Jan/2016:09:27:55 -0800] conn=18698 op=17 fd=278 closed - U1 [18/Jan/2016:09:27:55 -0800] conn=18697 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:55 -0800] conn=18697 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:55 -0800] conn=17562 op=144064 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:27:55 -0800] conn=17562 op=144064 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:55 -0800] conn=18697 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:55 -0800] conn=18697 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=fe1-gas-gasqa3-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:55 -0800] conn=17562 op=144065 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:55 -0800] conn=18697 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2842)(!(entryusn=2842)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=fe1-gas-gasqa3-van.login.mydomain.net)(sudoHost=fe1-gas-gasqa3-van)(sudoHost=10.21.5.248)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:640b)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" [18/Jan/2016:09:27:55 -0800] conn=18697 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 [18/Jan/2016:09:27:55 -0800] conn=17562 op=144065 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7ac1000b00110000 [18/Jan/2016:09:27:55 -0800] conn=18699 fd=278 slot=278 connection from 10.21.0.98 to 10.178.0.98 [18/Jan/2016:09:27:55 -0800] conn=18699 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:55 -0800] conn=18699 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:55 -0800] conn=18699 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:55 -0800] conn=18699 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:55 -0800] conn=18699 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:55 -0800] conn=18699 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:55 -0800] conn=18699 op=3 EXT oid="2.16.840.1.113730.3.8.10.5" name="IPA Password Manager" [18/Jan/2016:09:27:55 -0800] conn=18699 op=3 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:55 -0800] conn=18699 op=4 UNBIND [18/Jan/2016:09:27:55 -0800] conn=18699 op=4 fd=278 closed - U1 [18/Jan/2016:09:27:55 -0800] conn=3 op=82453 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:55 -0800] conn=3 op=82453 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=3 op=82454 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:55 -0800] conn=3 op=82454 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=3 op=82455 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:55 -0800] conn=3 op=82455 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=3 op=82456 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:27:55 -0800] conn=3 op=82456 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=3 op=82457 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:55 -0800] conn=3 op=82457 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=3 op=82458 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:55 -0800] conn=3 op=82458 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=3 op=82459 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:55 -0800] conn=3 op=82459 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=3 op=82460 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:27:55 -0800] conn=3 op=82460 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=3 op=82461 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:27:55 -0800] conn=3 op=82461 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=3 op=82462 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:27:55 -0800] conn=3 op=82462 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:55 -0800] conn=3 op=82463 MOD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:55 -0800] conn=3 op=82463 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22070012000f0000 [18/Jan/2016:09:27:55 -0800] conn=18695 op=4 UNBIND [18/Jan/2016:09:27:55 -0800] conn=18695 op=4 fd=144 closed - U1 [18/Jan/2016:09:27:56 -0800] conn=18683 op=7 UNBIND [18/Jan/2016:09:27:56 -0800] conn=18683 op=7 fd=277 closed - U1 [18/Jan/2016:09:27:56 -0800] conn=14994 op=9092 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:27:56 -0800] conn=14994 op=9092 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144066 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144066 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7c09001b00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144067 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144067 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7c09001c00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144068 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144068 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7da4000500110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144069 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144069 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7da4000600110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144070 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144070 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7ec8000e00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144071 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144071 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c804f000600110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144072 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144072 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c804f000700110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144073 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144073 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8169001900110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144074 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144074 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8169001a00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144075 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144075 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c82c6000600110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144076 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144076 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8416000800110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144077 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144077 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8416000900110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144078 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144078 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c854a000700110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144079 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144079 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c854a000800110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144080 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144080 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8696002500110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144081 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144081 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8696002600110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144082 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144082 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8833000d00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144083 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144083 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8833000e00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144084 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144084 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8964000f00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144085 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144085 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8ae4000600110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144086 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144086 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8c17000900110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144087 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144087 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8d72000500110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144088 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144088 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8ece000a00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144089 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144089 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9023001800110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144090 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144090 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9023001900110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144091 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144091 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9192001400110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144092 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144092 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9192001500110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144093 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144093 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c92e8000400110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144094 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144094 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9463000500110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144095 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144095 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c95c0000500110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144096 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144096 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c95c0000600110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144097 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144097 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c96de001100110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144098 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144098 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c989b000a00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144099 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144099 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c989b000b00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144100 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144100 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c99d4000c00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144101 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144101 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c99d4000d00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144102 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144102 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9b07000a00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144103 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144103 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9ca8000800110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144104 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144104 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9ca8000900110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144105 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144105 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9dca001500110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144106 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144106 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9f15001e00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144107 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144107 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9f15001f00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144108 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144108 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca0bf000a00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144109 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144109 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca0bf000b00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144110 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144110 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca21a000d00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144111 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144111 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca3a6001a00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144112 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144112 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca3a6001b00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144113 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144113 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca4f9000200110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144114 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144114 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca638001a00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144115 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144115 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca638001b00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144116 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144116 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca7b4000c00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144117 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144117 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca7b4000d00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144118 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144118 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca922000d00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144119 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144119 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca922000e00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144120 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144120 RESULT err=32 tag=103 nentries=0 etime=0 csn=569caa84000a00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144121 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144121 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cabf6000d00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144122 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144122 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cabf6000e00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144123 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144123 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cad23000800110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144124 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144124 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cae86001100110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144125 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144125 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cae86001200110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144126 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144126 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb02b000e00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144127 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144127 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb02b000f00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144128 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144128 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb19e000600110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144129 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144129 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb302000800110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144130 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144130 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb463000400110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144131 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144131 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb5b6002300110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144132 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144132 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb733000d00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144133 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144133 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb733000e00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144134 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144134 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb8a4000600110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144135 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144135 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cba11000900110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144136 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144136 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cba11000a00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144137 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144137 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbb52001a00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144138 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144138 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbcc4001c00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144139 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144139 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbcc4001d00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144140 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144140 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbe3a000f00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144141 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144141 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbfa9000500110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144142 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144142 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc10e001000110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144143 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144143 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc10e001100110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144144 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144144 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc240001e00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144145 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144145 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc3a0001000110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144146 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144146 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc3a0001100110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144147 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144147 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc543000d00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144148 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144148 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc6a5000f00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144149 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144149 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc6a5001000110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144150 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144150 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc80d001000110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144151 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144151 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc943000800110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144152 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144152 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cca94000e00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144153 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144153 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccc35001000110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144154 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144154 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccc35001100110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144155 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144155 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccd8a000600110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144156 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144156 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccec0000c00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144157 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144157 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccec0000d00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144158 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144158 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd040000700110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144159 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144159 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd040000800110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144160 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144160 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd185001200110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144161 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144161 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd33d000700110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144162 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144162 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd493000400110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144163 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144163 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd5ed000d00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144164 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144164 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd749000900110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144165 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144165 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd893000500110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144166 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144166 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cda30001600110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144167 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144167 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cda30001700110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144168 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144168 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdb92000a00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144169 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144169 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdcdc000500110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144170 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144170 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cde51000a00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144171 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144171 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdfab000f00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144172 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144172 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce157000700110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144173 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144173 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce2f5001000110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144174 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144174 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce2f5001100110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144175 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144175 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce42d000900110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144176 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144176 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce585000f00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144177 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144177 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce6cf003500110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144178 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144178 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce6cf003600110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144179 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144179 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce860000900110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144180 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144180 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce9ce000900110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144181 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144181 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ceaf9002400110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144182 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144182 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cec51002100110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144183 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144183 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cedb6000900110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144184 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144184 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cedb6000a00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144185 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144185 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cef2a000500110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144186 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144186 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf0af000800110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144187 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144187 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf1cc000c00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144188 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144188 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf1cc000d00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144189 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144189 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf359002000110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144190 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144190 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf4b4000700110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144191 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144191 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf4b4000800110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144192 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144192 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf625000a00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144193 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144193 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf625000b00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144194 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144194 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf7ba000500110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144195 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144195 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf8d4000a00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144196 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144196 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfa64001d00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144197 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144197 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfbb2000800110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144198 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144198 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfd39000700110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144199 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144199 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfed1000a00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144200 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144200 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cffea001000110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144201 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144201 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d018b000600110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144202 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144202 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d02cf001c00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144203 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144203 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d02cf001d00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144204 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144204 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0489001300110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144205 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144205 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d061e000a00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144206 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144206 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0792000200110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144207 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144207 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d092f001500110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144208 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144208 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d092f001600110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144209 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144209 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0a69000800110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144210 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144210 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0c05001200110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144211 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144211 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0d5b001600110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144212 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144212 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0f13000f00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144213 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144213 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0f13001000110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144214 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144214 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1087000b00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144215 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144215 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d121d000500110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144216 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144216 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d13a4001200110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144217 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144217 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d14d5000500110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144218 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144218 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1693000300110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144219 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144219 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d17c4000c00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144220 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144220 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d17c4000d00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144221 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144221 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d194d000900110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144222 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144222 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1add000400110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144223 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144223 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1bef000500110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144224 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144224 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1d9b000500110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144225 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144225 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1edb000900110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144226 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144226 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d206f000600110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144227 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144227 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d21f1000a00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144228 MOD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144228 RESULT err=0 tag=103 nentries=0 etime=0 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144229 MOD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144229 RESULT err=0 tag=103 nentries=0 etime=0 [18/Jan/2016:09:27:57 -0800] conn=18700 fd=144 slot=144 connection from 10.178.0.98 to 10.178.0.98 [18/Jan/2016:09:27:57 -0800] conn=3 op=82464 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:57 -0800] conn=3 op=82464 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82465 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:57 -0800] conn=3 op=82465 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82466 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:57 -0800] conn=3 op=82466 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82467 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:57 -0800] conn=3 op=82467 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82468 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:57 -0800] conn=3 op=82468 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82469 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" [18/Jan/2016:09:27:57 -0800] conn=3 op=82469 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82470 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:57 -0800] conn=3 op=82470 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82471 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:57 -0800] conn=3 op=82471 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82472 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:27:57 -0800] conn=3 op=82472 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82473 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:27:57 -0800] conn=3 op=82473 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:57 -0800] conn=18700 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:57 -0800] conn=18700 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:57 -0800] conn=18700 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:57 -0800] conn=18700 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:57 -0800] conn=18700 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:57 -0800] conn=18700 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=18700 op=3 UNBIND [18/Jan/2016:09:27:57 -0800] conn=18700 op=3 fd=144 closed - U1 [18/Jan/2016:09:27:57 -0800] conn=18701 fd=144 slot=144 connection from 10.178.0.98 to 10.178.0.98 [18/Jan/2016:09:27:57 -0800] conn=3 op=82474 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:57 -0800] conn=3 op=82474 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82475 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:57 -0800] conn=3 op=82475 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82476 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:57 -0800] conn=3 op=82476 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82477 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:57 -0800] conn=3 op=82477 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82478 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:57 -0800] conn=3 op=82478 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82479 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" [18/Jan/2016:09:27:57 -0800] conn=3 op=82479 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82480 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:57 -0800] conn=3 op=82480 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82481 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:57 -0800] conn=3 op=82481 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82482 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:27:57 -0800] conn=3 op=82482 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82483 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:27:57 -0800] conn=3 op=82483 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:57 -0800] conn=18701 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:57 -0800] conn=18701 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:57 -0800] conn=18701 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:57 -0800] conn=18701 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:57 -0800] conn=18701 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:57 -0800] conn=18701 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=18701 op=3 UNBIND [18/Jan/2016:09:27:57 -0800] conn=18701 op=3 fd=144 closed - U1 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144230 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144230 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144231 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144231 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:57 -0800] conn=18702 fd=144 slot=144 connection from 10.178.0.98 to 10.178.0.98 [18/Jan/2016:09:27:57 -0800] conn=3 op=82484 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144232 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144232 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7ac1000b00110000 [18/Jan/2016:09:27:57 -0800] conn=3 op=82484 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82485 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:57 -0800] conn=3 op=82485 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82486 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:57 -0800] conn=3 op=82486 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82487 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:57 -0800] conn=3 op=82487 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82488 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:57 -0800] conn=3 op=82488 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82489 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" [18/Jan/2016:09:27:57 -0800] conn=3 op=82489 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82490 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:57 -0800] conn=3 op=82490 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82491 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:57 -0800] conn=3 op=82491 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82492 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:27:57 -0800] conn=3 op=82492 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82493 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:27:57 -0800] conn=3 op=82493 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:57 -0800] conn=18702 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:57 -0800] conn=18702 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:57 -0800] conn=18702 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:57 -0800] conn=18702 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:57 -0800] conn=18702 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:57 -0800] conn=18702 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=18702 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:27:57 -0800] conn=18702 op=3 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=18702 op=4 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=CA))" attrs=ALL [18/Jan/2016:09:27:57 -0800] conn=18702 op=4 RESULT err=0 tag=101 nentries=3 etime=0 [18/Jan/2016:09:27:57 -0800] conn=18702 op=5 UNBIND [18/Jan/2016:09:27:57 -0800] conn=18702 op=5 fd=144 closed - U1 [18/Jan/2016:09:27:57 -0800] conn=18703 fd=144 slot=144 connection from 10.21.0.98 to 10.178.0.98 [18/Jan/2016:09:27:57 -0800] conn=18703 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:57 -0800] conn=18703 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:57 -0800] conn=18703 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:57 -0800] conn=18703 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:57 -0800] conn=18703 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:57 -0800] conn=18703 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=18703 op=3 SRCH base="cn=certificates,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaCertificate)(objectClass=pkiCA))" attrs="ipaKeyExtUsage cn ipaCertSubject ipaPublicKey cacertificate;binary ipaKeyTrust ipaCertIssuerSerial" [18/Jan/2016:09:27:57 -0800] conn=18703 op=3 RESULT err=0 tag=101 nentries=2 etime=0 [18/Jan/2016:09:27:57 -0800] conn=18703 op=4 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" [18/Jan/2016:09:27:57 -0800] conn=18703 op=4 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=18513 op=5 UNBIND [18/Jan/2016:09:27:57 -0800] conn=18513 op=5 fd=153 closed - U1 [18/Jan/2016:09:27:57 -0800] conn=18704 fd=153 slot=153 connection from 10.178.59.236 to 10.178.0.98 [18/Jan/2016:09:27:57 -0800] conn=18704 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [18/Jan/2016:09:27:57 -0800] conn=18704 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=6 op=38886 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/hadoop1-mc-mcci1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/hadoop1-mc-mcci1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:57 -0800] conn=6 op=38886 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=6 op=38887 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:57 -0800] conn=6 op=38887 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=6 op=38888 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:57 -0800] conn=6 op=38888 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=6 op=38889 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:27:57 -0800] conn=6 op=38889 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=6 op=38890 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/hadoop1-mc-mcci1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/hadoop1-mc-mcci1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:57 -0800] conn=18703 op=5 UNBIND [18/Jan/2016:09:27:57 -0800] conn=18703 op=5 fd=144 closed - U1 [18/Jan/2016:09:27:57 -0800] conn=6 op=38890 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=6 op=38891 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:57 -0800] conn=6 op=38891 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=6 op=38892 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:57 -0800] conn=6 op=38892 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=6 op=38893 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:27:57 -0800] conn=6 op=38893 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=6 op=38894 SRCH base="fqdn=hadoop1-mc-mcci1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:27:57 -0800] conn=6 op=38894 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=6 op=38895 SRCH base="cn=hadoop1-mc-mcci1-nvan.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:27:57 -0800] conn=6 op=38895 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:57 -0800] conn=6 op=38896 MOD dn="fqdn=hadoop1-mc-mcci1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=6 op=38896 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2209000e000f0000 [18/Jan/2016:09:27:57 -0800] conn=6 op=38897 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:58 -0800] conn=6 op=38897 RESULT err=0 tag=101 nentries=1 etime=1 [18/Jan/2016:09:27:58 -0800] conn=6 op=38898 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:58 -0800] conn=6 op=38898 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:58 -0800] conn=6 op=38899 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:58 -0800] conn=6 op=38899 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:58 -0800] conn=6 op=38900 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/hadoop1-mc-mcci1-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:58 -0800] conn=6 op=38901 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:58 -0800] conn=6 op=38901 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:58 -0800] conn=6 op=38900 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:58 -0800] conn=18704 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:58 -0800] conn=18704 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:58 -0800] conn=18704 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:58 -0800] conn=18704 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:58 -0800] conn=18704 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:58 -0800] conn=18704 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=hadoop1-mc-mcci1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:58 -0800] conn=18704 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2)(!(entryusn=2)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=hadoop1-mc-mcci1-nvan.mydomain.net)(sudoHost=hadoop1-mc-mcci1-nvan)(sudoHost=10.178.59.236)(sudoHost=10.178.0.0/16)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" [18/Jan/2016:09:27:58 -0800] conn=18704 op=4 RESULT err=0 tag=101 nentries=7 etime=0 notes=P pr_idx=0 [18/Jan/2016:09:27:59 -0800] conn=18705 fd=144 slot=144 connection from 10.21.42.41 to 10.178.0.98 [18/Jan/2016:09:27:59 -0800] conn=18705 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [18/Jan/2016:09:27:59 -0800] conn=18705 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=6 op=38902 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/relay-sf-int-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/relay-sf-int-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:59 -0800] conn=6 op=38902 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=6 op=38903 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:59 -0800] conn=6 op=38903 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=6 op=38904 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:59 -0800] conn=6 op=38904 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=6 op=38905 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:27:59 -0800] conn=6 op=38905 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=18706 fd=277 slot=277 connection from 10.21.0.98 to 10.178.0.98 [18/Jan/2016:09:27:59 -0800] conn=18706 op=-1 fd=277 closed - B1 [18/Jan/2016:09:27:59 -0800] conn=6 op=38906 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/relay-sf-int-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/relay-sf-int-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:59 -0800] conn=6 op=38906 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=6 op=38907 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:59 -0800] conn=6 op=38907 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=6 op=38908 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:59 -0800] conn=6 op=38908 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=6 op=38909 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144233 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=6 op=38909 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144233 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7c09001b00110000 [18/Jan/2016:09:27:59 -0800] conn=6 op=38910 SRCH base="fqdn=relay-sf-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:27:59 -0800] conn=6 op=38910 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=6 op=38911 SRCH base="cn=relay-sf-int-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:27:59 -0800] conn=17562 op=144234 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144234 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7c09001c00110000 [18/Jan/2016:09:27:59 -0800] conn=6 op=38911 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:59 -0800] conn=6 op=38912 MOD dn="fqdn=relay-sf-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144235 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=6 op=38912 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b0000000f0000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144235 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7da4000500110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144236 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144236 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7da4000600110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144237 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144237 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7ec8000e00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144238 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144238 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c804f000600110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144239 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144239 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c804f000700110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144240 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144240 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8169001900110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144241 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144241 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8169001a00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144242 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144242 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c82c6000600110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144243 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144243 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8416000800110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144244 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144244 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8416000900110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144245 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144245 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c854a000700110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144246 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144246 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c854a000800110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144247 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144247 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8696002500110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144248 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144248 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8696002600110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144249 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144249 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8833000d00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144250 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144250 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8833000e00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144251 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144251 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8964000f00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144252 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144252 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8ae4000600110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144253 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144253 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8c17000900110000 [18/Jan/2016:09:27:59 -0800] conn=6 op=38913 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144254 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144254 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8d72000500110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144255 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144255 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8ece000a00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144256 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144256 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9023001800110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144257 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144257 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9023001900110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144258 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144258 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9192001400110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144259 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144259 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9192001500110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144260 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144260 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c92e8000400110000 [18/Jan/2016:09:27:59 -0800] conn=6 op=38913 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=6 op=38914 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144261 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144261 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9463000500110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144262 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144262 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c95c0000500110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144263 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144263 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c95c0000600110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144264 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144264 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c96de001100110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144265 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144265 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c989b000a00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144266 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144266 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c989b000b00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144267 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144267 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c99d4000c00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144268 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144268 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c99d4000d00110000 [18/Jan/2016:09:27:59 -0800] conn=6 op=38914 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=6 op=38915 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:59 -0800] conn=6 op=38915 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=6 op=38916 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/relay-sf-int-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144269 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144269 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9b07000a00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144270 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144270 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9ca8000800110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144271 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144271 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9ca8000900110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144272 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144272 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9dca001500110000 [18/Jan/2016:09:27:59 -0800] conn=6 op=38916 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=6 op=38917 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:59 -0800] conn=6 op=38917 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144273 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144273 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9f15001e00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144274 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144274 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9f15001f00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144275 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144275 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca0bf000a00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144276 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144276 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca0bf000b00110000 [18/Jan/2016:09:27:59 -0800] conn=18705 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:59 -0800] conn=17562 op=144277 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144277 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca21a000d00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144278 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144278 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca3a6001a00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144279 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144279 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca3a6001b00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144280 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144280 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca4f9000200110000 [18/Jan/2016:09:27:59 -0800] conn=18705 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:59 -0800] conn=17562 op=144281 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144281 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca638001a00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144282 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144282 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca638001b00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144283 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144283 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca7b4000c00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144284 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144284 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca7b4000d00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144285 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144285 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca922000d00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144286 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=3 op=82494 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:59 -0800] conn=18705 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:59 -0800] conn=18705 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:59 -0800] conn=17562 op=144286 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca922000e00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144287 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144287 RESULT err=32 tag=103 nentries=0 etime=0 csn=569caa84000a00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144288 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144288 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cabf6000d00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144289 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144289 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cabf6000e00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144290 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144290 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cad23000800110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144291 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144291 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cae86001100110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144292 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144292 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cae86001200110000 [18/Jan/2016:09:27:59 -0800] conn=18705 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:59 -0800] conn=17562 op=144293 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=3 op=82494 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144293 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb02b000e00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144294 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=18705 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=relay-sf-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144294 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb02b000f00110000 [18/Jan/2016:09:27:59 -0800] conn=3 op=82495 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=DNS/dc1-ipa-dev-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=DNS/dc1-ipa-dev-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144295 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=18705 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2842)(!(entryusn=2842)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=relay-sf-int-van.mydomain.net)(sudoHost=relay-sf-int-van)(sudoHost=10.21.42.41)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fea8:8002)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" [18/Jan/2016:09:27:59 -0800] conn=18705 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 [18/Jan/2016:09:27:59 -0800] conn=3 op=82495 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=3 op=82496 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:59 -0800] conn=3 op=82496 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=3 op=82497 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:59 -0800] conn=3 op=82497 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=3 op=82498 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:59 -0800] conn=3 op=82498 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144295 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb19e000600110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144296 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144296 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb302000800110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144297 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144297 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb463000400110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144298 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144298 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb5b6002300110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144299 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144299 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb733000d00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144300 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144300 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb733000e00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144301 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144301 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb8a4000600110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144302 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144302 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cba11000900110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144303 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144303 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cba11000a00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144304 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144304 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbb52001a00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144305 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144305 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbcc4001c00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144306 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144306 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbcc4001d00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144307 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144307 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbe3a000f00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144308 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144308 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbfa9000500110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144309 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144309 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc10e001000110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144310 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144310 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc10e001100110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144311 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144311 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc240001e00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144312 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144312 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc3a0001000110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144313 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144313 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc3a0001100110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144314 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144314 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc543000d00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144315 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144315 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc6a5000f00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144316 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144316 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc6a5001000110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144317 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144317 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc80d001000110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144318 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144318 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc943000800110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144319 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144319 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cca94000e00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144320 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144320 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccc35001000110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144321 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144321 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccc35001100110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144322 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144322 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccd8a000600110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144323 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144323 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccec0000c00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144324 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144324 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccec0000d00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144325 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144325 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd040000700110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144326 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144326 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd040000800110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144327 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144327 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd185001200110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144328 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144328 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd33d000700110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144329 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144329 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd493000400110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144330 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144330 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd5ed000d00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144331 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144331 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd749000900110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144332 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144332 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd893000500110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144333 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144333 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cda30001600110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144334 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144334 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cda30001700110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144335 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144335 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdb92000a00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144336 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144336 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdcdc000500110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144337 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144337 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cde51000a00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144338 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144338 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdfab000f00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144339 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144339 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce157000700110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144340 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144340 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce2f5001000110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144341 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144341 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce2f5001100110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144342 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144342 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce42d000900110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144343 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144343 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce585000f00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144344 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144344 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce6cf003500110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144345 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144345 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce6cf003600110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144346 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144346 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce860000900110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144347 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144347 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce9ce000900110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144348 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144348 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ceaf9002400110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144349 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144349 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cec51002100110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144350 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144350 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cedb6000900110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144351 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144351 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cedb6000a00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144352 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144352 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cef2a000500110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144353 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144353 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf0af000800110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144354 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144354 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf1cc000c00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144355 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144355 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf1cc000d00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144356 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144356 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf359002000110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144357 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144357 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf4b4000700110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144358 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144358 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf4b4000800110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144359 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144359 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf625000a00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144360 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144360 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf625000b00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144361 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144361 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf7ba000500110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144362 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144362 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf8d4000a00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144363 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144363 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfa64001d00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144364 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144364 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfbb2000800110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144365 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144365 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfd39000700110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144366 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144366 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfed1000a00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144367 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144367 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cffea001000110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144368 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144368 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d018b000600110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144369 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144369 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d02cf001c00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144370 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144370 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d02cf001d00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144371 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144371 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0489001300110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144372 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144372 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d061e000a00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144373 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144373 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0792000200110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144374 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144374 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d092f001500110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144375 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144375 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d092f001600110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144376 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144376 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0a69000800110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144377 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144377 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0c05001200110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144378 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144378 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0d5b001600110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144379 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144379 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0f13000f00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144380 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144380 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0f13001000110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144381 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144381 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1087000b00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144382 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144382 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d121d000500110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144383 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144383 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d13a4001200110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144384 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144384 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d14d5000500110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144385 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144385 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1693000300110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144386 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144386 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d17c4000c00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144387 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144387 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d17c4000d00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144388 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144388 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d194d000900110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144389 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144389 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1add000400110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144390 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144390 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1bef000500110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144391 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144391 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1d9b000500110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144392 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144392 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1edb000900110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144393 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144393 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d206f000600110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144394 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144394 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d21f1000a00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144395 ADD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144395 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d220b000500110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144396 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144396 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000600110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144397 MOD dn="idnsname=0.21.10.in-addr.arpa.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144397 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000700110000 [18/Jan/2016:09:27:59 -0800] conn=18707 fd=277 slot=277 connection from 10.178.0.98 to 10.178.0.98 [18/Jan/2016:09:27:59 -0800] conn=13 op=56325 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:59 -0800] conn=13 op=56325 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=13 op=56326 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:59 -0800] conn=13 op=56326 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=13 op=56327 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:59 -0800] conn=13 op=56327 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=13 op=56328 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:59 -0800] conn=13 op=56328 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=13 op=56329 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:59 -0800] conn=13 op=56329 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=13 op=56330 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" [18/Jan/2016:09:27:59 -0800] conn=13 op=56330 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=13 op=56331 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:59 -0800] conn=13 op=56331 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=13 op=56332 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:59 -0800] conn=13 op=56332 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=13 op=56333 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:27:59 -0800] conn=13 op=56333 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=13 op=56334 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:27:59 -0800] conn=13 op=56334 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:59 -0800] conn=18707 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:59 -0800] conn=18707 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:59 -0800] conn=18707 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:59 -0800] conn=18707 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:59 -0800] conn=18707 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:59 -0800] conn=18707 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=18707 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:27:59 -0800] conn=18707 op=3 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=18707 op=4 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" [18/Jan/2016:09:27:59 -0800] conn=18707 op=4 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=18707 op=5 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass" [18/Jan/2016:09:27:59 -0800] conn=18707 op=5 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=18707 op=6 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass ipaSshPubKey" [18/Jan/2016:09:27:59 -0800] conn=18707 op=6 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=18707 op=7 MOD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=18707 op=7 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000c000f0000 [18/Jan/2016:09:27:59 -0800] conn=18707 op=8 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="macAddress memberOf ipaSshPubKey description nsHardwarePlatform ipaAllowedToPerform memberofindirect l nsOsVersion fqdn managedBy ipaAssignedIDView userCertificate krbPrincipalName nsHostLocation userClass" [18/Jan/2016:09:27:59 -0800] conn=18707 op=8 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=18707 op=9 SRCH base="dc=mydomain,dc=net" scope=2 filter="(|(member=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberUser=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberHost=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net))" attrs="" [18/Jan/2016:09:27:59 -0800] conn=18707 op=9 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:59 -0800] conn=18707 op=10 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(userPassword=*)" attrs="userPassword" [18/Jan/2016:09:27:59 -0800] conn=18707 op=10 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:59 -0800] conn=18707 op=11 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(krbPrincipalKey=*)" attrs="krbPrincipalKey" [18/Jan/2016:09:27:59 -0800] conn=18707 op=11 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=18707 op=12 UNBIND [18/Jan/2016:09:27:59 -0800] conn=18707 op=12 fd=277 closed - U1 [18/Jan/2016:09:27:59 -0800] conn=14994 op=9093 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:27:59 -0800] conn=14994 op=9093 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144398 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144398 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:59 -0800] conn=273 op=207 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144399 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144399 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:59 -0800] conn=273 op=207 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000e000f0000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144400 ADD dn="idnsName=98,idnsname=0.21.10.in-addr.arpa.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144400 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d220b000800110000 [18/Jan/2016:09:27:59 -0800] conn=273 op=208 MOD dn="idnsname=0.21.10.in-addr.arpa.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=273 op=208 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000f000f0000 [18/Jan/2016:09:28:01 -0800] conn=7882 op=1362 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf nsUniqueId modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock" [18/Jan/2016:09:28:01 -0800] conn=7882 op=1362 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:01 -0800] conn=7882 op=1363 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf nsUniqueId modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock" [18/Jan/2016:09:28:01 -0800] conn=7882 op=1363 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:01 -0800] conn=17562 op=144401 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=17562 op=144401 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000f00110000 [18/Jan/2016:09:28:01 -0800] conn=17562 op=144402 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=273 op=209 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=17562 op=144402 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001000110000 [18/Jan/2016:09:28:01 -0800] conn=17562 op=144403 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=273 op=209 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d0002000f0000 [18/Jan/2016:09:28:01 -0800] conn=17562 op=144403 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001100110000 [18/Jan/2016:09:28:01 -0800] conn=273 op=210 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=17562 op=144404 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=273 op=210 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d0004000f0000 [18/Jan/2016:09:28:01 -0800] conn=17562 op=144404 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001200110000 [18/Jan/2016:09:28:01 -0800] conn=17562 op=144405 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=273 op=211 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=17562 op=144405 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001300110000 [18/Jan/2016:09:28:01 -0800] conn=17562 op=144406 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=273 op=211 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d0006000f0000 [18/Jan/2016:09:28:01 -0800] conn=17562 op=144406 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001400110000 [18/Jan/2016:09:28:01 -0800] conn=17562 op=144407 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=273 op=212 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=17562 op=144407 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001500110000 [18/Jan/2016:09:28:01 -0800] conn=273 op=212 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d0009000f0000 [18/Jan/2016:09:28:01 -0800] conn=273 op=213 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=273 op=213 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d000b000f0000 [18/Jan/2016:09:28:01 -0800] conn=273 op=214 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=273 op=214 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d000d000f0000 [18/Jan/2016:09:28:01 -0800] conn=17562 op=144408 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:01 -0800] conn=17562 op=144408 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:01 -0800] conn=17562 op=144409 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:01 -0800] conn=17562 op=144409 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:01 -0800] conn=17562 op=144410 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:01 -0800] conn=17562 op=144410 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9094 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9094 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9095 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9095 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9096 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9096 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9097 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9097 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9098 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9098 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9099 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9099 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9100 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9100 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9101 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9101 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9102 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9102 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9103 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9103 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9104 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9104 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9105 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9105 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9106 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9106 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9107 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9107 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9108 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9108 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9109 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9109 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9110 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9110 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9111 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9111 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9112 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9112 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9113 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9113 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:04 -0800] conn=17562 op=144411 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:04 -0800] conn=17562 op=144411 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:04 -0800] conn=17562 op=144412 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:04 -0800] conn=17562 op=144412 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:04 -0800] conn=17562 op=144413 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:04 -0800] conn=17562 op=144413 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:04 -0800] conn=17562 op=144414 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:04 -0800] conn=17562 op=144414 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:04 -0800] conn=18708 fd=277 slot=277 connection from 10.21.20.251 to 10.178.0.98 [18/Jan/2016:09:28:04 -0800] conn=18708 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [18/Jan/2016:09:28:04 -0800] conn=18708 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:04 -0800] conn=7 op=36505 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/spool2-ops-flex-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/spool2-ops-flex-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:04 -0800] conn=7 op=36505 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:04 -0800] conn=7 op=36506 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:04 -0800] conn=7 op=36506 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:04 -0800] conn=7 op=36507 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:04 -0800] conn=7 op=36507 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:04 -0800] conn=7 op=36508 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:28:04 -0800] conn=7 op=36508 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:04 -0800] conn=3 op=82499 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/spool2-ops-flex-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/spool2-ops-flex-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:04 -0800] conn=3 op=82499 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:04 -0800] conn=3 op=82500 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:04 -0800] conn=3 op=82500 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:04 -0800] conn=3 op=82501 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:04 -0800] conn=3 op=82501 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:04 -0800] conn=3 op=82502 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:28:04 -0800] conn=3 op=82502 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:04 -0800] conn=3 op=82503 SRCH base="fqdn=spool2-ops-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:28:04 -0800] conn=3 op=82503 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:04 -0800] conn=3 op=82504 SRCH base="cn=spool2-ops-flex-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:04 -0800] conn=3 op=82504 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:04 -0800] conn=3 op=82505 MOD dn="fqdn=spool2-ops-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:04 -0800] conn=3 op=82505 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22100000000f0000 [18/Jan/2016:09:28:04 -0800] conn=3 op=82506 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:04 -0800] conn=3 op=82506 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:04 -0800] conn=3 op=82507 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:04 -0800] conn=3 op=82507 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:04 -0800] conn=3 op=82508 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:04 -0800] conn=3 op=82508 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:04 -0800] conn=3 op=82509 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/spool2-ops-flex-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:04 -0800] conn=3 op=82509 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:04 -0800] conn=3 op=82510 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:04 -0800] conn=3 op=82510 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:04 -0800] conn=18708 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:04 -0800] conn=18708 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:04 -0800] conn=18708 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:04 -0800] conn=18708 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:04 -0800] conn=18708 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:04 -0800] conn=18708 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=spool2-ops-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:04 -0800] conn=18708 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2842)(!(entryusn=2842)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=spool2-ops-flex-van.mydomain.net)(sudoHost=spool2-ops-flex-van)(sudoHost=10.21.20.251)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:769c)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" [18/Jan/2016:09:28:04 -0800] conn=18708 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 [18/Jan/2016:09:28:04 -0800] conn=14994 op=9114 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:04 -0800] conn=14994 op=9114 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:04 -0800] conn=14994 op=9115 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:04 -0800] conn=14994 op=9115 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:04 -0800] conn=17562 op=144415 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:04 -0800] conn=17562 op=144415 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:04 -0800] conn=17562 op=144416 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:04 -0800] conn=17562 op=144416 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:04 -0800] conn=17562 op=144417 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:04 -0800] conn=17562 op=144417 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:04 -0800] conn=17562 op=144418 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:04 -0800] conn=17562 op=144418 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:05 -0800] conn=17562 op=144419 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:05 -0800] conn=17562 op=144419 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:05 -0800] conn=17562 op=144420 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:05 -0800] conn=17562 op=144420 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:05 -0800] conn=17562 op=144421 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:05 -0800] conn=17562 op=144421 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:05 -0800] conn=17562 op=144422 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:05 -0800] conn=17562 op=144422 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:05 -0800] conn=18709 fd=278 slot=278 SSL connection from 10.21.0.98 to 10.178.0.98 [18/Jan/2016:09:28:05 -0800] conn=18709 TLS1.2 128-bit AES [18/Jan/2016:09:28:05 -0800] conn=18709 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:05 -0800] conn=18709 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:05 -0800] conn=18709 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:05 -0800] conn=18709 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:05 -0800] conn=18709 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:05 -0800] conn=18709 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:05 -0800] conn=18710 fd=279 slot=279 SSL connection from 10.21.0.98 to 10.178.0.98 [18/Jan/2016:09:28:05 -0800] conn=18710 TLS1.2 128-bit AES [18/Jan/2016:09:28:05 -0800] conn=18710 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:05 -0800] conn=18710 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:05 -0800] conn=18710 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:05 -0800] conn=18710 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:05 -0800] conn=18710 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:05 -0800] conn=18710 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:05 -0800] conn=18709 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:06 -0800] conn=18709 op=3 RESULT err=0 tag=101 nentries=1 etime=1 [18/Jan/2016:09:28:06 -0800] conn=18709 op=4 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" [18/Jan/2016:09:28:06 -0800] conn=18709 op=4 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:06 -0800] conn=18709 op=5 SRCH base="cn=Domain Level,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaDomainLevel" [18/Jan/2016:09:28:06 -0800] conn=18709 op=5 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:06 -0800] conn=18709 op=6 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" [18/Jan/2016:09:28:06 -0800] conn=18709 op=6 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:06 -0800] conn=18709 op=7 SRCH base="cn=hostgroups,cn=accounts,dc=mydomain,dc=net" scope=1 filter="(&(&(&(objectClass=ipaobject)(objectClass=ipahostgroup))(cn=ipaservers))(member=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net))" attrs="cn memberOf memberofindirect member memberindirect description" [18/Jan/2016:09:28:06 -0800] conn=18709 op=7 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:06 -0800] conn=18709 op=8 UNBIND [18/Jan/2016:09:28:06 -0800] conn=18709 op=8 fd=278 closed - U1 [18/Jan/2016:09:28:06 -0800] conn=18711 fd=278 slot=278 SSL connection from 10.21.0.98 to 10.178.0.98 [18/Jan/2016:09:28:06 -0800] conn=18711 TLS1.2 128-bit AES [18/Jan/2016:09:28:06 -0800] conn=18711 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:06 -0800] conn=18711 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:06 -0800] conn=18711 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:06 -0800] conn=18711 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:06 -0800] conn=18711 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:06 -0800] conn=18711 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:06 -0800] conn=18711 op=3 SRCH base="cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="memberofindirect cn memberOf * member memberindirect description aci" [18/Jan/2016:09:28:06 -0800] conn=18711 op=3 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:06 -0800] conn=18711 op=4 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" [18/Jan/2016:09:28:06 -0800] conn=18711 op=4 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:06 -0800] conn=18711 op=5 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(member=*)(memberOf=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net))" attrs="member" [18/Jan/2016:09:28:06 -0800] conn=18711 op=5 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 [18/Jan/2016:09:28:06 -0800] conn=18711 op=6 SRCH base="dc=mydomain,dc=net" scope=2 filter="(|(member=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net)(memberUser=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net)(memberHost=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net))" attrs="" [18/Jan/2016:09:28:06 -0800] conn=18711 op=6 RESULT err=0 tag=101 nentries=2 etime=0 [18/Jan/2016:09:28:06 -0800] conn=18711 op=7 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=krbPrincipalAux)(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs=ALL [18/Jan/2016:09:28:06 -0800] conn=18711 op=7 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:06 -0800] conn=18711 op=8 SRCH base="cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="cosPriority * nsAccountLock aci" [18/Jan/2016:09:28:06 -0800] conn=18711 op=8 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:06 -0800] conn=18711 op=9 SRCH base="cn=ipaservers,cn=ng,cn=alt,dc=mydomain,dc=net" scope=0 filter="(objectClass=mepmanagedentry)" attrs="" [18/Jan/2016:09:28:06 -0800] conn=18711 op=9 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:06 -0800] conn=18711 op=10 UNBIND [18/Jan/2016:09:28:06 -0800] conn=18711 op=10 fd=278 closed - U1 [18/Jan/2016:09:28:06 -0800] conn=18712 fd=278 slot=278 SSL connection from 10.21.0.98 to 10.178.0.98 [18/Jan/2016:09:28:06 -0800] conn=18712 TLS1.2 128-bit AES [18/Jan/2016:09:28:06 -0800] conn=18712 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:06 -0800] conn=18515 op=6 UNBIND [18/Jan/2016:09:28:06 -0800] conn=18515 op=6 fd=166 closed - U1 [18/Jan/2016:09:28:06 -0800] conn=18712 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:06 -0800] conn=18712 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:06 -0800] conn=18712 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:06 -0800] conn=18712 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:06 -0800] conn=18712 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:06 -0800] conn=18712 op=3 SRCH base="cn=meTodc2-ipa-dev-van.mydomain.net,cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" scope=0 filter="(objectClass=*)" attrs="* aci" [18/Jan/2016:09:28:06 -0800] conn=18712 op=3 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:06 -0800] conn=18712 op=4 SRCH base="cn=replication managers,cn=sysaccounts,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:06 -0800] conn=18712 op=4 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:06 -0800] conn=18712 op=5 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" [18/Jan/2016:09:28:06 -0800] conn=18712 op=5 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=18712 op=6 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=DNS))" attrs=ALL [18/Jan/2016:09:28:07 -0800] conn=18712 op=6 RESULT err=0 tag=101 nentries=3 etime=0 [18/Jan/2016:09:28:07 -0800] conn=18712 op=7 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(ipaConfigString=enabledService)(cn=CA))" attrs=ALL [18/Jan/2016:09:28:07 -0800] conn=18712 op=7 RESULT err=0 tag=101 nentries=3 etime=0 notes=U [18/Jan/2016:09:28:07 -0800] conn=18712 op=8 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(ipaConfigString=enabledService)(cn=KRA))" attrs=ALL [18/Jan/2016:09:28:07 -0800] conn=18712 op=8 RESULT err=0 tag=101 nentries=0 etime=0 notes=U [18/Jan/2016:09:28:07 -0800] conn=18710 op=3 UNBIND [18/Jan/2016:09:28:07 -0800] conn=18710 op=3 fd=279 closed - U1 [18/Jan/2016:09:28:07 -0800] conn=18712 op=9 UNBIND [18/Jan/2016:09:28:07 -0800] conn=18712 op=9 fd=278 closed - U1 [18/Jan/2016:09:28:07 -0800] conn=18713 fd=166 slot=166 connection from 10.178.0.98 to 10.178.0.98 [18/Jan/2016:09:28:07 -0800] conn=3 op=82511 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:07 -0800] conn=3 op=82511 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=3 op=82512 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:07 -0800] conn=3 op=82512 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=3 op=82513 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:07 -0800] conn=3 op=82513 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=3 op=82514 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:07 -0800] conn=3 op=82514 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=3 op=82515 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:07 -0800] conn=3 op=82515 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=3 op=82516 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" [18/Jan/2016:09:28:07 -0800] conn=3 op=82516 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=3 op=82517 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:07 -0800] conn=3 op=82517 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=3 op=82518 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:07 -0800] conn=3 op=82518 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=3 op=82519 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:28:07 -0800] conn=3 op=82519 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=3 op=82520 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:07 -0800] conn=3 op=82520 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:07 -0800] conn=18713 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:07 -0800] conn=18713 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:07 -0800] conn=18713 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:07 -0800] conn=18713 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:07 -0800] conn=18713 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:07 -0800] conn=18713 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:07 -0800] conn=18713 op=3 UNBIND [18/Jan/2016:09:28:07 -0800] conn=18713 op=3 fd=166 closed - U1 [18/Jan/2016:09:28:07 -0800] conn=18714 fd=166 slot=166 connection from 10.178.0.98 to 10.178.0.98 [18/Jan/2016:09:28:07 -0800] conn=7 op=36509 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:07 -0800] conn=7 op=36509 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=7 op=36510 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:07 -0800] conn=7 op=36510 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=7 op=36511 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:07 -0800] conn=7 op=36511 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=7 op=36512 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:07 -0800] conn=7 op=36512 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=7 op=36513 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:07 -0800] conn=7 op=36513 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=7 op=36514 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" [18/Jan/2016:09:28:07 -0800] conn=7 op=36514 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=7 op=36515 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:07 -0800] conn=7 op=36515 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=7 op=36516 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:07 -0800] conn=7 op=36516 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=7 op=36517 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:28:07 -0800] conn=7 op=36517 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=7 op=36518 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:07 -0800] conn=7 op=36518 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:07 -0800] conn=18714 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:07 -0800] conn=18714 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:07 -0800] conn=18714 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:07 -0800] conn=18714 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:07 -0800] conn=18714 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:07 -0800] conn=18714 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:07 -0800] conn=18714 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:07 -0800] conn=18714 op=3 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=18714 op=4 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=DNS))" attrs=ALL [18/Jan/2016:09:28:07 -0800] conn=18714 op=4 RESULT err=0 tag=101 nentries=3 etime=0 [18/Jan/2016:09:28:07 -0800] conn=18714 op=5 UNBIND [18/Jan/2016:09:28:07 -0800] conn=18714 op=5 fd=166 closed - U1 [18/Jan/2016:09:28:07 -0800] conn=18715 fd=166 slot=166 connection from 10.21.0.98 to 10.178.0.98 [18/Jan/2016:09:28:07 -0800] conn=18715 op=-1 fd=166 closed - B1 [18/Jan/2016:09:28:07 -0800] conn=18716 fd=166 slot=166 SSL connection from 10.21.0.98 to 10.178.0.98 [18/Jan/2016:09:28:07 -0800] conn=18716 op=-1 fd=166 closed - Encountered end of file. [18/Jan/2016:09:28:07 -0800] conn=14994 op=9116 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:07 -0800] conn=14994 op=9116 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:07 -0800] conn=14994 op=9117 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:07 -0800] conn=14994 op=9117 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:09 -0800] conn=18516 op=9 UNBIND [18/Jan/2016:09:28:09 -0800] conn=18516 op=9 fd=168 closed - U1 [18/Jan/2016:09:28:09 -0800] conn=18717 fd=166 slot=166 connection from 10.178.0.98 to 10.178.0.98 [18/Jan/2016:09:28:09 -0800] conn=13 op=56335 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:09 -0800] conn=13 op=56335 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:09 -0800] conn=13 op=56336 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:09 -0800] conn=13 op=56336 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:09 -0800] conn=13 op=56337 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:09 -0800] conn=13 op=56337 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:09 -0800] conn=13 op=56338 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:09 -0800] conn=13 op=56338 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:09 -0800] conn=13 op=56339 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:09 -0800] conn=13 op=56339 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:09 -0800] conn=13 op=56340 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" [18/Jan/2016:09:28:09 -0800] conn=13 op=56340 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:09 -0800] conn=13 op=56341 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:09 -0800] conn=13 op=56341 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:09 -0800] conn=13 op=56342 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:09 -0800] conn=13 op=56342 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:09 -0800] conn=13 op=56343 SRCH base="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:28:09 -0800] conn=13 op=56343 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:09 -0800] conn=18717 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:09 -0800] conn=18717 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:09 -0800] conn=18717 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:09 -0800] conn=18717 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:09 -0800] conn=18717 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:09 -0800] conn=18717 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:09 -0800] conn=18717 op=3 UNBIND [18/Jan/2016:09:28:09 -0800] conn=18717 op=3 fd=166 closed - U1 [18/Jan/2016:09:28:10 -0800] conn=18718 fd=166 slot=166 connection from 10.178.0.98 to 10.178.0.98 [18/Jan/2016:09:28:10 -0800] conn=13 op=56344 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:10 -0800] conn=13 op=56344 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=13 op=56345 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:10 -0800] conn=13 op=56345 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=13 op=56346 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:10 -0800] conn=13 op=56346 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=13 op=56347 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:10 -0800] conn=13 op=56347 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=13 op=56348 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:10 -0800] conn=13 op=56348 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=13 op=56349 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" [18/Jan/2016:09:28:10 -0800] conn=13 op=56349 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=13 op=56350 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:10 -0800] conn=13 op=56350 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=13 op=56351 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:10 -0800] conn=13 op=56351 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=13 op=56352 SRCH base="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:28:10 -0800] conn=13 op=56352 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=18718 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:10 -0800] conn=18718 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:10 -0800] conn=18718 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:10 -0800] conn=18718 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:10 -0800] conn=18718 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:10 -0800] conn=18718 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:10 -0800] conn=18718 op=3 UNBIND [18/Jan/2016:09:28:10 -0800] conn=18718 op=3 fd=166 closed - U1 [18/Jan/2016:09:28:10 -0800] conn=18719 fd=166 slot=166 connection from 10.178.0.98 to 10.178.0.98 [18/Jan/2016:09:28:10 -0800] conn=3 op=82521 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:10 -0800] conn=3 op=82521 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=3 op=82522 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:10 -0800] conn=3 op=82522 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=3 op=82523 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:10 -0800] conn=3 op=82523 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=3 op=82524 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:10 -0800] conn=3 op=82524 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=3 op=82525 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:10 -0800] conn=3 op=82525 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=3 op=82526 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" [18/Jan/2016:09:28:10 -0800] conn=3 op=82526 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=3 op=82527 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:10 -0800] conn=3 op=82527 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=3 op=82528 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:10 -0800] conn=3 op=82528 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=3 op=82529 SRCH base="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:28:10 -0800] conn=3 op=82529 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=18719 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:10 -0800] conn=18719 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:10 -0800] conn=18719 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:10 -0800] conn=18719 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:10 -0800] conn=18719 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:10 -0800] conn=18719 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:10 -0800] conn=18719 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:10 -0800] conn=18719 op=3 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=18719 op=4 SRCH base="cn=dc2-ipa-dev-nvan.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" [18/Jan/2016:09:28:10 -0800] conn=18719 op=4 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=18719 op=5 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(memberOf=cn=Replication Administrators,cn=privileges,cn=pbac,dc=mydomain,dc=net)(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs=ALL [18/Jan/2016:09:28:10 -0800] conn=18719 op=5 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:11 -0800] conn=18719 op=6 UNBIND [18/Jan/2016:09:28:11 -0800] conn=18719 op=6 fd=166 closed - U1 [18/Jan/2016:09:28:11 -0800] conn=17562 op=144423 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:11 -0800] conn=17562 op=144423 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:11 -0800] conn=17562 op=144424 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:11 -0800] conn=17562 op=144424 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:11 -0800] conn=17562 op=144425 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:11 -0800] conn=17562 op=144425 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:11 -0800] conn=17562 op=144426 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:11 -0800] conn=17562 op=144426 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:12 -0800] conn=18720 fd=166 slot=166 SSL connection from 10.21.0.98 to 10.178.0.98 [18/Jan/2016:09:28:12 -0800] conn=18720 TLS1.2 128-bit AES [18/Jan/2016:09:28:12 -0800] conn=18720 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:12 -0800] conn=18720 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:12 -0800] conn=18720 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:12 -0800] conn=18720 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:12 -0800] conn=18720 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:12 -0800] conn=18720 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:12 -0800] conn=18720 op=3 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" [18/Jan/2016:09:28:12 -0800] conn=18720 op=3 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:12 -0800] conn=18720 op=4 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" [18/Jan/2016:09:28:12 -0800] conn=18720 op=4 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:12 -0800] conn=18720 op=5 MOD dn="cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:12 -0800] conn=18720 op=5 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22180003000f0000 [18/Jan/2016:09:28:12 -0800] conn=18720 op=6 SRCH base="cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="cn memberOf memberofindirect member memberindirect description" [18/Jan/2016:09:28:12 -0800] conn=18720 op=6 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:12 -0800] conn=18720 op=7 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" [18/Jan/2016:09:28:12 -0800] conn=14994 op=9118 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:12 -0800] conn=14994 op=9118 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:12 -0800] conn=14994 op=9119 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:12 -0800] conn=14994 op=9119 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:12 -0800] conn=14994 op=9120 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:12 -0800] conn=14994 op=9120 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:12 -0800] conn=14994 op=9121 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:12 -0800] conn=14994 op=9121 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:12 -0800] conn=17562 op=144427 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:12 -0800] conn=17562 op=144427 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:12 -0800] conn=17562 op=144428 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:12 -0800] conn=17562 op=144428 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:12 -0800] conn=17562 op=144429 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:12 -0800] conn=17562 op=144429 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:12 -0800] conn=17562 op=144430 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:12 -0800] conn=17562 op=144430 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:12 -0800] conn=18720 op=7 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:12 -0800] conn=18720 op=8 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(member=*)(memberOf=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net))" attrs="member" [18/Jan/2016:09:28:12 -0800] conn=18720 op=8 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 [18/Jan/2016:09:28:12 -0800] conn=18720 op=9 SRCH base="dc=mydomain,dc=net" scope=2 filter="(|(member=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net)(memberUser=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net)(memberHost=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net))" attrs="" [18/Jan/2016:09:28:12 -0800] conn=18720 op=9 RESULT err=0 tag=101 nentries=2 etime=0 [18/Jan/2016:09:28:12 -0800] conn=18720 op=10 SRCH base="cn=ipaservers,cn=ng,cn=alt,dc=mydomain,dc=net" scope=0 filter="(objectClass=mepmanagedentry)" attrs="" [18/Jan/2016:09:28:12 -0800] conn=18720 op=10 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:12 -0800] conn=18720 op=11 UNBIND [18/Jan/2016:09:28:12 -0800] conn=18720 op=11 fd=166 closed - U1 [18/Jan/2016:09:28:13 -0800] conn=14994 op=9122 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:13 -0800] conn=14994 op=9122 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:13 -0800] conn=14994 op=9123 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:13 -0800] conn=14994 op=9123 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:13 -0800] conn=18721 fd=166 slot=166 connection from 10.21.0.98 to 10.178.0.98 [18/Jan/2016:09:28:13 -0800] conn=18721 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:13 -0800] conn=18721 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:13 -0800] conn=18721 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:13 -0800] conn=18721 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:13 -0800] conn=18721 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:13 -0800] conn=18721 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:13 -0800] conn=18721 op=3 SRCH base="cn=cacert,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(cacertificate;binary=*)" attrs="cacertificate;binary" [18/Jan/2016:09:28:13 -0800] conn=18721 op=3 RESULT err=0 tag=101 nentries=1 etime=0 notes=U [18/Jan/2016:09:28:13 -0800] conn=18721 op=-1 fd=166 closed - B1 [18/Jan/2016:09:28:15 -0800] conn=18722 fd=166 slot=166 connection from 10.21.31.31 to 10.178.0.98 [18/Jan/2016:09:28:15 -0800] conn=18722 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [18/Jan/2016:09:28:15 -0800] conn=18722 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:15 -0800] conn=13 op=56353 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/fe1-gas-salqa1-van.login.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/fe1-gas-salqa1-van.login.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:15 -0800] conn=13 op=56353 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:15 -0800] conn=13 op=56354 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:15 -0800] conn=13 op=56354 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:15 -0800] conn=13 op=56355 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:15 -0800] conn=13 op=56355 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:15 -0800] conn=13 op=56356 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:28:15 -0800] conn=13 op=56356 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:15 -0800] conn=13 op=56357 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/fe1-gas-salqa1-van.login.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/fe1-gas-salqa1-van.login.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:15 -0800] conn=13 op=56357 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:15 -0800] conn=13 op=56358 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:15 -0800] conn=13 op=56358 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:15 -0800] conn=13 op=56359 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:15 -0800] conn=13 op=56359 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:15 -0800] conn=13 op=56360 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:28:15 -0800] conn=13 op=56360 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:15 -0800] conn=13 op=56361 SRCH base="fqdn=fe1-gas-salqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:28:15 -0800] conn=13 op=56361 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:15 -0800] conn=13 op=56362 SRCH base="cn=fe1-gas-salqa1-van.login.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:15 -0800] conn=13 op=56362 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:15 -0800] conn=13 op=56363 MOD dn="fqdn=fe1-gas-salqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:15 -0800] conn=13 op=56363 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d221b0000000f0000 [18/Jan/2016:09:28:15 -0800] conn=13 op=56364 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:15 -0800] conn=13 op=56364 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:15 -0800] conn=13 op=56365 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:15 -0800] conn=13 op=56365 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:15 -0800] conn=13 op=56366 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:15 -0800] conn=13 op=56366 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:15 -0800] conn=13 op=56367 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/fe1-gas-salqa1-van.login.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:15 -0800] conn=13 op=56367 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:15 -0800] conn=13 op=56368 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:15 -0800] conn=13 op=56368 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:15 -0800] conn=18722 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:15 -0800] conn=18722 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:15 -0800] conn=18722 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:15 -0800] conn=18722 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:15 -0800] conn=18722 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:15 -0800] conn=18722 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=fe1-gas-salqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:15 -0800] conn=18722 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2842)(!(entryusn=2842)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=fe1-gas-salqa1-van.login.mydomain.net)(sudoHost=fe1-gas-salqa1-van)(sudoHost=10.21.31.31)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:3fd2)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" [18/Jan/2016:09:28:15 -0800] conn=18722 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 [18/Jan/2016:09:28:16 -0800] conn=18723 fd=168 slot=168 connection from 10.21.23.93 to 10.178.0.98 [18/Jan/2016:09:28:16 -0800] conn=18723 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [18/Jan/2016:09:28:16 -0800] conn=18723 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:16 -0800] conn=3 op=82530 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/collector2-sal-cpqa1-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/collector2-sal-cpqa1-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:16 -0800] conn=3 op=82530 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:16 -0800] conn=3 op=82531 SRCH base="cn=ipaConfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaConfigString ipaKrbAuthzData ipaUserAuthType" [18/Jan/2016:09:28:16 -0800] conn=3 op=82531 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:16 -0800] conn=3 op=82532 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:16 -0800] conn=3 op=82532 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:16 -0800] conn=3 op=82533 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:16 -0800] conn=3 op=82533 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:16 -0800] conn=3 op=82534 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:28:16 -0800] conn=3 op=82534 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:16 -0800] conn=13 op=56369 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/collector2-sal-cpqa1-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/collector2-sal-cpqa1-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:16 -0800] conn=13 op=56369 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:16 -0800] conn=13 op=56370 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:16 -0800] conn=13 op=56370 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:16 -0800] conn=13 op=56371 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:16 -0800] conn=13 op=56371 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:16 -0800] conn=13 op=56372 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:28:16 -0800] conn=13 op=56372 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:16 -0800] conn=13 op=56373 SRCH base="fqdn=collector2-sal-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:28:16 -0800] conn=13 op=56373 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:16 -0800] conn=13 op=56374 SRCH base="cn=collector2-sal-cpqa1-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:16 -0800] conn=13 op=56374 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:16 -0800] conn=13 op=56375 MOD dn="fqdn=collector2-sal-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:16 -0800] conn=13 op=56375 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d221c0000000f0000 [18/Jan/2016:09:28:16 -0800] conn=3 op=82535 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:16 -0800] conn=3 op=82535 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:16 -0800] conn=3 op=82536 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:16 -0800] conn=3 op=82536 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:16 -0800] conn=3 op=82537 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:16 -0800] conn=3 op=82537 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:16 -0800] conn=3 op=82538 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/collector2-sal-cpqa1-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:16 -0800] conn=3 op=82538 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:16 -0800] conn=3 op=82539 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:16 -0800] conn=3 op=82539 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:16 -0800] conn=18723 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:16 -0800] conn=18723 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:16 -0800] conn=18723 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:16 -0800] conn=18723 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:16 -0800] conn=18723 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:16 -0800] conn=18723 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=collector2-sal-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:16 -0800] conn=18723 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2842)(!(entryusn=2842)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=collector2-sal-cpqa1-van.mydomain.net)(sudoHost=collector2-sal-cpqa1-van)(sudoHost=10.21.23.93)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:6b78)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" [18/Jan/2016:09:28:16 -0800] conn=18723 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 [18/Jan/2016:09:28:17 -0800] conn=14994 op=9124 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:17 -0800] conn=14994 op=9124 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:17 -0800] conn=14994 op=9125 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:17 -0800] conn=14994 op=9125 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:17 -0800] conn=14994 op=9126 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:17 -0800] conn=14994 op=9126 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:17 -0800] conn=14994 op=9127 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:17 -0800] conn=14994 op=9127 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:17 -0800] conn=17562 op=144431 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:17 -0800] conn=17562 op=144431 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:17 -0800] conn=17562 op=144432 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:17 -0800] conn=17562 op=144432 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:17 -0800] conn=17562 op=144433 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:17 -0800] conn=17562 op=144433 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:17 -0800] conn=17562 op=144434 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:17 -0800] conn=17562 op=144434 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:17 -0800] conn=18724 fd=278 slot=278 connection from 10.21.5.241 to 10.178.0.98 [18/Jan/2016:09:28:17 -0800] conn=18724 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [18/Jan/2016:09:28:17 -0800] conn=18724 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:17 -0800] conn=18724 op=1 UNBIND [18/Jan/2016:09:28:17 -0800] conn=18724 op=1 fd=278 closed - U1 [18/Jan/2016:09:28:17 -0800] conn=18725 fd=278 slot=278 connection from 10.21.5.241 to 10.178.0.98 [18/Jan/2016:09:28:17 -0800] conn=18725 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [18/Jan/2016:09:28:17 -0800] conn=18725 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:18 -0800] conn=14994 op=9128 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:18 -0800] conn=14994 op=9128 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:18 -0800] conn=14994 op=9129 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:18 -0800] conn=14994 op=9129 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:18 -0800] conn=18725 op=1 UNBIND [18/Jan/2016:09:28:18 -0800] conn=18725 op=1 fd=278 closed - U1 [18/Jan/2016:09:28:18 -0800] conn=14994 op=9130 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:18 -0800] conn=14994 op=9130 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:18 -0800] conn=14994 op=9131 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:18 -0800] conn=14994 op=9131 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:21 -0800] conn=15599 op=565 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(gidNumber=10002)(objectClass=posixGroup)(cn=*)(&(gidNumber=*)(!(gidNumber=0))))" attrs="objectClass cn userPassword gidNumber member nsUniqueId modifyTimestamp entryusn" [18/Jan/2016:09:28:21 -0800] conn=15599 op=565 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:21 -0800] conn=17562 op=144435 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:21 -0800] conn=17562 op=144435 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:21 -0800] conn=17562 op=144436 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:21 -0800] conn=17562 op=144436 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:21 -0800] conn=17562 op=144437 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:21 -0800] conn=17562 op=144437 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:21 -0800] conn=17562 op=144438 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:21 -0800] conn=17562 op=144438 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:22 -0800] conn=14994 op=9132 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:22 -0800] conn=14994 op=9132 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:22 -0800] conn=14994 op=9133 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:22 -0800] conn=14994 op=9133 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:22 -0800] conn=14994 op=9134 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:22 -0800] conn=14994 op=9134 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:22 -0800] conn=14994 op=9135 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:22 -0800] conn=14994 op=9135 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:22 -0800] conn=18726 fd=278 slot=278 connection from 10.178.0.98 to 10.178.0.98 [18/Jan/2016:09:28:22 -0800] conn=13 op=56376 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:22 -0800] conn=13 op=56376 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=13 op=56377 SRCH base="cn=ipaConfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaConfigString ipaKrbAuthzData ipaUserAuthType" [18/Jan/2016:09:28:22 -0800] conn=13 op=56377 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=13 op=56378 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:22 -0800] conn=13 op=56378 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=13 op=56379 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:22 -0800] conn=13 op=56379 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=13 op=56380 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:22 -0800] conn=13 op=56380 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=13 op=56381 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:22 -0800] conn=13 op=56381 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=13 op=56382 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" [18/Jan/2016:09:28:22 -0800] conn=13 op=56382 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=13 op=56383 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:22 -0800] conn=13 op=56383 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=13 op=56384 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:22 -0800] conn=13 op=56384 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=13 op=56385 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:28:22 -0800] conn=13 op=56385 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=13 op=56386 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:22 -0800] conn=13 op=56386 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:22 -0800] conn=18726 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:22 -0800] conn=18726 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:22 -0800] conn=18726 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:22 -0800] conn=18726 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:22 -0800] conn=18726 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:22 -0800] conn=18726 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:22 -0800] conn=18726 op=3 UNBIND [18/Jan/2016:09:28:22 -0800] conn=18726 op=3 fd=278 closed - U1 [18/Jan/2016:09:28:22 -0800] conn=18727 fd=278 slot=278 connection from 10.178.0.98 to 10.178.0.98 [18/Jan/2016:09:28:22 -0800] conn=3 op=82540 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:22 -0800] conn=3 op=82540 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=3 op=82541 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:22 -0800] conn=3 op=82541 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=3 op=82542 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:22 -0800] conn=3 op=82542 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=3 op=82543 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:22 -0800] conn=3 op=82543 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=3 op=82544 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:22 -0800] conn=3 op=82544 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=3 op=82545 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" [18/Jan/2016:09:28:22 -0800] conn=3 op=82545 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=3 op=82546 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:22 -0800] conn=3 op=82546 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=3 op=82547 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:22 -0800] conn=3 op=82547 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=3 op=82548 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:28:22 -0800] conn=3 op=82548 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=3 op=82549 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:22 -0800] conn=3 op=82549 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:22 -0800] conn=18727 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:22 -0800] conn=18727 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:22 -0800] conn=18727 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:22 -0800] conn=18727 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:22 -0800] conn=18727 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:22 -0800] conn=18727 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:22 -0800] conn=18727 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:22 -0800] conn=18727 op=3 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=18727 op=4 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" [18/Jan/2016:09:28:22 -0800] conn=18727 op=4 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=18727 op=5 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="macAddress memberOf description nsHardwarePlatform ipaAllowedToPerform memberofindirect l nsOsVersion fqdn managedBy ipaAssignedIDView userCertificate krbPrincipalName nsHostLocation userClass" [18/Jan/2016:09:28:22 -0800] conn=18727 op=5 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=18727 op=6 SRCH base="dc=mydomain,dc=net" scope=2 filter="(|(member=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberUser=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberHost=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net))" attrs="" [18/Jan/2016:09:28:22 -0800] conn=18727 op=6 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=18727 op=7 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(userPassword=*)" attrs="userPassword" [18/Jan/2016:09:28:22 -0800] conn=18727 op=7 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:22 -0800] conn=18727 op=8 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(krbPrincipalKey=*)" attrs="krbPrincipalKey" [18/Jan/2016:09:28:22 -0800] conn=18727 op=8 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=18727 op=9 SRCH base="cn=ipaservers,cn=ng,cn=alt,dc=mydomain,dc=net" scope=0 filter="(objectClass=mepmanagedentry)" attrs="" [18/Jan/2016:09:28:22 -0800] conn=18727 op=9 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=18727 op=10 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaSshPubKey" [18/Jan/2016:09:28:22 -0800] conn=18727 op=10 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=18727 op=11 ADD dn="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:22 -0800] conn=18727 op=11 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d22220006000f0000 [18/Jan/2016:09:28:22 -0800] conn=18727 op=12 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="memberOf ipaKrbAuthzData objectClass userCertificate managedBy ipaUniqueID ipaAllowedToPerform krbPrincipalName" [18/Jan/2016:09:28:22 -0800] conn=18727 op=12 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=18727 op=13 UNBIND [18/Jan/2016:09:28:22 -0800] conn=18727 op=13 fd=278 closed - U1 [18/Jan/2016:09:28:22 -0800] conn=14994 op=9136 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:22 -0800] conn=14994 op=9136 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:22 -0800] conn=14994 op=9137 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:22 -0800] conn=14994 op=9137 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:22 -0800] conn=17562 op=144439 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:22 -0800] conn=17562 op=144439 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:22 -0800] conn=17562 op=144440 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:22 -0800] conn=17562 op=144440 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:22 -0800] conn=18728 fd=278 slot=278 connection from 10.21.0.98 to 10.178.0.98 [18/Jan/2016:09:28:22 -0800] conn=18728 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:22 -0800] conn=18728 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:22 -0800] conn=18728 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:22 -0800] conn=18728 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:22 -0800] conn=18728 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:22 -0800] conn=18728 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:22 -0800] conn=18728 op=3 EXT oid="2.16.840.1.113730.3.8.10.5" name="IPA Password Manager" [18/Jan/2016:09:28:22 -0800] conn=18728 op=3 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:22 -0800] conn=18728 op=4 UNBIND [18/Jan/2016:09:28:22 -0800] conn=18728 op=4 fd=278 closed - U1 [18/Jan/2016:09:28:22 -0800] conn=14994 op=9138 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:22 -0800] conn=14994 op=9138 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:22 -0800] conn=14994 op=9139 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:22 -0800] conn=14994 op=9139 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:22 -0800] conn=14994 op=9140 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:22 -0800] conn=14994 op=9140 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:22 -0800] conn=14994 op=9141 MOD dn="cn=repl keep alive 16,dc=mydomain,dc=net" [18/Jan/2016:09:28:22 -0800] conn=14994 op=9141 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2222000e00100000 [18/Jan/2016:09:28:23 -0800] conn=18729 fd=278 slot=278 connection from 10.178.0.98 to 10.178.0.98 [18/Jan/2016:09:28:23 -0800] conn=7 op=36519 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:23 -0800] conn=7 op=36519 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=7 op=36520 SRCH base="cn=ipaConfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaConfigString ipaKrbAuthzData ipaUserAuthType" [18/Jan/2016:09:28:23 -0800] conn=7 op=36520 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=7 op=36521 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:23 -0800] conn=7 op=36521 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=7 op=36522 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:23 -0800] conn=7 op=36522 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=7 op=36523 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:23 -0800] conn=7 op=36523 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=7 op=36524 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:23 -0800] conn=7 op=36524 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18729 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:23 -0800] conn=18729 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:23 -0800] conn=18729 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:23 -0800] conn=18729 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:23 -0800] conn=18729 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:23 -0800] conn=18729 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:23 -0800] conn=18729 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:23 -0800] conn=18729 op=3 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18729 op=4 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=CA))" attrs=ALL [18/Jan/2016:09:28:23 -0800] conn=18729 op=4 RESULT err=0 tag=101 nentries=3 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18729 op=5 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=krbPrincipalAux)(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs=ALL [18/Jan/2016:09:28:23 -0800] conn=18729 op=5 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18729 op=6 SRCH base="cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass" [18/Jan/2016:09:28:23 -0800] conn=18729 op=6 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18729 op=7 SRCH base="cn=caacls,cn=ca,dc=mydomain,dc=net" scope=1 filter="(&(objectClass=ipaassociation)(objectClass=ipacaacl))" attrs="serviceCategory cn ipaMemberCertProfile ipaMemberCa ipaCertProfileCategory memberUser userCategory hostCategory memberHost ipaEnabledFlag ipaCaCategory memberService description" [18/Jan/2016:09:28:23 -0800] conn=18729 op=7 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18729 op=8 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaKrbAuthzData userCertificate ipaAllowedToPerform * managedBy memberOf krbPrincipalName aci" [18/Jan/2016:09:28:23 -0800] conn=18729 op=8 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18729 op=9 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(krbPrincipalKey=*)" attrs="krbPrincipalKey" [18/Jan/2016:09:28:23 -0800] conn=18729 op=9 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18729 op=10 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=krbPrincipalAux)(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs=ALL [18/Jan/2016:09:28:23 -0800] conn=18729 op=10 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18729 op=11 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="userCertificate" [18/Jan/2016:09:28:23 -0800] conn=18729 op=11 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=67 op=539 SRCH base="cn=7,ou=certificateRepository,ou=ca,o=ipaca" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:23 -0800] conn=67 op=539 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=217 op=10 SRCH base="ou=People,o=ipaca" scope=2 filter="(description=2;7;CN=Certificate Authority,O=MYDOMAIN.NET;CN=IPA RA,O=MYDOMAIN.NET)" attrs=ALL [18/Jan/2016:09:28:23 -0800] conn=217 op=10 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=217 op=11 SRCH base="cn=Registration Manager Agents,ou=groups,o=ipaca" scope=0 filter="(uniqueMember=uid=ipara,ou=people,o=ipaca)" attrs="cn" [18/Jan/2016:09:28:23 -0800] conn=217 op=11 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=67 op=540 ADD dn="cn=99990009,ou=ca,ou=requests,o=ipaca" [18/Jan/2016:09:28:23 -0800] conn=67 op=540 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d2323000004470000 [18/Jan/2016:09:28:23 -0800] conn=67 op=541 ADD dn="cn=2684289033,ou=certificateRepository,ou=ca,o=ipaca" [18/Jan/2016:09:28:23 -0800] conn=67 op=541 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d2323000104470000 [18/Jan/2016:09:28:23 -0800] conn=67 op=542 MOD dn="cn=99990009,ou=ca,ou=requests,o=ipaca" [18/Jan/2016:09:28:23 -0800] conn=17562 op=144441 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:23 -0800] conn=17562 op=144441 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:23 -0800] conn=67 op=542 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2323000304470000 [18/Jan/2016:09:28:23 -0800] conn=67 op=543 SRCH base="cn=99990009,ou=ca,ou=requests,o=ipaca" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:23 -0800] conn=67 op=543 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=67 op=544 MOD dn="ou=ca,ou=requests,o=ipaca" [18/Jan/2016:09:28:23 -0800] conn=18730 fd=281 slot=281 connection from 10.178.0.99 to 10.178.0.98 [18/Jan/2016:09:28:23 -0800] conn=67 op=544 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2323000504470000 [18/Jan/2016:09:28:23 -0800] conn=18730 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:23 -0800] conn=18729 op=12 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=CA))" attrs=ALL [18/Jan/2016:09:28:23 -0800] conn=18729 op=12 RESULT err=0 tag=101 nentries=3 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18730 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:23 -0800] conn=18729 op=13 SRCH base="cn=caIPAserviceCert,cn=certprofiles,cn=ca,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="cn ipaCertProfileStoreIssued description" [18/Jan/2016:09:28:23 -0800] conn=18729 op=13 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18729 op=14 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="userCertificate" [18/Jan/2016:09:28:23 -0800] conn=18729 op=14 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18731 fd=282 slot=282 connection from 10.21.0.99 to 10.178.0.98 [18/Jan/2016:09:28:23 -0800] conn=18729 op=15 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=CA))" attrs=ALL [18/Jan/2016:09:28:23 -0800] conn=18729 op=15 RESULT err=0 tag=101 nentries=3 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18731 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:23 -0800] conn=18729 op=16 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=CA))" attrs=ALL [18/Jan/2016:09:28:23 -0800] conn=18731 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:23 -0800] conn=18729 op=16 RESULT err=0 tag=101 nentries=3 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18729 op=17 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="userCertificate" [18/Jan/2016:09:28:23 -0800] conn=18729 op=17 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18731 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:23 -0800] conn=18731 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:23 -0800] conn=18729 op=18 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="userCertificate" [18/Jan/2016:09:28:23 -0800] conn=18729 op=18 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18729 op=19 MOD dn="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:23 -0800] conn=18731 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:23 -0800] conn=18731 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="krbprincipalname=ldap/dc1-ipa-dev-van.mydomain.net at mydomain.net,cn=services,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:23 -0800] conn=18729 op=19 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22230001000f0000 [18/Jan/2016:09:28:23 -0800] conn=18729 op=20 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaKrbAuthzData userCertificate ipaAllowedToPerform managedBy memberOf krbPrincipalName" [18/Jan/2016:09:28:23 -0800] conn=18731 op=3 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension" [18/Jan/2016:09:28:23 -0800] conn=18729 op=20 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18731 op=3 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18731 op=4 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension" [18/Jan/2016:09:28:23 -0800] conn=18729 op=21 UNBIND [18/Jan/2016:09:28:23 -0800] conn=18729 op=21 fd=278 closed - U1 [18/Jan/2016:09:28:23 -0800] conn=18731 op=4 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18731 op=5 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:23 -0800] conn=18731 op=5 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18731 op=6 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:23 -0800] conn=18731 op=6 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:27 -0800] conn=17562 op=144442 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:27 -0800] conn=17562 op=144442 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:28 -0800] conn=18730 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:28 -0800] conn=18730 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:28 -0800] conn=18730 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:28 -0800] conn=18730 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="krbprincipalname=ldap/dc1-ipa-dev-nvan.mydomain.net at mydomain.net,cn=services,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:28 -0800] conn=18730 op=3 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension" [18/Jan/2016:09:28:28 -0800] conn=18730 op=3 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:28 -0800] conn=18730 op=4 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension" [18/Jan/2016:09:28:28 -0800] conn=18730 op=4 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:28 -0800] conn=18730 op=5 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:28 -0800] conn=18730 op=5 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:28 -0800] conn=18730 op=6 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:28 -0800] conn=18730 op=6 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:28 -0800] conn=14994 op=9142 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:28 -0800] conn=14994 op=9142 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:28 -0800] conn=14994 op=9143 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:28 -0800] conn=14994 op=9143 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:28 -0800] conn=14994 op=9144 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:28 -0800] conn=14994 op=9144 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:29 -0800] conn=17562 op=144443 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:29 -0800] conn=17562 op=144443 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:29 -0800] conn=17562 op=144444 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:29 -0800] conn=17562 op=144444 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:30 -0800] conn=18656 op=5 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2842)(!(entryusn=2842)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=spool1-googleapps-flex-van.mydomain.net)(sudoHost=spool1-googleapps-flex-van)(sudoHost=10.21.32.201)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:2c30)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" [18/Jan/2016:09:28:30 -0800] conn=18656 op=5 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 [18/Jan/2016:09:28:30 -0800] conn=18519 op=5 UNBIND [18/Jan/2016:09:28:30 -0800] conn=18519 op=5 fd=77 closed - U1 [18/Jan/2016:09:28:32 -0800] conn=18732 fd=77 slot=77 connection from 10.21.0.98 to 10.178.0.98 [18/Jan/2016:09:28:32 -0800] conn=18732 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:32 -0800] conn=18732 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:32 -0800] conn=18732 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:32 -0800] conn=18732 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:32 -0800] conn=18732 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:32 -0800] conn=18732 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:32 -0800] conn=18732 op=3 SRCH base="cn=replication,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:32 -0800] conn=18732 op=3 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:32 -0800] conn=18732 op=4 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" [18/Jan/2016:09:28:32 -0800] conn=18732 op=4 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:32 -0800] conn=17562 op=144445 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:32 -0800] conn=17562 op=144445 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:32 -0800] conn=17562 op=144446 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:32 -0800] conn=17562 op=144446 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:32 -0800] conn=17562 op=144447 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:32 -0800] conn=17562 op=144447 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:32 -0800] conn=17562 op=144448 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:32 -0800] conn=17562 op=144448 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:32 -0800] conn=18732 op=5 MOD dn="cn=replication,cn=etc,dc=mydomain,dc=net" [18/Jan/2016:09:28:32 -0800] conn=18732 op=5 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d222c0007000f0000 [18/Jan/2016:09:28:32 -0800] conn=14994 op=9145 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:32 -0800] conn=14994 op=9145 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:32 -0800] conn=14994 op=9146 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:32 -0800] conn=14994 op=9146 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:32 -0800] conn=17562 op=144449 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:32 -0800] conn=17562 op=144449 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:32 -0800] conn=17562 op=144450 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:32 -0800] conn=17562 op=144450 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:33 -0800] conn=18732 op=6 SRCH base="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:33 -0800] conn=18732 op=6 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:33 -0800] conn=18732 op=7 SRCH base="cn=replication,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:33 -0800] conn=18732 op=7 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:33 -0800] conn=18732 op=8 MOD dn="cn=replication,cn=etc,dc=mydomain,dc=net" [18/Jan/2016:09:28:33 -0800] conn=18732 op=8 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d222d0000000f0000 [18/Jan/2016:09:28:33 -0800] conn=18732 op=9 SRCH base="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:33 -0800] conn=18732 op=9 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 ADD dn="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 RESULT err=68 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:33 -0800] conn=18732 op=11 UNBIND [18/Jan/2016:09:28:33 -0800] conn=18732 op=11 fd=77 closed - U1 [18/Jan/2016:09:28:33 -0800] conn=18733 fd=77 slot=77 connection from 10.178.6.56 to 10.178.0.98 [18/Jan/2016:09:28:33 -0800] conn=18733 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [18/Jan/2016:09:28:33 -0800] conn=18733 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:33 -0800] conn=3 op=82550 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:33 -0800] conn=3 op=82550 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:33 -0800] conn=18733 op=1 UNBIND [18/Jan/2016:09:28:33 -0800] conn=18733 op=1 fd=77 closed - U1 [18/Jan/2016:09:28:33 -0800] conn=18734 fd=77 slot=77 connection from 10.178.6.56 to 10.178.0.98 [18/Jan/2016:09:28:33 -0800] conn=18734 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [18/Jan/2016:09:28:33 -0800] conn=18734 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:33 -0800] conn=7 op=36525 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:33 -0800] conn=7 op=36525 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:33 -0800] conn=18734 op=1 UNBIND [18/Jan/2016:09:28:33 -0800] conn=18734 op=1 fd=77 closed - U1 [18/Jan/2016:09:28:33 -0800] conn=7 op=36526 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:33 -0800] conn=7 op=36526 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:33 -0800] conn=18735 fd=77 slot=77 connection from 10.178.6.56 to 10.178.0.98 [18/Jan/2016:09:28:33 -0800] conn=18735 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [18/Jan/2016:09:28:33 -0800] conn=18735 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:33 -0800] conn=7 op=36527 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:33 -0800] conn=7 op=36527 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:33 -0800] conn=18735 op=1 UNBIND [18/Jan/2016:09:28:33 -0800] conn=18735 op=1 fd=77 closed - U1 [18/Jan/2016:09:28:34 -0800] conn=14994 op=9147 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:34 -0800] conn=14994 op=9147 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:34 -0800] conn=14994 op=9148 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:34 -0800] conn=17562 op=144451 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:34 -0800] conn=17562 op=144451 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:34 -0800] conn=14994 op=9148 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:36 -0800] conn=18520 op=5 UNBIND -----Original Message----- From: Petr Vobornik [mailto:pvoborni at redhat.com] Sent: January-18-16 10:30 AM To: Nathan Peters; Rob Crittenden; freeipa-users at redhat.com Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists On 01/18/2016 07:10 PM, Nathan Peters wrote: > This is FreeIPA 4.3.0. There is no master generating the prepare file (unless its still handled in the background invisibly to the user). Right. But the replica installer picks some server as a master. Ipa-replica-install is run directly from an unjoined client (or joined client, I have tried both). > > However, after tracking the logs of all 3 existing IPA servers during the attempted installation, the CA master appears to be the one doing something. Here are the logs for that time period. Note that there is no "err=68" anywhere in here: Are all 3 existing server functioning well, e.g with working replication? Could you check `ipa server-find` if there is no left-over server - e.g. failed installation. Could be check also in `ipa-replica-manage list` if there is some leftover, please remove it with `ipa-replica-manage del $FQDN` command. Wrt the logs. I did not meant that but Rob was right. The installer tries to update "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" entry on both master and the replica. If the entry does not exist, the installer also creates it. On replica it behaves correctly: [18/Jan/2016:09:28:32 -0800] conn=2 op=8 SRCH base="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:32 -0800] conn=2 op=8 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:32 -0800] conn=2 op=9 MOD dn="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" [18/Jan/2016:09:28:32 -0800] conn=2 op=9 RESULT err=0 tag=103 nentries=0 etime=0 It would be good to see the same log from a master which it tries to use in installation. - In 4.3 the server is picked automatically. I don't see any searches for "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" in the logs below which makes me wonder, what server the installer tries to use as a master. Could be find out, e.g. by: $ cat /var/log/ipareplica-install.log | grep "Forwarding 'service_add'" From Nathan.Peters at globalrelay.net Mon Jan 18 20:12:47 2016 From: Nathan.Peters at globalrelay.net (Nathan Peters) Date: Mon, 18 Jan 2016 20:12:47 +0000 Subject: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists In-Reply-To: References: <569CB899.9040603@redhat.com> <569CCB5D.8040400@redhat.com> <569D27C4.10602@redhat.com> <569D2F2F.6080806@redhat.com> Message-ID: Follow-up : After finding the ghost ruvs below I tried to clean them. Apparently they are already being cleaned by some task that is clearly not working ... ==== attempts to clean ruv 14 ==== [[root at dc2-ipa-dev-nvan slapd-MYDOMAIN-NET]# ldapmodify -D "cn=directory manager" -W -a Enter LDAP Password: dn: cn=clean 14, cn=cleanallruv, cn=tasks, cn=config objectclass: top objectclass: extensibleObject replica-base-dn: cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config replica-id: 14 replica-force-cleaning: yes cn: clean 14 adding new entry "cn=clean 14, cn=cleanallruv, cn=tasks, cn=config" ldap_add: Server is unwilling to perform (53) additional info: Replica id (14) is already being cleaned [root at dc2-ipa-dev-nvan slapd-MYDOMAIN-NET]# ldapmodify -x -D "cn=directory manager" -W < dn: cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config > changetype: modify > replace: nsds5task > nsds5task: CLEANRUV14 > EOF Enter LDAP Password: modifying entry "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" This one adds the entry properly (I think - I have no idea how to check if one exists), but does not actually clean the ruv. -----Original Message----- From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Nathan Peters Sent: January-18-16 11:44 AM To: Petr Vobornik; Rob Crittenden; freeipa-users at redhat.com Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists Answers to questions : 1) All 3 servers are working fine. Error logs show only the expected replication keepalive entries and no other entries for the last 24 hours. Replication works. 2) ipa server-find output is identical on all 3 servers : [root at dc1-ipa-dev-nvan slapd-DEV-GLOBALRELAY-NET]# ipa server-find --------------------- 3 IPA servers matched --------------------- Server name: dc1-ipa-dev-nvan.dev-globalrelay.net Managed suffixes: domain, ca Min domain level: 0 Max domain level: 1 Server name: dc1-ipa-dev-van.dev-globalrelay.net Managed suffixes: domain, ca Min domain level: 0 Max domain level: 1 Server name: dc2-ipa-dev-nvan.dev-globalrelay.net Managed suffixes: domain, ca Min domain level: 0 Max domain level: 1 ---------------------------- Number of entries returned 3 ---------------------------- 3)ipa-replica-manage list is the same on all 3 servers : [root at dc1-ipa-dev-van slapd-DEV-GLOBALRELAY-NET]# ipa-replica-manage list dc2-ipa-dev-nvan.dev-globalrelay.net: master dc1-ipa-dev-nvan.dev-globalrelay.net: master dc1-ipa-dev-van.dev-globalrelay.net: master 3.5)I actually tried running the remove command anyway in case there were any type of lingering records and it came back with nothing found : [root at dc2-ipa-dev-nvan slapd-DEV-GLOBALRELAY-NET]# ipa-replica-manage del dc2-ipa-dev-van.dev-globalrelay.net dc2-ipa-dev-van.dev-globalrelay.net is not listed among IPA masters. Please specify an actual server or add the --cleanup option to force clean up. [root at dc2-ipa-dev-nvan slapd-DEV-GLOBALRELAY-NET]# ipa-replica-manage del dc2-ipa-dev-van.dev-globalrelay.net --cleanup Checking connectivity in topology suffix 'ca' 'dc2-ipa-dev-van.dev-globalrelay.net' is not a part of topology suffix 'ca' Not checking connectivity Checking connectivity in topology suffix 'domain' 'dc2-ipa-dev-van.dev-globalrelay.net' is not a part of topology suffix 'domain' Not checking connectivity No RUV records found. 4) The command revealed it went to a different master than I thought. It was not the CA master, but a differnet one. [root at dc2-ipa-dev-van slapd-DEV-GLOBALRELAY-NET]# cat /var/log/ipareplica-install.log | grep "Forwarding 'service_add'" 2016-01-18T17:28:22Z INFO Forwarding 'service_add' to json server 'https://dc2-ipa-dev-nvan.dev-globalrelay.net/ipa/json' For some reason, when I was monitoring the logs, nothing had been logged on the dc2-ipa-dev-nvan in the dirsrv log but it must have been buffering to disk, because when I checked the logs 5 minutes later, all the data was there. You can actually see the err=68 here : [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 ADD dn="cn=replica,cn=dc\3Ddev-globalrelay\2Cdc\3Dnet,cn=mapping tree,cn=config" [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 RESULT err=68 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:33 -0800] conn=18732 op=11 UNBIND I'm not sure why it would fail that call though... Here are the ldapsearch for that cn=replica branch performed on the master it was joining to, as well as the complete logs from that master with the err=68 in it. I'm not sure if this has anything to do with it, but inside the replica branch are already 2 sub branches for replication agreements. These agreements have what appears to be old ruvs for the server I am trying to join, however, because the ipa-replica-install clean-ruv command only applies to domain level 0, I cannot clean those ruvs... I also cannot lower my domain level back down to 0 so I can clean them. [root at dc2-ipa-dev-nvan slapd-DEV-GLOBALRELAY-NET]# ipa-replica-manage clean-ruv 14 No RUV records found. ==== LDAP SEARCH OF SECTION OF TREE THAT ADD FAILS ON ===== [root at dc2-ipa-dev-nvan slapd-MYDOMAIN-NET]# ldapsearch -D "cn=directory manager" -W -b "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" Enter LDAP Password: # extended LDIF # # LDAPv3 # base with scope subtree # filter: (objectclass=*) # requesting: ALL # # replica, dc\3Dmydomain\2Cdc\3Dnet, mapping tree, config dn: cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config cn: replica nsDS5Flags: 1 nsDS5ReplicaBindDN: cn=replication manager,cn=config nsDS5ReplicaBindDN: krbprincipalname=ldap/dc1-ipa-dev-nvan.mydomain.net @MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net nsDS5ReplicaBindDN: krbprincipalname=ldap/dc1-ipa-dev-van.mydomain.net@ MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net nsDS5ReplicaId: 15 nsDS5ReplicaName: 74d8b993-bcb911e5-ba5283c7-2a40cd64 nsDS5ReplicaRoot: dc=mydomain,dc=net nsDS5ReplicaType: 3 nsState:: DwAAAAAAAAC/OZ1WAAAAAAAAAAAAAAAAbAEAAAAAAAAAAAAAAAAAAA== nsds5ReplicaLegacyConsumer: off nsds5replicabinddngroup: cn=replication managers,cn=sysaccounts,cn=etc,dc=mydomain,dc=net nsds5replicabinddngroupcheckinterval: 60 objectClass: nsds5replica objectClass: top objectClass: extensibleobject nsds5ReplicaChangeCount: 37386 nsds5replicareapactive: 0 # meTodc1-ipa-dev-nvan.mydomain.net, replica, dc\3Dmydomain\2Cdc\ 3Dnet, mapping tree, config dn: cn=meTodc1-ipa-dev-nvan.mydomain.net,cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config cn: meTodc1-ipa-dev-nvan.mydomain.net description: me to dc1-ipa-dev-nvan.mydomain.net nsDS5ReplicaBindMethod: SASL/GSSAPI nsDS5ReplicaHost: dc1-ipa-dev-nvan.mydomain.net nsDS5ReplicaPort: 389 nsDS5ReplicaRoot: dc=mydomain,dc=net nsDS5ReplicaTransportInfo: LDAP nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts uccessfulauth krblastfailedauth krbloginfailedcount nsds50ruv: {replicageneration} 553fe9bb000000040000 nsds50ruv: {replica 16 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 569afd 26000000100000 569b9201002200100000 nsds50ruv: {replica 17 ldap://dc1-ipa-dev-van.mydomain.net:389} 569b124 b000000110000 569b91af000d00110000 nsds50ruv: {replica 15 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 569aee 040000000f0000 569b92010002000f0000 nsds50ruv: {replica 14 ldap://dc2-ipa-dev-van.mydomain.net:389} 569ae7b b0000000e0000 569b91320014000e0000 nsds5ReplicaEnabled: on nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in ternalModifyTimestamp nsds5replicaTimeout: 120 nsruvReplicaLastModified: {replica 16 ldap://dc1-ipa-dev-nvan.mydomain. net:389} 00000000 nsruvReplicaLastModified: {replica 17 ldap://dc1-ipa-dev-van.mydomain.n et:389} 00000000 nsruvReplicaLastModified: {replica 15 ldap://dc2-ipa-dev-nvan.mydomain. net:389} 00000000 nsruvReplicaLastModified: {replica 14 ldap://dc2-ipa-dev-van.mydomain.n et:389} 00000000 objectClass: nsds5replicationagreement objectClass: top objectClass: ipaReplTopoManagedAgreement ipaReplTopoManagedAgreementState: managed agreement - controlled by topology p lugin nsds5replicareapactive: 0 nsds5replicaLastUpdateStart: 20160118191523Z nsds5replicaLastUpdateEnd: 20160118191523Z nsds5replicaChangesSentSinceStartup:: MTU6Mjc0LzgyNzY5NiAxNDoxLzAgMTc6MTQvMCAx NjoyLzAg nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd ate succeeded nsds5replicaUpdateInProgress: FALSE nsds5replicaLastInitStart: 19700101000000Z nsds5replicaLastInitEnd: 19700101000000Z # meTodc1-ipa-dev-van.mydomain.net, replica, dc\3Dmydomain\2Cdc\3 Dnet, mapping tree, config dn: cn=meTodc1-ipa-dev-van.mydomain.net,cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config cn: meTodc1-ipa-dev-van.mydomain.net description: me to dc1-ipa-dev-van.mydomain.net nsDS5ReplicaBindMethod: SASL/GSSAPI nsDS5ReplicaHost: dc1-ipa-dev-van.mydomain.net nsDS5ReplicaPort: 389 nsDS5ReplicaRoot: dc=mydomain,dc=net nsDS5ReplicaTransportInfo: LDAP nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts uccessfulauth krblastfailedauth krbloginfailedcount nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in ternalModifyTimestamp nsds5replicaTimeout: 120 objectClass: nsds5replicationagreement objectClass: top objectClass: ipaReplTopoManagedAgreement ipaReplTopoManagedAgreementState: managed agreement - controlled by topology p lugin nsds50ruv: {replicageneration} 553fe9bb000000040000 nsds50ruv: {replica 17 ldap://dc1-ipa-dev-van.mydomain.net:389} 569b124 b000000110000 569b9201000500110000 nsds50ruv: {replica 16 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 569afd 26000000100000 569b918d004a00100000 nsds50ruv: {replica 15 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 569aee 040000000f0000 569b92010002000f0000 nsds50ruv: {replica 14 ldap://dc2-ipa-dev-van.mydomain.net:389} 569ae7b b0000000e0000 569b91320014000e0000 nsruvReplicaLastModified: {replica 17 ldap://dc1-ipa-dev-van.mydomain.n et:389} 00000000 nsruvReplicaLastModified: {replica 16 ldap://dc1-ipa-dev-nvan.mydomain. net:389} 00000000 nsruvReplicaLastModified: {replica 15 ldap://dc2-ipa-dev-nvan.mydomain. net:389} 00000000 nsruvReplicaLastModified: {replica 14 ldap://dc2-ipa-dev-van.mydomain.n et:389} 00000000 nsds5replicareapactive: 0 nsds5replicaLastUpdateStart: 20160118191523Z nsds5replicaLastUpdateEnd: 20160118191523Z nsds5replicaChangesSentSinceStartup:: MTU6MzY2LzE0MTg1NjkgMTY6OTYvMCAxNzoyLzAg nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd ate succeeded nsds5replicaUpdateInProgress: FALSE nsds5replicaLastInitStart: 19700101000000Z nsds5replicaLastInitEnd: 19700101000000Z # search result search: 2 result: 0 Success # numResponses: 4 # numEntries: 3 ===== LOGS FROM MASTER DURING REPLICA INSTALLATION ATTEMPT ==== [18/Jan/2016:09:27:54 -0800] conn=18695 fd=144 slot=144 connection from 10.21.0.98 to 10.178.0.98 [18/Jan/2016:09:27:54 -0800] conn=18695 op=0 BIND dn="" method=128 version=3 [18/Jan/2016:09:27:54 -0800] conn=18695 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="" [18/Jan/2016:09:27:54 -0800] conn=18695 op=1 SRCH base="" scope=0 filter="(objectClass=*)" attrs="namingContexts defaultnamingcontext" [18/Jan/2016:09:27:54 -0800] conn=18695 op=1 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=18695 op=2 SRCH base="dc=mydomain,dc=net" scope=0 filter="(info=IPA*)" attrs=ALL [18/Jan/2016:09:27:54 -0800] conn=18695 op=2 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=18695 op=3 SRCH base="cn=kerberos,dc=mydomain,dc=net" scope=2 filter="(objectClass=krbRealmContainer)" attrs=ALL [18/Jan/2016:09:27:54 -0800] conn=18695 op=3 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=14994 op=9086 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:27:54 -0800] conn=14994 op=9086 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:54 -0800] conn=14994 op=9087 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:27:54 -0800] conn=14994 op=9087 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:54 -0800] conn=14994 op=9088 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:27:54 -0800] conn=14994 op=9088 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:54 -0800] conn=14994 op=9089 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:27:54 -0800] conn=14994 op=9089 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:54 -0800] conn=7 op=36490 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:54 -0800] conn=7 op=36490 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=7 op=36491 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:54 -0800] conn=7 op=36491 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=7 op=36492 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:54 -0800] conn=7 op=36492 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=7 op=36493 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:27:54 -0800] conn=7 op=36493 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=6 op=38858 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:54 -0800] conn=6 op=38858 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=6 op=38859 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:54 -0800] conn=6 op=38859 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=6 op=38860 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:54 -0800] conn=6 op=38860 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=6 op=38861 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:27:54 -0800] conn=6 op=38861 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=6 op=38862 SRCH base="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:27:54 -0800] conn=6 op=38862 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=6 op=38863 MOD dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:54 -0800] conn=6 op=38863 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22060000000f0000 [18/Jan/2016:09:27:54 -0800] conn=18696 fd=145 slot=145 connection from 10.21.0.98 to 10.178.0.98 [18/Jan/2016:09:27:54 -0800] conn=6 op=38864 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:54 -0800] conn=6 op=38864 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=6 op=38865 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:54 -0800] conn=6 op=38865 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=6 op=38866 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:54 -0800] conn=6 op=38866 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=6 op=38867 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:54 -0800] conn=6 op=38867 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=6 op=38868 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:54 -0800] conn=6 op=38868 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=18696 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:54 -0800] conn=18696 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:54 -0800] conn=18696 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:54 -0800] conn=18696 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:54 -0800] conn=18696 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:54 -0800] conn=18696 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:54 -0800] conn=18696 op=3 SRCH base="cn=certificates,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaCertificate)(objectClass=pkiCA))" attrs="ipaKeyExtUsage cn ipaCertSubject ipaPublicKey cacertificate;binary ipaKeyTrust ipaCertIssuerSerial" [18/Jan/2016:09:27:54 -0800] conn=18696 op=3 RESULT err=0 tag=101 nentries=2 etime=0 [18/Jan/2016:09:27:54 -0800] conn=18696 op=4 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" [18/Jan/2016:09:27:54 -0800] conn=18696 op=4 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=18696 op=5 UNBIND [18/Jan/2016:09:27:54 -0800] conn=18696 op=5 fd=145 closed - U1 [18/Jan/2016:09:27:54 -0800] conn=6 op=38869 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:54 -0800] conn=6 op=38869 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=6 op=38870 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:54 -0800] conn=6 op=38870 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=6 op=38871 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:54 -0800] conn=6 op=38871 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=6 op=38872 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:54 -0800] conn=6 op=38872 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=6 op=38873 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:54 -0800] conn=6 op=38873 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=3 op=82445 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:54 -0800] conn=3 op=82446 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:54 -0800] conn=3 op=82445 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=3 op=82447 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:55 -0800] conn=3 op=82446 RESULT err=0 tag=101 nentries=1 etime=1 [18/Jan/2016:09:27:55 -0800] conn=3 op=82447 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=3 op=82448 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:55 -0800] conn=3 op=82448 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=13 op=56316 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:55 -0800] conn=13 op=56316 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=13 op=56317 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:55 -0800] conn=13 op=56317 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=13 op=56318 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:55 -0800] conn=13 op=56318 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=13 op=56319 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:27:55 -0800] conn=13 op=56319 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=7 op=36494 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:55 -0800] conn=7 op=36494 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=18697 fd=145 slot=145 connection from 10.21.5.248 to 10.178.0.98 [18/Jan/2016:09:27:55 -0800] conn=18697 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [18/Jan/2016:09:27:55 -0800] conn=18697 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=7 op=36495 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:55 -0800] conn=7 op=36495 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=7 op=36496 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:55 -0800] conn=7 op=36496 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=7 op=36497 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:27:55 -0800] conn=7 op=36497 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=7 op=36498 SRCH base="cn=ad,cn=trusts,dc=mydomain,dc=net" scope=2 filter="(objectClass=ipaNTTrustedDomain)" attrs=ALL [18/Jan/2016:09:27:55 -0800] conn=7 op=36499 SRCH base="dc=mydomain,dc=net" scope=2 filter="(objectClass=ipaNTDomainAttrs)" attrs="ipaNTFlatName ipaNTFallbackPrimaryGroup ipaNTSecurityIdentifier" [18/Jan/2016:09:27:55 -0800] conn=7 op=36498 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:55 -0800] conn=7 op=36499 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=7 op=36500 SRCH base="cn=Default SMB Group,cn=groups,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=posixGroup)" attrs="ipaNTSecurityIdentifier" [18/Jan/2016:09:27:55 -0800] conn=7 op=36501 SRCH base="cn=ad,cn=trusts,dc=mydomain,dc=net" scope=2 filter="(objectClass=ipaNTTrustedDomain)" attrs="cn ipaNTTrustPartner ipaNTFlatName ipaNTTrustedDomainSID ipaNTSIDBlacklistIncoming ipaNTSIDBlacklistOutgoing" [18/Jan/2016:09:27:55 -0800] conn=7 op=36500 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=7 op=36501 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:55 -0800] conn=7 op=36502 SRCH base="krbprincipalname=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:27:55 -0800] conn=7 op=36502 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=7 op=36503 SRCH base="cn=dc2-ipa-dev-nvan.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:27:55 -0800] conn=7 op=36503 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=7 op=36504 MOD dn="krbprincipalname=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:55 -0800] conn=7 op=36504 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22070000000f0000 [18/Jan/2016:09:27:55 -0800] conn=3 op=82449 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/fe1-gas-gasqa3-van.login.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/fe1-gas-gasqa3-van.login.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:55 -0800] conn=18698 fd=278 slot=278 connection from 10.178.0.98 to 10.178.0.98 [18/Jan/2016:09:27:55 -0800] conn=13 op=56320 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:55 -0800] conn=3 op=82449 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=3 op=82450 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:55 -0800] conn=3 op=82450 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=3 op=82451 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:55 -0800] conn=13 op=56320 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=13 op=56321 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:55 -0800] conn=3 op=82451 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=3 op=82452 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:27:55 -0800] conn=3 op=82452 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=13 op=56321 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=13 op=56322 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:55 -0800] conn=13 op=56322 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=13 op=56323 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:55 -0800] conn=6 op=38874 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/fe1-gas-gasqa3-van.login.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/fe1-gas-gasqa3-van.login.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:55 -0800] conn=13 op=56323 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=13 op=56324 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:55 -0800] conn=13 op=56324 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=18698 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:55 -0800] conn=6 op=38874 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=6 op=38875 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:55 -0800] conn=6 op=38875 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=6 op=38876 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:55 -0800] conn=18698 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:55 -0800] conn=18698 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:55 -0800] conn=18698 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:55 -0800] conn=18698 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:55 -0800] conn=6 op=38876 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=6 op=38877 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:27:55 -0800] conn=6 op=38877 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=18698 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:55 -0800] conn=6 op=38878 SRCH base="fqdn=fe1-gas-gasqa3-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:27:55 -0800] conn=6 op=38878 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=18698 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:27:55 -0800] conn=6 op=38879 SRCH base="cn=fe1-gas-gasqa3-van.login.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:27:55 -0800] conn=6 op=38879 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:55 -0800] conn=6 op=38880 MOD dn="fqdn=fe1-gas-gasqa3-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:55 -0800] conn=18698 op=3 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=18698 op=4 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" [18/Jan/2016:09:27:55 -0800] conn=18698 op=4 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:55 -0800] conn=18698 op=5 SRCH base="cn=computers,cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=ipaobject)(objectClass=nshost)(objectClass=ipahost)(objectClass=pkiuser)(objectClass=ipaservice))(serverHostName=dc2-ipa-dev-van.mydomain.net))" attrs="" [18/Jan/2016:09:27:55 -0800] conn=18698 op=5 RESULT err=0 tag=101 nentries=0 etime=0 notes=U [18/Jan/2016:09:27:55 -0800] conn=18698 op=6 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="macAddress memberofindirect description nsHardwarePlatform userCertificate ipaAllowedToPerform * l nsOsVersion fqdn managedBy ipaAssignedIDView memberOf krbPrincipalName nsHostLocation userClass aci" [18/Jan/2016:09:27:55 -0800] conn=18698 op=6 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:55 -0800] conn=18698 op=7 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" [18/Jan/2016:09:27:55 -0800] conn=18698 op=7 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:55 -0800] conn=18698 op=8 SRCH base="cn=computers,cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=ipaobject)(objectClass=nshost)(objectClass=ipahost)(objectClass=pkiuser)(objectClass=ipaservice))(serverHostName=dc2-ipa-dev-van.mydomain.net))" attrs="" [18/Jan/2016:09:27:55 -0800] conn=18698 op=8 RESULT err=0 tag=101 nentries=0 etime=0 notes=U [18/Jan/2016:09:27:55 -0800] conn=18698 op=9 ADD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:55 -0800] conn=6 op=38880 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22070004000f0000 [18/Jan/2016:09:27:55 -0800] conn=6 op=38881 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:55 -0800] conn=18698 op=9 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d22070008000f0000 [18/Jan/2016:09:27:55 -0800] conn=6 op=38881 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=6 op=38882 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:55 -0800] conn=18698 op=10 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="macAddress memberOf description nsHardwarePlatform objectClass ipaAllowedToPerform memberofindirect l nsOsVersion fqdn managedBy ipaAssignedIDView ipaUniqueID userCertificate krbPrincipalName nsHostLocation userClass" [18/Jan/2016:09:27:55 -0800] conn=18698 op=10 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=18698 op=11 SRCH base="dc=mydomain,dc=net" scope=2 filter="(|(member=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberUser=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberHost=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net))" attrs="" [18/Jan/2016:09:27:55 -0800] conn=18698 op=11 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:55 -0800] conn=18698 op=12 SRCH base="cn=dns,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:27:55 -0800] conn=18698 op=12 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=6 op=38882 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=6 op=38883 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:55 -0800] conn=6 op=38883 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=18698 op=13 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(userPassword=*)" attrs="userPassword" [18/Jan/2016:09:27:55 -0800] conn=18698 op=13 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:55 -0800] conn=6 op=38884 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/fe1-gas-gasqa3-van.login.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:55 -0800] conn=6 op=38884 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=18698 op=14 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(krbPrincipalKey=*)" attrs="krbPrincipalKey" [18/Jan/2016:09:27:55 -0800] conn=18698 op=14 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:55 -0800] conn=6 op=38885 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:55 -0800] conn=6 op=38885 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=18698 op=15 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaSshPubKey" [18/Jan/2016:09:27:55 -0800] conn=18698 op=15 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=18698 op=16 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaDefaultLoginShell ipaCertificateSubjectBase ipaUserSearchFields ipaSELinuxUserMapDefault ipaUserAuthType ipaDefaultPrimaryGroup ipaPwdExpAdvNotify ipaGroupSearchFields ipaDefaultEmailDomain ipaHomesRootDir ipaSearchTimeLimit ipaKrbAuthzData ipaMigrationEnabled ipaSearchRecordsLimit ipaConfigString ipaMaxUsernameLength ipaSELinuxUserMapOrder" [18/Jan/2016:09:27:55 -0800] conn=18698 op=16 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=14994 op=9090 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:27:55 -0800] conn=14994 op=9090 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:55 -0800] conn=18697 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:55 -0800] conn=18697 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:55 -0800] conn=14994 op=9091 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:27:55 -0800] conn=14994 op=9091 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:55 -0800] conn=18698 op=17 UNBIND [18/Jan/2016:09:27:55 -0800] conn=18698 op=17 fd=278 closed - U1 [18/Jan/2016:09:27:55 -0800] conn=18697 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:55 -0800] conn=18697 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:55 -0800] conn=17562 op=144064 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:27:55 -0800] conn=17562 op=144064 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:55 -0800] conn=18697 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:55 -0800] conn=18697 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=fe1-gas-gasqa3-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:55 -0800] conn=17562 op=144065 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:55 -0800] conn=18697 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2842)(!(entryusn=2842)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=fe1-gas-gasqa3-van.login.mydomain.net)(sudoHost=fe1-gas-gasqa3-van)(sudoHost=10.21.5.248)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:640b)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" [18/Jan/2016:09:27:55 -0800] conn=18697 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 [18/Jan/2016:09:27:55 -0800] conn=17562 op=144065 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7ac1000b00110000 [18/Jan/2016:09:27:55 -0800] conn=18699 fd=278 slot=278 connection from 10.21.0.98 to 10.178.0.98 [18/Jan/2016:09:27:55 -0800] conn=18699 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:55 -0800] conn=18699 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:55 -0800] conn=18699 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:55 -0800] conn=18699 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:55 -0800] conn=18699 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:55 -0800] conn=18699 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:55 -0800] conn=18699 op=3 EXT oid="2.16.840.1.113730.3.8.10.5" name="IPA Password Manager" [18/Jan/2016:09:27:55 -0800] conn=18699 op=3 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:55 -0800] conn=18699 op=4 UNBIND [18/Jan/2016:09:27:55 -0800] conn=18699 op=4 fd=278 closed - U1 [18/Jan/2016:09:27:55 -0800] conn=3 op=82453 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:55 -0800] conn=3 op=82453 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=3 op=82454 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:55 -0800] conn=3 op=82454 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=3 op=82455 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:55 -0800] conn=3 op=82455 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=3 op=82456 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:27:55 -0800] conn=3 op=82456 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=3 op=82457 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:55 -0800] conn=3 op=82457 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=3 op=82458 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:55 -0800] conn=3 op=82458 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=3 op=82459 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:55 -0800] conn=3 op=82459 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=3 op=82460 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:27:55 -0800] conn=3 op=82460 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=3 op=82461 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:27:55 -0800] conn=3 op=82461 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=3 op=82462 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:27:55 -0800] conn=3 op=82462 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:55 -0800] conn=3 op=82463 MOD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:55 -0800] conn=3 op=82463 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22070012000f0000 [18/Jan/2016:09:27:55 -0800] conn=18695 op=4 UNBIND [18/Jan/2016:09:27:55 -0800] conn=18695 op=4 fd=144 closed - U1 [18/Jan/2016:09:27:56 -0800] conn=18683 op=7 UNBIND [18/Jan/2016:09:27:56 -0800] conn=18683 op=7 fd=277 closed - U1 [18/Jan/2016:09:27:56 -0800] conn=14994 op=9092 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:27:56 -0800] conn=14994 op=9092 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144066 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144066 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7c09001b00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144067 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144067 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7c09001c00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144068 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144068 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7da4000500110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144069 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144069 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7da4000600110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144070 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144070 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7ec8000e00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144071 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144071 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c804f000600110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144072 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144072 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c804f000700110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144073 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144073 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8169001900110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144074 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144074 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8169001a00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144075 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144075 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c82c6000600110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144076 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144076 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8416000800110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144077 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144077 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8416000900110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144078 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144078 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c854a000700110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144079 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144079 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c854a000800110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144080 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144080 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8696002500110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144081 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144081 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8696002600110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144082 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144082 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8833000d00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144083 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144083 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8833000e00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144084 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144084 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8964000f00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144085 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144085 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8ae4000600110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144086 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144086 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8c17000900110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144087 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144087 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8d72000500110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144088 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144088 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8ece000a00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144089 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144089 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9023001800110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144090 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144090 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9023001900110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144091 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144091 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9192001400110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144092 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144092 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9192001500110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144093 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144093 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c92e8000400110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144094 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144094 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9463000500110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144095 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144095 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c95c0000500110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144096 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144096 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c95c0000600110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144097 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144097 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c96de001100110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144098 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144098 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c989b000a00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144099 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144099 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c989b000b00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144100 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144100 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c99d4000c00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144101 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144101 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c99d4000d00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144102 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144102 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9b07000a00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144103 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144103 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9ca8000800110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144104 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144104 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9ca8000900110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144105 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144105 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9dca001500110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144106 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144106 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9f15001e00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144107 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144107 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9f15001f00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144108 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144108 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca0bf000a00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144109 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144109 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca0bf000b00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144110 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144110 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca21a000d00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144111 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144111 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca3a6001a00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144112 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144112 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca3a6001b00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144113 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144113 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca4f9000200110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144114 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144114 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca638001a00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144115 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144115 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca638001b00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144116 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144116 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca7b4000c00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144117 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144117 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca7b4000d00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144118 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144118 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca922000d00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144119 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144119 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca922000e00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144120 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144120 RESULT err=32 tag=103 nentries=0 etime=0 csn=569caa84000a00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144121 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144121 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cabf6000d00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144122 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144122 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cabf6000e00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144123 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144123 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cad23000800110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144124 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144124 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cae86001100110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144125 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144125 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cae86001200110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144126 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144126 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb02b000e00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144127 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144127 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb02b000f00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144128 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144128 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb19e000600110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144129 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144129 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb302000800110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144130 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144130 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb463000400110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144131 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144131 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb5b6002300110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144132 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144132 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb733000d00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144133 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144133 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb733000e00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144134 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144134 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb8a4000600110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144135 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144135 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cba11000900110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144136 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144136 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cba11000a00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144137 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144137 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbb52001a00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144138 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144138 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbcc4001c00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144139 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144139 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbcc4001d00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144140 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144140 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbe3a000f00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144141 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144141 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbfa9000500110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144142 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144142 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc10e001000110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144143 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144143 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc10e001100110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144144 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144144 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc240001e00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144145 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144145 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc3a0001000110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144146 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144146 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc3a0001100110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144147 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144147 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc543000d00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144148 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144148 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc6a5000f00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144149 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144149 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc6a5001000110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144150 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144150 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc80d001000110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144151 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144151 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc943000800110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144152 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144152 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cca94000e00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144153 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144153 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccc35001000110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144154 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144154 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccc35001100110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144155 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144155 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccd8a000600110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144156 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144156 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccec0000c00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144157 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144157 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccec0000d00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144158 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144158 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd040000700110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144159 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144159 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd040000800110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144160 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144160 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd185001200110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144161 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144161 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd33d000700110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144162 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144162 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd493000400110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144163 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144163 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd5ed000d00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144164 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144164 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd749000900110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144165 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144165 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd893000500110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144166 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144166 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cda30001600110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144167 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144167 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cda30001700110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144168 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144168 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdb92000a00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144169 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144169 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdcdc000500110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144170 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144170 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cde51000a00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144171 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144171 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdfab000f00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144172 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144172 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce157000700110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144173 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144173 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce2f5001000110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144174 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144174 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce2f5001100110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144175 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144175 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce42d000900110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144176 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144176 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce585000f00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144177 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144177 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce6cf003500110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144178 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144178 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce6cf003600110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144179 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144179 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce860000900110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144180 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144180 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce9ce000900110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144181 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144181 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ceaf9002400110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144182 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144182 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cec51002100110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144183 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144183 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cedb6000900110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144184 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144184 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cedb6000a00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144185 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144185 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cef2a000500110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144186 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144186 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf0af000800110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144187 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144187 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf1cc000c00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144188 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144188 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf1cc000d00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144189 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144189 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf359002000110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144190 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144190 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf4b4000700110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144191 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144191 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf4b4000800110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144192 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144192 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf625000a00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144193 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144193 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf625000b00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144194 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144194 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf7ba000500110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144195 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144195 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf8d4000a00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144196 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144196 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfa64001d00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144197 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144197 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfbb2000800110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144198 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144198 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfd39000700110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144199 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144199 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfed1000a00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144200 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144200 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cffea001000110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144201 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144201 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d018b000600110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144202 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144202 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d02cf001c00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144203 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144203 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d02cf001d00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144204 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144204 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0489001300110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144205 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144205 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d061e000a00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144206 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144206 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0792000200110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144207 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144207 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d092f001500110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144208 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144208 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d092f001600110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144209 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144209 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0a69000800110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144210 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144210 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0c05001200110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144211 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144211 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0d5b001600110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144212 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144212 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0f13000f00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144213 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144213 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0f13001000110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144214 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144214 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1087000b00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144215 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144215 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d121d000500110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144216 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144216 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d13a4001200110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144217 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144217 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d14d5000500110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144218 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144218 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1693000300110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144219 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144219 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d17c4000c00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144220 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144220 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d17c4000d00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144221 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144221 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d194d000900110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144222 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144222 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1add000400110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144223 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144223 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1bef000500110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144224 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144224 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1d9b000500110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144225 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144225 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1edb000900110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144226 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144226 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d206f000600110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144227 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144227 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d21f1000a00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144228 MOD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144228 RESULT err=0 tag=103 nentries=0 etime=0 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144229 MOD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144229 RESULT err=0 tag=103 nentries=0 etime=0 [18/Jan/2016:09:27:57 -0800] conn=18700 fd=144 slot=144 connection from 10.178.0.98 to 10.178.0.98 [18/Jan/2016:09:27:57 -0800] conn=3 op=82464 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:57 -0800] conn=3 op=82464 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82465 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:57 -0800] conn=3 op=82465 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82466 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:57 -0800] conn=3 op=82466 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82467 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:57 -0800] conn=3 op=82467 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82468 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:57 -0800] conn=3 op=82468 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82469 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" [18/Jan/2016:09:27:57 -0800] conn=3 op=82469 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82470 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:57 -0800] conn=3 op=82470 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82471 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:57 -0800] conn=3 op=82471 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82472 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:27:57 -0800] conn=3 op=82472 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82473 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:27:57 -0800] conn=3 op=82473 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:57 -0800] conn=18700 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:57 -0800] conn=18700 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:57 -0800] conn=18700 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:57 -0800] conn=18700 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:57 -0800] conn=18700 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:57 -0800] conn=18700 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=18700 op=3 UNBIND [18/Jan/2016:09:27:57 -0800] conn=18700 op=3 fd=144 closed - U1 [18/Jan/2016:09:27:57 -0800] conn=18701 fd=144 slot=144 connection from 10.178.0.98 to 10.178.0.98 [18/Jan/2016:09:27:57 -0800] conn=3 op=82474 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:57 -0800] conn=3 op=82474 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82475 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:57 -0800] conn=3 op=82475 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82476 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:57 -0800] conn=3 op=82476 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82477 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:57 -0800] conn=3 op=82477 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82478 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:57 -0800] conn=3 op=82478 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82479 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" [18/Jan/2016:09:27:57 -0800] conn=3 op=82479 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82480 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:57 -0800] conn=3 op=82480 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82481 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:57 -0800] conn=3 op=82481 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82482 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:27:57 -0800] conn=3 op=82482 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82483 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:27:57 -0800] conn=3 op=82483 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:57 -0800] conn=18701 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:57 -0800] conn=18701 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:57 -0800] conn=18701 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:57 -0800] conn=18701 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:57 -0800] conn=18701 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:57 -0800] conn=18701 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=18701 op=3 UNBIND [18/Jan/2016:09:27:57 -0800] conn=18701 op=3 fd=144 closed - U1 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144230 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144230 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144231 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144231 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:57 -0800] conn=18702 fd=144 slot=144 connection from 10.178.0.98 to 10.178.0.98 [18/Jan/2016:09:27:57 -0800] conn=3 op=82484 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144232 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144232 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7ac1000b00110000 [18/Jan/2016:09:27:57 -0800] conn=3 op=82484 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82485 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:57 -0800] conn=3 op=82485 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82486 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:57 -0800] conn=3 op=82486 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82487 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:57 -0800] conn=3 op=82487 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82488 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:57 -0800] conn=3 op=82488 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82489 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" [18/Jan/2016:09:27:57 -0800] conn=3 op=82489 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82490 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:57 -0800] conn=3 op=82490 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82491 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:57 -0800] conn=3 op=82491 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82492 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:27:57 -0800] conn=3 op=82492 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82493 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:27:57 -0800] conn=3 op=82493 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:57 -0800] conn=18702 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:57 -0800] conn=18702 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:57 -0800] conn=18702 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:57 -0800] conn=18702 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:57 -0800] conn=18702 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:57 -0800] conn=18702 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=18702 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:27:57 -0800] conn=18702 op=3 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=18702 op=4 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=CA))" attrs=ALL [18/Jan/2016:09:27:57 -0800] conn=18702 op=4 RESULT err=0 tag=101 nentries=3 etime=0 [18/Jan/2016:09:27:57 -0800] conn=18702 op=5 UNBIND [18/Jan/2016:09:27:57 -0800] conn=18702 op=5 fd=144 closed - U1 [18/Jan/2016:09:27:57 -0800] conn=18703 fd=144 slot=144 connection from 10.21.0.98 to 10.178.0.98 [18/Jan/2016:09:27:57 -0800] conn=18703 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:57 -0800] conn=18703 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:57 -0800] conn=18703 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:57 -0800] conn=18703 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:57 -0800] conn=18703 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:57 -0800] conn=18703 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=18703 op=3 SRCH base="cn=certificates,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaCertificate)(objectClass=pkiCA))" attrs="ipaKeyExtUsage cn ipaCertSubject ipaPublicKey cacertificate;binary ipaKeyTrust ipaCertIssuerSerial" [18/Jan/2016:09:27:57 -0800] conn=18703 op=3 RESULT err=0 tag=101 nentries=2 etime=0 [18/Jan/2016:09:27:57 -0800] conn=18703 op=4 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" [18/Jan/2016:09:27:57 -0800] conn=18703 op=4 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=18513 op=5 UNBIND [18/Jan/2016:09:27:57 -0800] conn=18513 op=5 fd=153 closed - U1 [18/Jan/2016:09:27:57 -0800] conn=18704 fd=153 slot=153 connection from 10.178.59.236 to 10.178.0.98 [18/Jan/2016:09:27:57 -0800] conn=18704 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [18/Jan/2016:09:27:57 -0800] conn=18704 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=6 op=38886 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/hadoop1-mc-mcci1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/hadoop1-mc-mcci1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:57 -0800] conn=6 op=38886 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=6 op=38887 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:57 -0800] conn=6 op=38887 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=6 op=38888 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:57 -0800] conn=6 op=38888 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=6 op=38889 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:27:57 -0800] conn=6 op=38889 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=6 op=38890 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/hadoop1-mc-mcci1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/hadoop1-mc-mcci1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:57 -0800] conn=18703 op=5 UNBIND [18/Jan/2016:09:27:57 -0800] conn=18703 op=5 fd=144 closed - U1 [18/Jan/2016:09:27:57 -0800] conn=6 op=38890 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=6 op=38891 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:57 -0800] conn=6 op=38891 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=6 op=38892 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:57 -0800] conn=6 op=38892 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=6 op=38893 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:27:57 -0800] conn=6 op=38893 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=6 op=38894 SRCH base="fqdn=hadoop1-mc-mcci1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:27:57 -0800] conn=6 op=38894 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=6 op=38895 SRCH base="cn=hadoop1-mc-mcci1-nvan.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:27:57 -0800] conn=6 op=38895 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:57 -0800] conn=6 op=38896 MOD dn="fqdn=hadoop1-mc-mcci1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=6 op=38896 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2209000e000f0000 [18/Jan/2016:09:27:57 -0800] conn=6 op=38897 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:58 -0800] conn=6 op=38897 RESULT err=0 tag=101 nentries=1 etime=1 [18/Jan/2016:09:27:58 -0800] conn=6 op=38898 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:58 -0800] conn=6 op=38898 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:58 -0800] conn=6 op=38899 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:58 -0800] conn=6 op=38899 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:58 -0800] conn=6 op=38900 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/hadoop1-mc-mcci1-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:58 -0800] conn=6 op=38901 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:58 -0800] conn=6 op=38901 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:58 -0800] conn=6 op=38900 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:58 -0800] conn=18704 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:58 -0800] conn=18704 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:58 -0800] conn=18704 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:58 -0800] conn=18704 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:58 -0800] conn=18704 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:58 -0800] conn=18704 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=hadoop1-mc-mcci1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:58 -0800] conn=18704 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2)(!(entryusn=2)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=hadoop1-mc-mcci1-nvan.mydomain.net)(sudoHost=hadoop1-mc-mcci1-nvan)(sudoHost=10.178.59.236)(sudoHost=10.178.0.0/16)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" [18/Jan/2016:09:27:58 -0800] conn=18704 op=4 RESULT err=0 tag=101 nentries=7 etime=0 notes=P pr_idx=0 [18/Jan/2016:09:27:59 -0800] conn=18705 fd=144 slot=144 connection from 10.21.42.41 to 10.178.0.98 [18/Jan/2016:09:27:59 -0800] conn=18705 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [18/Jan/2016:09:27:59 -0800] conn=18705 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=6 op=38902 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/relay-sf-int-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/relay-sf-int-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:59 -0800] conn=6 op=38902 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=6 op=38903 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:59 -0800] conn=6 op=38903 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=6 op=38904 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:59 -0800] conn=6 op=38904 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=6 op=38905 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:27:59 -0800] conn=6 op=38905 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=18706 fd=277 slot=277 connection from 10.21.0.98 to 10.178.0.98 [18/Jan/2016:09:27:59 -0800] conn=18706 op=-1 fd=277 closed - B1 [18/Jan/2016:09:27:59 -0800] conn=6 op=38906 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/relay-sf-int-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/relay-sf-int-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:59 -0800] conn=6 op=38906 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=6 op=38907 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:59 -0800] conn=6 op=38907 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=6 op=38908 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:59 -0800] conn=6 op=38908 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=6 op=38909 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144233 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=6 op=38909 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144233 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7c09001b00110000 [18/Jan/2016:09:27:59 -0800] conn=6 op=38910 SRCH base="fqdn=relay-sf-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:27:59 -0800] conn=6 op=38910 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=6 op=38911 SRCH base="cn=relay-sf-int-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:27:59 -0800] conn=17562 op=144234 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144234 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7c09001c00110000 [18/Jan/2016:09:27:59 -0800] conn=6 op=38911 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:59 -0800] conn=6 op=38912 MOD dn="fqdn=relay-sf-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144235 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=6 op=38912 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b0000000f0000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144235 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7da4000500110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144236 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144236 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7da4000600110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144237 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144237 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7ec8000e00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144238 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144238 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c804f000600110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144239 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144239 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c804f000700110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144240 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144240 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8169001900110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144241 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144241 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8169001a00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144242 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144242 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c82c6000600110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144243 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144243 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8416000800110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144244 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144244 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8416000900110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144245 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144245 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c854a000700110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144246 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144246 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c854a000800110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144247 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144247 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8696002500110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144248 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144248 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8696002600110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144249 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144249 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8833000d00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144250 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144250 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8833000e00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144251 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144251 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8964000f00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144252 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144252 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8ae4000600110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144253 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144253 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8c17000900110000 [18/Jan/2016:09:27:59 -0800] conn=6 op=38913 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144254 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144254 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8d72000500110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144255 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144255 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8ece000a00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144256 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144256 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9023001800110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144257 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144257 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9023001900110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144258 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144258 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9192001400110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144259 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144259 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9192001500110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144260 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144260 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c92e8000400110000 [18/Jan/2016:09:27:59 -0800] conn=6 op=38913 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=6 op=38914 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144261 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144261 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9463000500110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144262 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144262 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c95c0000500110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144263 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144263 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c95c0000600110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144264 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144264 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c96de001100110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144265 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144265 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c989b000a00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144266 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144266 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c989b000b00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144267 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144267 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c99d4000c00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144268 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144268 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c99d4000d00110000 [18/Jan/2016:09:27:59 -0800] conn=6 op=38914 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=6 op=38915 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:59 -0800] conn=6 op=38915 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=6 op=38916 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/relay-sf-int-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144269 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144269 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9b07000a00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144270 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144270 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9ca8000800110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144271 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144271 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9ca8000900110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144272 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144272 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9dca001500110000 [18/Jan/2016:09:27:59 -0800] conn=6 op=38916 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=6 op=38917 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:59 -0800] conn=6 op=38917 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144273 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144273 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9f15001e00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144274 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144274 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9f15001f00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144275 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144275 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca0bf000a00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144276 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144276 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca0bf000b00110000 [18/Jan/2016:09:27:59 -0800] conn=18705 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:59 -0800] conn=17562 op=144277 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144277 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca21a000d00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144278 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144278 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca3a6001a00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144279 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144279 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca3a6001b00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144280 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144280 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca4f9000200110000 [18/Jan/2016:09:27:59 -0800] conn=18705 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:59 -0800] conn=17562 op=144281 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144281 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca638001a00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144282 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144282 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca638001b00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144283 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144283 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca7b4000c00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144284 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144284 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca7b4000d00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144285 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144285 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca922000d00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144286 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=3 op=82494 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:59 -0800] conn=18705 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:59 -0800] conn=18705 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:59 -0800] conn=17562 op=144286 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca922000e00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144287 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144287 RESULT err=32 tag=103 nentries=0 etime=0 csn=569caa84000a00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144288 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144288 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cabf6000d00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144289 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144289 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cabf6000e00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144290 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144290 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cad23000800110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144291 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144291 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cae86001100110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144292 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144292 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cae86001200110000 [18/Jan/2016:09:27:59 -0800] conn=18705 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:59 -0800] conn=17562 op=144293 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=3 op=82494 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144293 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb02b000e00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144294 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=18705 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=relay-sf-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144294 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb02b000f00110000 [18/Jan/2016:09:27:59 -0800] conn=3 op=82495 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=DNS/dc1-ipa-dev-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=DNS/dc1-ipa-dev-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144295 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=18705 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2842)(!(entryusn=2842)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=relay-sf-int-van.mydomain.net)(sudoHost=relay-sf-int-van)(sudoHost=10.21.42.41)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fea8:8002)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" [18/Jan/2016:09:27:59 -0800] conn=18705 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 [18/Jan/2016:09:27:59 -0800] conn=3 op=82495 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=3 op=82496 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:59 -0800] conn=3 op=82496 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=3 op=82497 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:59 -0800] conn=3 op=82497 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=3 op=82498 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:59 -0800] conn=3 op=82498 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144295 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb19e000600110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144296 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144296 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb302000800110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144297 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144297 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb463000400110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144298 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144298 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb5b6002300110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144299 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144299 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb733000d00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144300 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144300 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb733000e00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144301 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144301 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb8a4000600110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144302 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144302 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cba11000900110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144303 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144303 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cba11000a00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144304 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144304 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbb52001a00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144305 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144305 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbcc4001c00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144306 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144306 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbcc4001d00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144307 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144307 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbe3a000f00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144308 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144308 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbfa9000500110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144309 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144309 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc10e001000110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144310 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144310 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc10e001100110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144311 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144311 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc240001e00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144312 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144312 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc3a0001000110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144313 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144313 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc3a0001100110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144314 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144314 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc543000d00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144315 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144315 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc6a5000f00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144316 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144316 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc6a5001000110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144317 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144317 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc80d001000110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144318 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144318 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc943000800110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144319 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144319 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cca94000e00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144320 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144320 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccc35001000110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144321 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144321 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccc35001100110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144322 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144322 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccd8a000600110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144323 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144323 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccec0000c00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144324 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144324 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccec0000d00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144325 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144325 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd040000700110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144326 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144326 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd040000800110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144327 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144327 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd185001200110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144328 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144328 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd33d000700110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144329 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144329 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd493000400110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144330 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144330 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd5ed000d00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144331 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144331 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd749000900110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144332 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144332 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd893000500110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144333 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144333 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cda30001600110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144334 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144334 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cda30001700110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144335 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144335 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdb92000a00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144336 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144336 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdcdc000500110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144337 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144337 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cde51000a00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144338 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144338 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdfab000f00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144339 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144339 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce157000700110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144340 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144340 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce2f5001000110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144341 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144341 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce2f5001100110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144342 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144342 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce42d000900110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144343 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144343 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce585000f00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144344 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144344 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce6cf003500110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144345 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144345 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce6cf003600110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144346 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144346 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce860000900110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144347 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144347 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce9ce000900110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144348 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144348 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ceaf9002400110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144349 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144349 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cec51002100110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144350 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144350 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cedb6000900110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144351 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144351 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cedb6000a00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144352 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144352 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cef2a000500110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144353 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144353 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf0af000800110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144354 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144354 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf1cc000c00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144355 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144355 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf1cc000d00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144356 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144356 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf359002000110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144357 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144357 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf4b4000700110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144358 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144358 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf4b4000800110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144359 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144359 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf625000a00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144360 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144360 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf625000b00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144361 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144361 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf7ba000500110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144362 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144362 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf8d4000a00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144363 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144363 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfa64001d00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144364 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144364 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfbb2000800110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144365 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144365 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfd39000700110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144366 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144366 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfed1000a00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144367 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144367 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cffea001000110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144368 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144368 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d018b000600110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144369 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144369 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d02cf001c00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144370 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144370 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d02cf001d00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144371 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144371 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0489001300110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144372 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144372 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d061e000a00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144373 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144373 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0792000200110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144374 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144374 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d092f001500110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144375 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144375 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d092f001600110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144376 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144376 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0a69000800110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144377 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144377 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0c05001200110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144378 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144378 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0d5b001600110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144379 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144379 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0f13000f00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144380 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144380 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0f13001000110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144381 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144381 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1087000b00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144382 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144382 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d121d000500110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144383 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144383 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d13a4001200110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144384 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144384 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d14d5000500110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144385 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144385 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1693000300110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144386 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144386 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d17c4000c00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144387 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144387 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d17c4000d00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144388 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144388 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d194d000900110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144389 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144389 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1add000400110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144390 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144390 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1bef000500110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144391 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144391 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1d9b000500110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144392 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144392 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1edb000900110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144393 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144393 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d206f000600110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144394 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144394 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d21f1000a00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144395 ADD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144395 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d220b000500110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144396 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144396 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000600110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144397 MOD dn="idnsname=0.21.10.in-addr.arpa.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144397 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000700110000 [18/Jan/2016:09:27:59 -0800] conn=18707 fd=277 slot=277 connection from 10.178.0.98 to 10.178.0.98 [18/Jan/2016:09:27:59 -0800] conn=13 op=56325 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:59 -0800] conn=13 op=56325 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=13 op=56326 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:59 -0800] conn=13 op=56326 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=13 op=56327 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:59 -0800] conn=13 op=56327 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=13 op=56328 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:59 -0800] conn=13 op=56328 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=13 op=56329 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:59 -0800] conn=13 op=56329 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=13 op=56330 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" [18/Jan/2016:09:27:59 -0800] conn=13 op=56330 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=13 op=56331 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:59 -0800] conn=13 op=56331 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=13 op=56332 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:59 -0800] conn=13 op=56332 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=13 op=56333 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:27:59 -0800] conn=13 op=56333 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=13 op=56334 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:27:59 -0800] conn=13 op=56334 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:59 -0800] conn=18707 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:59 -0800] conn=18707 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:59 -0800] conn=18707 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:59 -0800] conn=18707 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:59 -0800] conn=18707 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:59 -0800] conn=18707 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=18707 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:27:59 -0800] conn=18707 op=3 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=18707 op=4 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" [18/Jan/2016:09:27:59 -0800] conn=18707 op=4 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=18707 op=5 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass" [18/Jan/2016:09:27:59 -0800] conn=18707 op=5 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=18707 op=6 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass ipaSshPubKey" [18/Jan/2016:09:27:59 -0800] conn=18707 op=6 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=18707 op=7 MOD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=18707 op=7 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000c000f0000 [18/Jan/2016:09:27:59 -0800] conn=18707 op=8 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="macAddress memberOf ipaSshPubKey description nsHardwarePlatform ipaAllowedToPerform memberofindirect l nsOsVersion fqdn managedBy ipaAssignedIDView userCertificate krbPrincipalName nsHostLocation userClass" [18/Jan/2016:09:27:59 -0800] conn=18707 op=8 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=18707 op=9 SRCH base="dc=mydomain,dc=net" scope=2 filter="(|(member=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberUser=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberHost=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net))" attrs="" [18/Jan/2016:09:27:59 -0800] conn=18707 op=9 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:59 -0800] conn=18707 op=10 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(userPassword=*)" attrs="userPassword" [18/Jan/2016:09:27:59 -0800] conn=18707 op=10 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:59 -0800] conn=18707 op=11 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(krbPrincipalKey=*)" attrs="krbPrincipalKey" [18/Jan/2016:09:27:59 -0800] conn=18707 op=11 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=18707 op=12 UNBIND [18/Jan/2016:09:27:59 -0800] conn=18707 op=12 fd=277 closed - U1 [18/Jan/2016:09:27:59 -0800] conn=14994 op=9093 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:27:59 -0800] conn=14994 op=9093 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144398 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144398 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:59 -0800] conn=273 op=207 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144399 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144399 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:59 -0800] conn=273 op=207 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000e000f0000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144400 ADD dn="idnsName=98,idnsname=0.21.10.in-addr.arpa.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144400 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d220b000800110000 [18/Jan/2016:09:27:59 -0800] conn=273 op=208 MOD dn="idnsname=0.21.10.in-addr.arpa.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=273 op=208 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000f000f0000 [18/Jan/2016:09:28:01 -0800] conn=7882 op=1362 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf nsUniqueId modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock" [18/Jan/2016:09:28:01 -0800] conn=7882 op=1362 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:01 -0800] conn=7882 op=1363 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf nsUniqueId modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock" [18/Jan/2016:09:28:01 -0800] conn=7882 op=1363 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:01 -0800] conn=17562 op=144401 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=17562 op=144401 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000f00110000 [18/Jan/2016:09:28:01 -0800] conn=17562 op=144402 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=273 op=209 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=17562 op=144402 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001000110000 [18/Jan/2016:09:28:01 -0800] conn=17562 op=144403 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=273 op=209 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d0002000f0000 [18/Jan/2016:09:28:01 -0800] conn=17562 op=144403 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001100110000 [18/Jan/2016:09:28:01 -0800] conn=273 op=210 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=17562 op=144404 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=273 op=210 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d0004000f0000 [18/Jan/2016:09:28:01 -0800] conn=17562 op=144404 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001200110000 [18/Jan/2016:09:28:01 -0800] conn=17562 op=144405 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=273 op=211 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=17562 op=144405 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001300110000 [18/Jan/2016:09:28:01 -0800] conn=17562 op=144406 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=273 op=211 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d0006000f0000 [18/Jan/2016:09:28:01 -0800] conn=17562 op=144406 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001400110000 [18/Jan/2016:09:28:01 -0800] conn=17562 op=144407 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=273 op=212 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=17562 op=144407 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001500110000 [18/Jan/2016:09:28:01 -0800] conn=273 op=212 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d0009000f0000 [18/Jan/2016:09:28:01 -0800] conn=273 op=213 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=273 op=213 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d000b000f0000 [18/Jan/2016:09:28:01 -0800] conn=273 op=214 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=273 op=214 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d000d000f0000 [18/Jan/2016:09:28:01 -0800] conn=17562 op=144408 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:01 -0800] conn=17562 op=144408 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:01 -0800] conn=17562 op=144409 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:01 -0800] conn=17562 op=144409 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:01 -0800] conn=17562 op=144410 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:01 -0800] conn=17562 op=144410 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9094 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9094 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9095 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9095 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9096 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9096 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9097 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9097 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9098 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9098 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9099 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9099 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9100 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9100 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9101 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9101 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9102 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9102 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9103 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9103 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9104 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9104 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9105 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9105 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9106 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9106 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9107 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9107 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9108 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9108 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9109 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9109 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9110 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9110 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9111 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9111 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9112 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9112 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9113 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9113 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:04 -0800] conn=17562 op=144411 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:04 -0800] conn=17562 op=144411 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:04 -0800] conn=17562 op=144412 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:04 -0800] conn=17562 op=144412 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:04 -0800] conn=17562 op=144413 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:04 -0800] conn=17562 op=144413 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:04 -0800] conn=17562 op=144414 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:04 -0800] conn=17562 op=144414 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:04 -0800] conn=18708 fd=277 slot=277 connection from 10.21.20.251 to 10.178.0.98 [18/Jan/2016:09:28:04 -0800] conn=18708 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [18/Jan/2016:09:28:04 -0800] conn=18708 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:04 -0800] conn=7 op=36505 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/spool2-ops-flex-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/spool2-ops-flex-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:04 -0800] conn=7 op=36505 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:04 -0800] conn=7 op=36506 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:04 -0800] conn=7 op=36506 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:04 -0800] conn=7 op=36507 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:04 -0800] conn=7 op=36507 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:04 -0800] conn=7 op=36508 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:28:04 -0800] conn=7 op=36508 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:04 -0800] conn=3 op=82499 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/spool2-ops-flex-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/spool2-ops-flex-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:04 -0800] conn=3 op=82499 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:04 -0800] conn=3 op=82500 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:04 -0800] conn=3 op=82500 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:04 -0800] conn=3 op=82501 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:04 -0800] conn=3 op=82501 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:04 -0800] conn=3 op=82502 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:28:04 -0800] conn=3 op=82502 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:04 -0800] conn=3 op=82503 SRCH base="fqdn=spool2-ops-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:28:04 -0800] conn=3 op=82503 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:04 -0800] conn=3 op=82504 SRCH base="cn=spool2-ops-flex-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:04 -0800] conn=3 op=82504 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:04 -0800] conn=3 op=82505 MOD dn="fqdn=spool2-ops-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:04 -0800] conn=3 op=82505 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22100000000f0000 [18/Jan/2016:09:28:04 -0800] conn=3 op=82506 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:04 -0800] conn=3 op=82506 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:04 -0800] conn=3 op=82507 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:04 -0800] conn=3 op=82507 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:04 -0800] conn=3 op=82508 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:04 -0800] conn=3 op=82508 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:04 -0800] conn=3 op=82509 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/spool2-ops-flex-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:04 -0800] conn=3 op=82509 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:04 -0800] conn=3 op=82510 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:04 -0800] conn=3 op=82510 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:04 -0800] conn=18708 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:04 -0800] conn=18708 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:04 -0800] conn=18708 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:04 -0800] conn=18708 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:04 -0800] conn=18708 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:04 -0800] conn=18708 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=spool2-ops-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:04 -0800] conn=18708 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2842)(!(entryusn=2842)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=spool2-ops-flex-van.mydomain.net)(sudoHost=spool2-ops-flex-van)(sudoHost=10.21.20.251)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:769c)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" [18/Jan/2016:09:28:04 -0800] conn=18708 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 [18/Jan/2016:09:28:04 -0800] conn=14994 op=9114 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:04 -0800] conn=14994 op=9114 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:04 -0800] conn=14994 op=9115 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:04 -0800] conn=14994 op=9115 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:04 -0800] conn=17562 op=144415 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:04 -0800] conn=17562 op=144415 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:04 -0800] conn=17562 op=144416 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:04 -0800] conn=17562 op=144416 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:04 -0800] conn=17562 op=144417 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:04 -0800] conn=17562 op=144417 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:04 -0800] conn=17562 op=144418 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:04 -0800] conn=17562 op=144418 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:05 -0800] conn=17562 op=144419 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:05 -0800] conn=17562 op=144419 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:05 -0800] conn=17562 op=144420 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:05 -0800] conn=17562 op=144420 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:05 -0800] conn=17562 op=144421 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:05 -0800] conn=17562 op=144421 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:05 -0800] conn=17562 op=144422 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:05 -0800] conn=17562 op=144422 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:05 -0800] conn=18709 fd=278 slot=278 SSL connection from 10.21.0.98 to 10.178.0.98 [18/Jan/2016:09:28:05 -0800] conn=18709 TLS1.2 128-bit AES [18/Jan/2016:09:28:05 -0800] conn=18709 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:05 -0800] conn=18709 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:05 -0800] conn=18709 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:05 -0800] conn=18709 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:05 -0800] conn=18709 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:05 -0800] conn=18709 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:05 -0800] conn=18710 fd=279 slot=279 SSL connection from 10.21.0.98 to 10.178.0.98 [18/Jan/2016:09:28:05 -0800] conn=18710 TLS1.2 128-bit AES [18/Jan/2016:09:28:05 -0800] conn=18710 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:05 -0800] conn=18710 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:05 -0800] conn=18710 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:05 -0800] conn=18710 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:05 -0800] conn=18710 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:05 -0800] conn=18710 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:05 -0800] conn=18709 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:06 -0800] conn=18709 op=3 RESULT err=0 tag=101 nentries=1 etime=1 [18/Jan/2016:09:28:06 -0800] conn=18709 op=4 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" [18/Jan/2016:09:28:06 -0800] conn=18709 op=4 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:06 -0800] conn=18709 op=5 SRCH base="cn=Domain Level,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaDomainLevel" [18/Jan/2016:09:28:06 -0800] conn=18709 op=5 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:06 -0800] conn=18709 op=6 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" [18/Jan/2016:09:28:06 -0800] conn=18709 op=6 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:06 -0800] conn=18709 op=7 SRCH base="cn=hostgroups,cn=accounts,dc=mydomain,dc=net" scope=1 filter="(&(&(&(objectClass=ipaobject)(objectClass=ipahostgroup))(cn=ipaservers))(member=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net))" attrs="cn memberOf memberofindirect member memberindirect description" [18/Jan/2016:09:28:06 -0800] conn=18709 op=7 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:06 -0800] conn=18709 op=8 UNBIND [18/Jan/2016:09:28:06 -0800] conn=18709 op=8 fd=278 closed - U1 [18/Jan/2016:09:28:06 -0800] conn=18711 fd=278 slot=278 SSL connection from 10.21.0.98 to 10.178.0.98 [18/Jan/2016:09:28:06 -0800] conn=18711 TLS1.2 128-bit AES [18/Jan/2016:09:28:06 -0800] conn=18711 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:06 -0800] conn=18711 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:06 -0800] conn=18711 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:06 -0800] conn=18711 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:06 -0800] conn=18711 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:06 -0800] conn=18711 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:06 -0800] conn=18711 op=3 SRCH base="cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="memberofindirect cn memberOf * member memberindirect description aci" [18/Jan/2016:09:28:06 -0800] conn=18711 op=3 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:06 -0800] conn=18711 op=4 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" [18/Jan/2016:09:28:06 -0800] conn=18711 op=4 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:06 -0800] conn=18711 op=5 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(member=*)(memberOf=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net))" attrs="member" [18/Jan/2016:09:28:06 -0800] conn=18711 op=5 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 [18/Jan/2016:09:28:06 -0800] conn=18711 op=6 SRCH base="dc=mydomain,dc=net" scope=2 filter="(|(member=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net)(memberUser=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net)(memberHost=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net))" attrs="" [18/Jan/2016:09:28:06 -0800] conn=18711 op=6 RESULT err=0 tag=101 nentries=2 etime=0 [18/Jan/2016:09:28:06 -0800] conn=18711 op=7 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=krbPrincipalAux)(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs=ALL [18/Jan/2016:09:28:06 -0800] conn=18711 op=7 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:06 -0800] conn=18711 op=8 SRCH base="cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="cosPriority * nsAccountLock aci" [18/Jan/2016:09:28:06 -0800] conn=18711 op=8 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:06 -0800] conn=18711 op=9 SRCH base="cn=ipaservers,cn=ng,cn=alt,dc=mydomain,dc=net" scope=0 filter="(objectClass=mepmanagedentry)" attrs="" [18/Jan/2016:09:28:06 -0800] conn=18711 op=9 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:06 -0800] conn=18711 op=10 UNBIND [18/Jan/2016:09:28:06 -0800] conn=18711 op=10 fd=278 closed - U1 [18/Jan/2016:09:28:06 -0800] conn=18712 fd=278 slot=278 SSL connection from 10.21.0.98 to 10.178.0.98 [18/Jan/2016:09:28:06 -0800] conn=18712 TLS1.2 128-bit AES [18/Jan/2016:09:28:06 -0800] conn=18712 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:06 -0800] conn=18515 op=6 UNBIND [18/Jan/2016:09:28:06 -0800] conn=18515 op=6 fd=166 closed - U1 [18/Jan/2016:09:28:06 -0800] conn=18712 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:06 -0800] conn=18712 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:06 -0800] conn=18712 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:06 -0800] conn=18712 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:06 -0800] conn=18712 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:06 -0800] conn=18712 op=3 SRCH base="cn=meTodc2-ipa-dev-van.mydomain.net,cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" scope=0 filter="(objectClass=*)" attrs="* aci" [18/Jan/2016:09:28:06 -0800] conn=18712 op=3 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:06 -0800] conn=18712 op=4 SRCH base="cn=replication managers,cn=sysaccounts,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:06 -0800] conn=18712 op=4 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:06 -0800] conn=18712 op=5 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" [18/Jan/2016:09:28:06 -0800] conn=18712 op=5 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=18712 op=6 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=DNS))" attrs=ALL [18/Jan/2016:09:28:07 -0800] conn=18712 op=6 RESULT err=0 tag=101 nentries=3 etime=0 [18/Jan/2016:09:28:07 -0800] conn=18712 op=7 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(ipaConfigString=enabledService)(cn=CA))" attrs=ALL [18/Jan/2016:09:28:07 -0800] conn=18712 op=7 RESULT err=0 tag=101 nentries=3 etime=0 notes=U [18/Jan/2016:09:28:07 -0800] conn=18712 op=8 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(ipaConfigString=enabledService)(cn=KRA))" attrs=ALL [18/Jan/2016:09:28:07 -0800] conn=18712 op=8 RESULT err=0 tag=101 nentries=0 etime=0 notes=U [18/Jan/2016:09:28:07 -0800] conn=18710 op=3 UNBIND [18/Jan/2016:09:28:07 -0800] conn=18710 op=3 fd=279 closed - U1 [18/Jan/2016:09:28:07 -0800] conn=18712 op=9 UNBIND [18/Jan/2016:09:28:07 -0800] conn=18712 op=9 fd=278 closed - U1 [18/Jan/2016:09:28:07 -0800] conn=18713 fd=166 slot=166 connection from 10.178.0.98 to 10.178.0.98 [18/Jan/2016:09:28:07 -0800] conn=3 op=82511 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:07 -0800] conn=3 op=82511 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=3 op=82512 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:07 -0800] conn=3 op=82512 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=3 op=82513 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:07 -0800] conn=3 op=82513 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=3 op=82514 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:07 -0800] conn=3 op=82514 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=3 op=82515 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:07 -0800] conn=3 op=82515 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=3 op=82516 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" [18/Jan/2016:09:28:07 -0800] conn=3 op=82516 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=3 op=82517 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:07 -0800] conn=3 op=82517 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=3 op=82518 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:07 -0800] conn=3 op=82518 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=3 op=82519 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:28:07 -0800] conn=3 op=82519 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=3 op=82520 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:07 -0800] conn=3 op=82520 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:07 -0800] conn=18713 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:07 -0800] conn=18713 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:07 -0800] conn=18713 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:07 -0800] conn=18713 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:07 -0800] conn=18713 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:07 -0800] conn=18713 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:07 -0800] conn=18713 op=3 UNBIND [18/Jan/2016:09:28:07 -0800] conn=18713 op=3 fd=166 closed - U1 [18/Jan/2016:09:28:07 -0800] conn=18714 fd=166 slot=166 connection from 10.178.0.98 to 10.178.0.98 [18/Jan/2016:09:28:07 -0800] conn=7 op=36509 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:07 -0800] conn=7 op=36509 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=7 op=36510 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:07 -0800] conn=7 op=36510 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=7 op=36511 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:07 -0800] conn=7 op=36511 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=7 op=36512 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:07 -0800] conn=7 op=36512 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=7 op=36513 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:07 -0800] conn=7 op=36513 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=7 op=36514 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" [18/Jan/2016:09:28:07 -0800] conn=7 op=36514 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=7 op=36515 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:07 -0800] conn=7 op=36515 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=7 op=36516 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:07 -0800] conn=7 op=36516 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=7 op=36517 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:28:07 -0800] conn=7 op=36517 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=7 op=36518 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:07 -0800] conn=7 op=36518 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:07 -0800] conn=18714 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:07 -0800] conn=18714 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:07 -0800] conn=18714 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:07 -0800] conn=18714 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:07 -0800] conn=18714 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:07 -0800] conn=18714 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:07 -0800] conn=18714 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:07 -0800] conn=18714 op=3 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=18714 op=4 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=DNS))" attrs=ALL [18/Jan/2016:09:28:07 -0800] conn=18714 op=4 RESULT err=0 tag=101 nentries=3 etime=0 [18/Jan/2016:09:28:07 -0800] conn=18714 op=5 UNBIND [18/Jan/2016:09:28:07 -0800] conn=18714 op=5 fd=166 closed - U1 [18/Jan/2016:09:28:07 -0800] conn=18715 fd=166 slot=166 connection from 10.21.0.98 to 10.178.0.98 [18/Jan/2016:09:28:07 -0800] conn=18715 op=-1 fd=166 closed - B1 [18/Jan/2016:09:28:07 -0800] conn=18716 fd=166 slot=166 SSL connection from 10.21.0.98 to 10.178.0.98 [18/Jan/2016:09:28:07 -0800] conn=18716 op=-1 fd=166 closed - Encountered end of file. [18/Jan/2016:09:28:07 -0800] conn=14994 op=9116 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:07 -0800] conn=14994 op=9116 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:07 -0800] conn=14994 op=9117 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:07 -0800] conn=14994 op=9117 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:09 -0800] conn=18516 op=9 UNBIND [18/Jan/2016:09:28:09 -0800] conn=18516 op=9 fd=168 closed - U1 [18/Jan/2016:09:28:09 -0800] conn=18717 fd=166 slot=166 connection from 10.178.0.98 to 10.178.0.98 [18/Jan/2016:09:28:09 -0800] conn=13 op=56335 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:09 -0800] conn=13 op=56335 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:09 -0800] conn=13 op=56336 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:09 -0800] conn=13 op=56336 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:09 -0800] conn=13 op=56337 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:09 -0800] conn=13 op=56337 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:09 -0800] conn=13 op=56338 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:09 -0800] conn=13 op=56338 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:09 -0800] conn=13 op=56339 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:09 -0800] conn=13 op=56339 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:09 -0800] conn=13 op=56340 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" [18/Jan/2016:09:28:09 -0800] conn=13 op=56340 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:09 -0800] conn=13 op=56341 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:09 -0800] conn=13 op=56341 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:09 -0800] conn=13 op=56342 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:09 -0800] conn=13 op=56342 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:09 -0800] conn=13 op=56343 SRCH base="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:28:09 -0800] conn=13 op=56343 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:09 -0800] conn=18717 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:09 -0800] conn=18717 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:09 -0800] conn=18717 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:09 -0800] conn=18717 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:09 -0800] conn=18717 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:09 -0800] conn=18717 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:09 -0800] conn=18717 op=3 UNBIND [18/Jan/2016:09:28:09 -0800] conn=18717 op=3 fd=166 closed - U1 [18/Jan/2016:09:28:10 -0800] conn=18718 fd=166 slot=166 connection from 10.178.0.98 to 10.178.0.98 [18/Jan/2016:09:28:10 -0800] conn=13 op=56344 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:10 -0800] conn=13 op=56344 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=13 op=56345 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:10 -0800] conn=13 op=56345 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=13 op=56346 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:10 -0800] conn=13 op=56346 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=13 op=56347 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:10 -0800] conn=13 op=56347 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=13 op=56348 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:10 -0800] conn=13 op=56348 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=13 op=56349 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" [18/Jan/2016:09:28:10 -0800] conn=13 op=56349 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=13 op=56350 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:10 -0800] conn=13 op=56350 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=13 op=56351 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:10 -0800] conn=13 op=56351 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=13 op=56352 SRCH base="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:28:10 -0800] conn=13 op=56352 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=18718 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:10 -0800] conn=18718 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:10 -0800] conn=18718 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:10 -0800] conn=18718 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:10 -0800] conn=18718 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:10 -0800] conn=18718 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:10 -0800] conn=18718 op=3 UNBIND [18/Jan/2016:09:28:10 -0800] conn=18718 op=3 fd=166 closed - U1 [18/Jan/2016:09:28:10 -0800] conn=18719 fd=166 slot=166 connection from 10.178.0.98 to 10.178.0.98 [18/Jan/2016:09:28:10 -0800] conn=3 op=82521 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:10 -0800] conn=3 op=82521 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=3 op=82522 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:10 -0800] conn=3 op=82522 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=3 op=82523 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:10 -0800] conn=3 op=82523 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=3 op=82524 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:10 -0800] conn=3 op=82524 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=3 op=82525 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:10 -0800] conn=3 op=82525 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=3 op=82526 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" [18/Jan/2016:09:28:10 -0800] conn=3 op=82526 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=3 op=82527 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:10 -0800] conn=3 op=82527 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=3 op=82528 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:10 -0800] conn=3 op=82528 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=3 op=82529 SRCH base="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:28:10 -0800] conn=3 op=82529 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=18719 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:10 -0800] conn=18719 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:10 -0800] conn=18719 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:10 -0800] conn=18719 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:10 -0800] conn=18719 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:10 -0800] conn=18719 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:10 -0800] conn=18719 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:10 -0800] conn=18719 op=3 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=18719 op=4 SRCH base="cn=dc2-ipa-dev-nvan.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" [18/Jan/2016:09:28:10 -0800] conn=18719 op=4 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=18719 op=5 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(memberOf=cn=Replication Administrators,cn=privileges,cn=pbac,dc=mydomain,dc=net)(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs=ALL [18/Jan/2016:09:28:10 -0800] conn=18719 op=5 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:11 -0800] conn=18719 op=6 UNBIND [18/Jan/2016:09:28:11 -0800] conn=18719 op=6 fd=166 closed - U1 [18/Jan/2016:09:28:11 -0800] conn=17562 op=144423 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:11 -0800] conn=17562 op=144423 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:11 -0800] conn=17562 op=144424 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:11 -0800] conn=17562 op=144424 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:11 -0800] conn=17562 op=144425 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:11 -0800] conn=17562 op=144425 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:11 -0800] conn=17562 op=144426 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:11 -0800] conn=17562 op=144426 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:12 -0800] conn=18720 fd=166 slot=166 SSL connection from 10.21.0.98 to 10.178.0.98 [18/Jan/2016:09:28:12 -0800] conn=18720 TLS1.2 128-bit AES [18/Jan/2016:09:28:12 -0800] conn=18720 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:12 -0800] conn=18720 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:12 -0800] conn=18720 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:12 -0800] conn=18720 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:12 -0800] conn=18720 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:12 -0800] conn=18720 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:12 -0800] conn=18720 op=3 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" [18/Jan/2016:09:28:12 -0800] conn=18720 op=3 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:12 -0800] conn=18720 op=4 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" [18/Jan/2016:09:28:12 -0800] conn=18720 op=4 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:12 -0800] conn=18720 op=5 MOD dn="cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:12 -0800] conn=18720 op=5 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22180003000f0000 [18/Jan/2016:09:28:12 -0800] conn=18720 op=6 SRCH base="cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="cn memberOf memberofindirect member memberindirect description" [18/Jan/2016:09:28:12 -0800] conn=18720 op=6 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:12 -0800] conn=18720 op=7 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" [18/Jan/2016:09:28:12 -0800] conn=14994 op=9118 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:12 -0800] conn=14994 op=9118 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:12 -0800] conn=14994 op=9119 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:12 -0800] conn=14994 op=9119 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:12 -0800] conn=14994 op=9120 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:12 -0800] conn=14994 op=9120 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:12 -0800] conn=14994 op=9121 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:12 -0800] conn=14994 op=9121 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:12 -0800] conn=17562 op=144427 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:12 -0800] conn=17562 op=144427 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:12 -0800] conn=17562 op=144428 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:12 -0800] conn=17562 op=144428 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:12 -0800] conn=17562 op=144429 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:12 -0800] conn=17562 op=144429 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:12 -0800] conn=17562 op=144430 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:12 -0800] conn=17562 op=144430 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:12 -0800] conn=18720 op=7 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:12 -0800] conn=18720 op=8 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(member=*)(memberOf=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net))" attrs="member" [18/Jan/2016:09:28:12 -0800] conn=18720 op=8 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 [18/Jan/2016:09:28:12 -0800] conn=18720 op=9 SRCH base="dc=mydomain,dc=net" scope=2 filter="(|(member=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net)(memberUser=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net)(memberHost=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net))" attrs="" [18/Jan/2016:09:28:12 -0800] conn=18720 op=9 RESULT err=0 tag=101 nentries=2 etime=0 [18/Jan/2016:09:28:12 -0800] conn=18720 op=10 SRCH base="cn=ipaservers,cn=ng,cn=alt,dc=mydomain,dc=net" scope=0 filter="(objectClass=mepmanagedentry)" attrs="" [18/Jan/2016:09:28:12 -0800] conn=18720 op=10 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:12 -0800] conn=18720 op=11 UNBIND [18/Jan/2016:09:28:12 -0800] conn=18720 op=11 fd=166 closed - U1 [18/Jan/2016:09:28:13 -0800] conn=14994 op=9122 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:13 -0800] conn=14994 op=9122 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:13 -0800] conn=14994 op=9123 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:13 -0800] conn=14994 op=9123 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:13 -0800] conn=18721 fd=166 slot=166 connection from 10.21.0.98 to 10.178.0.98 [18/Jan/2016:09:28:13 -0800] conn=18721 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:13 -0800] conn=18721 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:13 -0800] conn=18721 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:13 -0800] conn=18721 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:13 -0800] conn=18721 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:13 -0800] conn=18721 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:13 -0800] conn=18721 op=3 SRCH base="cn=cacert,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(cacertificate;binary=*)" attrs="cacertificate;binary" [18/Jan/2016:09:28:13 -0800] conn=18721 op=3 RESULT err=0 tag=101 nentries=1 etime=0 notes=U [18/Jan/2016:09:28:13 -0800] conn=18721 op=-1 fd=166 closed - B1 [18/Jan/2016:09:28:15 -0800] conn=18722 fd=166 slot=166 connection from 10.21.31.31 to 10.178.0.98 [18/Jan/2016:09:28:15 -0800] conn=18722 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [18/Jan/2016:09:28:15 -0800] conn=18722 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:15 -0800] conn=13 op=56353 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/fe1-gas-salqa1-van.login.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/fe1-gas-salqa1-van.login.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:15 -0800] conn=13 op=56353 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:15 -0800] conn=13 op=56354 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:15 -0800] conn=13 op=56354 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:15 -0800] conn=13 op=56355 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:15 -0800] conn=13 op=56355 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:15 -0800] conn=13 op=56356 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:28:15 -0800] conn=13 op=56356 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:15 -0800] conn=13 op=56357 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/fe1-gas-salqa1-van.login.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/fe1-gas-salqa1-van.login.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:15 -0800] conn=13 op=56357 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:15 -0800] conn=13 op=56358 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:15 -0800] conn=13 op=56358 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:15 -0800] conn=13 op=56359 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:15 -0800] conn=13 op=56359 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:15 -0800] conn=13 op=56360 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:28:15 -0800] conn=13 op=56360 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:15 -0800] conn=13 op=56361 SRCH base="fqdn=fe1-gas-salqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:28:15 -0800] conn=13 op=56361 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:15 -0800] conn=13 op=56362 SRCH base="cn=fe1-gas-salqa1-van.login.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:15 -0800] conn=13 op=56362 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:15 -0800] conn=13 op=56363 MOD dn="fqdn=fe1-gas-salqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:15 -0800] conn=13 op=56363 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d221b0000000f0000 [18/Jan/2016:09:28:15 -0800] conn=13 op=56364 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:15 -0800] conn=13 op=56364 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:15 -0800] conn=13 op=56365 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:15 -0800] conn=13 op=56365 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:15 -0800] conn=13 op=56366 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:15 -0800] conn=13 op=56366 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:15 -0800] conn=13 op=56367 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/fe1-gas-salqa1-van.login.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:15 -0800] conn=13 op=56367 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:15 -0800] conn=13 op=56368 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:15 -0800] conn=13 op=56368 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:15 -0800] conn=18722 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:15 -0800] conn=18722 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:15 -0800] conn=18722 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:15 -0800] conn=18722 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:15 -0800] conn=18722 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:15 -0800] conn=18722 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=fe1-gas-salqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:15 -0800] conn=18722 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2842)(!(entryusn=2842)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=fe1-gas-salqa1-van.login.mydomain.net)(sudoHost=fe1-gas-salqa1-van)(sudoHost=10.21.31.31)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:3fd2)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" [18/Jan/2016:09:28:15 -0800] conn=18722 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 [18/Jan/2016:09:28:16 -0800] conn=18723 fd=168 slot=168 connection from 10.21.23.93 to 10.178.0.98 [18/Jan/2016:09:28:16 -0800] conn=18723 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [18/Jan/2016:09:28:16 -0800] conn=18723 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:16 -0800] conn=3 op=82530 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/collector2-sal-cpqa1-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/collector2-sal-cpqa1-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:16 -0800] conn=3 op=82530 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:16 -0800] conn=3 op=82531 SRCH base="cn=ipaConfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaConfigString ipaKrbAuthzData ipaUserAuthType" [18/Jan/2016:09:28:16 -0800] conn=3 op=82531 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:16 -0800] conn=3 op=82532 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:16 -0800] conn=3 op=82532 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:16 -0800] conn=3 op=82533 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:16 -0800] conn=3 op=82533 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:16 -0800] conn=3 op=82534 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:28:16 -0800] conn=3 op=82534 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:16 -0800] conn=13 op=56369 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/collector2-sal-cpqa1-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/collector2-sal-cpqa1-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:16 -0800] conn=13 op=56369 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:16 -0800] conn=13 op=56370 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:16 -0800] conn=13 op=56370 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:16 -0800] conn=13 op=56371 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:16 -0800] conn=13 op=56371 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:16 -0800] conn=13 op=56372 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:28:16 -0800] conn=13 op=56372 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:16 -0800] conn=13 op=56373 SRCH base="fqdn=collector2-sal-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:28:16 -0800] conn=13 op=56373 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:16 -0800] conn=13 op=56374 SRCH base="cn=collector2-sal-cpqa1-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:16 -0800] conn=13 op=56374 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:16 -0800] conn=13 op=56375 MOD dn="fqdn=collector2-sal-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:16 -0800] conn=13 op=56375 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d221c0000000f0000 [18/Jan/2016:09:28:16 -0800] conn=3 op=82535 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:16 -0800] conn=3 op=82535 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:16 -0800] conn=3 op=82536 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:16 -0800] conn=3 op=82536 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:16 -0800] conn=3 op=82537 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:16 -0800] conn=3 op=82537 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:16 -0800] conn=3 op=82538 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/collector2-sal-cpqa1-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:16 -0800] conn=3 op=82538 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:16 -0800] conn=3 op=82539 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:16 -0800] conn=3 op=82539 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:16 -0800] conn=18723 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:16 -0800] conn=18723 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:16 -0800] conn=18723 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:16 -0800] conn=18723 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:16 -0800] conn=18723 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:16 -0800] conn=18723 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=collector2-sal-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:16 -0800] conn=18723 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2842)(!(entryusn=2842)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=collector2-sal-cpqa1-van.mydomain.net)(sudoHost=collector2-sal-cpqa1-van)(sudoHost=10.21.23.93)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:6b78)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" [18/Jan/2016:09:28:16 -0800] conn=18723 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 [18/Jan/2016:09:28:17 -0800] conn=14994 op=9124 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:17 -0800] conn=14994 op=9124 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:17 -0800] conn=14994 op=9125 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:17 -0800] conn=14994 op=9125 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:17 -0800] conn=14994 op=9126 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:17 -0800] conn=14994 op=9126 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:17 -0800] conn=14994 op=9127 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:17 -0800] conn=14994 op=9127 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:17 -0800] conn=17562 op=144431 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:17 -0800] conn=17562 op=144431 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:17 -0800] conn=17562 op=144432 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:17 -0800] conn=17562 op=144432 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:17 -0800] conn=17562 op=144433 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:17 -0800] conn=17562 op=144433 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:17 -0800] conn=17562 op=144434 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:17 -0800] conn=17562 op=144434 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:17 -0800] conn=18724 fd=278 slot=278 connection from 10.21.5.241 to 10.178.0.98 [18/Jan/2016:09:28:17 -0800] conn=18724 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [18/Jan/2016:09:28:17 -0800] conn=18724 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:17 -0800] conn=18724 op=1 UNBIND [18/Jan/2016:09:28:17 -0800] conn=18724 op=1 fd=278 closed - U1 [18/Jan/2016:09:28:17 -0800] conn=18725 fd=278 slot=278 connection from 10.21.5.241 to 10.178.0.98 [18/Jan/2016:09:28:17 -0800] conn=18725 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [18/Jan/2016:09:28:17 -0800] conn=18725 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:18 -0800] conn=14994 op=9128 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:18 -0800] conn=14994 op=9128 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:18 -0800] conn=14994 op=9129 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:18 -0800] conn=14994 op=9129 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:18 -0800] conn=18725 op=1 UNBIND [18/Jan/2016:09:28:18 -0800] conn=18725 op=1 fd=278 closed - U1 [18/Jan/2016:09:28:18 -0800] conn=14994 op=9130 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:18 -0800] conn=14994 op=9130 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:18 -0800] conn=14994 op=9131 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:18 -0800] conn=14994 op=9131 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:21 -0800] conn=15599 op=565 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(gidNumber=10002)(objectClass=posixGroup)(cn=*)(&(gidNumber=*)(!(gidNumber=0))))" attrs="objectClass cn userPassword gidNumber member nsUniqueId modifyTimestamp entryusn" [18/Jan/2016:09:28:21 -0800] conn=15599 op=565 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:21 -0800] conn=17562 op=144435 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:21 -0800] conn=17562 op=144435 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:21 -0800] conn=17562 op=144436 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:21 -0800] conn=17562 op=144436 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:21 -0800] conn=17562 op=144437 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:21 -0800] conn=17562 op=144437 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:21 -0800] conn=17562 op=144438 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:21 -0800] conn=17562 op=144438 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:22 -0800] conn=14994 op=9132 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:22 -0800] conn=14994 op=9132 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:22 -0800] conn=14994 op=9133 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:22 -0800] conn=14994 op=9133 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:22 -0800] conn=14994 op=9134 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:22 -0800] conn=14994 op=9134 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:22 -0800] conn=14994 op=9135 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:22 -0800] conn=14994 op=9135 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:22 -0800] conn=18726 fd=278 slot=278 connection from 10.178.0.98 to 10.178.0.98 [18/Jan/2016:09:28:22 -0800] conn=13 op=56376 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:22 -0800] conn=13 op=56376 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=13 op=56377 SRCH base="cn=ipaConfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaConfigString ipaKrbAuthzData ipaUserAuthType" [18/Jan/2016:09:28:22 -0800] conn=13 op=56377 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=13 op=56378 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:22 -0800] conn=13 op=56378 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=13 op=56379 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:22 -0800] conn=13 op=56379 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=13 op=56380 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:22 -0800] conn=13 op=56380 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=13 op=56381 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:22 -0800] conn=13 op=56381 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=13 op=56382 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" [18/Jan/2016:09:28:22 -0800] conn=13 op=56382 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=13 op=56383 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:22 -0800] conn=13 op=56383 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=13 op=56384 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:22 -0800] conn=13 op=56384 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=13 op=56385 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:28:22 -0800] conn=13 op=56385 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=13 op=56386 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:22 -0800] conn=13 op=56386 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:22 -0800] conn=18726 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:22 -0800] conn=18726 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:22 -0800] conn=18726 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:22 -0800] conn=18726 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:22 -0800] conn=18726 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:22 -0800] conn=18726 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:22 -0800] conn=18726 op=3 UNBIND [18/Jan/2016:09:28:22 -0800] conn=18726 op=3 fd=278 closed - U1 [18/Jan/2016:09:28:22 -0800] conn=18727 fd=278 slot=278 connection from 10.178.0.98 to 10.178.0.98 [18/Jan/2016:09:28:22 -0800] conn=3 op=82540 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:22 -0800] conn=3 op=82540 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=3 op=82541 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:22 -0800] conn=3 op=82541 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=3 op=82542 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:22 -0800] conn=3 op=82542 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=3 op=82543 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:22 -0800] conn=3 op=82543 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=3 op=82544 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:22 -0800] conn=3 op=82544 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=3 op=82545 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" [18/Jan/2016:09:28:22 -0800] conn=3 op=82545 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=3 op=82546 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:22 -0800] conn=3 op=82546 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=3 op=82547 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:22 -0800] conn=3 op=82547 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=3 op=82548 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:28:22 -0800] conn=3 op=82548 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=3 op=82549 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:22 -0800] conn=3 op=82549 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:22 -0800] conn=18727 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:22 -0800] conn=18727 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:22 -0800] conn=18727 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:22 -0800] conn=18727 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:22 -0800] conn=18727 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:22 -0800] conn=18727 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:22 -0800] conn=18727 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:22 -0800] conn=18727 op=3 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=18727 op=4 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" [18/Jan/2016:09:28:22 -0800] conn=18727 op=4 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=18727 op=5 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="macAddress memberOf description nsHardwarePlatform ipaAllowedToPerform memberofindirect l nsOsVersion fqdn managedBy ipaAssignedIDView userCertificate krbPrincipalName nsHostLocation userClass" [18/Jan/2016:09:28:22 -0800] conn=18727 op=5 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=18727 op=6 SRCH base="dc=mydomain,dc=net" scope=2 filter="(|(member=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberUser=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberHost=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net))" attrs="" [18/Jan/2016:09:28:22 -0800] conn=18727 op=6 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=18727 op=7 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(userPassword=*)" attrs="userPassword" [18/Jan/2016:09:28:22 -0800] conn=18727 op=7 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:22 -0800] conn=18727 op=8 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(krbPrincipalKey=*)" attrs="krbPrincipalKey" [18/Jan/2016:09:28:22 -0800] conn=18727 op=8 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=18727 op=9 SRCH base="cn=ipaservers,cn=ng,cn=alt,dc=mydomain,dc=net" scope=0 filter="(objectClass=mepmanagedentry)" attrs="" [18/Jan/2016:09:28:22 -0800] conn=18727 op=9 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=18727 op=10 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaSshPubKey" [18/Jan/2016:09:28:22 -0800] conn=18727 op=10 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=18727 op=11 ADD dn="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:22 -0800] conn=18727 op=11 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d22220006000f0000 [18/Jan/2016:09:28:22 -0800] conn=18727 op=12 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="memberOf ipaKrbAuthzData objectClass userCertificate managedBy ipaUniqueID ipaAllowedToPerform krbPrincipalName" [18/Jan/2016:09:28:22 -0800] conn=18727 op=12 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=18727 op=13 UNBIND [18/Jan/2016:09:28:22 -0800] conn=18727 op=13 fd=278 closed - U1 [18/Jan/2016:09:28:22 -0800] conn=14994 op=9136 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:22 -0800] conn=14994 op=9136 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:22 -0800] conn=14994 op=9137 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:22 -0800] conn=14994 op=9137 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:22 -0800] conn=17562 op=144439 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:22 -0800] conn=17562 op=144439 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:22 -0800] conn=17562 op=144440 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:22 -0800] conn=17562 op=144440 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:22 -0800] conn=18728 fd=278 slot=278 connection from 10.21.0.98 to 10.178.0.98 [18/Jan/2016:09:28:22 -0800] conn=18728 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:22 -0800] conn=18728 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:22 -0800] conn=18728 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:22 -0800] conn=18728 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:22 -0800] conn=18728 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:22 -0800] conn=18728 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:22 -0800] conn=18728 op=3 EXT oid="2.16.840.1.113730.3.8.10.5" name="IPA Password Manager" [18/Jan/2016:09:28:22 -0800] conn=18728 op=3 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:22 -0800] conn=18728 op=4 UNBIND [18/Jan/2016:09:28:22 -0800] conn=18728 op=4 fd=278 closed - U1 [18/Jan/2016:09:28:22 -0800] conn=14994 op=9138 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:22 -0800] conn=14994 op=9138 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:22 -0800] conn=14994 op=9139 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:22 -0800] conn=14994 op=9139 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:22 -0800] conn=14994 op=9140 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:22 -0800] conn=14994 op=9140 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:22 -0800] conn=14994 op=9141 MOD dn="cn=repl keep alive 16,dc=mydomain,dc=net" [18/Jan/2016:09:28:22 -0800] conn=14994 op=9141 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2222000e00100000 [18/Jan/2016:09:28:23 -0800] conn=18729 fd=278 slot=278 connection from 10.178.0.98 to 10.178.0.98 [18/Jan/2016:09:28:23 -0800] conn=7 op=36519 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:23 -0800] conn=7 op=36519 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=7 op=36520 SRCH base="cn=ipaConfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaConfigString ipaKrbAuthzData ipaUserAuthType" [18/Jan/2016:09:28:23 -0800] conn=7 op=36520 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=7 op=36521 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:23 -0800] conn=7 op=36521 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=7 op=36522 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:23 -0800] conn=7 op=36522 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=7 op=36523 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:23 -0800] conn=7 op=36523 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=7 op=36524 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:23 -0800] conn=7 op=36524 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18729 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:23 -0800] conn=18729 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:23 -0800] conn=18729 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:23 -0800] conn=18729 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:23 -0800] conn=18729 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:23 -0800] conn=18729 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:23 -0800] conn=18729 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:23 -0800] conn=18729 op=3 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18729 op=4 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=CA))" attrs=ALL [18/Jan/2016:09:28:23 -0800] conn=18729 op=4 RESULT err=0 tag=101 nentries=3 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18729 op=5 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=krbPrincipalAux)(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs=ALL [18/Jan/2016:09:28:23 -0800] conn=18729 op=5 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18729 op=6 SRCH base="cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass" [18/Jan/2016:09:28:23 -0800] conn=18729 op=6 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18729 op=7 SRCH base="cn=caacls,cn=ca,dc=mydomain,dc=net" scope=1 filter="(&(objectClass=ipaassociation)(objectClass=ipacaacl))" attrs="serviceCategory cn ipaMemberCertProfile ipaMemberCa ipaCertProfileCategory memberUser userCategory hostCategory memberHost ipaEnabledFlag ipaCaCategory memberService description" [18/Jan/2016:09:28:23 -0800] conn=18729 op=7 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18729 op=8 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaKrbAuthzData userCertificate ipaAllowedToPerform * managedBy memberOf krbPrincipalName aci" [18/Jan/2016:09:28:23 -0800] conn=18729 op=8 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18729 op=9 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(krbPrincipalKey=*)" attrs="krbPrincipalKey" [18/Jan/2016:09:28:23 -0800] conn=18729 op=9 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18729 op=10 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=krbPrincipalAux)(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs=ALL [18/Jan/2016:09:28:23 -0800] conn=18729 op=10 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18729 op=11 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="userCertificate" [18/Jan/2016:09:28:23 -0800] conn=18729 op=11 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=67 op=539 SRCH base="cn=7,ou=certificateRepository,ou=ca,o=ipaca" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:23 -0800] conn=67 op=539 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=217 op=10 SRCH base="ou=People,o=ipaca" scope=2 filter="(description=2;7;CN=Certificate Authority,O=MYDOMAIN.NET;CN=IPA RA,O=MYDOMAIN.NET)" attrs=ALL [18/Jan/2016:09:28:23 -0800] conn=217 op=10 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=217 op=11 SRCH base="cn=Registration Manager Agents,ou=groups,o=ipaca" scope=0 filter="(uniqueMember=uid=ipara,ou=people,o=ipaca)" attrs="cn" [18/Jan/2016:09:28:23 -0800] conn=217 op=11 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=67 op=540 ADD dn="cn=99990009,ou=ca,ou=requests,o=ipaca" [18/Jan/2016:09:28:23 -0800] conn=67 op=540 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d2323000004470000 [18/Jan/2016:09:28:23 -0800] conn=67 op=541 ADD dn="cn=2684289033,ou=certificateRepository,ou=ca,o=ipaca" [18/Jan/2016:09:28:23 -0800] conn=67 op=541 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d2323000104470000 [18/Jan/2016:09:28:23 -0800] conn=67 op=542 MOD dn="cn=99990009,ou=ca,ou=requests,o=ipaca" [18/Jan/2016:09:28:23 -0800] conn=17562 op=144441 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:23 -0800] conn=17562 op=144441 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:23 -0800] conn=67 op=542 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2323000304470000 [18/Jan/2016:09:28:23 -0800] conn=67 op=543 SRCH base="cn=99990009,ou=ca,ou=requests,o=ipaca" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:23 -0800] conn=67 op=543 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=67 op=544 MOD dn="ou=ca,ou=requests,o=ipaca" [18/Jan/2016:09:28:23 -0800] conn=18730 fd=281 slot=281 connection from 10.178.0.99 to 10.178.0.98 [18/Jan/2016:09:28:23 -0800] conn=67 op=544 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2323000504470000 [18/Jan/2016:09:28:23 -0800] conn=18730 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:23 -0800] conn=18729 op=12 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=CA))" attrs=ALL [18/Jan/2016:09:28:23 -0800] conn=18729 op=12 RESULT err=0 tag=101 nentries=3 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18730 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:23 -0800] conn=18729 op=13 SRCH base="cn=caIPAserviceCert,cn=certprofiles,cn=ca,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="cn ipaCertProfileStoreIssued description" [18/Jan/2016:09:28:23 -0800] conn=18729 op=13 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18729 op=14 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="userCertificate" [18/Jan/2016:09:28:23 -0800] conn=18729 op=14 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18731 fd=282 slot=282 connection from 10.21.0.99 to 10.178.0.98 [18/Jan/2016:09:28:23 -0800] conn=18729 op=15 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=CA))" attrs=ALL [18/Jan/2016:09:28:23 -0800] conn=18729 op=15 RESULT err=0 tag=101 nentries=3 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18731 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:23 -0800] conn=18729 op=16 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=CA))" attrs=ALL [18/Jan/2016:09:28:23 -0800] conn=18731 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:23 -0800] conn=18729 op=16 RESULT err=0 tag=101 nentries=3 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18729 op=17 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="userCertificate" [18/Jan/2016:09:28:23 -0800] conn=18729 op=17 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18731 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:23 -0800] conn=18731 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:23 -0800] conn=18729 op=18 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="userCertificate" [18/Jan/2016:09:28:23 -0800] conn=18729 op=18 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18729 op=19 MOD dn="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:23 -0800] conn=18731 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:23 -0800] conn=18731 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="krbprincipalname=ldap/dc1-ipa-dev-van.mydomain.net at mydomain.net,cn=services,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:23 -0800] conn=18729 op=19 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22230001000f0000 [18/Jan/2016:09:28:23 -0800] conn=18729 op=20 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaKrbAuthzData userCertificate ipaAllowedToPerform managedBy memberOf krbPrincipalName" [18/Jan/2016:09:28:23 -0800] conn=18731 op=3 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension" [18/Jan/2016:09:28:23 -0800] conn=18729 op=20 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18731 op=3 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18731 op=4 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension" [18/Jan/2016:09:28:23 -0800] conn=18729 op=21 UNBIND [18/Jan/2016:09:28:23 -0800] conn=18729 op=21 fd=278 closed - U1 [18/Jan/2016:09:28:23 -0800] conn=18731 op=4 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18731 op=5 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:23 -0800] conn=18731 op=5 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18731 op=6 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:23 -0800] conn=18731 op=6 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:27 -0800] conn=17562 op=144442 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:27 -0800] conn=17562 op=144442 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:28 -0800] conn=18730 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:28 -0800] conn=18730 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:28 -0800] conn=18730 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:28 -0800] conn=18730 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="krbprincipalname=ldap/dc1-ipa-dev-nvan.mydomain.net at mydomain.net,cn=services,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:28 -0800] conn=18730 op=3 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension" [18/Jan/2016:09:28:28 -0800] conn=18730 op=3 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:28 -0800] conn=18730 op=4 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension" [18/Jan/2016:09:28:28 -0800] conn=18730 op=4 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:28 -0800] conn=18730 op=5 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:28 -0800] conn=18730 op=5 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:28 -0800] conn=18730 op=6 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:28 -0800] conn=18730 op=6 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:28 -0800] conn=14994 op=9142 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:28 -0800] conn=14994 op=9142 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:28 -0800] conn=14994 op=9143 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:28 -0800] conn=14994 op=9143 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:28 -0800] conn=14994 op=9144 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:28 -0800] conn=14994 op=9144 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:29 -0800] conn=17562 op=144443 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:29 -0800] conn=17562 op=144443 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:29 -0800] conn=17562 op=144444 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:29 -0800] conn=17562 op=144444 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:30 -0800] conn=18656 op=5 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2842)(!(entryusn=2842)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=spool1-googleapps-flex-van.mydomain.net)(sudoHost=spool1-googleapps-flex-van)(sudoHost=10.21.32.201)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:2c30)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" [18/Jan/2016:09:28:30 -0800] conn=18656 op=5 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 [18/Jan/2016:09:28:30 -0800] conn=18519 op=5 UNBIND [18/Jan/2016:09:28:30 -0800] conn=18519 op=5 fd=77 closed - U1 [18/Jan/2016:09:28:32 -0800] conn=18732 fd=77 slot=77 connection from 10.21.0.98 to 10.178.0.98 [18/Jan/2016:09:28:32 -0800] conn=18732 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:32 -0800] conn=18732 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:32 -0800] conn=18732 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:32 -0800] conn=18732 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:32 -0800] conn=18732 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:32 -0800] conn=18732 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:32 -0800] conn=18732 op=3 SRCH base="cn=replication,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:32 -0800] conn=18732 op=3 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:32 -0800] conn=18732 op=4 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" [18/Jan/2016:09:28:32 -0800] conn=18732 op=4 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:32 -0800] conn=17562 op=144445 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:32 -0800] conn=17562 op=144445 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:32 -0800] conn=17562 op=144446 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:32 -0800] conn=17562 op=144446 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:32 -0800] conn=17562 op=144447 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:32 -0800] conn=17562 op=144447 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:32 -0800] conn=17562 op=144448 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:32 -0800] conn=17562 op=144448 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:32 -0800] conn=18732 op=5 MOD dn="cn=replication,cn=etc,dc=mydomain,dc=net" [18/Jan/2016:09:28:32 -0800] conn=18732 op=5 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d222c0007000f0000 [18/Jan/2016:09:28:32 -0800] conn=14994 op=9145 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:32 -0800] conn=14994 op=9145 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:32 -0800] conn=14994 op=9146 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:32 -0800] conn=14994 op=9146 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:32 -0800] conn=17562 op=144449 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:32 -0800] conn=17562 op=144449 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:32 -0800] conn=17562 op=144450 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:32 -0800] conn=17562 op=144450 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:33 -0800] conn=18732 op=6 SRCH base="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:33 -0800] conn=18732 op=6 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:33 -0800] conn=18732 op=7 SRCH base="cn=replication,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:33 -0800] conn=18732 op=7 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:33 -0800] conn=18732 op=8 MOD dn="cn=replication,cn=etc,dc=mydomain,dc=net" [18/Jan/2016:09:28:33 -0800] conn=18732 op=8 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d222d0000000f0000 [18/Jan/2016:09:28:33 -0800] conn=18732 op=9 SRCH base="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:33 -0800] conn=18732 op=9 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 ADD dn="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 RESULT err=68 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:33 -0800] conn=18732 op=11 UNBIND [18/Jan/2016:09:28:33 -0800] conn=18732 op=11 fd=77 closed - U1 [18/Jan/2016:09:28:33 -0800] conn=18733 fd=77 slot=77 connection from 10.178.6.56 to 10.178.0.98 [18/Jan/2016:09:28:33 -0800] conn=18733 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [18/Jan/2016:09:28:33 -0800] conn=18733 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:33 -0800] conn=3 op=82550 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:33 -0800] conn=3 op=82550 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:33 -0800] conn=18733 op=1 UNBIND [18/Jan/2016:09:28:33 -0800] conn=18733 op=1 fd=77 closed - U1 [18/Jan/2016:09:28:33 -0800] conn=18734 fd=77 slot=77 connection from 10.178.6.56 to 10.178.0.98 [18/Jan/2016:09:28:33 -0800] conn=18734 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [18/Jan/2016:09:28:33 -0800] conn=18734 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:33 -0800] conn=7 op=36525 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:33 -0800] conn=7 op=36525 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:33 -0800] conn=18734 op=1 UNBIND [18/Jan/2016:09:28:33 -0800] conn=18734 op=1 fd=77 closed - U1 [18/Jan/2016:09:28:33 -0800] conn=7 op=36526 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:33 -0800] conn=7 op=36526 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:33 -0800] conn=18735 fd=77 slot=77 connection from 10.178.6.56 to 10.178.0.98 [18/Jan/2016:09:28:33 -0800] conn=18735 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [18/Jan/2016:09:28:33 -0800] conn=18735 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:33 -0800] conn=7 op=36527 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:33 -0800] conn=7 op=36527 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:33 -0800] conn=18735 op=1 UNBIND [18/Jan/2016:09:28:33 -0800] conn=18735 op=1 fd=77 closed - U1 [18/Jan/2016:09:28:34 -0800] conn=14994 op=9147 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:34 -0800] conn=14994 op=9147 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:34 -0800] conn=14994 op=9148 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:34 -0800] conn=17562 op=144451 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:34 -0800] conn=17562 op=144451 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:34 -0800] conn=14994 op=9148 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:36 -0800] conn=18520 op=5 UNBIND -----Original Message----- From: Petr Vobornik [mailto:pvoborni at redhat.com] Sent: January-18-16 10:30 AM To: Nathan Peters; Rob Crittenden; freeipa-users at redhat.com Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists On 01/18/2016 07:10 PM, Nathan Peters wrote: > This is FreeIPA 4.3.0. There is no master generating the prepare file (unless its still handled in the background invisibly to the user). Right. But the replica installer picks some server as a master. Ipa-replica-install is run directly from an unjoined client (or joined client, I have tried both). > > However, after tracking the logs of all 3 existing IPA servers during the attempted installation, the CA master appears to be the one doing something. Here are the logs for that time period. Note that there is no "err=68" anywhere in here: Are all 3 existing server functioning well, e.g with working replication? Could you check `ipa server-find` if there is no left-over server - e.g. failed installation. Could be check also in `ipa-replica-manage list` if there is some leftover, please remove it with `ipa-replica-manage del $FQDN` command. Wrt the logs. I did not meant that but Rob was right. The installer tries to update "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" entry on both master and the replica. If the entry does not exist, the installer also creates it. On replica it behaves correctly: [18/Jan/2016:09:28:32 -0800] conn=2 op=8 SRCH base="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:32 -0800] conn=2 op=8 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:32 -0800] conn=2 op=9 MOD dn="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" [18/Jan/2016:09:28:32 -0800] conn=2 op=9 RESULT err=0 tag=103 nentries=0 etime=0 It would be good to see the same log from a master which it tries to use in installation. - In 4.3 the server is picked automatically. I don't see any searches for "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" in the logs below which makes me wonder, what server the installer tries to use as a master. Could be find out, e.g. by: $ cat /var/log/ipareplica-install.log | grep "Forwarding 'service_add'" -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project From Nathan.Peters at globalrelay.net Mon Jan 18 20:55:28 2016 From: Nathan.Peters at globalrelay.net (Nathan Peters) Date: Mon, 18 Jan 2016 20:55:28 +0000 Subject: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists In-Reply-To: References: <569CB899.9040603@redhat.com> <569CCB5D.8040400@redhat.com> <569D27C4.10602@redhat.com> <569D2F2F.6080806@redhat.com> Message-ID: Another follow-up : dirsrv logs get really strange when I attempt to add that cleanruv task. It apears the message logged to console that the task already exists is totally lying ? o.O So the actual error is that it cannot modify a task because it does not exist? Why does it not exist ? According to the docs here : http://directory.fedoraproject.org/docs/389ds/FAQ/troubleshoot-cleanallruv.html It should always exist? There is no 'changetype : modify' in that ldap syntax... [18/Jan/2016:12:36:56 -0800] - ldbm_back_seq deadlock retry BAD 1601, err=0 BDB0062 Successful return: 0 [18/Jan/2016:12:39:56 -0800] - WARNING: can't modify task entry 'cn=clean 14,cn=cleanallruv,cn=tasks,cn=config'; No such object (32) [18/Jan/2016:12:39:58 -0800] - WARNING: can't modify task entry 'cn=clean 14,cn=cleanallruv,cn=tasks,cn=config'; No such object (32) [18/Jan/2016:12:40:00 -0800] - WARNING: can't modify task entry 'cn=clean 14,cn=cleanallruv,cn=tasks,cn=config'; No such object (32) [18/Jan/2016:12:40:00 -0800] NSMMReplicationPlugin - CleanAllRUV Task (rid 14): Replica id (14) is already being cleaned [18/Jan/2016:12:40:02 -0800] - WARNING: can't modify task entry 'cn=clean 14,cn=cleanallruv,cn=tasks,cn=config'; No such object (32) [18/Jan/2016:12:40:04 -0800] - WARNING: can't modify task entry 'cn=clean 14,cn=cleanallruv,cn=tasks,cn=config'; No such object (32) [18/Jan/2016:12:40:06 -0800] - WARNING: can't modify task entry 'cn=clean 14,cn=cleanallruv,cn=tasks,cn=config'; No such object (32) [18/Jan/2016:12:40:06 -0800] NSMMReplicationPlugin - CleanAllRUV Task (rid 14): Task failed...(-1) [18/Jan/2016:12:40:08 -0800] - WARNING: can't modify task entry 'cn=clean 14,cn=cleanallruv,cn=tasks,cn=config'; No such object (32) [18/Jan/2016:12:40:08 -0800] - WARNING: can't find task entry 'cn=clean 14,cn=cleanallruv,cn=tasks,cn=config' [18/Jan/2016:12:40:08 -0800] ipa_sidgen_add_post_op - [file ipa_sidgen.c, line 128]: Missing target entry. -----Original Message----- From: Nathan Peters Sent: January-18-16 12:13 PM To: Nathan Peters; Petr Vobornik; Rob Crittenden; freeipa-users at redhat.com Subject: RE: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists Follow-up : After finding the ghost ruvs below I tried to clean them. Apparently they are already being cleaned by some task that is clearly not working ... ==== attempts to clean ruv 14 ==== [[root at dc2-ipa-dev-nvan slapd-MYDOMAIN-NET]# ldapmodify -D "cn=directory manager" -W -a Enter LDAP Password: dn: cn=clean 14, cn=cleanallruv, cn=tasks, cn=config objectclass: top objectclass: extensibleObject replica-base-dn: cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config replica-id: 14 replica-force-cleaning: yes cn: clean 14 adding new entry "cn=clean 14, cn=cleanallruv, cn=tasks, cn=config" ldap_add: Server is unwilling to perform (53) additional info: Replica id (14) is already being cleaned [root at dc2-ipa-dev-nvan slapd-MYDOMAIN-NET]# ldapmodify -x -D "cn=directory manager" -W < dn: cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config > changetype: modify > replace: nsds5task > nsds5task: CLEANRUV14 > EOF Enter LDAP Password: modifying entry "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" This one adds the entry properly (I think - I have no idea how to check if one exists), but does not actually clean the ruv. -----Original Message----- From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Nathan Peters Sent: January-18-16 11:44 AM To: Petr Vobornik; Rob Crittenden; freeipa-users at redhat.com Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists Answers to questions : 1) All 3 servers are working fine. Error logs show only the expected replication keepalive entries and no other entries for the last 24 hours. Replication works. 2) ipa server-find output is identical on all 3 servers : [root at dc1-ipa-dev-nvan slapd-DEV-GLOBALRELAY-NET]# ipa server-find --------------------- 3 IPA servers matched --------------------- Server name: dc1-ipa-dev-nvan.dev-globalrelay.net Managed suffixes: domain, ca Min domain level: 0 Max domain level: 1 Server name: dc1-ipa-dev-van.dev-globalrelay.net Managed suffixes: domain, ca Min domain level: 0 Max domain level: 1 Server name: dc2-ipa-dev-nvan.dev-globalrelay.net Managed suffixes: domain, ca Min domain level: 0 Max domain level: 1 ---------------------------- Number of entries returned 3 ---------------------------- 3)ipa-replica-manage list is the same on all 3 servers : [root at dc1-ipa-dev-van slapd-DEV-GLOBALRELAY-NET]# ipa-replica-manage list dc2-ipa-dev-nvan.dev-globalrelay.net: master dc1-ipa-dev-nvan.dev-globalrelay.net: master dc1-ipa-dev-van.dev-globalrelay.net: master 3.5)I actually tried running the remove command anyway in case there were any type of lingering records and it came back with nothing found : [root at dc2-ipa-dev-nvan slapd-DEV-GLOBALRELAY-NET]# ipa-replica-manage del dc2-ipa-dev-van.dev-globalrelay.net dc2-ipa-dev-van.dev-globalrelay.net is not listed among IPA masters. Please specify an actual server or add the --cleanup option to force clean up. [root at dc2-ipa-dev-nvan slapd-DEV-GLOBALRELAY-NET]# ipa-replica-manage del dc2-ipa-dev-van.dev-globalrelay.net --cleanup Checking connectivity in topology suffix 'ca' 'dc2-ipa-dev-van.dev-globalrelay.net' is not a part of topology suffix 'ca' Not checking connectivity Checking connectivity in topology suffix 'domain' 'dc2-ipa-dev-van.dev-globalrelay.net' is not a part of topology suffix 'domain' Not checking connectivity No RUV records found. 4) The command revealed it went to a different master than I thought. It was not the CA master, but a differnet one. [root at dc2-ipa-dev-van slapd-DEV-GLOBALRELAY-NET]# cat /var/log/ipareplica-install.log | grep "Forwarding 'service_add'" 2016-01-18T17:28:22Z INFO Forwarding 'service_add' to json server 'https://dc2-ipa-dev-nvan.dev-globalrelay.net/ipa/json' For some reason, when I was monitoring the logs, nothing had been logged on the dc2-ipa-dev-nvan in the dirsrv log but it must have been buffering to disk, because when I checked the logs 5 minutes later, all the data was there. You can actually see the err=68 here : [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 ADD dn="cn=replica,cn=dc\3Ddev-globalrelay\2Cdc\3Dnet,cn=mapping tree,cn=config" [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 RESULT err=68 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:33 -0800] conn=18732 op=11 UNBIND I'm not sure why it would fail that call though... Here are the ldapsearch for that cn=replica branch performed on the master it was joining to, as well as the complete logs from that master with the err=68 in it. I'm not sure if this has anything to do with it, but inside the replica branch are already 2 sub branches for replication agreements. These agreements have what appears to be old ruvs for the server I am trying to join, however, because the ipa-replica-install clean-ruv command only applies to domain level 0, I cannot clean those ruvs... I also cannot lower my domain level back down to 0 so I can clean them. [root at dc2-ipa-dev-nvan slapd-DEV-GLOBALRELAY-NET]# ipa-replica-manage clean-ruv 14 No RUV records found. ==== LDAP SEARCH OF SECTION OF TREE THAT ADD FAILS ON ===== [root at dc2-ipa-dev-nvan slapd-MYDOMAIN-NET]# ldapsearch -D "cn=directory manager" -W -b "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" Enter LDAP Password: # extended LDIF # # LDAPv3 # base with scope subtree # filter: (objectclass=*) # requesting: ALL # # replica, dc\3Dmydomain\2Cdc\3Dnet, mapping tree, config dn: cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config cn: replica nsDS5Flags: 1 nsDS5ReplicaBindDN: cn=replication manager,cn=config nsDS5ReplicaBindDN: krbprincipalname=ldap/dc1-ipa-dev-nvan.mydomain.net @MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net nsDS5ReplicaBindDN: krbprincipalname=ldap/dc1-ipa-dev-van.mydomain.net@ MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net nsDS5ReplicaId: 15 nsDS5ReplicaName: 74d8b993-bcb911e5-ba5283c7-2a40cd64 nsDS5ReplicaRoot: dc=mydomain,dc=net nsDS5ReplicaType: 3 nsState:: DwAAAAAAAAC/OZ1WAAAAAAAAAAAAAAAAbAEAAAAAAAAAAAAAAAAAAA== nsds5ReplicaLegacyConsumer: off nsds5replicabinddngroup: cn=replication managers,cn=sysaccounts,cn=etc,dc=mydomain,dc=net nsds5replicabinddngroupcheckinterval: 60 objectClass: nsds5replica objectClass: top objectClass: extensibleobject nsds5ReplicaChangeCount: 37386 nsds5replicareapactive: 0 # meTodc1-ipa-dev-nvan.mydomain.net, replica, dc\3Dmydomain\2Cdc\ 3Dnet, mapping tree, config dn: cn=meTodc1-ipa-dev-nvan.mydomain.net,cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config cn: meTodc1-ipa-dev-nvan.mydomain.net description: me to dc1-ipa-dev-nvan.mydomain.net nsDS5ReplicaBindMethod: SASL/GSSAPI nsDS5ReplicaHost: dc1-ipa-dev-nvan.mydomain.net nsDS5ReplicaPort: 389 nsDS5ReplicaRoot: dc=mydomain,dc=net nsDS5ReplicaTransportInfo: LDAP nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts uccessfulauth krblastfailedauth krbloginfailedcount nsds50ruv: {replicageneration} 553fe9bb000000040000 nsds50ruv: {replica 16 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 569afd 26000000100000 569b9201002200100000 nsds50ruv: {replica 17 ldap://dc1-ipa-dev-van.mydomain.net:389} 569b124 b000000110000 569b91af000d00110000 nsds50ruv: {replica 15 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 569aee 040000000f0000 569b92010002000f0000 nsds50ruv: {replica 14 ldap://dc2-ipa-dev-van.mydomain.net:389} 569ae7b b0000000e0000 569b91320014000e0000 nsds5ReplicaEnabled: on nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in ternalModifyTimestamp nsds5replicaTimeout: 120 nsruvReplicaLastModified: {replica 16 ldap://dc1-ipa-dev-nvan.mydomain. net:389} 00000000 nsruvReplicaLastModified: {replica 17 ldap://dc1-ipa-dev-van.mydomain.n et:389} 00000000 nsruvReplicaLastModified: {replica 15 ldap://dc2-ipa-dev-nvan.mydomain. net:389} 00000000 nsruvReplicaLastModified: {replica 14 ldap://dc2-ipa-dev-van.mydomain.n et:389} 00000000 objectClass: nsds5replicationagreement objectClass: top objectClass: ipaReplTopoManagedAgreement ipaReplTopoManagedAgreementState: managed agreement - controlled by topology p lugin nsds5replicareapactive: 0 nsds5replicaLastUpdateStart: 20160118191523Z nsds5replicaLastUpdateEnd: 20160118191523Z nsds5replicaChangesSentSinceStartup:: MTU6Mjc0LzgyNzY5NiAxNDoxLzAgMTc6MTQvMCAx NjoyLzAg nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd ate succeeded nsds5replicaUpdateInProgress: FALSE nsds5replicaLastInitStart: 19700101000000Z nsds5replicaLastInitEnd: 19700101000000Z # meTodc1-ipa-dev-van.mydomain.net, replica, dc\3Dmydomain\2Cdc\3 Dnet, mapping tree, config dn: cn=meTodc1-ipa-dev-van.mydomain.net,cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config cn: meTodc1-ipa-dev-van.mydomain.net description: me to dc1-ipa-dev-van.mydomain.net nsDS5ReplicaBindMethod: SASL/GSSAPI nsDS5ReplicaHost: dc1-ipa-dev-van.mydomain.net nsDS5ReplicaPort: 389 nsDS5ReplicaRoot: dc=mydomain,dc=net nsDS5ReplicaTransportInfo: LDAP nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts uccessfulauth krblastfailedauth krbloginfailedcount nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in ternalModifyTimestamp nsds5replicaTimeout: 120 objectClass: nsds5replicationagreement objectClass: top objectClass: ipaReplTopoManagedAgreement ipaReplTopoManagedAgreementState: managed agreement - controlled by topology p lugin nsds50ruv: {replicageneration} 553fe9bb000000040000 nsds50ruv: {replica 17 ldap://dc1-ipa-dev-van.mydomain.net:389} 569b124 b000000110000 569b9201000500110000 nsds50ruv: {replica 16 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 569afd 26000000100000 569b918d004a00100000 nsds50ruv: {replica 15 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 569aee 040000000f0000 569b92010002000f0000 nsds50ruv: {replica 14 ldap://dc2-ipa-dev-van.mydomain.net:389} 569ae7b b0000000e0000 569b91320014000e0000 nsruvReplicaLastModified: {replica 17 ldap://dc1-ipa-dev-van.mydomain.n et:389} 00000000 nsruvReplicaLastModified: {replica 16 ldap://dc1-ipa-dev-nvan.mydomain. net:389} 00000000 nsruvReplicaLastModified: {replica 15 ldap://dc2-ipa-dev-nvan.mydomain. net:389} 00000000 nsruvReplicaLastModified: {replica 14 ldap://dc2-ipa-dev-van.mydomain.n et:389} 00000000 nsds5replicareapactive: 0 nsds5replicaLastUpdateStart: 20160118191523Z nsds5replicaLastUpdateEnd: 20160118191523Z nsds5replicaChangesSentSinceStartup:: MTU6MzY2LzE0MTg1NjkgMTY6OTYvMCAxNzoyLzAg nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd ate succeeded nsds5replicaUpdateInProgress: FALSE nsds5replicaLastInitStart: 19700101000000Z nsds5replicaLastInitEnd: 19700101000000Z # search result search: 2 result: 0 Success # numResponses: 4 # numEntries: 3 ===== LOGS FROM MASTER DURING REPLICA INSTALLATION ATTEMPT ==== [18/Jan/2016:09:27:54 -0800] conn=18695 fd=144 slot=144 connection from 10.21.0.98 to 10.178.0.98 [18/Jan/2016:09:27:54 -0800] conn=18695 op=0 BIND dn="" method=128 version=3 [18/Jan/2016:09:27:54 -0800] conn=18695 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="" [18/Jan/2016:09:27:54 -0800] conn=18695 op=1 SRCH base="" scope=0 filter="(objectClass=*)" attrs="namingContexts defaultnamingcontext" [18/Jan/2016:09:27:54 -0800] conn=18695 op=1 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=18695 op=2 SRCH base="dc=mydomain,dc=net" scope=0 filter="(info=IPA*)" attrs=ALL [18/Jan/2016:09:27:54 -0800] conn=18695 op=2 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=18695 op=3 SRCH base="cn=kerberos,dc=mydomain,dc=net" scope=2 filter="(objectClass=krbRealmContainer)" attrs=ALL [18/Jan/2016:09:27:54 -0800] conn=18695 op=3 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=14994 op=9086 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:27:54 -0800] conn=14994 op=9086 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:54 -0800] conn=14994 op=9087 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:27:54 -0800] conn=14994 op=9087 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:54 -0800] conn=14994 op=9088 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:27:54 -0800] conn=14994 op=9088 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:54 -0800] conn=14994 op=9089 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:27:54 -0800] conn=14994 op=9089 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:54 -0800] conn=7 op=36490 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:54 -0800] conn=7 op=36490 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=7 op=36491 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:54 -0800] conn=7 op=36491 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=7 op=36492 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:54 -0800] conn=7 op=36492 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=7 op=36493 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:27:54 -0800] conn=7 op=36493 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=6 op=38858 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:54 -0800] conn=6 op=38858 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=6 op=38859 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:54 -0800] conn=6 op=38859 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=6 op=38860 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:54 -0800] conn=6 op=38860 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=6 op=38861 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:27:54 -0800] conn=6 op=38861 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=6 op=38862 SRCH base="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:27:54 -0800] conn=6 op=38862 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=6 op=38863 MOD dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:54 -0800] conn=6 op=38863 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22060000000f0000 [18/Jan/2016:09:27:54 -0800] conn=18696 fd=145 slot=145 connection from 10.21.0.98 to 10.178.0.98 [18/Jan/2016:09:27:54 -0800] conn=6 op=38864 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:54 -0800] conn=6 op=38864 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=6 op=38865 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:54 -0800] conn=6 op=38865 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=6 op=38866 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:54 -0800] conn=6 op=38866 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=6 op=38867 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:54 -0800] conn=6 op=38867 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=6 op=38868 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:54 -0800] conn=6 op=38868 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=18696 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:54 -0800] conn=18696 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:54 -0800] conn=18696 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:54 -0800] conn=18696 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:54 -0800] conn=18696 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:54 -0800] conn=18696 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:54 -0800] conn=18696 op=3 SRCH base="cn=certificates,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaCertificate)(objectClass=pkiCA))" attrs="ipaKeyExtUsage cn ipaCertSubject ipaPublicKey cacertificate;binary ipaKeyTrust ipaCertIssuerSerial" [18/Jan/2016:09:27:54 -0800] conn=18696 op=3 RESULT err=0 tag=101 nentries=2 etime=0 [18/Jan/2016:09:27:54 -0800] conn=18696 op=4 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" [18/Jan/2016:09:27:54 -0800] conn=18696 op=4 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=18696 op=5 UNBIND [18/Jan/2016:09:27:54 -0800] conn=18696 op=5 fd=145 closed - U1 [18/Jan/2016:09:27:54 -0800] conn=6 op=38869 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:54 -0800] conn=6 op=38869 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=6 op=38870 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:54 -0800] conn=6 op=38870 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=6 op=38871 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:54 -0800] conn=6 op=38871 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=6 op=38872 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:54 -0800] conn=6 op=38872 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=6 op=38873 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:54 -0800] conn=6 op=38873 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:54 -0800] conn=3 op=82445 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:54 -0800] conn=3 op=82446 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:54 -0800] conn=3 op=82445 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=3 op=82447 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:55 -0800] conn=3 op=82446 RESULT err=0 tag=101 nentries=1 etime=1 [18/Jan/2016:09:27:55 -0800] conn=3 op=82447 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=3 op=82448 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:55 -0800] conn=3 op=82448 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=13 op=56316 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:55 -0800] conn=13 op=56316 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=13 op=56317 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:55 -0800] conn=13 op=56317 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=13 op=56318 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:55 -0800] conn=13 op=56318 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=13 op=56319 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:27:55 -0800] conn=13 op=56319 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=7 op=36494 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:55 -0800] conn=7 op=36494 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=18697 fd=145 slot=145 connection from 10.21.5.248 to 10.178.0.98 [18/Jan/2016:09:27:55 -0800] conn=18697 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [18/Jan/2016:09:27:55 -0800] conn=18697 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=7 op=36495 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:55 -0800] conn=7 op=36495 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=7 op=36496 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:55 -0800] conn=7 op=36496 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=7 op=36497 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:27:55 -0800] conn=7 op=36497 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=7 op=36498 SRCH base="cn=ad,cn=trusts,dc=mydomain,dc=net" scope=2 filter="(objectClass=ipaNTTrustedDomain)" attrs=ALL [18/Jan/2016:09:27:55 -0800] conn=7 op=36499 SRCH base="dc=mydomain,dc=net" scope=2 filter="(objectClass=ipaNTDomainAttrs)" attrs="ipaNTFlatName ipaNTFallbackPrimaryGroup ipaNTSecurityIdentifier" [18/Jan/2016:09:27:55 -0800] conn=7 op=36498 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:55 -0800] conn=7 op=36499 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=7 op=36500 SRCH base="cn=Default SMB Group,cn=groups,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=posixGroup)" attrs="ipaNTSecurityIdentifier" [18/Jan/2016:09:27:55 -0800] conn=7 op=36501 SRCH base="cn=ad,cn=trusts,dc=mydomain,dc=net" scope=2 filter="(objectClass=ipaNTTrustedDomain)" attrs="cn ipaNTTrustPartner ipaNTFlatName ipaNTTrustedDomainSID ipaNTSIDBlacklistIncoming ipaNTSIDBlacklistOutgoing" [18/Jan/2016:09:27:55 -0800] conn=7 op=36500 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=7 op=36501 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:55 -0800] conn=7 op=36502 SRCH base="krbprincipalname=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:27:55 -0800] conn=7 op=36502 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=7 op=36503 SRCH base="cn=dc2-ipa-dev-nvan.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:27:55 -0800] conn=7 op=36503 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=7 op=36504 MOD dn="krbprincipalname=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:55 -0800] conn=7 op=36504 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22070000000f0000 [18/Jan/2016:09:27:55 -0800] conn=3 op=82449 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/fe1-gas-gasqa3-van.login.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/fe1-gas-gasqa3-van.login.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:55 -0800] conn=18698 fd=278 slot=278 connection from 10.178.0.98 to 10.178.0.98 [18/Jan/2016:09:27:55 -0800] conn=13 op=56320 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:55 -0800] conn=3 op=82449 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=3 op=82450 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:55 -0800] conn=3 op=82450 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=3 op=82451 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:55 -0800] conn=13 op=56320 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=13 op=56321 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:55 -0800] conn=3 op=82451 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=3 op=82452 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:27:55 -0800] conn=3 op=82452 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=13 op=56321 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=13 op=56322 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:55 -0800] conn=13 op=56322 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=13 op=56323 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:55 -0800] conn=6 op=38874 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/fe1-gas-gasqa3-van.login.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/fe1-gas-gasqa3-van.login.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:55 -0800] conn=13 op=56323 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=13 op=56324 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:55 -0800] conn=13 op=56324 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=18698 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:55 -0800] conn=6 op=38874 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=6 op=38875 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:55 -0800] conn=6 op=38875 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=6 op=38876 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:55 -0800] conn=18698 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:55 -0800] conn=18698 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:55 -0800] conn=18698 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:55 -0800] conn=18698 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:55 -0800] conn=6 op=38876 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=6 op=38877 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:27:55 -0800] conn=6 op=38877 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=18698 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:55 -0800] conn=6 op=38878 SRCH base="fqdn=fe1-gas-gasqa3-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:27:55 -0800] conn=6 op=38878 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=18698 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:27:55 -0800] conn=6 op=38879 SRCH base="cn=fe1-gas-gasqa3-van.login.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:27:55 -0800] conn=6 op=38879 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:55 -0800] conn=6 op=38880 MOD dn="fqdn=fe1-gas-gasqa3-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:55 -0800] conn=18698 op=3 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=18698 op=4 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" [18/Jan/2016:09:27:55 -0800] conn=18698 op=4 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:55 -0800] conn=18698 op=5 SRCH base="cn=computers,cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=ipaobject)(objectClass=nshost)(objectClass=ipahost)(objectClass=pkiuser)(objectClass=ipaservice))(serverHostName=dc2-ipa-dev-van.mydomain.net))" attrs="" [18/Jan/2016:09:27:55 -0800] conn=18698 op=5 RESULT err=0 tag=101 nentries=0 etime=0 notes=U [18/Jan/2016:09:27:55 -0800] conn=18698 op=6 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="macAddress memberofindirect description nsHardwarePlatform userCertificate ipaAllowedToPerform * l nsOsVersion fqdn managedBy ipaAssignedIDView memberOf krbPrincipalName nsHostLocation userClass aci" [18/Jan/2016:09:27:55 -0800] conn=18698 op=6 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:55 -0800] conn=18698 op=7 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" [18/Jan/2016:09:27:55 -0800] conn=18698 op=7 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:55 -0800] conn=18698 op=8 SRCH base="cn=computers,cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=ipaobject)(objectClass=nshost)(objectClass=ipahost)(objectClass=pkiuser)(objectClass=ipaservice))(serverHostName=dc2-ipa-dev-van.mydomain.net))" attrs="" [18/Jan/2016:09:27:55 -0800] conn=18698 op=8 RESULT err=0 tag=101 nentries=0 etime=0 notes=U [18/Jan/2016:09:27:55 -0800] conn=18698 op=9 ADD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:55 -0800] conn=6 op=38880 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22070004000f0000 [18/Jan/2016:09:27:55 -0800] conn=6 op=38881 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:55 -0800] conn=18698 op=9 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d22070008000f0000 [18/Jan/2016:09:27:55 -0800] conn=6 op=38881 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=6 op=38882 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:55 -0800] conn=18698 op=10 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="macAddress memberOf description nsHardwarePlatform objectClass ipaAllowedToPerform memberofindirect l nsOsVersion fqdn managedBy ipaAssignedIDView ipaUniqueID userCertificate krbPrincipalName nsHostLocation userClass" [18/Jan/2016:09:27:55 -0800] conn=18698 op=10 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=18698 op=11 SRCH base="dc=mydomain,dc=net" scope=2 filter="(|(member=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberUser=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberHost=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net))" attrs="" [18/Jan/2016:09:27:55 -0800] conn=18698 op=11 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:55 -0800] conn=18698 op=12 SRCH base="cn=dns,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:27:55 -0800] conn=18698 op=12 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=6 op=38882 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=6 op=38883 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:55 -0800] conn=6 op=38883 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=18698 op=13 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(userPassword=*)" attrs="userPassword" [18/Jan/2016:09:27:55 -0800] conn=18698 op=13 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:55 -0800] conn=6 op=38884 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/fe1-gas-gasqa3-van.login.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:55 -0800] conn=6 op=38884 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=18698 op=14 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(krbPrincipalKey=*)" attrs="krbPrincipalKey" [18/Jan/2016:09:27:55 -0800] conn=18698 op=14 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:55 -0800] conn=6 op=38885 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:55 -0800] conn=6 op=38885 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=18698 op=15 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaSshPubKey" [18/Jan/2016:09:27:55 -0800] conn=18698 op=15 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=18698 op=16 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaDefaultLoginShell ipaCertificateSubjectBase ipaUserSearchFields ipaSELinuxUserMapDefault ipaUserAuthType ipaDefaultPrimaryGroup ipaPwdExpAdvNotify ipaGroupSearchFields ipaDefaultEmailDomain ipaHomesRootDir ipaSearchTimeLimit ipaKrbAuthzData ipaMigrationEnabled ipaSearchRecordsLimit ipaConfigString ipaMaxUsernameLength ipaSELinuxUserMapOrder" [18/Jan/2016:09:27:55 -0800] conn=18698 op=16 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=14994 op=9090 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:27:55 -0800] conn=14994 op=9090 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:55 -0800] conn=18697 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:55 -0800] conn=18697 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:55 -0800] conn=14994 op=9091 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:27:55 -0800] conn=14994 op=9091 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:55 -0800] conn=18698 op=17 UNBIND [18/Jan/2016:09:27:55 -0800] conn=18698 op=17 fd=278 closed - U1 [18/Jan/2016:09:27:55 -0800] conn=18697 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:55 -0800] conn=18697 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:55 -0800] conn=17562 op=144064 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:27:55 -0800] conn=17562 op=144064 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:55 -0800] conn=18697 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:55 -0800] conn=18697 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=fe1-gas-gasqa3-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:55 -0800] conn=17562 op=144065 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:55 -0800] conn=18697 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2842)(!(entryusn=2842)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=fe1-gas-gasqa3-van.login.mydomain.net)(sudoHost=fe1-gas-gasqa3-van)(sudoHost=10.21.5.248)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:640b)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" [18/Jan/2016:09:27:55 -0800] conn=18697 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 [18/Jan/2016:09:27:55 -0800] conn=17562 op=144065 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7ac1000b00110000 [18/Jan/2016:09:27:55 -0800] conn=18699 fd=278 slot=278 connection from 10.21.0.98 to 10.178.0.98 [18/Jan/2016:09:27:55 -0800] conn=18699 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:55 -0800] conn=18699 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:55 -0800] conn=18699 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:55 -0800] conn=18699 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:55 -0800] conn=18699 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:55 -0800] conn=18699 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:55 -0800] conn=18699 op=3 EXT oid="2.16.840.1.113730.3.8.10.5" name="IPA Password Manager" [18/Jan/2016:09:27:55 -0800] conn=18699 op=3 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:55 -0800] conn=18699 op=4 UNBIND [18/Jan/2016:09:27:55 -0800] conn=18699 op=4 fd=278 closed - U1 [18/Jan/2016:09:27:55 -0800] conn=3 op=82453 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:55 -0800] conn=3 op=82453 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=3 op=82454 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:55 -0800] conn=3 op=82454 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=3 op=82455 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:55 -0800] conn=3 op=82455 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=3 op=82456 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:27:55 -0800] conn=3 op=82456 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=3 op=82457 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:55 -0800] conn=3 op=82457 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=3 op=82458 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:55 -0800] conn=3 op=82458 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=3 op=82459 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:55 -0800] conn=3 op=82459 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=3 op=82460 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:27:55 -0800] conn=3 op=82460 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=3 op=82461 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:27:55 -0800] conn=3 op=82461 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:55 -0800] conn=3 op=82462 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:27:55 -0800] conn=3 op=82462 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:55 -0800] conn=3 op=82463 MOD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:55 -0800] conn=3 op=82463 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22070012000f0000 [18/Jan/2016:09:27:55 -0800] conn=18695 op=4 UNBIND [18/Jan/2016:09:27:55 -0800] conn=18695 op=4 fd=144 closed - U1 [18/Jan/2016:09:27:56 -0800] conn=18683 op=7 UNBIND [18/Jan/2016:09:27:56 -0800] conn=18683 op=7 fd=277 closed - U1 [18/Jan/2016:09:27:56 -0800] conn=14994 op=9092 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:27:56 -0800] conn=14994 op=9092 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144066 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144066 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7c09001b00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144067 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144067 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7c09001c00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144068 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144068 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7da4000500110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144069 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144069 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7da4000600110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144070 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144070 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7ec8000e00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144071 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144071 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c804f000600110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144072 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144072 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c804f000700110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144073 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144073 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8169001900110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144074 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144074 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8169001a00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144075 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144075 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c82c6000600110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144076 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144076 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8416000800110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144077 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144077 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8416000900110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144078 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144078 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c854a000700110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144079 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144079 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c854a000800110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144080 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144080 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8696002500110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144081 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144081 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8696002600110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144082 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144082 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8833000d00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144083 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144083 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8833000e00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144084 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144084 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8964000f00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144085 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144085 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8ae4000600110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144086 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144086 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8c17000900110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144087 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144087 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8d72000500110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144088 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144088 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8ece000a00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144089 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144089 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9023001800110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144090 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144090 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9023001900110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144091 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144091 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9192001400110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144092 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144092 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9192001500110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144093 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144093 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c92e8000400110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144094 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144094 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9463000500110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144095 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144095 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c95c0000500110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144096 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144096 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c95c0000600110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144097 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144097 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c96de001100110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144098 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144098 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c989b000a00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144099 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144099 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c989b000b00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144100 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144100 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c99d4000c00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144101 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144101 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c99d4000d00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144102 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144102 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9b07000a00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144103 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144103 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9ca8000800110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144104 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144104 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9ca8000900110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144105 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144105 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9dca001500110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144106 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144106 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9f15001e00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144107 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144107 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9f15001f00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144108 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144108 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca0bf000a00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144109 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144109 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca0bf000b00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144110 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144110 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca21a000d00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144111 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144111 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca3a6001a00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144112 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144112 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca3a6001b00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144113 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144113 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca4f9000200110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144114 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144114 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca638001a00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144115 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144115 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca638001b00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144116 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144116 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca7b4000c00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144117 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144117 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca7b4000d00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144118 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144118 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca922000d00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144119 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144119 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca922000e00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144120 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144120 RESULT err=32 tag=103 nentries=0 etime=0 csn=569caa84000a00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144121 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144121 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cabf6000d00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144122 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144122 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cabf6000e00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144123 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144123 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cad23000800110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144124 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144124 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cae86001100110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144125 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144125 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cae86001200110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144126 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144126 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb02b000e00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144127 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144127 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb02b000f00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144128 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144128 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb19e000600110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144129 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144129 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb302000800110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144130 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144130 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb463000400110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144131 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144131 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb5b6002300110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144132 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144132 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb733000d00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144133 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144133 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb733000e00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144134 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144134 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb8a4000600110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144135 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144135 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cba11000900110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144136 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144136 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cba11000a00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144137 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144137 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbb52001a00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144138 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144138 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbcc4001c00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144139 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144139 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbcc4001d00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144140 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144140 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbe3a000f00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144141 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144141 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbfa9000500110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144142 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144142 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc10e001000110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144143 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144143 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc10e001100110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144144 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144144 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc240001e00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144145 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144145 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc3a0001000110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144146 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144146 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc3a0001100110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144147 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144147 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc543000d00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144148 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144148 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc6a5000f00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144149 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144149 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc6a5001000110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144150 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144150 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc80d001000110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144151 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144151 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc943000800110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144152 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144152 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cca94000e00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144153 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144153 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccc35001000110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144154 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144154 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccc35001100110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144155 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144155 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccd8a000600110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144156 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144156 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccec0000c00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144157 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144157 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccec0000d00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144158 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144158 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd040000700110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144159 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144159 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd040000800110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144160 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144160 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd185001200110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144161 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144161 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd33d000700110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144162 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144162 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd493000400110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144163 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144163 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd5ed000d00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144164 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144164 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd749000900110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144165 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144165 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd893000500110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144166 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144166 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cda30001600110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144167 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144167 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cda30001700110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144168 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144168 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdb92000a00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144169 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144169 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdcdc000500110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144170 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144170 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cde51000a00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144171 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144171 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdfab000f00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144172 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144172 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce157000700110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144173 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144173 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce2f5001000110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144174 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144174 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce2f5001100110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144175 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144175 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce42d000900110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144176 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144176 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce585000f00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144177 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144177 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce6cf003500110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144178 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144178 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce6cf003600110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144179 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144179 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce860000900110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144180 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144180 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce9ce000900110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144181 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144181 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ceaf9002400110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144182 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144182 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cec51002100110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144183 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144183 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cedb6000900110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144184 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144184 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cedb6000a00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144185 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144185 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cef2a000500110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144186 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144186 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf0af000800110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144187 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144187 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf1cc000c00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144188 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144188 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf1cc000d00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144189 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144189 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf359002000110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144190 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144190 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf4b4000700110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144191 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144191 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf4b4000800110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144192 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144192 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf625000a00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144193 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144193 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf625000b00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144194 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144194 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf7ba000500110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144195 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144195 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf8d4000a00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144196 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144196 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfa64001d00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144197 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144197 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfbb2000800110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144198 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144198 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfd39000700110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144199 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144199 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfed1000a00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144200 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144200 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cffea001000110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144201 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144201 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d018b000600110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144202 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144202 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d02cf001c00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144203 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144203 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d02cf001d00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144204 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144204 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0489001300110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144205 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144205 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d061e000a00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144206 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144206 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0792000200110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144207 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144207 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d092f001500110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144208 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144208 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d092f001600110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144209 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144209 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0a69000800110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144210 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144210 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0c05001200110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144211 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144211 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0d5b001600110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144212 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144212 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0f13000f00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144213 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144213 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0f13001000110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144214 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144214 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1087000b00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144215 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144215 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d121d000500110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144216 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144216 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d13a4001200110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144217 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144217 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d14d5000500110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144218 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144218 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1693000300110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144219 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144219 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d17c4000c00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144220 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144220 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d17c4000d00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144221 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144221 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d194d000900110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144222 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144222 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1add000400110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144223 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144223 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1bef000500110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144224 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144224 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1d9b000500110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144225 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144225 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1edb000900110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144226 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144226 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d206f000600110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144227 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144227 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d21f1000a00110000 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144228 MOD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144228 RESULT err=0 tag=103 nentries=0 etime=0 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144229 MOD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144229 RESULT err=0 tag=103 nentries=0 etime=0 [18/Jan/2016:09:27:57 -0800] conn=18700 fd=144 slot=144 connection from 10.178.0.98 to 10.178.0.98 [18/Jan/2016:09:27:57 -0800] conn=3 op=82464 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:57 -0800] conn=3 op=82464 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82465 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:57 -0800] conn=3 op=82465 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82466 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:57 -0800] conn=3 op=82466 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82467 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:57 -0800] conn=3 op=82467 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82468 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:57 -0800] conn=3 op=82468 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82469 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" [18/Jan/2016:09:27:57 -0800] conn=3 op=82469 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82470 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:57 -0800] conn=3 op=82470 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82471 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:57 -0800] conn=3 op=82471 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82472 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:27:57 -0800] conn=3 op=82472 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82473 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:27:57 -0800] conn=3 op=82473 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:57 -0800] conn=18700 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:57 -0800] conn=18700 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:57 -0800] conn=18700 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:57 -0800] conn=18700 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:57 -0800] conn=18700 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:57 -0800] conn=18700 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=18700 op=3 UNBIND [18/Jan/2016:09:27:57 -0800] conn=18700 op=3 fd=144 closed - U1 [18/Jan/2016:09:27:57 -0800] conn=18701 fd=144 slot=144 connection from 10.178.0.98 to 10.178.0.98 [18/Jan/2016:09:27:57 -0800] conn=3 op=82474 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:57 -0800] conn=3 op=82474 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82475 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:57 -0800] conn=3 op=82475 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82476 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:57 -0800] conn=3 op=82476 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82477 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:57 -0800] conn=3 op=82477 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82478 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:57 -0800] conn=3 op=82478 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82479 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" [18/Jan/2016:09:27:57 -0800] conn=3 op=82479 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82480 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:57 -0800] conn=3 op=82480 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82481 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:57 -0800] conn=3 op=82481 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82482 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:27:57 -0800] conn=3 op=82482 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82483 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:27:57 -0800] conn=3 op=82483 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:57 -0800] conn=18701 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:57 -0800] conn=18701 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:57 -0800] conn=18701 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:57 -0800] conn=18701 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:57 -0800] conn=18701 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:57 -0800] conn=18701 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=18701 op=3 UNBIND [18/Jan/2016:09:27:57 -0800] conn=18701 op=3 fd=144 closed - U1 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144230 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144230 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:57 -0800] conn=17562 op=144231 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144231 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:57 -0800] conn=18702 fd=144 slot=144 connection from 10.178.0.98 to 10.178.0.98 [18/Jan/2016:09:27:57 -0800] conn=3 op=82484 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144232 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=17562 op=144232 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7ac1000b00110000 [18/Jan/2016:09:27:57 -0800] conn=3 op=82484 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82485 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:57 -0800] conn=3 op=82485 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82486 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:57 -0800] conn=3 op=82486 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82487 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:57 -0800] conn=3 op=82487 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82488 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:57 -0800] conn=3 op=82488 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82489 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" [18/Jan/2016:09:27:57 -0800] conn=3 op=82489 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82490 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:57 -0800] conn=3 op=82490 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82491 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:57 -0800] conn=3 op=82491 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82492 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:27:57 -0800] conn=3 op=82492 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=3 op=82493 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:27:57 -0800] conn=3 op=82493 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:57 -0800] conn=18702 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:57 -0800] conn=18702 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:57 -0800] conn=18702 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:57 -0800] conn=18702 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:57 -0800] conn=18702 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:57 -0800] conn=18702 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=18702 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:27:57 -0800] conn=18702 op=3 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=18702 op=4 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=CA))" attrs=ALL [18/Jan/2016:09:27:57 -0800] conn=18702 op=4 RESULT err=0 tag=101 nentries=3 etime=0 [18/Jan/2016:09:27:57 -0800] conn=18702 op=5 UNBIND [18/Jan/2016:09:27:57 -0800] conn=18702 op=5 fd=144 closed - U1 [18/Jan/2016:09:27:57 -0800] conn=18703 fd=144 slot=144 connection from 10.21.0.98 to 10.178.0.98 [18/Jan/2016:09:27:57 -0800] conn=18703 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:57 -0800] conn=18703 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:57 -0800] conn=18703 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:57 -0800] conn=18703 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:57 -0800] conn=18703 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:57 -0800] conn=18703 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=18703 op=3 SRCH base="cn=certificates,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaCertificate)(objectClass=pkiCA))" attrs="ipaKeyExtUsage cn ipaCertSubject ipaPublicKey cacertificate;binary ipaKeyTrust ipaCertIssuerSerial" [18/Jan/2016:09:27:57 -0800] conn=18703 op=3 RESULT err=0 tag=101 nentries=2 etime=0 [18/Jan/2016:09:27:57 -0800] conn=18703 op=4 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" [18/Jan/2016:09:27:57 -0800] conn=18703 op=4 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=18513 op=5 UNBIND [18/Jan/2016:09:27:57 -0800] conn=18513 op=5 fd=153 closed - U1 [18/Jan/2016:09:27:57 -0800] conn=18704 fd=153 slot=153 connection from 10.178.59.236 to 10.178.0.98 [18/Jan/2016:09:27:57 -0800] conn=18704 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [18/Jan/2016:09:27:57 -0800] conn=18704 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=6 op=38886 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/hadoop1-mc-mcci1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/hadoop1-mc-mcci1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:57 -0800] conn=6 op=38886 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=6 op=38887 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:57 -0800] conn=6 op=38887 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=6 op=38888 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:57 -0800] conn=6 op=38888 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=6 op=38889 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:27:57 -0800] conn=6 op=38889 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=6 op=38890 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/hadoop1-mc-mcci1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/hadoop1-mc-mcci1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:57 -0800] conn=18703 op=5 UNBIND [18/Jan/2016:09:27:57 -0800] conn=18703 op=5 fd=144 closed - U1 [18/Jan/2016:09:27:57 -0800] conn=6 op=38890 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=6 op=38891 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:57 -0800] conn=6 op=38891 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=6 op=38892 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:57 -0800] conn=6 op=38892 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=6 op=38893 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:27:57 -0800] conn=6 op=38893 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=6 op=38894 SRCH base="fqdn=hadoop1-mc-mcci1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:27:57 -0800] conn=6 op=38894 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:57 -0800] conn=6 op=38895 SRCH base="cn=hadoop1-mc-mcci1-nvan.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:27:57 -0800] conn=6 op=38895 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:57 -0800] conn=6 op=38896 MOD dn="fqdn=hadoop1-mc-mcci1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:57 -0800] conn=6 op=38896 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2209000e000f0000 [18/Jan/2016:09:27:57 -0800] conn=6 op=38897 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:58 -0800] conn=6 op=38897 RESULT err=0 tag=101 nentries=1 etime=1 [18/Jan/2016:09:27:58 -0800] conn=6 op=38898 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:58 -0800] conn=6 op=38898 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:58 -0800] conn=6 op=38899 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:58 -0800] conn=6 op=38899 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:58 -0800] conn=6 op=38900 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/hadoop1-mc-mcci1-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:58 -0800] conn=6 op=38901 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:58 -0800] conn=6 op=38901 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:58 -0800] conn=6 op=38900 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:58 -0800] conn=18704 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:58 -0800] conn=18704 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:58 -0800] conn=18704 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:58 -0800] conn=18704 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:58 -0800] conn=18704 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:58 -0800] conn=18704 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=hadoop1-mc-mcci1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:58 -0800] conn=18704 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2)(!(entryusn=2)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=hadoop1-mc-mcci1-nvan.mydomain.net)(sudoHost=hadoop1-mc-mcci1-nvan)(sudoHost=10.178.59.236)(sudoHost=10.178.0.0/16)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" [18/Jan/2016:09:27:58 -0800] conn=18704 op=4 RESULT err=0 tag=101 nentries=7 etime=0 notes=P pr_idx=0 [18/Jan/2016:09:27:59 -0800] conn=18705 fd=144 slot=144 connection from 10.21.42.41 to 10.178.0.98 [18/Jan/2016:09:27:59 -0800] conn=18705 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [18/Jan/2016:09:27:59 -0800] conn=18705 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=6 op=38902 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/relay-sf-int-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/relay-sf-int-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:59 -0800] conn=6 op=38902 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=6 op=38903 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:59 -0800] conn=6 op=38903 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=6 op=38904 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:59 -0800] conn=6 op=38904 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=6 op=38905 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:27:59 -0800] conn=6 op=38905 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=18706 fd=277 slot=277 connection from 10.21.0.98 to 10.178.0.98 [18/Jan/2016:09:27:59 -0800] conn=18706 op=-1 fd=277 closed - B1 [18/Jan/2016:09:27:59 -0800] conn=6 op=38906 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/relay-sf-int-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/relay-sf-int-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:59 -0800] conn=6 op=38906 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=6 op=38907 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:59 -0800] conn=6 op=38907 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=6 op=38908 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:59 -0800] conn=6 op=38908 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=6 op=38909 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144233 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=6 op=38909 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144233 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7c09001b00110000 [18/Jan/2016:09:27:59 -0800] conn=6 op=38910 SRCH base="fqdn=relay-sf-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:27:59 -0800] conn=6 op=38910 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=6 op=38911 SRCH base="cn=relay-sf-int-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:27:59 -0800] conn=17562 op=144234 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144234 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7c09001c00110000 [18/Jan/2016:09:27:59 -0800] conn=6 op=38911 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:59 -0800] conn=6 op=38912 MOD dn="fqdn=relay-sf-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144235 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=6 op=38912 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b0000000f0000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144235 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7da4000500110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144236 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144236 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7da4000600110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144237 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144237 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7ec8000e00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144238 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144238 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c804f000600110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144239 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144239 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c804f000700110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144240 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144240 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8169001900110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144241 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144241 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8169001a00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144242 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144242 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c82c6000600110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144243 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144243 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8416000800110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144244 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144244 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8416000900110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144245 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144245 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c854a000700110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144246 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144246 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c854a000800110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144247 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144247 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8696002500110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144248 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144248 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8696002600110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144249 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144249 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8833000d00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144250 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144250 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8833000e00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144251 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144251 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8964000f00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144252 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144252 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8ae4000600110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144253 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144253 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8c17000900110000 [18/Jan/2016:09:27:59 -0800] conn=6 op=38913 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144254 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144254 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8d72000500110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144255 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144255 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8ece000a00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144256 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144256 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9023001800110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144257 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144257 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9023001900110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144258 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144258 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9192001400110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144259 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144259 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9192001500110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144260 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144260 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c92e8000400110000 [18/Jan/2016:09:27:59 -0800] conn=6 op=38913 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=6 op=38914 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144261 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144261 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9463000500110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144262 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144262 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c95c0000500110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144263 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144263 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c95c0000600110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144264 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144264 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c96de001100110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144265 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144265 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c989b000a00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144266 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144266 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c989b000b00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144267 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144267 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c99d4000c00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144268 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144268 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c99d4000d00110000 [18/Jan/2016:09:27:59 -0800] conn=6 op=38914 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=6 op=38915 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:59 -0800] conn=6 op=38915 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=6 op=38916 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/relay-sf-int-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144269 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144269 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9b07000a00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144270 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144270 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9ca8000800110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144271 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144271 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9ca8000900110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144272 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144272 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9dca001500110000 [18/Jan/2016:09:27:59 -0800] conn=6 op=38916 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=6 op=38917 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:59 -0800] conn=6 op=38917 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144273 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144273 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9f15001e00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144274 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144274 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9f15001f00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144275 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144275 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca0bf000a00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144276 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144276 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca0bf000b00110000 [18/Jan/2016:09:27:59 -0800] conn=18705 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:59 -0800] conn=17562 op=144277 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144277 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca21a000d00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144278 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144278 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca3a6001a00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144279 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144279 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca3a6001b00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144280 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144280 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca4f9000200110000 [18/Jan/2016:09:27:59 -0800] conn=18705 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:59 -0800] conn=17562 op=144281 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144281 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca638001a00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144282 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144282 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca638001b00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144283 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144283 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca7b4000c00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144284 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144284 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca7b4000d00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144285 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144285 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca922000d00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144286 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=3 op=82494 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:59 -0800] conn=18705 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:59 -0800] conn=18705 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:59 -0800] conn=17562 op=144286 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca922000e00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144287 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144287 RESULT err=32 tag=103 nentries=0 etime=0 csn=569caa84000a00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144288 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144288 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cabf6000d00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144289 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144289 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cabf6000e00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144290 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144290 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cad23000800110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144291 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144291 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cae86001100110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144292 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144292 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cae86001200110000 [18/Jan/2016:09:27:59 -0800] conn=18705 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:59 -0800] conn=17562 op=144293 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=3 op=82494 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144293 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb02b000e00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144294 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=18705 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=relay-sf-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144294 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb02b000f00110000 [18/Jan/2016:09:27:59 -0800] conn=3 op=82495 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=DNS/dc1-ipa-dev-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=DNS/dc1-ipa-dev-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144295 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=18705 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2842)(!(entryusn=2842)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=relay-sf-int-van.mydomain.net)(sudoHost=relay-sf-int-van)(sudoHost=10.21.42.41)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fea8:8002)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" [18/Jan/2016:09:27:59 -0800] conn=18705 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 [18/Jan/2016:09:27:59 -0800] conn=3 op=82495 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=3 op=82496 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:59 -0800] conn=3 op=82496 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=3 op=82497 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:59 -0800] conn=3 op=82497 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=3 op=82498 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:59 -0800] conn=3 op=82498 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144295 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb19e000600110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144296 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144296 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb302000800110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144297 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144297 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb463000400110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144298 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144298 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb5b6002300110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144299 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144299 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb733000d00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144300 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144300 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb733000e00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144301 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144301 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb8a4000600110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144302 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144302 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cba11000900110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144303 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144303 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cba11000a00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144304 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144304 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbb52001a00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144305 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144305 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbcc4001c00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144306 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144306 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbcc4001d00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144307 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144307 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbe3a000f00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144308 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144308 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbfa9000500110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144309 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144309 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc10e001000110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144310 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144310 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc10e001100110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144311 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144311 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc240001e00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144312 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144312 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc3a0001000110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144313 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144313 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc3a0001100110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144314 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144314 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc543000d00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144315 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144315 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc6a5000f00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144316 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144316 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc6a5001000110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144317 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144317 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc80d001000110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144318 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144318 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc943000800110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144319 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144319 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cca94000e00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144320 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144320 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccc35001000110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144321 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144321 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccc35001100110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144322 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144322 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccd8a000600110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144323 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144323 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccec0000c00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144324 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144324 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccec0000d00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144325 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144325 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd040000700110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144326 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144326 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd040000800110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144327 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144327 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd185001200110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144328 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144328 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd33d000700110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144329 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144329 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd493000400110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144330 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144330 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd5ed000d00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144331 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144331 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd749000900110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144332 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144332 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd893000500110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144333 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144333 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cda30001600110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144334 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144334 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cda30001700110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144335 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144335 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdb92000a00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144336 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144336 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdcdc000500110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144337 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144337 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cde51000a00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144338 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144338 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdfab000f00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144339 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144339 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce157000700110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144340 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144340 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce2f5001000110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144341 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144341 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce2f5001100110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144342 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144342 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce42d000900110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144343 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144343 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce585000f00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144344 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144344 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce6cf003500110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144345 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144345 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce6cf003600110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144346 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144346 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce860000900110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144347 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144347 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce9ce000900110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144348 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144348 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ceaf9002400110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144349 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144349 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cec51002100110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144350 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144350 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cedb6000900110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144351 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144351 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cedb6000a00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144352 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144352 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cef2a000500110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144353 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144353 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf0af000800110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144354 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144354 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf1cc000c00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144355 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144355 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf1cc000d00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144356 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144356 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf359002000110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144357 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144357 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf4b4000700110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144358 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144358 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf4b4000800110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144359 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144359 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf625000a00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144360 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144360 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf625000b00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144361 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144361 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf7ba000500110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144362 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144362 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf8d4000a00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144363 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144363 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfa64001d00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144364 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144364 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfbb2000800110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144365 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144365 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfd39000700110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144366 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144366 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfed1000a00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144367 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144367 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cffea001000110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144368 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144368 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d018b000600110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144369 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144369 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d02cf001c00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144370 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144370 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d02cf001d00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144371 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144371 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0489001300110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144372 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144372 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d061e000a00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144373 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144373 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0792000200110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144374 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144374 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d092f001500110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144375 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144375 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d092f001600110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144376 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144376 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0a69000800110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144377 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144377 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0c05001200110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144378 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144378 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0d5b001600110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144379 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144379 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0f13000f00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144380 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144380 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0f13001000110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144381 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144381 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1087000b00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144382 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144382 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d121d000500110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144383 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144383 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d13a4001200110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144384 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144384 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d14d5000500110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144385 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144385 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1693000300110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144386 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144386 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d17c4000c00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144387 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144387 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d17c4000d00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144388 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144388 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d194d000900110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144389 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144389 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1add000400110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144390 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144390 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1bef000500110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144391 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144391 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1d9b000500110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144392 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144392 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1edb000900110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144393 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144393 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d206f000600110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144394 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144394 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d21f1000a00110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144395 ADD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144395 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d220b000500110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144396 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144396 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000600110000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144397 MOD dn="idnsname=0.21.10.in-addr.arpa.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144397 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000700110000 [18/Jan/2016:09:27:59 -0800] conn=18707 fd=277 slot=277 connection from 10.178.0.98 to 10.178.0.98 [18/Jan/2016:09:27:59 -0800] conn=13 op=56325 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:59 -0800] conn=13 op=56325 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=13 op=56326 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:59 -0800] conn=13 op=56326 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=13 op=56327 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:59 -0800] conn=13 op=56327 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=13 op=56328 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:59 -0800] conn=13 op=56328 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=13 op=56329 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:59 -0800] conn=13 op=56329 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=13 op=56330 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" [18/Jan/2016:09:27:59 -0800] conn=13 op=56330 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=13 op=56331 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:27:59 -0800] conn=13 op=56331 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=13 op=56332 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:27:59 -0800] conn=13 op=56332 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=13 op=56333 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:27:59 -0800] conn=13 op=56333 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=13 op=56334 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:27:59 -0800] conn=13 op=56334 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:59 -0800] conn=18707 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:59 -0800] conn=18707 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:59 -0800] conn=18707 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:59 -0800] conn=18707 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:27:59 -0800] conn=18707 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:27:59 -0800] conn=18707 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=18707 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:27:59 -0800] conn=18707 op=3 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=18707 op=4 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" [18/Jan/2016:09:27:59 -0800] conn=18707 op=4 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=18707 op=5 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass" [18/Jan/2016:09:27:59 -0800] conn=18707 op=5 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=18707 op=6 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass ipaSshPubKey" [18/Jan/2016:09:27:59 -0800] conn=18707 op=6 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=18707 op=7 MOD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=18707 op=7 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000c000f0000 [18/Jan/2016:09:27:59 -0800] conn=18707 op=8 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="macAddress memberOf ipaSshPubKey description nsHardwarePlatform ipaAllowedToPerform memberofindirect l nsOsVersion fqdn managedBy ipaAssignedIDView userCertificate krbPrincipalName nsHostLocation userClass" [18/Jan/2016:09:27:59 -0800] conn=18707 op=8 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=18707 op=9 SRCH base="dc=mydomain,dc=net" scope=2 filter="(|(member=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberUser=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberHost=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net))" attrs="" [18/Jan/2016:09:27:59 -0800] conn=18707 op=9 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:59 -0800] conn=18707 op=10 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(userPassword=*)" attrs="userPassword" [18/Jan/2016:09:27:59 -0800] conn=18707 op=10 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:27:59 -0800] conn=18707 op=11 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(krbPrincipalKey=*)" attrs="krbPrincipalKey" [18/Jan/2016:09:27:59 -0800] conn=18707 op=11 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:27:59 -0800] conn=18707 op=12 UNBIND [18/Jan/2016:09:27:59 -0800] conn=18707 op=12 fd=277 closed - U1 [18/Jan/2016:09:27:59 -0800] conn=14994 op=9093 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:27:59 -0800] conn=14994 op=9093 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144398 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144398 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:59 -0800] conn=273 op=207 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144399 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144399 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:27:59 -0800] conn=273 op=207 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000e000f0000 [18/Jan/2016:09:27:59 -0800] conn=17562 op=144400 ADD dn="idnsName=98,idnsname=0.21.10.in-addr.arpa.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=17562 op=144400 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d220b000800110000 [18/Jan/2016:09:27:59 -0800] conn=273 op=208 MOD dn="idnsname=0.21.10.in-addr.arpa.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:27:59 -0800] conn=273 op=208 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000f000f0000 [18/Jan/2016:09:28:01 -0800] conn=7882 op=1362 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf nsUniqueId modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock" [18/Jan/2016:09:28:01 -0800] conn=7882 op=1362 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:01 -0800] conn=7882 op=1363 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf nsUniqueId modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock" [18/Jan/2016:09:28:01 -0800] conn=7882 op=1363 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:01 -0800] conn=17562 op=144401 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=17562 op=144401 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000f00110000 [18/Jan/2016:09:28:01 -0800] conn=17562 op=144402 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=273 op=209 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=17562 op=144402 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001000110000 [18/Jan/2016:09:28:01 -0800] conn=17562 op=144403 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=273 op=209 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d0002000f0000 [18/Jan/2016:09:28:01 -0800] conn=17562 op=144403 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001100110000 [18/Jan/2016:09:28:01 -0800] conn=273 op=210 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=17562 op=144404 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=273 op=210 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d0004000f0000 [18/Jan/2016:09:28:01 -0800] conn=17562 op=144404 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001200110000 [18/Jan/2016:09:28:01 -0800] conn=17562 op=144405 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=273 op=211 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=17562 op=144405 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001300110000 [18/Jan/2016:09:28:01 -0800] conn=17562 op=144406 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=273 op=211 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d0006000f0000 [18/Jan/2016:09:28:01 -0800] conn=17562 op=144406 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001400110000 [18/Jan/2016:09:28:01 -0800] conn=17562 op=144407 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=273 op=212 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=17562 op=144407 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001500110000 [18/Jan/2016:09:28:01 -0800] conn=273 op=212 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d0009000f0000 [18/Jan/2016:09:28:01 -0800] conn=273 op=213 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=273 op=213 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d000b000f0000 [18/Jan/2016:09:28:01 -0800] conn=273 op=214 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" [18/Jan/2016:09:28:01 -0800] conn=273 op=214 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d000d000f0000 [18/Jan/2016:09:28:01 -0800] conn=17562 op=144408 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:01 -0800] conn=17562 op=144408 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:01 -0800] conn=17562 op=144409 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:01 -0800] conn=17562 op=144409 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:01 -0800] conn=17562 op=144410 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:01 -0800] conn=17562 op=144410 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9094 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9094 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9095 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9095 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9096 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9096 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9097 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9097 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9098 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9098 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9099 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9099 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9100 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9100 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9101 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9101 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9102 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9102 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9103 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9103 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9104 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9104 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9105 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9105 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9106 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9106 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9107 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9107 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9108 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9108 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9109 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9109 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9110 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9110 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9111 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9111 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9112 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9112 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:02 -0800] conn=14994 op=9113 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:02 -0800] conn=14994 op=9113 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:04 -0800] conn=17562 op=144411 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:04 -0800] conn=17562 op=144411 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:04 -0800] conn=17562 op=144412 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:04 -0800] conn=17562 op=144412 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:04 -0800] conn=17562 op=144413 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:04 -0800] conn=17562 op=144413 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:04 -0800] conn=17562 op=144414 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:04 -0800] conn=17562 op=144414 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:04 -0800] conn=18708 fd=277 slot=277 connection from 10.21.20.251 to 10.178.0.98 [18/Jan/2016:09:28:04 -0800] conn=18708 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [18/Jan/2016:09:28:04 -0800] conn=18708 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:04 -0800] conn=7 op=36505 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/spool2-ops-flex-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/spool2-ops-flex-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:04 -0800] conn=7 op=36505 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:04 -0800] conn=7 op=36506 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:04 -0800] conn=7 op=36506 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:04 -0800] conn=7 op=36507 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:04 -0800] conn=7 op=36507 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:04 -0800] conn=7 op=36508 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:28:04 -0800] conn=7 op=36508 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:04 -0800] conn=3 op=82499 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/spool2-ops-flex-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/spool2-ops-flex-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:04 -0800] conn=3 op=82499 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:04 -0800] conn=3 op=82500 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:04 -0800] conn=3 op=82500 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:04 -0800] conn=3 op=82501 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:04 -0800] conn=3 op=82501 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:04 -0800] conn=3 op=82502 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:28:04 -0800] conn=3 op=82502 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:04 -0800] conn=3 op=82503 SRCH base="fqdn=spool2-ops-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:28:04 -0800] conn=3 op=82503 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:04 -0800] conn=3 op=82504 SRCH base="cn=spool2-ops-flex-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:04 -0800] conn=3 op=82504 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:04 -0800] conn=3 op=82505 MOD dn="fqdn=spool2-ops-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:04 -0800] conn=3 op=82505 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22100000000f0000 [18/Jan/2016:09:28:04 -0800] conn=3 op=82506 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:04 -0800] conn=3 op=82506 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:04 -0800] conn=3 op=82507 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:04 -0800] conn=3 op=82507 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:04 -0800] conn=3 op=82508 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:04 -0800] conn=3 op=82508 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:04 -0800] conn=3 op=82509 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/spool2-ops-flex-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:04 -0800] conn=3 op=82509 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:04 -0800] conn=3 op=82510 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:04 -0800] conn=3 op=82510 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:04 -0800] conn=18708 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:04 -0800] conn=18708 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:04 -0800] conn=18708 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:04 -0800] conn=18708 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:04 -0800] conn=18708 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:04 -0800] conn=18708 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=spool2-ops-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:04 -0800] conn=18708 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2842)(!(entryusn=2842)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=spool2-ops-flex-van.mydomain.net)(sudoHost=spool2-ops-flex-van)(sudoHost=10.21.20.251)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:769c)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" [18/Jan/2016:09:28:04 -0800] conn=18708 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 [18/Jan/2016:09:28:04 -0800] conn=14994 op=9114 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:04 -0800] conn=14994 op=9114 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:04 -0800] conn=14994 op=9115 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:04 -0800] conn=14994 op=9115 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:04 -0800] conn=17562 op=144415 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:04 -0800] conn=17562 op=144415 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:04 -0800] conn=17562 op=144416 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:04 -0800] conn=17562 op=144416 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:04 -0800] conn=17562 op=144417 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:04 -0800] conn=17562 op=144417 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:04 -0800] conn=17562 op=144418 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:04 -0800] conn=17562 op=144418 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:05 -0800] conn=17562 op=144419 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:05 -0800] conn=17562 op=144419 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:05 -0800] conn=17562 op=144420 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:05 -0800] conn=17562 op=144420 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:05 -0800] conn=17562 op=144421 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:05 -0800] conn=17562 op=144421 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:05 -0800] conn=17562 op=144422 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:05 -0800] conn=17562 op=144422 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:05 -0800] conn=18709 fd=278 slot=278 SSL connection from 10.21.0.98 to 10.178.0.98 [18/Jan/2016:09:28:05 -0800] conn=18709 TLS1.2 128-bit AES [18/Jan/2016:09:28:05 -0800] conn=18709 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:05 -0800] conn=18709 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:05 -0800] conn=18709 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:05 -0800] conn=18709 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:05 -0800] conn=18709 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:05 -0800] conn=18709 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:05 -0800] conn=18710 fd=279 slot=279 SSL connection from 10.21.0.98 to 10.178.0.98 [18/Jan/2016:09:28:05 -0800] conn=18710 TLS1.2 128-bit AES [18/Jan/2016:09:28:05 -0800] conn=18710 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:05 -0800] conn=18710 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:05 -0800] conn=18710 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:05 -0800] conn=18710 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:05 -0800] conn=18710 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:05 -0800] conn=18710 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:05 -0800] conn=18709 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:06 -0800] conn=18709 op=3 RESULT err=0 tag=101 nentries=1 etime=1 [18/Jan/2016:09:28:06 -0800] conn=18709 op=4 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" [18/Jan/2016:09:28:06 -0800] conn=18709 op=4 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:06 -0800] conn=18709 op=5 SRCH base="cn=Domain Level,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaDomainLevel" [18/Jan/2016:09:28:06 -0800] conn=18709 op=5 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:06 -0800] conn=18709 op=6 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" [18/Jan/2016:09:28:06 -0800] conn=18709 op=6 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:06 -0800] conn=18709 op=7 SRCH base="cn=hostgroups,cn=accounts,dc=mydomain,dc=net" scope=1 filter="(&(&(&(objectClass=ipaobject)(objectClass=ipahostgroup))(cn=ipaservers))(member=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net))" attrs="cn memberOf memberofindirect member memberindirect description" [18/Jan/2016:09:28:06 -0800] conn=18709 op=7 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:06 -0800] conn=18709 op=8 UNBIND [18/Jan/2016:09:28:06 -0800] conn=18709 op=8 fd=278 closed - U1 [18/Jan/2016:09:28:06 -0800] conn=18711 fd=278 slot=278 SSL connection from 10.21.0.98 to 10.178.0.98 [18/Jan/2016:09:28:06 -0800] conn=18711 TLS1.2 128-bit AES [18/Jan/2016:09:28:06 -0800] conn=18711 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:06 -0800] conn=18711 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:06 -0800] conn=18711 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:06 -0800] conn=18711 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:06 -0800] conn=18711 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:06 -0800] conn=18711 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:06 -0800] conn=18711 op=3 SRCH base="cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="memberofindirect cn memberOf * member memberindirect description aci" [18/Jan/2016:09:28:06 -0800] conn=18711 op=3 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:06 -0800] conn=18711 op=4 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" [18/Jan/2016:09:28:06 -0800] conn=18711 op=4 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:06 -0800] conn=18711 op=5 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(member=*)(memberOf=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net))" attrs="member" [18/Jan/2016:09:28:06 -0800] conn=18711 op=5 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 [18/Jan/2016:09:28:06 -0800] conn=18711 op=6 SRCH base="dc=mydomain,dc=net" scope=2 filter="(|(member=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net)(memberUser=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net)(memberHost=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net))" attrs="" [18/Jan/2016:09:28:06 -0800] conn=18711 op=6 RESULT err=0 tag=101 nentries=2 etime=0 [18/Jan/2016:09:28:06 -0800] conn=18711 op=7 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=krbPrincipalAux)(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs=ALL [18/Jan/2016:09:28:06 -0800] conn=18711 op=7 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:06 -0800] conn=18711 op=8 SRCH base="cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="cosPriority * nsAccountLock aci" [18/Jan/2016:09:28:06 -0800] conn=18711 op=8 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:06 -0800] conn=18711 op=9 SRCH base="cn=ipaservers,cn=ng,cn=alt,dc=mydomain,dc=net" scope=0 filter="(objectClass=mepmanagedentry)" attrs="" [18/Jan/2016:09:28:06 -0800] conn=18711 op=9 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:06 -0800] conn=18711 op=10 UNBIND [18/Jan/2016:09:28:06 -0800] conn=18711 op=10 fd=278 closed - U1 [18/Jan/2016:09:28:06 -0800] conn=18712 fd=278 slot=278 SSL connection from 10.21.0.98 to 10.178.0.98 [18/Jan/2016:09:28:06 -0800] conn=18712 TLS1.2 128-bit AES [18/Jan/2016:09:28:06 -0800] conn=18712 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:06 -0800] conn=18515 op=6 UNBIND [18/Jan/2016:09:28:06 -0800] conn=18515 op=6 fd=166 closed - U1 [18/Jan/2016:09:28:06 -0800] conn=18712 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:06 -0800] conn=18712 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:06 -0800] conn=18712 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:06 -0800] conn=18712 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:06 -0800] conn=18712 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:06 -0800] conn=18712 op=3 SRCH base="cn=meTodc2-ipa-dev-van.mydomain.net,cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" scope=0 filter="(objectClass=*)" attrs="* aci" [18/Jan/2016:09:28:06 -0800] conn=18712 op=3 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:06 -0800] conn=18712 op=4 SRCH base="cn=replication managers,cn=sysaccounts,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:06 -0800] conn=18712 op=4 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:06 -0800] conn=18712 op=5 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" [18/Jan/2016:09:28:06 -0800] conn=18712 op=5 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=18712 op=6 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=DNS))" attrs=ALL [18/Jan/2016:09:28:07 -0800] conn=18712 op=6 RESULT err=0 tag=101 nentries=3 etime=0 [18/Jan/2016:09:28:07 -0800] conn=18712 op=7 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(ipaConfigString=enabledService)(cn=CA))" attrs=ALL [18/Jan/2016:09:28:07 -0800] conn=18712 op=7 RESULT err=0 tag=101 nentries=3 etime=0 notes=U [18/Jan/2016:09:28:07 -0800] conn=18712 op=8 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(ipaConfigString=enabledService)(cn=KRA))" attrs=ALL [18/Jan/2016:09:28:07 -0800] conn=18712 op=8 RESULT err=0 tag=101 nentries=0 etime=0 notes=U [18/Jan/2016:09:28:07 -0800] conn=18710 op=3 UNBIND [18/Jan/2016:09:28:07 -0800] conn=18710 op=3 fd=279 closed - U1 [18/Jan/2016:09:28:07 -0800] conn=18712 op=9 UNBIND [18/Jan/2016:09:28:07 -0800] conn=18712 op=9 fd=278 closed - U1 [18/Jan/2016:09:28:07 -0800] conn=18713 fd=166 slot=166 connection from 10.178.0.98 to 10.178.0.98 [18/Jan/2016:09:28:07 -0800] conn=3 op=82511 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:07 -0800] conn=3 op=82511 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=3 op=82512 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:07 -0800] conn=3 op=82512 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=3 op=82513 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:07 -0800] conn=3 op=82513 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=3 op=82514 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:07 -0800] conn=3 op=82514 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=3 op=82515 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:07 -0800] conn=3 op=82515 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=3 op=82516 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" [18/Jan/2016:09:28:07 -0800] conn=3 op=82516 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=3 op=82517 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:07 -0800] conn=3 op=82517 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=3 op=82518 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:07 -0800] conn=3 op=82518 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=3 op=82519 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:28:07 -0800] conn=3 op=82519 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=3 op=82520 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:07 -0800] conn=3 op=82520 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:07 -0800] conn=18713 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:07 -0800] conn=18713 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:07 -0800] conn=18713 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:07 -0800] conn=18713 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:07 -0800] conn=18713 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:07 -0800] conn=18713 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:07 -0800] conn=18713 op=3 UNBIND [18/Jan/2016:09:28:07 -0800] conn=18713 op=3 fd=166 closed - U1 [18/Jan/2016:09:28:07 -0800] conn=18714 fd=166 slot=166 connection from 10.178.0.98 to 10.178.0.98 [18/Jan/2016:09:28:07 -0800] conn=7 op=36509 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:07 -0800] conn=7 op=36509 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=7 op=36510 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:07 -0800] conn=7 op=36510 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=7 op=36511 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:07 -0800] conn=7 op=36511 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=7 op=36512 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:07 -0800] conn=7 op=36512 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=7 op=36513 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:07 -0800] conn=7 op=36513 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=7 op=36514 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" [18/Jan/2016:09:28:07 -0800] conn=7 op=36514 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=7 op=36515 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:07 -0800] conn=7 op=36515 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=7 op=36516 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:07 -0800] conn=7 op=36516 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=7 op=36517 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:28:07 -0800] conn=7 op=36517 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=7 op=36518 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:07 -0800] conn=7 op=36518 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:07 -0800] conn=18714 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:07 -0800] conn=18714 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:07 -0800] conn=18714 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:07 -0800] conn=18714 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:07 -0800] conn=18714 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:07 -0800] conn=18714 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:07 -0800] conn=18714 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:07 -0800] conn=18714 op=3 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:07 -0800] conn=18714 op=4 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=DNS))" attrs=ALL [18/Jan/2016:09:28:07 -0800] conn=18714 op=4 RESULT err=0 tag=101 nentries=3 etime=0 [18/Jan/2016:09:28:07 -0800] conn=18714 op=5 UNBIND [18/Jan/2016:09:28:07 -0800] conn=18714 op=5 fd=166 closed - U1 [18/Jan/2016:09:28:07 -0800] conn=18715 fd=166 slot=166 connection from 10.21.0.98 to 10.178.0.98 [18/Jan/2016:09:28:07 -0800] conn=18715 op=-1 fd=166 closed - B1 [18/Jan/2016:09:28:07 -0800] conn=18716 fd=166 slot=166 SSL connection from 10.21.0.98 to 10.178.0.98 [18/Jan/2016:09:28:07 -0800] conn=18716 op=-1 fd=166 closed - Encountered end of file. [18/Jan/2016:09:28:07 -0800] conn=14994 op=9116 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:07 -0800] conn=14994 op=9116 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:07 -0800] conn=14994 op=9117 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:07 -0800] conn=14994 op=9117 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:09 -0800] conn=18516 op=9 UNBIND [18/Jan/2016:09:28:09 -0800] conn=18516 op=9 fd=168 closed - U1 [18/Jan/2016:09:28:09 -0800] conn=18717 fd=166 slot=166 connection from 10.178.0.98 to 10.178.0.98 [18/Jan/2016:09:28:09 -0800] conn=13 op=56335 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:09 -0800] conn=13 op=56335 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:09 -0800] conn=13 op=56336 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:09 -0800] conn=13 op=56336 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:09 -0800] conn=13 op=56337 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:09 -0800] conn=13 op=56337 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:09 -0800] conn=13 op=56338 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:09 -0800] conn=13 op=56338 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:09 -0800] conn=13 op=56339 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:09 -0800] conn=13 op=56339 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:09 -0800] conn=13 op=56340 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" [18/Jan/2016:09:28:09 -0800] conn=13 op=56340 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:09 -0800] conn=13 op=56341 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:09 -0800] conn=13 op=56341 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:09 -0800] conn=13 op=56342 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:09 -0800] conn=13 op=56342 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:09 -0800] conn=13 op=56343 SRCH base="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:28:09 -0800] conn=13 op=56343 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:09 -0800] conn=18717 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:09 -0800] conn=18717 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:09 -0800] conn=18717 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:09 -0800] conn=18717 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:09 -0800] conn=18717 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:09 -0800] conn=18717 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:09 -0800] conn=18717 op=3 UNBIND [18/Jan/2016:09:28:09 -0800] conn=18717 op=3 fd=166 closed - U1 [18/Jan/2016:09:28:10 -0800] conn=18718 fd=166 slot=166 connection from 10.178.0.98 to 10.178.0.98 [18/Jan/2016:09:28:10 -0800] conn=13 op=56344 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:10 -0800] conn=13 op=56344 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=13 op=56345 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:10 -0800] conn=13 op=56345 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=13 op=56346 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:10 -0800] conn=13 op=56346 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=13 op=56347 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:10 -0800] conn=13 op=56347 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=13 op=56348 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:10 -0800] conn=13 op=56348 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=13 op=56349 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" [18/Jan/2016:09:28:10 -0800] conn=13 op=56349 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=13 op=56350 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:10 -0800] conn=13 op=56350 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=13 op=56351 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:10 -0800] conn=13 op=56351 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=13 op=56352 SRCH base="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:28:10 -0800] conn=13 op=56352 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=18718 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:10 -0800] conn=18718 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:10 -0800] conn=18718 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:10 -0800] conn=18718 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:10 -0800] conn=18718 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:10 -0800] conn=18718 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:10 -0800] conn=18718 op=3 UNBIND [18/Jan/2016:09:28:10 -0800] conn=18718 op=3 fd=166 closed - U1 [18/Jan/2016:09:28:10 -0800] conn=18719 fd=166 slot=166 connection from 10.178.0.98 to 10.178.0.98 [18/Jan/2016:09:28:10 -0800] conn=3 op=82521 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:10 -0800] conn=3 op=82521 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=3 op=82522 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:10 -0800] conn=3 op=82522 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=3 op=82523 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:10 -0800] conn=3 op=82523 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=3 op=82524 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:10 -0800] conn=3 op=82524 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=3 op=82525 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:10 -0800] conn=3 op=82525 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=3 op=82526 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" [18/Jan/2016:09:28:10 -0800] conn=3 op=82526 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=3 op=82527 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:10 -0800] conn=3 op=82527 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=3 op=82528 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:10 -0800] conn=3 op=82528 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=3 op=82529 SRCH base="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:28:10 -0800] conn=3 op=82529 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=18719 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:10 -0800] conn=18719 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:10 -0800] conn=18719 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:10 -0800] conn=18719 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:10 -0800] conn=18719 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:10 -0800] conn=18719 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:10 -0800] conn=18719 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:10 -0800] conn=18719 op=3 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=18719 op=4 SRCH base="cn=dc2-ipa-dev-nvan.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" [18/Jan/2016:09:28:10 -0800] conn=18719 op=4 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:10 -0800] conn=18719 op=5 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(memberOf=cn=Replication Administrators,cn=privileges,cn=pbac,dc=mydomain,dc=net)(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs=ALL [18/Jan/2016:09:28:10 -0800] conn=18719 op=5 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:11 -0800] conn=18719 op=6 UNBIND [18/Jan/2016:09:28:11 -0800] conn=18719 op=6 fd=166 closed - U1 [18/Jan/2016:09:28:11 -0800] conn=17562 op=144423 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:11 -0800] conn=17562 op=144423 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:11 -0800] conn=17562 op=144424 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:11 -0800] conn=17562 op=144424 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:11 -0800] conn=17562 op=144425 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:11 -0800] conn=17562 op=144425 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:11 -0800] conn=17562 op=144426 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:11 -0800] conn=17562 op=144426 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:12 -0800] conn=18720 fd=166 slot=166 SSL connection from 10.21.0.98 to 10.178.0.98 [18/Jan/2016:09:28:12 -0800] conn=18720 TLS1.2 128-bit AES [18/Jan/2016:09:28:12 -0800] conn=18720 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:12 -0800] conn=18720 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:12 -0800] conn=18720 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:12 -0800] conn=18720 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:12 -0800] conn=18720 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:12 -0800] conn=18720 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:12 -0800] conn=18720 op=3 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" [18/Jan/2016:09:28:12 -0800] conn=18720 op=3 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:12 -0800] conn=18720 op=4 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" [18/Jan/2016:09:28:12 -0800] conn=18720 op=4 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:12 -0800] conn=18720 op=5 MOD dn="cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:12 -0800] conn=18720 op=5 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22180003000f0000 [18/Jan/2016:09:28:12 -0800] conn=18720 op=6 SRCH base="cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="cn memberOf memberofindirect member memberindirect description" [18/Jan/2016:09:28:12 -0800] conn=18720 op=6 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:12 -0800] conn=18720 op=7 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" [18/Jan/2016:09:28:12 -0800] conn=14994 op=9118 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:12 -0800] conn=14994 op=9118 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:12 -0800] conn=14994 op=9119 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:12 -0800] conn=14994 op=9119 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:12 -0800] conn=14994 op=9120 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:12 -0800] conn=14994 op=9120 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:12 -0800] conn=14994 op=9121 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:12 -0800] conn=14994 op=9121 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:12 -0800] conn=17562 op=144427 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:12 -0800] conn=17562 op=144427 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:12 -0800] conn=17562 op=144428 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:12 -0800] conn=17562 op=144428 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:12 -0800] conn=17562 op=144429 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:12 -0800] conn=17562 op=144429 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:12 -0800] conn=17562 op=144430 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:12 -0800] conn=17562 op=144430 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:12 -0800] conn=18720 op=7 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:12 -0800] conn=18720 op=8 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(member=*)(memberOf=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net))" attrs="member" [18/Jan/2016:09:28:12 -0800] conn=18720 op=8 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 [18/Jan/2016:09:28:12 -0800] conn=18720 op=9 SRCH base="dc=mydomain,dc=net" scope=2 filter="(|(member=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net)(memberUser=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net)(memberHost=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net))" attrs="" [18/Jan/2016:09:28:12 -0800] conn=18720 op=9 RESULT err=0 tag=101 nentries=2 etime=0 [18/Jan/2016:09:28:12 -0800] conn=18720 op=10 SRCH base="cn=ipaservers,cn=ng,cn=alt,dc=mydomain,dc=net" scope=0 filter="(objectClass=mepmanagedentry)" attrs="" [18/Jan/2016:09:28:12 -0800] conn=18720 op=10 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:12 -0800] conn=18720 op=11 UNBIND [18/Jan/2016:09:28:12 -0800] conn=18720 op=11 fd=166 closed - U1 [18/Jan/2016:09:28:13 -0800] conn=14994 op=9122 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:13 -0800] conn=14994 op=9122 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:13 -0800] conn=14994 op=9123 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:13 -0800] conn=14994 op=9123 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:13 -0800] conn=18721 fd=166 slot=166 connection from 10.21.0.98 to 10.178.0.98 [18/Jan/2016:09:28:13 -0800] conn=18721 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:13 -0800] conn=18721 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:13 -0800] conn=18721 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:13 -0800] conn=18721 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:13 -0800] conn=18721 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:13 -0800] conn=18721 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:13 -0800] conn=18721 op=3 SRCH base="cn=cacert,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(cacertificate;binary=*)" attrs="cacertificate;binary" [18/Jan/2016:09:28:13 -0800] conn=18721 op=3 RESULT err=0 tag=101 nentries=1 etime=0 notes=U [18/Jan/2016:09:28:13 -0800] conn=18721 op=-1 fd=166 closed - B1 [18/Jan/2016:09:28:15 -0800] conn=18722 fd=166 slot=166 connection from 10.21.31.31 to 10.178.0.98 [18/Jan/2016:09:28:15 -0800] conn=18722 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [18/Jan/2016:09:28:15 -0800] conn=18722 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:15 -0800] conn=13 op=56353 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/fe1-gas-salqa1-van.login.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/fe1-gas-salqa1-van.login.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:15 -0800] conn=13 op=56353 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:15 -0800] conn=13 op=56354 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:15 -0800] conn=13 op=56354 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:15 -0800] conn=13 op=56355 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:15 -0800] conn=13 op=56355 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:15 -0800] conn=13 op=56356 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:28:15 -0800] conn=13 op=56356 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:15 -0800] conn=13 op=56357 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/fe1-gas-salqa1-van.login.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/fe1-gas-salqa1-van.login.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:15 -0800] conn=13 op=56357 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:15 -0800] conn=13 op=56358 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:15 -0800] conn=13 op=56358 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:15 -0800] conn=13 op=56359 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:15 -0800] conn=13 op=56359 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:15 -0800] conn=13 op=56360 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:28:15 -0800] conn=13 op=56360 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:15 -0800] conn=13 op=56361 SRCH base="fqdn=fe1-gas-salqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:28:15 -0800] conn=13 op=56361 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:15 -0800] conn=13 op=56362 SRCH base="cn=fe1-gas-salqa1-van.login.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:15 -0800] conn=13 op=56362 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:15 -0800] conn=13 op=56363 MOD dn="fqdn=fe1-gas-salqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:15 -0800] conn=13 op=56363 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d221b0000000f0000 [18/Jan/2016:09:28:15 -0800] conn=13 op=56364 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:15 -0800] conn=13 op=56364 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:15 -0800] conn=13 op=56365 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:15 -0800] conn=13 op=56365 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:15 -0800] conn=13 op=56366 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:15 -0800] conn=13 op=56366 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:15 -0800] conn=13 op=56367 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/fe1-gas-salqa1-van.login.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:15 -0800] conn=13 op=56367 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:15 -0800] conn=13 op=56368 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:15 -0800] conn=13 op=56368 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:15 -0800] conn=18722 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:15 -0800] conn=18722 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:15 -0800] conn=18722 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:15 -0800] conn=18722 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:15 -0800] conn=18722 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:15 -0800] conn=18722 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=fe1-gas-salqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:15 -0800] conn=18722 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2842)(!(entryusn=2842)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=fe1-gas-salqa1-van.login.mydomain.net)(sudoHost=fe1-gas-salqa1-van)(sudoHost=10.21.31.31)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:3fd2)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" [18/Jan/2016:09:28:15 -0800] conn=18722 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 [18/Jan/2016:09:28:16 -0800] conn=18723 fd=168 slot=168 connection from 10.21.23.93 to 10.178.0.98 [18/Jan/2016:09:28:16 -0800] conn=18723 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [18/Jan/2016:09:28:16 -0800] conn=18723 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:16 -0800] conn=3 op=82530 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/collector2-sal-cpqa1-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/collector2-sal-cpqa1-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:16 -0800] conn=3 op=82530 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:16 -0800] conn=3 op=82531 SRCH base="cn=ipaConfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaConfigString ipaKrbAuthzData ipaUserAuthType" [18/Jan/2016:09:28:16 -0800] conn=3 op=82531 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:16 -0800] conn=3 op=82532 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:16 -0800] conn=3 op=82532 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:16 -0800] conn=3 op=82533 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:16 -0800] conn=3 op=82533 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:16 -0800] conn=3 op=82534 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:28:16 -0800] conn=3 op=82534 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:16 -0800] conn=13 op=56369 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/collector2-sal-cpqa1-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/collector2-sal-cpqa1-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:16 -0800] conn=13 op=56369 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:16 -0800] conn=13 op=56370 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:16 -0800] conn=13 op=56370 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:16 -0800] conn=13 op=56371 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:16 -0800] conn=13 op=56371 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:16 -0800] conn=13 op=56372 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" [18/Jan/2016:09:28:16 -0800] conn=13 op=56372 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:16 -0800] conn=13 op=56373 SRCH base="fqdn=collector2-sal-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:28:16 -0800] conn=13 op=56373 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:16 -0800] conn=13 op=56374 SRCH base="cn=collector2-sal-cpqa1-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:16 -0800] conn=13 op=56374 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:16 -0800] conn=13 op=56375 MOD dn="fqdn=collector2-sal-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:16 -0800] conn=13 op=56375 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d221c0000000f0000 [18/Jan/2016:09:28:16 -0800] conn=3 op=82535 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:16 -0800] conn=3 op=82535 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:16 -0800] conn=3 op=82536 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:16 -0800] conn=3 op=82536 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:16 -0800] conn=3 op=82537 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:16 -0800] conn=3 op=82537 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:16 -0800] conn=3 op=82538 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/collector2-sal-cpqa1-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:16 -0800] conn=3 op=82538 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:16 -0800] conn=3 op=82539 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:16 -0800] conn=3 op=82539 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:16 -0800] conn=18723 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:16 -0800] conn=18723 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:16 -0800] conn=18723 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:16 -0800] conn=18723 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:16 -0800] conn=18723 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:16 -0800] conn=18723 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=collector2-sal-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:16 -0800] conn=18723 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2842)(!(entryusn=2842)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=collector2-sal-cpqa1-van.mydomain.net)(sudoHost=collector2-sal-cpqa1-van)(sudoHost=10.21.23.93)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:6b78)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" [18/Jan/2016:09:28:16 -0800] conn=18723 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 [18/Jan/2016:09:28:17 -0800] conn=14994 op=9124 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:17 -0800] conn=14994 op=9124 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:17 -0800] conn=14994 op=9125 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:17 -0800] conn=14994 op=9125 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:17 -0800] conn=14994 op=9126 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:17 -0800] conn=14994 op=9126 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:17 -0800] conn=14994 op=9127 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:17 -0800] conn=14994 op=9127 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:17 -0800] conn=17562 op=144431 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:17 -0800] conn=17562 op=144431 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:17 -0800] conn=17562 op=144432 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:17 -0800] conn=17562 op=144432 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:17 -0800] conn=17562 op=144433 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:17 -0800] conn=17562 op=144433 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:17 -0800] conn=17562 op=144434 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:17 -0800] conn=17562 op=144434 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:17 -0800] conn=18724 fd=278 slot=278 connection from 10.21.5.241 to 10.178.0.98 [18/Jan/2016:09:28:17 -0800] conn=18724 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [18/Jan/2016:09:28:17 -0800] conn=18724 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:17 -0800] conn=18724 op=1 UNBIND [18/Jan/2016:09:28:17 -0800] conn=18724 op=1 fd=278 closed - U1 [18/Jan/2016:09:28:17 -0800] conn=18725 fd=278 slot=278 connection from 10.21.5.241 to 10.178.0.98 [18/Jan/2016:09:28:17 -0800] conn=18725 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [18/Jan/2016:09:28:17 -0800] conn=18725 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:18 -0800] conn=14994 op=9128 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:18 -0800] conn=14994 op=9128 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:18 -0800] conn=14994 op=9129 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:18 -0800] conn=14994 op=9129 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:18 -0800] conn=18725 op=1 UNBIND [18/Jan/2016:09:28:18 -0800] conn=18725 op=1 fd=278 closed - U1 [18/Jan/2016:09:28:18 -0800] conn=14994 op=9130 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:18 -0800] conn=14994 op=9130 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:18 -0800] conn=14994 op=9131 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:18 -0800] conn=14994 op=9131 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:21 -0800] conn=15599 op=565 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(gidNumber=10002)(objectClass=posixGroup)(cn=*)(&(gidNumber=*)(!(gidNumber=0))))" attrs="objectClass cn userPassword gidNumber member nsUniqueId modifyTimestamp entryusn" [18/Jan/2016:09:28:21 -0800] conn=15599 op=565 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:21 -0800] conn=17562 op=144435 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:21 -0800] conn=17562 op=144435 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:21 -0800] conn=17562 op=144436 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:21 -0800] conn=17562 op=144436 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:21 -0800] conn=17562 op=144437 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:21 -0800] conn=17562 op=144437 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:21 -0800] conn=17562 op=144438 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:21 -0800] conn=17562 op=144438 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:22 -0800] conn=14994 op=9132 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:22 -0800] conn=14994 op=9132 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:22 -0800] conn=14994 op=9133 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:22 -0800] conn=14994 op=9133 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:22 -0800] conn=14994 op=9134 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:22 -0800] conn=14994 op=9134 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:22 -0800] conn=14994 op=9135 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:22 -0800] conn=14994 op=9135 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:22 -0800] conn=18726 fd=278 slot=278 connection from 10.178.0.98 to 10.178.0.98 [18/Jan/2016:09:28:22 -0800] conn=13 op=56376 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:22 -0800] conn=13 op=56376 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=13 op=56377 SRCH base="cn=ipaConfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaConfigString ipaKrbAuthzData ipaUserAuthType" [18/Jan/2016:09:28:22 -0800] conn=13 op=56377 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=13 op=56378 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:22 -0800] conn=13 op=56378 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=13 op=56379 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:22 -0800] conn=13 op=56379 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=13 op=56380 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:22 -0800] conn=13 op=56380 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=13 op=56381 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:22 -0800] conn=13 op=56381 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=13 op=56382 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" [18/Jan/2016:09:28:22 -0800] conn=13 op=56382 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=13 op=56383 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:22 -0800] conn=13 op=56383 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=13 op=56384 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:22 -0800] conn=13 op=56384 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=13 op=56385 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:28:22 -0800] conn=13 op=56385 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=13 op=56386 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:22 -0800] conn=13 op=56386 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:22 -0800] conn=18726 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:22 -0800] conn=18726 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:22 -0800] conn=18726 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:22 -0800] conn=18726 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:22 -0800] conn=18726 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:22 -0800] conn=18726 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:22 -0800] conn=18726 op=3 UNBIND [18/Jan/2016:09:28:22 -0800] conn=18726 op=3 fd=278 closed - U1 [18/Jan/2016:09:28:22 -0800] conn=18727 fd=278 slot=278 connection from 10.178.0.98 to 10.178.0.98 [18/Jan/2016:09:28:22 -0800] conn=3 op=82540 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:22 -0800] conn=3 op=82540 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=3 op=82541 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:22 -0800] conn=3 op=82541 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=3 op=82542 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:22 -0800] conn=3 op=82542 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=3 op=82543 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:22 -0800] conn=3 op=82543 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=3 op=82544 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:22 -0800] conn=3 op=82544 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=3 op=82545 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" [18/Jan/2016:09:28:22 -0800] conn=3 op=82545 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=3 op=82546 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:22 -0800] conn=3 op=82546 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=3 op=82547 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:22 -0800] conn=3 op=82547 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=3 op=82548 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" [18/Jan/2016:09:28:22 -0800] conn=3 op=82548 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=3 op=82549 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:22 -0800] conn=3 op=82549 RESULT err=32 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:22 -0800] conn=18727 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:22 -0800] conn=18727 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:22 -0800] conn=18727 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:22 -0800] conn=18727 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:22 -0800] conn=18727 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:22 -0800] conn=18727 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:22 -0800] conn=18727 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:22 -0800] conn=18727 op=3 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=18727 op=4 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" [18/Jan/2016:09:28:22 -0800] conn=18727 op=4 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=18727 op=5 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="macAddress memberOf description nsHardwarePlatform ipaAllowedToPerform memberofindirect l nsOsVersion fqdn managedBy ipaAssignedIDView userCertificate krbPrincipalName nsHostLocation userClass" [18/Jan/2016:09:28:22 -0800] conn=18727 op=5 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=18727 op=6 SRCH base="dc=mydomain,dc=net" scope=2 filter="(|(member=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberUser=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberHost=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net))" attrs="" [18/Jan/2016:09:28:22 -0800] conn=18727 op=6 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=18727 op=7 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(userPassword=*)" attrs="userPassword" [18/Jan/2016:09:28:22 -0800] conn=18727 op=7 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:22 -0800] conn=18727 op=8 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(krbPrincipalKey=*)" attrs="krbPrincipalKey" [18/Jan/2016:09:28:22 -0800] conn=18727 op=8 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=18727 op=9 SRCH base="cn=ipaservers,cn=ng,cn=alt,dc=mydomain,dc=net" scope=0 filter="(objectClass=mepmanagedentry)" attrs="" [18/Jan/2016:09:28:22 -0800] conn=18727 op=9 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=18727 op=10 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaSshPubKey" [18/Jan/2016:09:28:22 -0800] conn=18727 op=10 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=18727 op=11 ADD dn="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:22 -0800] conn=18727 op=11 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d22220006000f0000 [18/Jan/2016:09:28:22 -0800] conn=18727 op=12 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="memberOf ipaKrbAuthzData objectClass userCertificate managedBy ipaUniqueID ipaAllowedToPerform krbPrincipalName" [18/Jan/2016:09:28:22 -0800] conn=18727 op=12 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:22 -0800] conn=18727 op=13 UNBIND [18/Jan/2016:09:28:22 -0800] conn=18727 op=13 fd=278 closed - U1 [18/Jan/2016:09:28:22 -0800] conn=14994 op=9136 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:22 -0800] conn=14994 op=9136 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:22 -0800] conn=14994 op=9137 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:22 -0800] conn=14994 op=9137 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:22 -0800] conn=17562 op=144439 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:22 -0800] conn=17562 op=144439 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:22 -0800] conn=17562 op=144440 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:22 -0800] conn=17562 op=144440 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:22 -0800] conn=18728 fd=278 slot=278 connection from 10.21.0.98 to 10.178.0.98 [18/Jan/2016:09:28:22 -0800] conn=18728 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:22 -0800] conn=18728 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:22 -0800] conn=18728 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:22 -0800] conn=18728 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:22 -0800] conn=18728 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:22 -0800] conn=18728 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:22 -0800] conn=18728 op=3 EXT oid="2.16.840.1.113730.3.8.10.5" name="IPA Password Manager" [18/Jan/2016:09:28:22 -0800] conn=18728 op=3 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:22 -0800] conn=18728 op=4 UNBIND [18/Jan/2016:09:28:22 -0800] conn=18728 op=4 fd=278 closed - U1 [18/Jan/2016:09:28:22 -0800] conn=14994 op=9138 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:22 -0800] conn=14994 op=9138 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:22 -0800] conn=14994 op=9139 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:22 -0800] conn=14994 op=9139 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:22 -0800] conn=14994 op=9140 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:22 -0800] conn=14994 op=9140 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:22 -0800] conn=14994 op=9141 MOD dn="cn=repl keep alive 16,dc=mydomain,dc=net" [18/Jan/2016:09:28:22 -0800] conn=14994 op=9141 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2222000e00100000 [18/Jan/2016:09:28:23 -0800] conn=18729 fd=278 slot=278 connection from 10.178.0.98 to 10.178.0.98 [18/Jan/2016:09:28:23 -0800] conn=7 op=36519 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:23 -0800] conn=7 op=36519 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=7 op=36520 SRCH base="cn=ipaConfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaConfigString ipaKrbAuthzData ipaUserAuthType" [18/Jan/2016:09:28:23 -0800] conn=7 op=36520 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=7 op=36521 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:23 -0800] conn=7 op=36521 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=7 op=36522 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:23 -0800] conn=7 op=36522 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=7 op=36523 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:23 -0800] conn=7 op=36523 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=7 op=36524 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [18/Jan/2016:09:28:23 -0800] conn=7 op=36524 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18729 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:23 -0800] conn=18729 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:23 -0800] conn=18729 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:23 -0800] conn=18729 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:23 -0800] conn=18729 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:23 -0800] conn=18729 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:23 -0800] conn=18729 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:23 -0800] conn=18729 op=3 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18729 op=4 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=CA))" attrs=ALL [18/Jan/2016:09:28:23 -0800] conn=18729 op=4 RESULT err=0 tag=101 nentries=3 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18729 op=5 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=krbPrincipalAux)(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs=ALL [18/Jan/2016:09:28:23 -0800] conn=18729 op=5 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18729 op=6 SRCH base="cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass" [18/Jan/2016:09:28:23 -0800] conn=18729 op=6 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18729 op=7 SRCH base="cn=caacls,cn=ca,dc=mydomain,dc=net" scope=1 filter="(&(objectClass=ipaassociation)(objectClass=ipacaacl))" attrs="serviceCategory cn ipaMemberCertProfile ipaMemberCa ipaCertProfileCategory memberUser userCategory hostCategory memberHost ipaEnabledFlag ipaCaCategory memberService description" [18/Jan/2016:09:28:23 -0800] conn=18729 op=7 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18729 op=8 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaKrbAuthzData userCertificate ipaAllowedToPerform * managedBy memberOf krbPrincipalName aci" [18/Jan/2016:09:28:23 -0800] conn=18729 op=8 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18729 op=9 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(krbPrincipalKey=*)" attrs="krbPrincipalKey" [18/Jan/2016:09:28:23 -0800] conn=18729 op=9 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18729 op=10 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=krbPrincipalAux)(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs=ALL [18/Jan/2016:09:28:23 -0800] conn=18729 op=10 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18729 op=11 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="userCertificate" [18/Jan/2016:09:28:23 -0800] conn=18729 op=11 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=67 op=539 SRCH base="cn=7,ou=certificateRepository,ou=ca,o=ipaca" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:23 -0800] conn=67 op=539 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=217 op=10 SRCH base="ou=People,o=ipaca" scope=2 filter="(description=2;7;CN=Certificate Authority,O=MYDOMAIN.NET;CN=IPA RA,O=MYDOMAIN.NET)" attrs=ALL [18/Jan/2016:09:28:23 -0800] conn=217 op=10 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=217 op=11 SRCH base="cn=Registration Manager Agents,ou=groups,o=ipaca" scope=0 filter="(uniqueMember=uid=ipara,ou=people,o=ipaca)" attrs="cn" [18/Jan/2016:09:28:23 -0800] conn=217 op=11 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=67 op=540 ADD dn="cn=99990009,ou=ca,ou=requests,o=ipaca" [18/Jan/2016:09:28:23 -0800] conn=67 op=540 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d2323000004470000 [18/Jan/2016:09:28:23 -0800] conn=67 op=541 ADD dn="cn=2684289033,ou=certificateRepository,ou=ca,o=ipaca" [18/Jan/2016:09:28:23 -0800] conn=67 op=541 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d2323000104470000 [18/Jan/2016:09:28:23 -0800] conn=67 op=542 MOD dn="cn=99990009,ou=ca,ou=requests,o=ipaca" [18/Jan/2016:09:28:23 -0800] conn=17562 op=144441 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:23 -0800] conn=17562 op=144441 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:23 -0800] conn=67 op=542 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2323000304470000 [18/Jan/2016:09:28:23 -0800] conn=67 op=543 SRCH base="cn=99990009,ou=ca,ou=requests,o=ipaca" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:23 -0800] conn=67 op=543 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=67 op=544 MOD dn="ou=ca,ou=requests,o=ipaca" [18/Jan/2016:09:28:23 -0800] conn=18730 fd=281 slot=281 connection from 10.178.0.99 to 10.178.0.98 [18/Jan/2016:09:28:23 -0800] conn=67 op=544 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2323000504470000 [18/Jan/2016:09:28:23 -0800] conn=18730 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:23 -0800] conn=18729 op=12 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=CA))" attrs=ALL [18/Jan/2016:09:28:23 -0800] conn=18729 op=12 RESULT err=0 tag=101 nentries=3 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18730 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:23 -0800] conn=18729 op=13 SRCH base="cn=caIPAserviceCert,cn=certprofiles,cn=ca,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="cn ipaCertProfileStoreIssued description" [18/Jan/2016:09:28:23 -0800] conn=18729 op=13 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18729 op=14 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="userCertificate" [18/Jan/2016:09:28:23 -0800] conn=18729 op=14 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18731 fd=282 slot=282 connection from 10.21.0.99 to 10.178.0.98 [18/Jan/2016:09:28:23 -0800] conn=18729 op=15 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=CA))" attrs=ALL [18/Jan/2016:09:28:23 -0800] conn=18729 op=15 RESULT err=0 tag=101 nentries=3 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18731 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:23 -0800] conn=18729 op=16 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=CA))" attrs=ALL [18/Jan/2016:09:28:23 -0800] conn=18731 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:23 -0800] conn=18729 op=16 RESULT err=0 tag=101 nentries=3 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18729 op=17 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="userCertificate" [18/Jan/2016:09:28:23 -0800] conn=18729 op=17 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18731 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:23 -0800] conn=18731 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:23 -0800] conn=18729 op=18 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="userCertificate" [18/Jan/2016:09:28:23 -0800] conn=18729 op=18 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18729 op=19 MOD dn="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:23 -0800] conn=18731 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:23 -0800] conn=18731 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="krbprincipalname=ldap/dc1-ipa-dev-van.mydomain.net at mydomain.net,cn=services,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:23 -0800] conn=18729 op=19 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22230001000f0000 [18/Jan/2016:09:28:23 -0800] conn=18729 op=20 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaKrbAuthzData userCertificate ipaAllowedToPerform managedBy memberOf krbPrincipalName" [18/Jan/2016:09:28:23 -0800] conn=18731 op=3 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension" [18/Jan/2016:09:28:23 -0800] conn=18729 op=20 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18731 op=3 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18731 op=4 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension" [18/Jan/2016:09:28:23 -0800] conn=18729 op=21 UNBIND [18/Jan/2016:09:28:23 -0800] conn=18729 op=21 fd=278 closed - U1 [18/Jan/2016:09:28:23 -0800] conn=18731 op=4 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18731 op=5 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:23 -0800] conn=18731 op=5 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:23 -0800] conn=18731 op=6 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:23 -0800] conn=18731 op=6 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:27 -0800] conn=17562 op=144442 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:27 -0800] conn=17562 op=144442 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:28 -0800] conn=18730 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:28 -0800] conn=18730 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:28 -0800] conn=18730 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:28 -0800] conn=18730 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="krbprincipalname=ldap/dc1-ipa-dev-nvan.mydomain.net at mydomain.net,cn=services,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:28 -0800] conn=18730 op=3 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension" [18/Jan/2016:09:28:28 -0800] conn=18730 op=3 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:28 -0800] conn=18730 op=4 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension" [18/Jan/2016:09:28:28 -0800] conn=18730 op=4 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:28 -0800] conn=18730 op=5 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:28 -0800] conn=18730 op=5 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:28 -0800] conn=18730 op=6 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:28 -0800] conn=18730 op=6 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:28 -0800] conn=14994 op=9142 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:28 -0800] conn=14994 op=9142 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:28 -0800] conn=14994 op=9143 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:28 -0800] conn=14994 op=9143 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:28 -0800] conn=14994 op=9144 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:28 -0800] conn=14994 op=9144 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:29 -0800] conn=17562 op=144443 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:29 -0800] conn=17562 op=144443 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:29 -0800] conn=17562 op=144444 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:29 -0800] conn=17562 op=144444 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:30 -0800] conn=18656 op=5 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2842)(!(entryusn=2842)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=spool1-googleapps-flex-van.mydomain.net)(sudoHost=spool1-googleapps-flex-van)(sudoHost=10.21.32.201)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:2c30)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" [18/Jan/2016:09:28:30 -0800] conn=18656 op=5 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 [18/Jan/2016:09:28:30 -0800] conn=18519 op=5 UNBIND [18/Jan/2016:09:28:30 -0800] conn=18519 op=5 fd=77 closed - U1 [18/Jan/2016:09:28:32 -0800] conn=18732 fd=77 slot=77 connection from 10.21.0.98 to 10.178.0.98 [18/Jan/2016:09:28:32 -0800] conn=18732 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:32 -0800] conn=18732 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:32 -0800] conn=18732 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:32 -0800] conn=18732 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [18/Jan/2016:09:28:32 -0800] conn=18732 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [18/Jan/2016:09:28:32 -0800] conn=18732 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [18/Jan/2016:09:28:32 -0800] conn=18732 op=3 SRCH base="cn=replication,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:32 -0800] conn=18732 op=3 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:32 -0800] conn=18732 op=4 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" [18/Jan/2016:09:28:32 -0800] conn=18732 op=4 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:32 -0800] conn=17562 op=144445 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:32 -0800] conn=17562 op=144445 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:32 -0800] conn=17562 op=144446 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:32 -0800] conn=17562 op=144446 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:32 -0800] conn=17562 op=144447 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:32 -0800] conn=17562 op=144447 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:32 -0800] conn=17562 op=144448 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:32 -0800] conn=17562 op=144448 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:32 -0800] conn=18732 op=5 MOD dn="cn=replication,cn=etc,dc=mydomain,dc=net" [18/Jan/2016:09:28:32 -0800] conn=18732 op=5 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d222c0007000f0000 [18/Jan/2016:09:28:32 -0800] conn=14994 op=9145 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:32 -0800] conn=14994 op=9145 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:32 -0800] conn=14994 op=9146 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:32 -0800] conn=14994 op=9146 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:32 -0800] conn=17562 op=144449 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:32 -0800] conn=17562 op=144449 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:32 -0800] conn=17562 op=144450 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:32 -0800] conn=17562 op=144450 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:33 -0800] conn=18732 op=6 SRCH base="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:33 -0800] conn=18732 op=6 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:33 -0800] conn=18732 op=7 SRCH base="cn=replication,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:33 -0800] conn=18732 op=7 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:33 -0800] conn=18732 op=8 MOD dn="cn=replication,cn=etc,dc=mydomain,dc=net" [18/Jan/2016:09:28:33 -0800] conn=18732 op=8 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d222d0000000f0000 [18/Jan/2016:09:28:33 -0800] conn=18732 op=9 SRCH base="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:33 -0800] conn=18732 op=9 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 ADD dn="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 RESULT err=68 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:33 -0800] conn=18732 op=11 UNBIND [18/Jan/2016:09:28:33 -0800] conn=18732 op=11 fd=77 closed - U1 [18/Jan/2016:09:28:33 -0800] conn=18733 fd=77 slot=77 connection from 10.178.6.56 to 10.178.0.98 [18/Jan/2016:09:28:33 -0800] conn=18733 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [18/Jan/2016:09:28:33 -0800] conn=18733 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:33 -0800] conn=3 op=82550 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:33 -0800] conn=3 op=82550 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:33 -0800] conn=18733 op=1 UNBIND [18/Jan/2016:09:28:33 -0800] conn=18733 op=1 fd=77 closed - U1 [18/Jan/2016:09:28:33 -0800] conn=18734 fd=77 slot=77 connection from 10.178.6.56 to 10.178.0.98 [18/Jan/2016:09:28:33 -0800] conn=18734 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [18/Jan/2016:09:28:33 -0800] conn=18734 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:33 -0800] conn=7 op=36525 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:33 -0800] conn=7 op=36525 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:33 -0800] conn=18734 op=1 UNBIND [18/Jan/2016:09:28:33 -0800] conn=18734 op=1 fd=77 closed - U1 [18/Jan/2016:09:28:33 -0800] conn=7 op=36526 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:33 -0800] conn=7 op=36526 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:33 -0800] conn=18735 fd=77 slot=77 connection from 10.178.6.56 to 10.178.0.98 [18/Jan/2016:09:28:33 -0800] conn=18735 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" [18/Jan/2016:09:28:33 -0800] conn=18735 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:33 -0800] conn=7 op=36527 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" [18/Jan/2016:09:28:33 -0800] conn=7 op=36527 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:09:28:33 -0800] conn=18735 op=1 UNBIND [18/Jan/2016:09:28:33 -0800] conn=18735 op=1 fd=77 closed - U1 [18/Jan/2016:09:28:34 -0800] conn=14994 op=9147 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:34 -0800] conn=14994 op=9147 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:34 -0800] conn=14994 op=9148 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" [18/Jan/2016:09:28:34 -0800] conn=17562 op=144451 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" [18/Jan/2016:09:28:34 -0800] conn=17562 op=144451 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:34 -0800] conn=14994 op=9148 RESULT err=0 tag=120 nentries=0 etime=0 [18/Jan/2016:09:28:36 -0800] conn=18520 op=5 UNBIND -----Original Message----- From: Petr Vobornik [mailto:pvoborni at redhat.com] Sent: January-18-16 10:30 AM To: Nathan Peters; Rob Crittenden; freeipa-users at redhat.com Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists On 01/18/2016 07:10 PM, Nathan Peters wrote: > This is FreeIPA 4.3.0. There is no master generating the prepare file (unless its still handled in the background invisibly to the user). Right. But the replica installer picks some server as a master. Ipa-replica-install is run directly from an unjoined client (or joined client, I have tried both). > > However, after tracking the logs of all 3 existing IPA servers during the attempted installation, the CA master appears to be the one doing something. Here are the logs for that time period. Note that there is no "err=68" anywhere in here: Are all 3 existing server functioning well, e.g with working replication? Could you check `ipa server-find` if there is no left-over server - e.g. failed installation. Could be check also in `ipa-replica-manage list` if there is some leftover, please remove it with `ipa-replica-manage del $FQDN` command. Wrt the logs. I did not meant that but Rob was right. The installer tries to update "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" entry on both master and the replica. If the entry does not exist, the installer also creates it. On replica it behaves correctly: [18/Jan/2016:09:28:32 -0800] conn=2 op=8 SRCH base="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:32 -0800] conn=2 op=8 RESULT err=0 tag=101 nentries=1 etime=0 [18/Jan/2016:09:28:32 -0800] conn=2 op=9 MOD dn="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" [18/Jan/2016:09:28:32 -0800] conn=2 op=9 RESULT err=0 tag=103 nentries=0 etime=0 It would be good to see the same log from a master which it tries to use in installation. - In 4.3 the server is picked automatically. I don't see any searches for "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" in the logs below which makes me wonder, what server the installer tries to use as a master. Could be find out, e.g. by: $ cat /var/log/ipareplica-install.log | grep "Forwarding 'service_add'" -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project From Lachlan.Simpson at petermac.org Mon Jan 18 22:31:43 2016 From: Lachlan.Simpson at petermac.org (Simpson Lachlan) Date: Mon, 18 Jan 2016 22:31:43 +0000 Subject: [Freeipa-users] IPA wont start, all services fail In-Reply-To: <20160118072748.GO4316@redhat.com> References: <0137003026EBE54FBEC540C5600C03C432D414@PMC-EXMBX02.petermac.org.au> <20160115065847.GC4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432D71C@PMC-EXMBX02.petermac.org.au> <20160118072748.GO4316@redhat.com> Message-ID: <0137003026EBE54FBEC540C5600C03C432DA09@PMC-EXMBX02.petermac.org.au> > -----Original Message----- > From: Alexander Bokovoy [mailto:abokovoy at redhat.com] > > - /etc/nsswitch.conf is all "files sss" - there's no winbind anywhere. > winbindd has multiple operations and we are using trust topology part of it, not > identity management. Ok, thanks. > >My syntax was all wrong. (Does anyone know how can I clear out bad > >syntax from the systemctld output?) > what bad output? It's ok, systemctl has cleaned itself up. > systemctl start dirsrv at INSTANCE > is the correct syntax where INSTANCE is the same for /etc/dirsrv/slapd- > INSTANCE or /var/log/dirsrv/slapd-INSTANCE. > The name of instance is produced from the realm by replacing dots with -. Yep, as I discovered. > So, start KDC. > > You can at this point simply try 'ipactl restart' -- it will attempt to shutdown and > restart all required IPA services, including KDC. First thing I did this AM. Still fails on samba: [root at vmts-linuxidm ~]# ipactl restart Starting Directory Service Starting krb5kdc Service Starting kadmin Service Starting ipa_memcached Service Starting httpd Service Starting pki-tomcatd Service Starting smb Service Job for smb.service failed because the control process exited with error code. See "systemctl status smb.service" and "journalctl -xe" for details. Failed to start smb Service Shutting down Aborting ipactl [root at vmts-linuxidm ~]# systemctl status smb.service -l ? smb.service - Samba SMB Daemon Loaded: loaded (/usr/lib/systemd/system/smb.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since Tue 2016-01-19 08:20:14 AEDT; 43s ago Process: 14240 ExecStart=/usr/sbin/smbd $SMBDOPTIONS (code=exited, status=1/FAILURE) Main PID: 14240 (code=exited, status=1/FAILURE) Status: "Starting process..." smbd[14240]: [2016/01/19 08:20:14.288659, 0] ipa_sam.c:3654(get_fallback_group_sid) smbd[14240]: Missing mandatory attribute ipaNTSecurityIdentifier. smbd[14240]: [2016/01/19 08:20:14.288716, 0] ipa_sam.c:4606(pdb_init_ipasam) smbd[14240]: Cannot find SID of fallback group. smbd[14240]: [2016/01/19 08:20:14.288734, 0] ../source3/passdb/pdb_interface.c:179(make_pdb_method_name) smbd[14240]: pdb backend ipasam:ldapi://%2fvar%2frun%2fslapd-UNIX-co-ORG-AU.socket did not correctly init (error was NT_STATUS_INVALID_PARAMETER) systemd[1]: smb.service: main process exited, code=exited, status=1/FAILURE systemd[1]: Failed to start Samba SMB Daemon. systemd[1]: Unit smb.service entered failed state. systemd[1]: smb.service failed. Same error as previously: [2016/01/19 08:26:31, 0] ../source3/smbd/server.c:1241(main) smbd version 4.2.3 started. Copyright Andrew Tridgell and the Samba Team 1992-2014 [2016/01/19 08:26:32.037071, 0] ipa_sam.c:3654(get_fallback_group_sid) Missing mandatory attribute ipaNTSecurityIdentifier. [2016/01/19 08:26:32.037122, 0] ipa_sam.c:4606(pdb_init_ipasam) Cannot find SID of fallback group. [2016/01/19 08:26:32.037140, 0] ../source3/passdb/pdb_interface.c:179(make_pdb_method_name) pdb backend ipasam:ldapi://%2fvar%2frun%2fslapd-UNIX-CO-ORG-AU.socket did not correctly init (error was NT_STATUS_INVALID_PARAMETER) My reading is that I haven't got the SIDs properly aligned for any user (including the admin user set up when installing freeipa) since joining the domain, and samba is failing on that. Can I retrospectively add SIDs to an entry? Cheers L. This email (including any attachments or links) may contain confidential and/or legally privileged information and is intended only to be read or used by the addressee. If you are not the intended addressee, any use, distribution, disclosure or copying of this email is strictly prohibited. Confidentiality and legal privilege attached to this email (including any attachments) are not waived or lost by reason of its mistaken delivery to you. If you have received this email in error, please delete it and notify us immediately by telephone or email. Peter MacCallum Cancer Centre provides no guarantee that this transmission is free of virus or that it has not been intercepted or altered and will not be liable for any delay in its receipt. From abokovoy at redhat.com Mon Jan 18 22:36:43 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Tue, 19 Jan 2016 00:36:43 +0200 Subject: [Freeipa-users] IPA wont start, all services fail In-Reply-To: <0137003026EBE54FBEC540C5600C03C432DA09@PMC-EXMBX02.petermac.org.au> References: <0137003026EBE54FBEC540C5600C03C432D414@PMC-EXMBX02.petermac.org.au> <20160115065847.GC4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432D71C@PMC-EXMBX02.petermac.org.au> <20160118072748.GO4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432DA09@PMC-EXMBX02.petermac.org.au> Message-ID: <20160118223643.GG4316@redhat.com> On Mon, 18 Jan 2016, Simpson Lachlan wrote: >[root at vmts-linuxidm ~]# systemctl status smb.service -l >? smb.service - Samba SMB Daemon > Loaded: loaded (/usr/lib/systemd/system/smb.service; disabled; vendor preset: disabled) > Active: failed (Result: exit-code) since Tue 2016-01-19 08:20:14 AEDT; 43s ago > Process: 14240 ExecStart=/usr/sbin/smbd $SMBDOPTIONS (code=exited, status=1/FAILURE) > Main PID: 14240 (code=exited, status=1/FAILURE) > Status: "Starting process..." > >smbd[14240]: [2016/01/19 08:20:14.288659, 0] ipa_sam.c:3654(get_fallback_group_sid) >smbd[14240]: Missing mandatory attribute ipaNTSecurityIdentifier. >smbd[14240]: [2016/01/19 08:20:14.288716, 0] ipa_sam.c:4606(pdb_init_ipasam) >smbd[14240]: Cannot find SID of fallback group. >smbd[14240]: [2016/01/19 08:20:14.288734, 0] ../source3/passdb/pdb_interface.c:179(make_pdb_method_name) >smbd[14240]: pdb backend ipasam:ldapi://%2fvar%2frun%2fslapd-UNIX-co-ORG-AU.socket did not correctly init (error was NT_STATUS_INVALID_PARAMETER) >systemd[1]: smb.service: main process exited, code=exited, status=1/FAILURE >systemd[1]: Failed to start Samba SMB Daemon. >systemd[1]: Unit smb.service entered failed state. >systemd[1]: smb.service failed. > > >Same error as previously: > >[2016/01/19 08:26:31, 0] ../source3/smbd/server.c:1241(main) > smbd version 4.2.3 started. > Copyright Andrew Tridgell and the Samba Team 1992-2014 >[2016/01/19 08:26:32.037071, 0] ipa_sam.c:3654(get_fallback_group_sid) > Missing mandatory attribute ipaNTSecurityIdentifier. >[2016/01/19 08:26:32.037122, 0] ipa_sam.c:4606(pdb_init_ipasam) > Cannot find SID of fallback group. >[2016/01/19 08:26:32.037140, 0] ../source3/passdb/pdb_interface.c:179(make_pdb_method_name) > pdb backend ipasam:ldapi://%2fvar%2frun%2fslapd-UNIX-CO-ORG-AU.socket did not correctly init (error was NT_STATUS_INVALID_PARAMETER) > > >My reading is that I haven't got the SIDs properly aligned for any user >(including the admin user set up when installing freeipa) since joining >the domain, and samba is failing on that. Can I retrospectively add >SIDs to an entry? This error says you don't have 'Default SMB Group' with a SID in it. Re-run ipa-adtrust-install to re-create working setup. ipa-adtrust-install will attempt to fix those parts that are missing. -- / Alexander Bokovoy From Lachlan.Simpson at petermac.org Mon Jan 18 22:46:20 2016 From: Lachlan.Simpson at petermac.org (Simpson Lachlan) Date: Mon, 18 Jan 2016 22:46:20 +0000 Subject: [Freeipa-users] IPA wont start, all services fail In-Reply-To: <20160118223643.GG4316@redhat.com> References: <0137003026EBE54FBEC540C5600C03C432D414@PMC-EXMBX02.petermac.org.au> <20160115065847.GC4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432D71C@PMC-EXMBX02.petermac.org.au> <20160118072748.GO4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432DA09@PMC-EXMBX02.petermac.org.au> <20160118223643.GG4316@redhat.com> Message-ID: <0137003026EBE54FBEC540C5600C03C432DA31@PMC-EXMBX02.petermac.org.au> > -----Original Message----- > From: Alexander Bokovoy [mailto:abokovoy at redhat.com] > This error says you don't have 'Default SMB Group' with a SID in it. > Re-run ipa-adtrust-install to re-create working setup. > > ipa-adtrust-install will attempt to fix those parts that are missing. Ok. I have web access. Thank you for your help! Cheers L. This email (including any attachments or links) may contain confidential and/or legally privileged information and is intended only to be read or used by the addressee. If you are not the intended addressee, any use, distribution, disclosure or copying of this email is strictly prohibited. Confidentiality and legal privilege attached to this email (including any attachments) are not waived or lost by reason of its mistaken delivery to you. If you have received this email in error, please delete it and notify us immediately by telephone or email. Peter MacCallum Cancer Centre provides no guarantee that this transmission is free of virus or that it has not been intercepted or altered and will not be liable for any delay in its receipt. From Lachlan.Simpson at petermac.org Mon Jan 18 22:54:15 2016 From: Lachlan.Simpson at petermac.org (Simpson Lachlan) Date: Mon, 18 Jan 2016 22:54:15 +0000 Subject: [Freeipa-users] IPA wont start, all services fail References: <0137003026EBE54FBEC540C5600C03C432D414@PMC-EXMBX02.petermac.org.au> <20160115065847.GC4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432D71C@PMC-EXMBX02.petermac.org.au> <20160118072748.GO4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432DA09@PMC-EXMBX02.petermac.org.au> <20160118223643.GG4316@redhat.com> Message-ID: <0137003026EBE54FBEC540C5600C03C432DA62@PMC-EXMBX02.petermac.org.au> > -----Original Message----- > From: Simpson Lachlan > Sent: Tuesday, 19 January 2016 9:46 AM > To: 'Alexander Bokovoy' > Cc: freeipa-users at redhat.com > Subject: RE: [Freeipa-users] IPA wont start, all services fail > > > -----Original Message----- > > From: Alexander Bokovoy [mailto:abokovoy at redhat.com] This error says > > you don't have 'Default SMB Group' with a SID in it. > > Re-run ipa-adtrust-install to re-create working setup. > > > > ipa-adtrust-install will attempt to fix those parts that are missing. > > > Ok. I have web access. Thank you for your help! By which I mean, it all seems to be working now. Thanks. L. This email (including any attachments or links) may contain confidential and/or legally privileged information and is intended only to be read or used by the addressee. If you are not the intended addressee, any use, distribution, disclosure or copying of this email is strictly prohibited. Confidentiality and legal privilege attached to this email (including any attachments) are not waived or lost by reason of its mistaken delivery to you. If you have received this email in error, please delete it and notify us immediately by telephone or email. Peter MacCallum Cancer Centre provides no guarantee that this transmission is free of virus or that it has not been intercepted or altered and will not be liable for any delay in its receipt. From Lachlan.Simpson at petermac.org Tue Jan 19 00:23:39 2016 From: Lachlan.Simpson at petermac.org (Simpson Lachlan) Date: Tue, 19 Jan 2016 00:23:39 +0000 Subject: [Freeipa-users] idoverride-add gives incorrect, inconsistant results? Message-ID: <0137003026EBE54FBEC540C5600C03C432DB61@PMC-EXMBX02.petermac.org.au> Since I got the service back up and running, I was continuing my tests/learning by following the steps on the V4 Migrating existing environments to Trust page: http://www.freeipa.org/page/V4/Migrating_existing_environments_to_Trust#How_to_Test [root at vmts-linuxidm ~]# id TestUser at co.org.au uid=1750693931(testuser at co.org.au) gid=1750693931(testuser at co.org.au) groups=1750693931(testuser at co.org.au),1750687326(bioinf-staff at co.org.au) Success and joy. [root at vmts-linuxidm ~]# ipa idoverrideuser-add 'Default Trust View' testuser at co.org.au --uid 1506 ------------------------------------------------------- Added User ID override "testuser at co.org.au" ------------------------------------------------------- Anchor to override: testuser at co.org.au UID: 1506 Great. [root at vmts-linuxidm ~]# sudo systemctl restart sssd [root at vmts-linuxidm ~]# id testuser at co.org.au uid=1750693931(testuser at co.org.au) gid=1750693931(testuser at co.org.au) groups=1750693931(testuser at co.org.au),1750687326(bioinf-staff at co.org.au) Huh? The documentation linked to above says that uid should now be 1506? I went searching in the website - took me a while to find it, but it was there - see attached image. The uid had been updated *somewhere*, but the id command wasn't seeing it. Maybe a full ipa restart would help? Ipactl restart And samba is failing again. Ouch. Brb. L. This email (including any attachments or links) may contain confidential and/or legally privileged information and is intended only to be read or used by the addressee. If you are not the intended addressee, any use, distribution, disclosure or copying of this email is strictly prohibited. Confidentiality and legal privilege attached to this email (including any attachments) are not waived or lost by reason of its mistaken delivery to you. If you have received this email in error, please delete it and notify us immediately by telephone or email. Peter MacCallum Cancer Centre provides no guarantee that this transmission is free of virus or that it has not been intercepted or altered and will not be liable for any delay in its receipt. -------------- next part -------------- A non-text attachment was scrubbed... Name: id_override_20160119.png Type: image/png Size: 48924 bytes Desc: id_override_20160119.png URL: From Lachlan.Simpson at petermac.org Tue Jan 19 02:10:54 2016 From: Lachlan.Simpson at petermac.org (Simpson Lachlan) Date: Tue, 19 Jan 2016 02:10:54 +0000 Subject: [Freeipa-users] IPA wont start, all services fail In-Reply-To: <0137003026EBE54FBEC540C5600C03C432DA31@PMC-EXMBX02.petermac.org.au> References: <0137003026EBE54FBEC540C5600C03C432D414@PMC-EXMBX02.petermac.org.au> <20160115065847.GC4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432D71C@PMC-EXMBX02.petermac.org.au> <20160118072748.GO4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432DA09@PMC-EXMBX02.petermac.org.au> <20160118223643.GG4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432DA31@PMC-EXMBX02.petermac.org.au> Message-ID: <0137003026EBE54FBEC540C5600C03C432DC31@PMC-EXMBX02.petermac.org.au> > -----Original Message----- > From: freeipa-users-bounces at redhat.com [mailto:freeipa-users- I?m coming back to this thread for consistency, but is a result of me running ipactl on the system we got working a couple of hours ago. See email titled "idoverride-add gives incorrect, inconsistant results?" for leadup. Anyway, ipactl restart fails, again. [root at vmts-linuxidm ~]# ipactl restart Stopping pki-tomcatd Service Restarting Directory Service Restarting krb5kdc Service Restarting kadmin Service Restarting ipa_memcached Service Restarting httpd Service Restarting pki-tomcatd Service inconsistRestarting winbind Service Restarting ipa-otpd Service Starting smb Service Job for smb.service failed because the control process exited with error code. See "systemctl status smb.service" and "journalctl -xe" for details. Failed to start smb Service Shutting down Aborting ipactl Gah. Look in the samba log, and it's exactly the same issue. Right. [root at vmts-linuxidm ~]# ipa-adtrust-install --netbios-name=UNIX -a xxxxxxx The log file for this installation can be found in /var/log/ipaserver-install.log ============================================================================== This program will setup components needed to establish trust to AD domains for the IPA Server. This includes: * Configure Samba * Add trust related objects to IPA LDAP server To accept the default shown in brackets, press the Enter key. IPA generated smb.conf detected. Overwrite smb.conf? [no]: yes Do you want to enable support for trusted domains in Schema Compatibility plugin? This will allow clients older than SSSD 1.9 and non-Linux clients to work with trusted users. Enable trusted domains support in slapi-nis? [no]: yes There was error to automatically re-kinit your admin user ticket. Proceeding with credentials that existed before Outdated Kerberos credentials. Use kdestroy and kinit to update your ticket Huh? [root at vmts-linuxidm ~]# kdestroy [root at vmts-linuxidm ~]# kinit admin kinit: Cannot contact any KDC for realm 'UNIX.CO.ORG.AU' while getting initial credentials I check, and sure enough, dirsrv at UNIX.CO.ORG.AU has stopped again (should I call it 389, dirsrv, ldap or slapd? They are all the same thing, right?). I restart dirsrv, and try restarting smb, no joy. I try running ipa-adtrust-install again, without luck. I restart krb5kdc manually (sc start krb5kdc), and try all the above again, with no luck. kdestroy has a lovely little pause, but kinit admin fails. Some of the other errors I've received: ipa-adtrust-install There was error to automatically re-kinit your admin user ticket. Proceeding with credentials that existed before Must have Kerberos credentials to setup AD trusts on serve klist klist: Credentials cache keyring 'persistent:0:0' not found Ok, so I try sc start krb5kdc and that works. Now klist still returns the above error, but kinit admin works. And ipa-adtrust-install works as it did this AM (output at end for reference). FWIW: - I can now browse the IPA server via a web browser. - I can retrieve credentials for those that I've already retrieved credentials for (id testuser at co.org.au works) - I can't retrieve new credentials (id testuser_new at co.org.au does not work ("no such user") - if I sc --failed: UNIT LOAD ACTIVE SUB DESCRIPTION ? ipa.service loaded failed failed Identity, Policy, Audit ? kadmin.service loaded failed failed Kerberos 5 Password-changing and Administration ? smb.service loaded failed failed Samba SMB Daemon - None of these will start on their own (with sc start .service) - trying to start ipa fails with the added bonus of shutting down krb5kdc / kadmin / dirsrv at DOMAIN.ORG.AU as well? I'm finding I'm needing to restart these services after attempting an ipa start. Which is failing on smb still. - krb5kdc also doesn't start. I am so confused. Earlier in the day when it was "working", I noticed that there was a service running called ipa.memchached - I presume that's why I can get some id's and not others and can browse via web (well, that just means tomcat started correctly, right?). ipa.memcached has disappeared from the list of running services when I sc now. So. How can I create a situation where when I restart ipa, for whatever reason, this doesn't happen again? Secondary question: given that I have missed something seemingly integral, is there a document that describes the post install setup process I should go through to stop this error from re-occurring? Cheers L. Notes: root at vmts-linuxidm ~]# ipa-adtrust-install --netbios-name=UNIX -a xxxxxxx The log file for this installation can be found in /var/log/ipaserver-install.log ============================================================================== This program will setup components needed to establish trust to AD domains for the IPA Server. This includes: * Configure Samba * Add trust related objects to IPA LDAP server To accept the default shown in brackets, press the Enter key. IPA generated smb.conf detected. Overwrite smb.conf? [no]: yes Do you want to enable support for trusted domains in Schema Compatibility plugin? This will allow clients older than SSSD 1.9 and non-Linux clients to work with trusted users. Enable trusted domains support in slapi-nis? [no]: yes WARNING: 2 existing users or groups do not have a SID identifier assigned. Installer can run a task to have ipa-sidgen Directory Server plugin generate the SID identifier for all these users. Please note, the in case of a high number of users and groups, the operation might lead to high replication Configuring CIFS [1/23]: stopping smbd [2/23]: creating samba domain object Samba domain object already exists [3/23]: creating samba config registry [4/23]: writing samba config file [5/23]: adding cifs Kerberos principal [6/23]: adding cifs and host Kerberos principals to the adtrust agents group [7/23]: check for cifs services defined on other replicas [8/23]: adding cifs principal to S4U2Proxy targets cifs principal already targeted, nothing to do. [9/23]: adding admin(group) SIDs Admin SID already set, nothing to do Admin group SID already set, nothing to do [10/23]: adding RID bases RID bases already set, nothing to do [11/23]: updating Kerberos config 'dns_lookup_kdc' already set to 'true', nothing to do. [12/23]: activating CLDAP plugin CLDAP plugin already configured, nothing to do [13/23]: activating sidgen task Sidgen task plugin already configured, nothing to do [14/23]: configuring smbd to start on boot [15/23]: adding special DNS service records DNS management was not enabled at install time. Add the following service records to your DNS server for DNS zone unix.co.org.au: - _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs - _ldap._tcp.dc._msdcs - _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs - _kerberos._tcp.dc._msdcs - _kerberos._udp.Default-First-Site-Name._sites.dc._msdcs - _kerberos._udp.dc._msdcs [16/23]: enabling trusted domains support for older clients via Schema Compatibility plugin [17/23]: restarting Directory Server to take MS PAC and LDAP plugins changes into account [18/23]: adding fallback group Fallback group already set, nothing to do [19/23]: adding Default Trust View Default Trust View already exists. [20/23]: setting SELinux booleans [21/23]: enabling oddjobd [22/23]: starting CIFS services ipa : CRITICAL CIFS services failed to start [23/23]: adding SIDs to existing users and groups Done configuring CIFS. ============================================================================= Setup complete You must make sure these network ports are open: TCP Ports: * 138: netbios-dgm * 139: netbios-ssn * 445: microsoft-ds UDP Ports: * 138: netbios-dgm * 139: netbios-ssn * 389: (C)LDAP * 445: microsoft-ds ============================================================================= This email (including any attachments or links) may contain confidential and/or legally privileged information and is intended only to be read or used by the addressee. If you are not the intended addressee, any use, distribution, disclosure or copying of this email is strictly prohibited. Confidentiality and legal privilege attached to this email (including any attachments) are not waived or lost by reason of its mistaken delivery to you. If you have received this email in error, please delete it and notify us immediately by telephone or email. Peter MacCallum Cancer Centre provides no guarantee that this transmission is free of virus or that it has not been intercepted or altered and will not be liable for any delay in its receipt. From Lachlan.Simpson at petermac.org Tue Jan 19 05:03:39 2016 From: Lachlan.Simpson at petermac.org (Simpson Lachlan) Date: Tue, 19 Jan 2016 05:03:39 +0000 Subject: [Freeipa-users] IPA wont start, all services fail References: <0137003026EBE54FBEC540C5600C03C432D414@PMC-EXMBX02.petermac.org.au> <20160115065847.GC4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432D71C@PMC-EXMBX02.petermac.org.au> <20160118072748.GO4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432DA09@PMC-EXMBX02.petermac.org.au> <20160118223643.GG4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432DA31@PMC-EXMBX02.petermac.org.au> Message-ID: <0137003026EBE54FBEC540C5600C03C432DCF8@PMC-EXMBX02.petermac.org.au> > -----Original Message----- > From: Simpson Lachlan I've rebooted the machine, confirmed that FreeIPA isn't functioning (nothing in the browser, nothing in sc). I run sc start dirsrv at UNIX-CO-ORG-AU.service ipactl start Starting Directory Service Starting krb5kdc Service Starting kadmin Service Starting ipa_memcached Service Starting httpd Service Starting pki-tomcatd Service Starting smb Service Job for smb.service failed because the control process exited with error code. See "systemctl status smb.service" and "journalctl -xe" for details. Failed to start smb Service Shutting down Aborting ipactl The samba problem again, great. We know how to fix that. ipa-adtrust-install --netbios-name=UNIX Finishes successfully. Browser doesn't work, cli doesn't work, nothing works. OK. I run this list of commands successfully: ipctl stop sc start dirsrv at UNIX-CO-ORG-AU.service sc start krb5kdc sc start kadmin kdestroy kinit admin sc start ipa_memcached sc start httpd sc restart pki-tomcatd.target ipa-adtrust-install --netbios-name=UNIX sc --failed shows: - ipa.service loaded failed failed Identity, Policy, Audit - smb.service loaded failed failed Samba SMB Daemon An attempt to start smb fails as per ipaNTSecurityIdentifier error that I got yesterday. An attempt to start ipa manually (sc start ipa) fails as per above, but also brings down all working services, requiring that they be restarted manually if needed for future testing. Final note. When I run ipa-adtrust-install --netbios-name=UNIX I get what looks like a success message, although the output contains the following, neither of which I can fully understand: DNS management was not enabled at install time. Add the following service records to your DNS server for DNS zone unix.co.org.au: - _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs - _ldap._tcp.dc._msdcs - _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs - _kerberos._tcp.dc._msdcs - _kerberos._udp.Default-First-Site-Name._sites.dc._msdcs - _kerberos._udp.dc._msdcs (my unix.co.org.au DNS is managed upstream by the AD PDC, presumably this is dealt with?) and [22/23]: starting CIFS services ipa : CRITICAL CIFS services failed to start [23/23]: adding SIDs to existing users and groups Done configuring CIFS. (no idea?) Cheers L. This email (including any attachments or links) may contain confidential and/or legally privileged information and is intended only to be read or used by the addressee. If you are not the intended addressee, any use, distribution, disclosure or copying of this email is strictly prohibited. Confidentiality and legal privilege attached to this email (including any attachments) are not waived or lost by reason of its mistaken delivery to you. If you have received this email in error, please delete it and notify us immediately by telephone or email. Peter MacCallum Cancer Centre provides no guarantee that this transmission is free of virus or that it has not been intercepted or altered and will not be liable for any delay in its receipt. From jcholast at redhat.com Tue Jan 19 06:24:03 2016 From: jcholast at redhat.com (Jan Cholasta) Date: Tue, 19 Jan 2016 07:24:03 +0100 Subject: [Freeipa-users] CA-less vs CA-ful FreeIPA 4.2 installation In-Reply-To: <569CCFB2.5010307@redhat.com> References: <56991B9F.5060907@pakos.pl> <569C9CEC.7030109@redhat.com> <569CC6EA.2010304@pakos.pl> <569CCFB2.5010307@redhat.com> Message-ID: <569DD683.5000406@redhat.com> On 18.1.2016 12:42, Martin Kosek wrote: > On 01/18/2016 12:05 PM, Peter Pakos wrote: >> On 18/01/2016 08:06, Martin Kosek wrote: >>> I am hoping that this is well explained here: >>> >>> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/install-examples.html#install-ca-options >>> >>> >>> Some useful notes are also Dmitri Pal's blog post: >>> http://rhelblog.redhat.com/2015/06/02/identity-management-and-certificates/ >> >> Thanks for the docs. >> >> I'm trying to get my head around this... if I have a working CA-ful FreeIPA >> setup and then install 3rd party SSL certificates for HTTP/LDAP only (including >> 3 root CA certs from the chain) - does this replace original self-signed CA >> that FreeIPA generated (and becomes External CA install) or does CA stay >> untouched and I can still take advantage of all the goodies that come with >> CA-ful install like automatic certificates renewals (apart from HTTP/LDAP ones)? >> >> Or does this became a multi CA install? >> >> BTW, I can see that the root certificates are getting added to /etc/ipa/ca.crt. > > You should be still able to benefit from all the goodies the CA-ful FreeIPA > has. As you noticed above, all root CA certs should be added to ca.crt (see > help for ipa-certupdate tool), it is used to update certs on server/client and > add the new CA certificates. > >>>> I'm also thinking ahead, when it comes to renewing certificates when they >>>> expire in 1 year time, which install type would cause less problems? >>> >>> In CA-ful installation, client certificates or FreeIPA CA subsystem >>> certificates should just renew automatically. In CA-less, you need to take care >>> to renew them manually with your 3rd party certificate provider. >> >> So in my CA-ful install with 3rd party SSL certificate installed, how would the >> renewal look? > > All certificates issued by FreeIPA CA should be renewed automatically by > certmonger (if configured). External certificates should needs to be renewed > manually. Honza, does certmonger already warns about non-IPA certificates that > are getting close to expiration date or is this rather an RFE for future? It's an RFE, covered by my "certmonger everywhere" proposal: (the part about uniform certmonger configuration). > >> I understand that I would have to install new HTTP/LDAP certificates manually >> as they were signed by external CA, but would all certificates issued by >> FreeIPA CA still renew automatically? > > They should, yes. > >>>> I've failed to find any useful info covering the above points, so if you know >>>> anything, please just let me know. >>> >>> I think the important point is that even if you choose to install with CA-less >>> for now, you can switch to CA-ful later via ipa-ca-install: >>> >>> http://www.freeipa.org/page/V4/CA-less_to_CA-full_conversion >> >> Thank you, your help is much appreciated! >> > -- Jan Cholasta From abokovoy at redhat.com Tue Jan 19 06:33:10 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Tue, 19 Jan 2016 08:33:10 +0200 Subject: [Freeipa-users] IPA wont start, all services fail In-Reply-To: <0137003026EBE54FBEC540C5600C03C432DC31@PMC-EXMBX02.petermac.org.au> References: <0137003026EBE54FBEC540C5600C03C432D414@PMC-EXMBX02.petermac.org.au> <20160115065847.GC4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432D71C@PMC-EXMBX02.petermac.org.au> <20160118072748.GO4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432DA09@PMC-EXMBX02.petermac.org.au> <20160118223643.GG4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432DA31@PMC-EXMBX02.petermac.org.au> <0137003026EBE54FBEC540C5600C03C432DC31@PMC-EXMBX02.petermac.org.au> Message-ID: <20160119063310.GI4316@redhat.com> On Tue, 19 Jan 2016, Simpson Lachlan wrote: >> -----Original Message----- >> From: freeipa-users-bounces at redhat.com [mailto:freeipa-users- > > >I?m coming back to this thread for consistency, but is a result of me >running ipactl on the system we got working a couple of hours ago. See >email titled "idoverride-add gives incorrect, inconsistant results?" >for leadup. > >Anyway, ipactl restart fails, again. > > >[root at vmts-linuxidm ~]# ipactl restart >Stopping pki-tomcatd Service >Restarting Directory Service >Restarting krb5kdc Service >Restarting kadmin Service >Restarting ipa_memcached Service >Restarting httpd Service >Restarting pki-tomcatd Service >inconsistRestarting winbind Service >Restarting ipa-otpd Service >Starting smb Service >Job for smb.service failed because the control process exited with error code. See "systemctl status smb.service" and "journalctl -xe" for details. >Failed to start smb Service >Shutting down >Aborting ipactl > > >Gah. Look in the samba log, and it's exactly the same issue. > >Right. > >[root at vmts-linuxidm ~]# ipa-adtrust-install --netbios-name=UNIX -a xxxxxxx > >The log file for this installation can be found in /var/log/ipaserver-install.log >============================================================================== >This program will setup components needed to establish trust to AD domains for >the IPA Server. > >This includes: > * Configure Samba > * Add trust related objects to IPA LDAP server > >To accept the default shown in brackets, press the Enter key. > >IPA generated smb.conf detected. >Overwrite smb.conf? [no]: yes >Do you want to enable support for trusted domains in Schema Compatibility plugin? >This will allow clients older than SSSD 1.9 and non-Linux clients to work with trusted users. > >Enable trusted domains support in slapi-nis? [no]: yes > >There was error to automatically re-kinit your admin user ticket. >Proceeding with credentials that existed before >Outdated Kerberos credentials. Use kdestroy and kinit to update your ticket > >Huh? > >[root at vmts-linuxidm ~]# kdestroy >[root at vmts-linuxidm ~]# kinit admin >kinit: Cannot contact any KDC for realm 'UNIX.CO.ORG.AU' while getting initial credentials > >I check, and sure enough, dirsrv at UNIX.CO.ORG.AU has stopped again >(should I call it 389, dirsrv, ldap or slapd? They are all the same >thing, right?). > >I restart dirsrv, and try restarting smb, no joy. I try running >ipa-adtrust-install again, without luck. I restart krb5kdc manually (sc >start krb5kdc), and try all the above again, with no luck. > >kdestroy has a lovely little pause, but kinit admin fails. > >Some of the other errors I've received: > >ipa-adtrust-install > >There was error to automatically re-kinit your admin user ticket. >Proceeding with credentials that existed before >Must have Kerberos credentials to setup AD trusts on serve > >klist >klist: Credentials cache keyring 'persistent:0:0' not found > > >Ok, so I try sc start krb5kdc and that works. Now klist still returns >the above error, but kinit admin works. And ipa-adtrust-install works >as it did this AM (output at end for reference). > >FWIW: > > - I can now browse the IPA server via a web browser. > - I can retrieve credentials for those that I've already retrieved credentials for (id testuser at co.org.au works) > - I can't retrieve new credentials (id testuser_new at co.org.au does not work ("no such user") > - if I sc --failed: > > UNIT LOAD ACTIVE SUB DESCRIPTION >? ipa.service loaded failed failed Identity, Policy, Audit >? kadmin.service loaded failed failed Kerberos 5 Password-changing and Administration >? smb.service loaded failed failed Samba SMB Daemon > > - None of these will start on their own (with sc start .service) > - trying to start ipa fails with the added bonus of shutting down > krb5kdc / kadmin / dirsrv at DOMAIN.ORG.AU as well? I'm finding I'm > needing to restart these services after attempting an ipa start. Which > is failing on smb still. > - krb5kdc also doesn't start. > >I am so confused. Earlier in the day when it was "working", I noticed >that there was a service running called ipa.memchached - I presume >that's why I can get some id's and not others and can browse via web >(well, that just means tomcat started correctly, right?). ipa.memcached >has disappeared from the list of running services when I sc now. > > >So. How can I create a situation where when I restart ipa, for whatever >reason, this doesn't happen again? > >Secondary question: given that I have missed something seemingly >integral, is there a document that describes the post install setup >process I should go through to stop this error from re-occurring? Let's start from the beginning: - What distribution you are running? - What IPA packages are installed? - What 389-ds-base package is installed? - What slapi-nis package is installed? It looks like if things are working for "few hours" and then stop, this means 389-ds did crash somehow. There were several cases where it might crash but they were fixed and latest releases have no known crashes, either with RHEL 6.7 or RHEL 7.2 and their off-springs. -- / Alexander Bokovoy From jhrozek at redhat.com Tue Jan 19 07:49:36 2016 From: jhrozek at redhat.com (Jakub Hrozek) Date: Tue, 19 Jan 2016 08:49:36 +0100 Subject: [Freeipa-users] idoverride-add gives incorrect, inconsistant results? In-Reply-To: <0137003026EBE54FBEC540C5600C03C432DB61@PMC-EXMBX02.petermac.org.au> References: <0137003026EBE54FBEC540C5600C03C432DB61@PMC-EXMBX02.petermac.org.au> Message-ID: <20160119074936.GD3391@hendrix> On Tue, Jan 19, 2016 at 12:23:39AM +0000, Simpson Lachlan wrote: > Since I got the service back up and running, I was continuing my tests/learning by following the steps on the V4 Migrating existing environments to Trust page: > > http://www.freeipa.org/page/V4/Migrating_existing_environments_to_Trust#How_to_Test > > > > [root at vmts-linuxidm ~]# id TestUser at co.org.au > uid=1750693931(testuser at co.org.au) gid=1750693931(testuser at co.org.au) groups=1750693931(testuser at co.org.au),1750687326(bioinf-staff at co.org.au) > > > Success and joy. > > > [root at vmts-linuxidm ~]# ipa idoverrideuser-add 'Default Trust View' testuser at co.org.au --uid 1506 > ------------------------------------------------------- > Added User ID override "testuser at co.org.au" > ------------------------------------------------------- > Anchor to override: testuser at co.org.au > UID: 1506 > > > > Great. > > > [root at vmts-linuxidm ~]# sudo systemctl restart sssd > > [root at vmts-linuxidm ~]# id testuser at co.org.au > uid=1750693931(testuser at co.org.au) gid=1750693931(testuser at co.org.au) groups=1750693931(testuser at co.org.au),1750687326(bioinf-staff at co.org.au) > > > Huh? The documentation linked to above says that uid should now be 1506? What sssd version? From lkrispen at redhat.com Tue Jan 19 08:34:42 2016 From: lkrispen at redhat.com (Ludwig Krispenz) Date: Tue, 19 Jan 2016 09:34:42 +0100 Subject: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists In-Reply-To: References: <569CB899.9040603@redhat.com> <569CCB5D.8040400@redhat.com> <569D27C4.10602@redhat.com> <569D2F2F.6080806@redhat.com> Message-ID: <569DF522.4090505@redhat.com> On 01/18/2016 09:55 PM, Nathan Peters wrote: > Another follow-up : dirsrv logs get really strange when I attempt to add that cleanruv task. It apears the message logged to console that the task already exists is totally lying ? o.O no, it is not totally lying, you just found another trace of a replica ID which is probably not properly cleaned. The cleanallruv task looks into the database and finally also into the changelog and remove all traces for tee replica ID to be cleaned. What you found is a ruv in the replication agreement, the replication agreement keeps track of the consumer RUV it has seen, and there was at one time replica 14. I'll open a ticket for 389-ds to handle this in the cleanallruv task. But the obsolete replica ID in the agreement should do no harm. If you want to get rid of it, you coud stop the server and remove it from the /etc/dirsrv/slapd-/dse.ldif > > So the actual error is that it cannot modify a task because it does not exist? Why does it not exist ? According to the docs here : http://directory.fedoraproject.org/docs/389ds/FAQ/troubleshoot-cleanallruv.html > > It should always exist? There is no 'changetype : modify' in that ldap syntax... > > [18/Jan/2016:12:36:56 -0800] - ldbm_back_seq deadlock retry BAD 1601, err=0 BDB0062 Successful return: 0 > [18/Jan/2016:12:39:56 -0800] - WARNING: can't modify task entry 'cn=clean 14,cn=cleanallruv,cn=tasks,cn=config'; No such object (32) > [18/Jan/2016:12:39:58 -0800] - WARNING: can't modify task entry 'cn=clean 14,cn=cleanallruv,cn=tasks,cn=config'; No such object (32) > [18/Jan/2016:12:40:00 -0800] - WARNING: can't modify task entry 'cn=clean 14,cn=cleanallruv,cn=tasks,cn=config'; No such object (32) > [18/Jan/2016:12:40:00 -0800] NSMMReplicationPlugin - CleanAllRUV Task (rid 14): Replica id (14) is already being cleaned > [18/Jan/2016:12:40:02 -0800] - WARNING: can't modify task entry 'cn=clean 14,cn=cleanallruv,cn=tasks,cn=config'; No such object (32) > [18/Jan/2016:12:40:04 -0800] - WARNING: can't modify task entry 'cn=clean 14,cn=cleanallruv,cn=tasks,cn=config'; No such object (32) > [18/Jan/2016:12:40:06 -0800] - WARNING: can't modify task entry 'cn=clean 14,cn=cleanallruv,cn=tasks,cn=config'; No such object (32) > [18/Jan/2016:12:40:06 -0800] NSMMReplicationPlugin - CleanAllRUV Task (rid 14): Task failed...(-1) > [18/Jan/2016:12:40:08 -0800] - WARNING: can't modify task entry 'cn=clean 14,cn=cleanallruv,cn=tasks,cn=config'; No such object (32) > [18/Jan/2016:12:40:08 -0800] - WARNING: can't find task entry 'cn=clean 14,cn=cleanallruv,cn=tasks,cn=config' > [18/Jan/2016:12:40:08 -0800] ipa_sidgen_add_post_op - [file ipa_sidgen.c, line 128]: Missing target entry. > > -----Original Message----- > From: Nathan Peters > Sent: January-18-16 12:13 PM > To: Nathan Peters; Petr Vobornik; Rob Crittenden; freeipa-users at redhat.com > Subject: RE: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists > > Follow-up : After finding the ghost ruvs below I tried to clean them. Apparently they are already being cleaned by some task that is clearly not working ... > > ==== attempts to clean ruv 14 ==== > > [[root at dc2-ipa-dev-nvan slapd-MYDOMAIN-NET]# ldapmodify -D "cn=directory manager" -W -a > Enter LDAP Password: > dn: cn=clean 14, cn=cleanallruv, cn=tasks, cn=config > objectclass: top > objectclass: extensibleObject > replica-base-dn: cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config > replica-id: 14 > replica-force-cleaning: yes > cn: clean 14 > > adding new entry "cn=clean 14, cn=cleanallruv, cn=tasks, cn=config" > ldap_add: Server is unwilling to perform (53) > additional info: Replica id (14) is already being cleaned > > [root at dc2-ipa-dev-nvan slapd-MYDOMAIN-NET]# ldapmodify -x -D "cn=directory manager" -W <> dn: cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config >> changetype: modify >> replace: nsds5task >> nsds5task: CLEANRUV14 >> EOF > Enter LDAP Password: > modifying entry "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" > > This one adds the entry properly (I think - I have no idea how to check if one exists), but does not actually clean the ruv. > > > -----Original Message----- > From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Nathan Peters > Sent: January-18-16 11:44 AM > To: Petr Vobornik; Rob Crittenden; freeipa-users at redhat.com > Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists > > Answers to questions : > > 1) All 3 servers are working fine. Error logs show only the expected replication keepalive entries and no other entries for the last 24 hours. Replication works. > > 2) ipa server-find output is identical on all 3 servers : > > [root at dc1-ipa-dev-nvan slapd-DEV-GLOBALRELAY-NET]# ipa server-find > --------------------- > 3 IPA servers matched > --------------------- > Server name: dc1-ipa-dev-nvan.dev-globalrelay.net > Managed suffixes: domain, ca > Min domain level: 0 > Max domain level: 1 > > Server name: dc1-ipa-dev-van.dev-globalrelay.net > Managed suffixes: domain, ca > Min domain level: 0 > Max domain level: 1 > > Server name: dc2-ipa-dev-nvan.dev-globalrelay.net > Managed suffixes: domain, ca > Min domain level: 0 > Max domain level: 1 > ---------------------------- > Number of entries returned 3 > ---------------------------- > > 3)ipa-replica-manage list is the same on all 3 servers : > > [root at dc1-ipa-dev-van slapd-DEV-GLOBALRELAY-NET]# ipa-replica-manage list > dc2-ipa-dev-nvan.dev-globalrelay.net: master > dc1-ipa-dev-nvan.dev-globalrelay.net: master > dc1-ipa-dev-van.dev-globalrelay.net: master > > 3.5)I actually tried running the remove command anyway in case there were any type of lingering records and it came back with nothing found : > > [root at dc2-ipa-dev-nvan slapd-DEV-GLOBALRELAY-NET]# ipa-replica-manage del dc2-ipa-dev-van.dev-globalrelay.net > dc2-ipa-dev-van.dev-globalrelay.net is not listed among IPA masters. > Please specify an actual server or add the --cleanup option to force clean up. > [root at dc2-ipa-dev-nvan slapd-DEV-GLOBALRELAY-NET]# ipa-replica-manage del dc2-ipa-dev-van.dev-globalrelay.net --cleanup > Checking connectivity in topology suffix 'ca' > 'dc2-ipa-dev-van.dev-globalrelay.net' is not a part of topology suffix 'ca' > Not checking connectivity > Checking connectivity in topology suffix 'domain' > 'dc2-ipa-dev-van.dev-globalrelay.net' is not a part of topology suffix 'domain' > Not checking connectivity > No RUV records found. > > 4) The command revealed it went to a different master than I thought. It was not the CA master, but a differnet one. > > [root at dc2-ipa-dev-van slapd-DEV-GLOBALRELAY-NET]# cat /var/log/ipareplica-install.log | grep "Forwarding 'service_add'" > 2016-01-18T17:28:22Z INFO Forwarding 'service_add' to json server 'https://dc2-ipa-dev-nvan.dev-globalrelay.net/ipa/json' > > For some reason, when I was monitoring the logs, nothing had been logged on the dc2-ipa-dev-nvan in the dirsrv log but it must have been buffering to disk, because when I checked the logs 5 minutes later, all the data was there. You can actually see the err=68 here : > > [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 ADD dn="cn=replica,cn=dc\3Ddev-globalrelay\2Cdc\3Dnet,cn=mapping tree,cn=config" > [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 RESULT err=68 tag=105 nentries=0 etime=0 > [18/Jan/2016:09:28:33 -0800] conn=18732 op=11 UNBIND > > I'm not sure why it would fail that call though... > > Here are the ldapsearch for that cn=replica branch performed on the master it was joining to, as well as the complete logs from that master with the err=68 in it. > > I'm not sure if this has anything to do with it, but inside the replica branch are already 2 sub branches for replication agreements. These agreements have what appears to be old ruvs for the server I am trying to join, however, because the ipa-replica-install clean-ruv command only applies to domain level 0, I cannot clean those ruvs... I also cannot lower my domain level back down to 0 so I can clean them. > > [root at dc2-ipa-dev-nvan slapd-DEV-GLOBALRELAY-NET]# ipa-replica-manage clean-ruv 14 > No RUV records found. > > > ==== LDAP SEARCH OF SECTION OF TREE THAT ADD FAILS ON ===== > > [root at dc2-ipa-dev-nvan slapd-MYDOMAIN-NET]# ldapsearch -D "cn=directory manager" -W -b "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" > Enter LDAP Password: > # extended LDIF > # > # LDAPv3 > # base with scope subtree > # filter: (objectclass=*) > # requesting: ALL > # > > # replica, dc\3Dmydomain\2Cdc\3Dnet, mapping tree, config > dn: cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config > cn: replica > nsDS5Flags: 1 > nsDS5ReplicaBindDN: cn=replication manager,cn=config > nsDS5ReplicaBindDN: krbprincipalname=ldap/dc1-ipa-dev-nvan.mydomain.net > @MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net > nsDS5ReplicaBindDN: krbprincipalname=ldap/dc1-ipa-dev-van.mydomain.net@ > MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net > nsDS5ReplicaId: 15 > nsDS5ReplicaName: 74d8b993-bcb911e5-ba5283c7-2a40cd64 > nsDS5ReplicaRoot: dc=mydomain,dc=net > nsDS5ReplicaType: 3 > nsState:: DwAAAAAAAAC/OZ1WAAAAAAAAAAAAAAAAbAEAAAAAAAAAAAAAAAAAAA== > nsds5ReplicaLegacyConsumer: off > nsds5replicabinddngroup: cn=replication managers,cn=sysaccounts,cn=etc,dc=mydomain,dc=net > nsds5replicabinddngroupcheckinterval: 60 > objectClass: nsds5replica > objectClass: top > objectClass: extensibleobject > nsds5ReplicaChangeCount: 37386 > nsds5replicareapactive: 0 > > # meTodc1-ipa-dev-nvan.mydomain.net, replica, dc\3Dmydomain\2Cdc\ > 3Dnet, mapping tree, config > dn: cn=meTodc1-ipa-dev-nvan.mydomain.net,cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config > cn: meTodc1-ipa-dev-nvan.mydomain.net > description: me to dc1-ipa-dev-nvan.mydomain.net > nsDS5ReplicaBindMethod: SASL/GSSAPI > nsDS5ReplicaHost: dc1-ipa-dev-nvan.mydomain.net > nsDS5ReplicaPort: 389 > nsDS5ReplicaRoot: dc=mydomain,dc=net > nsDS5ReplicaTransportInfo: LDAP > nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial > entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount > nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts > uccessfulauth krblastfailedauth krbloginfailedcount > nsds50ruv: {replicageneration} 553fe9bb000000040000 > nsds50ruv: {replica 16 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 569afd > 26000000100000 569b9201002200100000 > nsds50ruv: {replica 17 ldap://dc1-ipa-dev-van.mydomain.net:389} 569b124 > b000000110000 569b91af000d00110000 > nsds50ruv: {replica 15 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 569aee > 040000000f0000 569b92010002000f0000 > nsds50ruv: {replica 14 ldap://dc2-ipa-dev-van.mydomain.net:389} 569ae7b > b0000000e0000 569b91320014000e0000 > nsds5ReplicaEnabled: on > nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in > ternalModifyTimestamp > nsds5replicaTimeout: 120 > nsruvReplicaLastModified: {replica 16 ldap://dc1-ipa-dev-nvan.mydomain. > net:389} 00000000 > nsruvReplicaLastModified: {replica 17 ldap://dc1-ipa-dev-van.mydomain.n > et:389} 00000000 > nsruvReplicaLastModified: {replica 15 ldap://dc2-ipa-dev-nvan.mydomain. > net:389} 00000000 > nsruvReplicaLastModified: {replica 14 ldap://dc2-ipa-dev-van.mydomain.n > et:389} 00000000 > objectClass: nsds5replicationagreement > objectClass: top > objectClass: ipaReplTopoManagedAgreement > ipaReplTopoManagedAgreementState: managed agreement - controlled by topology p > lugin > nsds5replicareapactive: 0 > nsds5replicaLastUpdateStart: 20160118191523Z > nsds5replicaLastUpdateEnd: 20160118191523Z > nsds5replicaChangesSentSinceStartup:: MTU6Mjc0LzgyNzY5NiAxNDoxLzAgMTc6MTQvMCAx > NjoyLzAg > nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd > ate succeeded > nsds5replicaUpdateInProgress: FALSE > nsds5replicaLastInitStart: 19700101000000Z > nsds5replicaLastInitEnd: 19700101000000Z > > # meTodc1-ipa-dev-van.mydomain.net, replica, dc\3Dmydomain\2Cdc\3 > Dnet, mapping tree, config > dn: cn=meTodc1-ipa-dev-van.mydomain.net,cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config > cn: meTodc1-ipa-dev-van.mydomain.net > description: me to dc1-ipa-dev-van.mydomain.net > nsDS5ReplicaBindMethod: SASL/GSSAPI > nsDS5ReplicaHost: dc1-ipa-dev-van.mydomain.net > nsDS5ReplicaPort: 389 > nsDS5ReplicaRoot: dc=mydomain,dc=net > nsDS5ReplicaTransportInfo: LDAP > nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial > entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount > nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts > uccessfulauth krblastfailedauth krbloginfailedcount > nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in > ternalModifyTimestamp > nsds5replicaTimeout: 120 > objectClass: nsds5replicationagreement > objectClass: top > objectClass: ipaReplTopoManagedAgreement > ipaReplTopoManagedAgreementState: managed agreement - controlled by topology p > lugin > nsds50ruv: {replicageneration} 553fe9bb000000040000 > nsds50ruv: {replica 17 ldap://dc1-ipa-dev-van.mydomain.net:389} 569b124 > b000000110000 569b9201000500110000 > nsds50ruv: {replica 16 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 569afd > 26000000100000 569b918d004a00100000 > nsds50ruv: {replica 15 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 569aee > 040000000f0000 569b92010002000f0000 > nsds50ruv: {replica 14 ldap://dc2-ipa-dev-van.mydomain.net:389} 569ae7b > b0000000e0000 569b91320014000e0000 > nsruvReplicaLastModified: {replica 17 ldap://dc1-ipa-dev-van.mydomain.n > et:389} 00000000 > nsruvReplicaLastModified: {replica 16 ldap://dc1-ipa-dev-nvan.mydomain. > net:389} 00000000 > nsruvReplicaLastModified: {replica 15 ldap://dc2-ipa-dev-nvan.mydomain. > net:389} 00000000 > nsruvReplicaLastModified: {replica 14 ldap://dc2-ipa-dev-van.mydomain.n > et:389} 00000000 > nsds5replicareapactive: 0 > nsds5replicaLastUpdateStart: 20160118191523Z > nsds5replicaLastUpdateEnd: 20160118191523Z > nsds5replicaChangesSentSinceStartup:: MTU6MzY2LzE0MTg1NjkgMTY6OTYvMCAxNzoyLzAg > nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd > ate succeeded > nsds5replicaUpdateInProgress: FALSE > nsds5replicaLastInitStart: 19700101000000Z > nsds5replicaLastInitEnd: 19700101000000Z > > # search result > search: 2 > result: 0 Success > > # numResponses: 4 > # numEntries: 3 > > > > > > ===== LOGS FROM MASTER DURING REPLICA INSTALLATION ATTEMPT ==== > > [18/Jan/2016:09:27:54 -0800] conn=18695 fd=144 slot=144 connection from 10.21.0.98 to 10.178.0.98 > [18/Jan/2016:09:27:54 -0800] conn=18695 op=0 BIND dn="" method=128 version=3 > [18/Jan/2016:09:27:54 -0800] conn=18695 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="" > [18/Jan/2016:09:27:54 -0800] conn=18695 op=1 SRCH base="" scope=0 filter="(objectClass=*)" attrs="namingContexts defaultnamingcontext" > [18/Jan/2016:09:27:54 -0800] conn=18695 op=1 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=18695 op=2 SRCH base="dc=mydomain,dc=net" scope=0 filter="(info=IPA*)" attrs=ALL > [18/Jan/2016:09:27:54 -0800] conn=18695 op=2 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=18695 op=3 SRCH base="cn=kerberos,dc=mydomain,dc=net" scope=2 filter="(objectClass=krbRealmContainer)" attrs=ALL > [18/Jan/2016:09:27:54 -0800] conn=18695 op=3 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=14994 op=9086 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:27:54 -0800] conn=14994 op=9086 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=14994 op=9087 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:27:54 -0800] conn=14994 op=9087 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=14994 op=9088 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:27:54 -0800] conn=14994 op=9088 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=14994 op=9089 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:27:54 -0800] conn=14994 op=9089 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=7 op=36490 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:54 -0800] conn=7 op=36490 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=7 op=36491 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:54 -0800] conn=7 op=36491 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=7 op=36492 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:54 -0800] conn=7 op=36492 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=7 op=36493 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:27:54 -0800] conn=7 op=36493 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=6 op=38858 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:54 -0800] conn=6 op=38858 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=6 op=38859 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:54 -0800] conn=6 op=38859 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=6 op=38860 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:54 -0800] conn=6 op=38860 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=6 op=38861 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:27:54 -0800] conn=6 op=38861 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=6 op=38862 SRCH base="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:27:54 -0800] conn=6 op=38862 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=6 op=38863 MOD dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:27:54 -0800] conn=6 op=38863 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22060000000f0000 > [18/Jan/2016:09:27:54 -0800] conn=18696 fd=145 slot=145 connection from 10.21.0.98 to 10.178.0.98 > [18/Jan/2016:09:27:54 -0800] conn=6 op=38864 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:54 -0800] conn=6 op=38864 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=6 op=38865 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:54 -0800] conn=6 op=38865 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=6 op=38866 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:54 -0800] conn=6 op=38866 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=6 op=38867 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:54 -0800] conn=6 op=38867 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=6 op=38868 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:54 -0800] conn=6 op=38868 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=18696 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:54 -0800] conn=18696 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:27:54 -0800] conn=18696 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:54 -0800] conn=18696 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:27:54 -0800] conn=18696 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:54 -0800] conn=18696 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:27:54 -0800] conn=18696 op=3 SRCH base="cn=certificates,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaCertificate)(objectClass=pkiCA))" attrs="ipaKeyExtUsage cn ipaCertSubject ipaPublicKey cacertificate;binary ipaKeyTrust ipaCertIssuerSerial" > [18/Jan/2016:09:27:54 -0800] conn=18696 op=3 RESULT err=0 tag=101 nentries=2 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=18696 op=4 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" > [18/Jan/2016:09:27:54 -0800] conn=18696 op=4 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=18696 op=5 UNBIND > [18/Jan/2016:09:27:54 -0800] conn=18696 op=5 fd=145 closed - U1 > [18/Jan/2016:09:27:54 -0800] conn=6 op=38869 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:54 -0800] conn=6 op=38869 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=6 op=38870 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:54 -0800] conn=6 op=38870 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=6 op=38871 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:54 -0800] conn=6 op=38871 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=6 op=38872 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:54 -0800] conn=6 op=38872 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=6 op=38873 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:54 -0800] conn=6 op=38873 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=3 op=82445 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:54 -0800] conn=3 op=82446 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:54 -0800] conn=3 op=82445 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=3 op=82447 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:55 -0800] conn=3 op=82446 RESULT err=0 tag=101 nentries=1 etime=1 > [18/Jan/2016:09:27:55 -0800] conn=3 op=82447 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=3 op=82448 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:55 -0800] conn=3 op=82448 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=13 op=56316 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:55 -0800] conn=13 op=56316 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=13 op=56317 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:55 -0800] conn=13 op=56317 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=13 op=56318 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:55 -0800] conn=13 op=56318 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=13 op=56319 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:27:55 -0800] conn=13 op=56319 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=7 op=36494 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:55 -0800] conn=7 op=36494 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=18697 fd=145 slot=145 connection from 10.21.5.248 to 10.178.0.98 > [18/Jan/2016:09:27:55 -0800] conn=18697 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" > [18/Jan/2016:09:27:55 -0800] conn=18697 op=0 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=7 op=36495 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:55 -0800] conn=7 op=36495 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=7 op=36496 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:55 -0800] conn=7 op=36496 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=7 op=36497 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:27:55 -0800] conn=7 op=36497 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=7 op=36498 SRCH base="cn=ad,cn=trusts,dc=mydomain,dc=net" scope=2 filter="(objectClass=ipaNTTrustedDomain)" attrs=ALL > [18/Jan/2016:09:27:55 -0800] conn=7 op=36499 SRCH base="dc=mydomain,dc=net" scope=2 filter="(objectClass=ipaNTDomainAttrs)" attrs="ipaNTFlatName ipaNTFallbackPrimaryGroup ipaNTSecurityIdentifier" > [18/Jan/2016:09:27:55 -0800] conn=7 op=36498 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=7 op=36499 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=7 op=36500 SRCH base="cn=Default SMB Group,cn=groups,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=posixGroup)" attrs="ipaNTSecurityIdentifier" > [18/Jan/2016:09:27:55 -0800] conn=7 op=36501 SRCH base="cn=ad,cn=trusts,dc=mydomain,dc=net" scope=2 filter="(objectClass=ipaNTTrustedDomain)" attrs="cn ipaNTTrustPartner ipaNTFlatName ipaNTTrustedDomainSID ipaNTSIDBlacklistIncoming ipaNTSIDBlacklistOutgoing" > [18/Jan/2016:09:27:55 -0800] conn=7 op=36500 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=7 op=36501 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=7 op=36502 SRCH base="krbprincipalname=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:27:55 -0800] conn=7 op=36502 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=7 op=36503 SRCH base="cn=dc2-ipa-dev-nvan.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:27:55 -0800] conn=7 op=36503 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=7 op=36504 MOD dn="krbprincipalname=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:27:55 -0800] conn=7 op=36504 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22070000000f0000 > [18/Jan/2016:09:27:55 -0800] conn=3 op=82449 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/fe1-gas-gasqa3-van.login.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/fe1-gas-gasqa3-van.login.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:55 -0800] conn=18698 fd=278 slot=278 connection from 10.178.0.98 to 10.178.0.98 > [18/Jan/2016:09:27:55 -0800] conn=13 op=56320 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:55 -0800] conn=3 op=82449 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=3 op=82450 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:55 -0800] conn=3 op=82450 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=3 op=82451 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:55 -0800] conn=13 op=56320 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=13 op=56321 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:55 -0800] conn=3 op=82451 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=3 op=82452 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:27:55 -0800] conn=3 op=82452 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=13 op=56321 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=13 op=56322 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:55 -0800] conn=13 op=56322 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=13 op=56323 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:55 -0800] conn=6 op=38874 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/fe1-gas-gasqa3-van.login.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/fe1-gas-gasqa3-van.login.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:55 -0800] conn=13 op=56323 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=13 op=56324 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:55 -0800] conn=13 op=56324 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=18698 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:55 -0800] conn=6 op=38874 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=6 op=38875 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:55 -0800] conn=6 op=38875 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=6 op=38876 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:55 -0800] conn=18698 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:27:55 -0800] conn=18698 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:55 -0800] conn=18698 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:27:55 -0800] conn=18698 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:55 -0800] conn=6 op=38876 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=6 op=38877 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:27:55 -0800] conn=6 op=38877 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=18698 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:27:55 -0800] conn=6 op=38878 SRCH base="fqdn=fe1-gas-gasqa3-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:27:55 -0800] conn=6 op=38878 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=18698 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:27:55 -0800] conn=6 op=38879 SRCH base="cn=fe1-gas-gasqa3-van.login.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:27:55 -0800] conn=6 op=38879 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=6 op=38880 MOD dn="fqdn=fe1-gas-gasqa3-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:27:55 -0800] conn=18698 op=3 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=18698 op=4 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" > [18/Jan/2016:09:27:55 -0800] conn=18698 op=4 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=18698 op=5 SRCH base="cn=computers,cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=ipaobject)(objectClass=nshost)(objectClass=ipahost)(objectClass=pkiuser)(objectClass=ipaservice))(serverHostName=dc2-ipa-dev-van.mydomain.net))" attrs="" > [18/Jan/2016:09:27:55 -0800] conn=18698 op=5 RESULT err=0 tag=101 nentries=0 etime=0 notes=U > [18/Jan/2016:09:27:55 -0800] conn=18698 op=6 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="macAddress memberofindirect description nsHardwarePlatform userCertificate ipaAllowedToPerform * l nsOsVersion fqdn managedBy ipaAssignedIDView memberOf krbPrincipalName nsHostLocation userClass aci" > [18/Jan/2016:09:27:55 -0800] conn=18698 op=6 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=18698 op=7 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" > [18/Jan/2016:09:27:55 -0800] conn=18698 op=7 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=18698 op=8 SRCH base="cn=computers,cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=ipaobject)(objectClass=nshost)(objectClass=ipahost)(objectClass=pkiuser)(objectClass=ipaservice))(serverHostName=dc2-ipa-dev-van.mydomain.net))" attrs="" > [18/Jan/2016:09:27:55 -0800] conn=18698 op=8 RESULT err=0 tag=101 nentries=0 etime=0 notes=U > [18/Jan/2016:09:27:55 -0800] conn=18698 op=9 ADD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:27:55 -0800] conn=6 op=38880 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22070004000f0000 > [18/Jan/2016:09:27:55 -0800] conn=6 op=38881 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:55 -0800] conn=18698 op=9 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d22070008000f0000 > [18/Jan/2016:09:27:55 -0800] conn=6 op=38881 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=6 op=38882 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:55 -0800] conn=18698 op=10 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="macAddress memberOf description nsHardwarePlatform objectClass ipaAllowedToPerform memberofindirect l nsOsVersion fqdn managedBy ipaAssignedIDView ipaUniqueID userCertificate krbPrincipalName nsHostLocation userClass" > [18/Jan/2016:09:27:55 -0800] conn=18698 op=10 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=18698 op=11 SRCH base="dc=mydomain,dc=net" scope=2 filter="(|(member=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberUser=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberHost=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net))" attrs="" > [18/Jan/2016:09:27:55 -0800] conn=18698 op=11 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=18698 op=12 SRCH base="cn=dns,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:27:55 -0800] conn=18698 op=12 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=6 op=38882 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=6 op=38883 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:55 -0800] conn=6 op=38883 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=18698 op=13 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(userPassword=*)" attrs="userPassword" > [18/Jan/2016:09:27:55 -0800] conn=18698 op=13 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=6 op=38884 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/fe1-gas-gasqa3-van.login.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:55 -0800] conn=6 op=38884 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=18698 op=14 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(krbPrincipalKey=*)" attrs="krbPrincipalKey" > [18/Jan/2016:09:27:55 -0800] conn=18698 op=14 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=6 op=38885 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:55 -0800] conn=6 op=38885 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=18698 op=15 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaSshPubKey" > [18/Jan/2016:09:27:55 -0800] conn=18698 op=15 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=18698 op=16 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaDefaultLoginShell ipaCertificateSubjectBase ipaUserSearchFields ipaSELinuxUserMapDefault ipaUserAuthType ipaDefaultPrimaryGroup ipaPwdExpAdvNotify ipaGroupSearchFields ipaDefaultEmailDomain ipaHomesRootDir ipaSearchTimeLimit ipaKrbAuthzData ipaMigrationEnabled ipaSearchRecordsLimit ipaConfigString ipaMaxUsernameLength ipaSELinuxUserMapOrder" > [18/Jan/2016:09:27:55 -0800] conn=18698 op=16 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=14994 op=9090 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:27:55 -0800] conn=14994 op=9090 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=18697 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:55 -0800] conn=18697 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:27:55 -0800] conn=14994 op=9091 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:27:55 -0800] conn=14994 op=9091 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=18698 op=17 UNBIND > [18/Jan/2016:09:27:55 -0800] conn=18698 op=17 fd=278 closed - U1 > [18/Jan/2016:09:27:55 -0800] conn=18697 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:55 -0800] conn=18697 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:27:55 -0800] conn=17562 op=144064 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:27:55 -0800] conn=17562 op=144064 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=18697 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:55 -0800] conn=18697 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=fe1-gas-gasqa3-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:27:55 -0800] conn=17562 op=144065 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:55 -0800] conn=18697 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2842)(!(entryusn=2842)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=fe1-gas-gasqa3-van.login.mydomain.net)(sudoHost=fe1-gas-gasqa3-van)(sudoHost=10.21.5.248)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:640b)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" > [18/Jan/2016:09:27:55 -0800] conn=18697 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 > [18/Jan/2016:09:27:55 -0800] conn=17562 op=144065 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7ac1000b00110000 > [18/Jan/2016:09:27:55 -0800] conn=18699 fd=278 slot=278 connection from 10.21.0.98 to 10.178.0.98 > [18/Jan/2016:09:27:55 -0800] conn=18699 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:55 -0800] conn=18699 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:27:55 -0800] conn=18699 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:55 -0800] conn=18699 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:27:55 -0800] conn=18699 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:55 -0800] conn=18699 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:27:55 -0800] conn=18699 op=3 EXT oid="2.16.840.1.113730.3.8.10.5" name="IPA Password Manager" > [18/Jan/2016:09:27:55 -0800] conn=18699 op=3 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=18699 op=4 UNBIND > [18/Jan/2016:09:27:55 -0800] conn=18699 op=4 fd=278 closed - U1 > [18/Jan/2016:09:27:55 -0800] conn=3 op=82453 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:55 -0800] conn=3 op=82453 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=3 op=82454 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:55 -0800] conn=3 op=82454 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=3 op=82455 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:55 -0800] conn=3 op=82455 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=3 op=82456 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:27:55 -0800] conn=3 op=82456 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=3 op=82457 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:55 -0800] conn=3 op=82457 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=3 op=82458 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:55 -0800] conn=3 op=82458 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=3 op=82459 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:55 -0800] conn=3 op=82459 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=3 op=82460 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:27:55 -0800] conn=3 op=82460 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=3 op=82461 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:27:55 -0800] conn=3 op=82461 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=3 op=82462 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:27:55 -0800] conn=3 op=82462 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=3 op=82463 MOD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:27:55 -0800] conn=3 op=82463 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22070012000f0000 > [18/Jan/2016:09:27:55 -0800] conn=18695 op=4 UNBIND > [18/Jan/2016:09:27:55 -0800] conn=18695 op=4 fd=144 closed - U1 > [18/Jan/2016:09:27:56 -0800] conn=18683 op=7 UNBIND > [18/Jan/2016:09:27:56 -0800] conn=18683 op=7 fd=277 closed - U1 > [18/Jan/2016:09:27:56 -0800] conn=14994 op=9092 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:27:56 -0800] conn=14994 op=9092 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144066 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144066 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7c09001b00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144067 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144067 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7c09001c00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144068 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144068 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7da4000500110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144069 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144069 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7da4000600110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144070 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144070 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7ec8000e00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144071 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144071 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c804f000600110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144072 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144072 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c804f000700110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144073 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144073 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8169001900110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144074 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144074 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8169001a00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144075 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144075 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c82c6000600110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144076 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144076 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8416000800110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144077 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144077 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8416000900110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144078 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144078 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c854a000700110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144079 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144079 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c854a000800110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144080 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144080 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8696002500110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144081 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144081 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8696002600110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144082 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144082 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8833000d00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144083 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144083 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8833000e00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144084 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144084 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8964000f00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144085 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144085 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8ae4000600110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144086 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144086 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8c17000900110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144087 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144087 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8d72000500110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144088 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144088 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8ece000a00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144089 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144089 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9023001800110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144090 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144090 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9023001900110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144091 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144091 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9192001400110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144092 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144092 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9192001500110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144093 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144093 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c92e8000400110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144094 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144094 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9463000500110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144095 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144095 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c95c0000500110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144096 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144096 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c95c0000600110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144097 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144097 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c96de001100110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144098 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144098 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c989b000a00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144099 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144099 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c989b000b00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144100 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144100 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c99d4000c00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144101 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144101 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c99d4000d00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144102 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144102 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9b07000a00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144103 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144103 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9ca8000800110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144104 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144104 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9ca8000900110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144105 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144105 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9dca001500110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144106 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144106 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9f15001e00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144107 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144107 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9f15001f00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144108 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144108 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca0bf000a00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144109 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144109 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca0bf000b00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144110 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144110 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca21a000d00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144111 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144111 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca3a6001a00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144112 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144112 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca3a6001b00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144113 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144113 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca4f9000200110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144114 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144114 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca638001a00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144115 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144115 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca638001b00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144116 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144116 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca7b4000c00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144117 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144117 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca7b4000d00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144118 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144118 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca922000d00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144119 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144119 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca922000e00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144120 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144120 RESULT err=32 tag=103 nentries=0 etime=0 csn=569caa84000a00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144121 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144121 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cabf6000d00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144122 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144122 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cabf6000e00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144123 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144123 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cad23000800110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144124 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144124 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cae86001100110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144125 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144125 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cae86001200110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144126 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144126 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb02b000e00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144127 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144127 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb02b000f00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144128 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144128 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb19e000600110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144129 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144129 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb302000800110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144130 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144130 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb463000400110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144131 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144131 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb5b6002300110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144132 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144132 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb733000d00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144133 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144133 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb733000e00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144134 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144134 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb8a4000600110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144135 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144135 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cba11000900110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144136 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144136 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cba11000a00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144137 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144137 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbb52001a00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144138 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144138 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbcc4001c00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144139 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144139 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbcc4001d00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144140 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144140 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbe3a000f00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144141 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144141 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbfa9000500110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144142 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144142 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc10e001000110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144143 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144143 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc10e001100110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144144 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144144 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc240001e00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144145 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144145 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc3a0001000110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144146 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144146 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc3a0001100110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144147 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144147 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc543000d00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144148 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144148 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc6a5000f00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144149 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144149 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc6a5001000110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144150 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144150 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc80d001000110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144151 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144151 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc943000800110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144152 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144152 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cca94000e00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144153 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144153 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccc35001000110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144154 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144154 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccc35001100110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144155 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144155 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccd8a000600110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144156 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144156 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccec0000c00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144157 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144157 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccec0000d00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144158 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144158 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd040000700110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144159 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144159 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd040000800110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144160 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144160 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd185001200110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144161 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144161 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd33d000700110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144162 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144162 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd493000400110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144163 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144163 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd5ed000d00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144164 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144164 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd749000900110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144165 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144165 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd893000500110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144166 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144166 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cda30001600110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144167 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144167 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cda30001700110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144168 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144168 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdb92000a00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144169 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144169 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdcdc000500110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144170 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144170 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cde51000a00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144171 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144171 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdfab000f00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144172 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144172 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce157000700110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144173 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144173 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce2f5001000110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144174 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144174 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce2f5001100110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144175 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144175 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce42d000900110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144176 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144176 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce585000f00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144177 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144177 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce6cf003500110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144178 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144178 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce6cf003600110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144179 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144179 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce860000900110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144180 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144180 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce9ce000900110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144181 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144181 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ceaf9002400110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144182 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144182 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cec51002100110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144183 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144183 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cedb6000900110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144184 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144184 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cedb6000a00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144185 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144185 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cef2a000500110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144186 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144186 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf0af000800110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144187 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144187 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf1cc000c00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144188 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144188 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf1cc000d00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144189 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144189 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf359002000110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144190 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144190 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf4b4000700110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144191 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144191 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf4b4000800110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144192 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144192 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf625000a00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144193 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144193 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf625000b00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144194 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144194 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf7ba000500110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144195 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144195 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf8d4000a00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144196 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144196 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfa64001d00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144197 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144197 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfbb2000800110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144198 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144198 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfd39000700110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144199 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144199 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfed1000a00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144200 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144200 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cffea001000110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144201 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144201 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d018b000600110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144202 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144202 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d02cf001c00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144203 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144203 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d02cf001d00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144204 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144204 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0489001300110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144205 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144205 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d061e000a00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144206 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144206 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0792000200110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144207 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144207 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d092f001500110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144208 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144208 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d092f001600110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144209 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144209 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0a69000800110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144210 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144210 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0c05001200110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144211 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144211 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0d5b001600110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144212 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144212 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0f13000f00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144213 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144213 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0f13001000110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144214 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144214 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1087000b00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144215 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144215 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d121d000500110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144216 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144216 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d13a4001200110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144217 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144217 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d14d5000500110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144218 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144218 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1693000300110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144219 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144219 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d17c4000c00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144220 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144220 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d17c4000d00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144221 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144221 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d194d000900110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144222 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144222 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1add000400110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144223 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144223 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1bef000500110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144224 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144224 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1d9b000500110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144225 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144225 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1edb000900110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144226 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144226 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d206f000600110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144227 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144227 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d21f1000a00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144228 MOD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144228 RESULT err=0 tag=103 nentries=0 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144229 MOD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144229 RESULT err=0 tag=103 nentries=0 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=18700 fd=144 slot=144 connection from 10.178.0.98 to 10.178.0.98 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82464 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:57 -0800] conn=3 op=82464 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82465 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:57 -0800] conn=3 op=82465 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82466 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:57 -0800] conn=3 op=82466 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82467 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:57 -0800] conn=3 op=82467 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82468 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:57 -0800] conn=3 op=82468 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82469 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" > [18/Jan/2016:09:27:57 -0800] conn=3 op=82469 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82470 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:57 -0800] conn=3 op=82470 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82471 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:57 -0800] conn=3 op=82471 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82472 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:27:57 -0800] conn=3 op=82472 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82473 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:27:57 -0800] conn=3 op=82473 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=18700 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:57 -0800] conn=18700 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:27:57 -0800] conn=18700 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:57 -0800] conn=18700 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:27:57 -0800] conn=18700 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:57 -0800] conn=18700 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=18700 op=3 UNBIND > [18/Jan/2016:09:27:57 -0800] conn=18700 op=3 fd=144 closed - U1 > [18/Jan/2016:09:27:57 -0800] conn=18701 fd=144 slot=144 connection from 10.178.0.98 to 10.178.0.98 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82474 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:57 -0800] conn=3 op=82474 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82475 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:57 -0800] conn=3 op=82475 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82476 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:57 -0800] conn=3 op=82476 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82477 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:57 -0800] conn=3 op=82477 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82478 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:57 -0800] conn=3 op=82478 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82479 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" > [18/Jan/2016:09:27:57 -0800] conn=3 op=82479 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82480 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:57 -0800] conn=3 op=82480 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82481 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:57 -0800] conn=3 op=82481 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82482 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:27:57 -0800] conn=3 op=82482 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82483 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:27:57 -0800] conn=3 op=82483 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=18701 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:57 -0800] conn=18701 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:27:57 -0800] conn=18701 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:57 -0800] conn=18701 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:27:57 -0800] conn=18701 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:57 -0800] conn=18701 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=18701 op=3 UNBIND > [18/Jan/2016:09:27:57 -0800] conn=18701 op=3 fd=144 closed - U1 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144230 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144230 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144231 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144231 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=18702 fd=144 slot=144 connection from 10.178.0.98 to 10.178.0.98 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82484 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144232 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144232 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7ac1000b00110000 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82484 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82485 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:57 -0800] conn=3 op=82485 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82486 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:57 -0800] conn=3 op=82486 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82487 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:57 -0800] conn=3 op=82487 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82488 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:57 -0800] conn=3 op=82488 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82489 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" > [18/Jan/2016:09:27:57 -0800] conn=3 op=82489 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82490 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:57 -0800] conn=3 op=82490 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82491 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:57 -0800] conn=3 op=82491 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82492 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:27:57 -0800] conn=3 op=82492 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82493 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:27:57 -0800] conn=3 op=82493 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=18702 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:57 -0800] conn=18702 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:27:57 -0800] conn=18702 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:57 -0800] conn=18702 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:27:57 -0800] conn=18702 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:57 -0800] conn=18702 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=18702 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:27:57 -0800] conn=18702 op=3 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=18702 op=4 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=CA))" attrs=ALL > [18/Jan/2016:09:27:57 -0800] conn=18702 op=4 RESULT err=0 tag=101 nentries=3 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=18702 op=5 UNBIND > [18/Jan/2016:09:27:57 -0800] conn=18702 op=5 fd=144 closed - U1 > [18/Jan/2016:09:27:57 -0800] conn=18703 fd=144 slot=144 connection from 10.21.0.98 to 10.178.0.98 > [18/Jan/2016:09:27:57 -0800] conn=18703 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:57 -0800] conn=18703 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:27:57 -0800] conn=18703 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:57 -0800] conn=18703 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:27:57 -0800] conn=18703 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:57 -0800] conn=18703 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=18703 op=3 SRCH base="cn=certificates,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaCertificate)(objectClass=pkiCA))" attrs="ipaKeyExtUsage cn ipaCertSubject ipaPublicKey cacertificate;binary ipaKeyTrust ipaCertIssuerSerial" > [18/Jan/2016:09:27:57 -0800] conn=18703 op=3 RESULT err=0 tag=101 nentries=2 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=18703 op=4 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" > [18/Jan/2016:09:27:57 -0800] conn=18703 op=4 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=18513 op=5 UNBIND > [18/Jan/2016:09:27:57 -0800] conn=18513 op=5 fd=153 closed - U1 > [18/Jan/2016:09:27:57 -0800] conn=18704 fd=153 slot=153 connection from 10.178.59.236 to 10.178.0.98 > [18/Jan/2016:09:27:57 -0800] conn=18704 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" > [18/Jan/2016:09:27:57 -0800] conn=18704 op=0 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=6 op=38886 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/hadoop1-mc-mcci1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/hadoop1-mc-mcci1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:57 -0800] conn=6 op=38886 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=6 op=38887 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:57 -0800] conn=6 op=38887 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=6 op=38888 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:57 -0800] conn=6 op=38888 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=6 op=38889 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:27:57 -0800] conn=6 op=38889 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=6 op=38890 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/hadoop1-mc-mcci1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/hadoop1-mc-mcci1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:57 -0800] conn=18703 op=5 UNBIND > [18/Jan/2016:09:27:57 -0800] conn=18703 op=5 fd=144 closed - U1 > [18/Jan/2016:09:27:57 -0800] conn=6 op=38890 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=6 op=38891 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:57 -0800] conn=6 op=38891 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=6 op=38892 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:57 -0800] conn=6 op=38892 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=6 op=38893 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:27:57 -0800] conn=6 op=38893 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=6 op=38894 SRCH base="fqdn=hadoop1-mc-mcci1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:27:57 -0800] conn=6 op=38894 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=6 op=38895 SRCH base="cn=hadoop1-mc-mcci1-nvan.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:27:57 -0800] conn=6 op=38895 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=6 op=38896 MOD dn="fqdn=hadoop1-mc-mcci1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=6 op=38896 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2209000e000f0000 > [18/Jan/2016:09:27:57 -0800] conn=6 op=38897 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:58 -0800] conn=6 op=38897 RESULT err=0 tag=101 nentries=1 etime=1 > [18/Jan/2016:09:27:58 -0800] conn=6 op=38898 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:58 -0800] conn=6 op=38898 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:58 -0800] conn=6 op=38899 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:58 -0800] conn=6 op=38899 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:58 -0800] conn=6 op=38900 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/hadoop1-mc-mcci1-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:58 -0800] conn=6 op=38901 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:58 -0800] conn=6 op=38901 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:58 -0800] conn=6 op=38900 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:58 -0800] conn=18704 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:58 -0800] conn=18704 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:27:58 -0800] conn=18704 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:58 -0800] conn=18704 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:27:58 -0800] conn=18704 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:58 -0800] conn=18704 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=hadoop1-mc-mcci1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:27:58 -0800] conn=18704 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2)(!(entryusn=2)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=hadoop1-mc-mcci1-nvan.mydomain.net)(sudoHost=hadoop1-mc-mcci1-nvan)(sudoHost=10.178.59.236)(sudoHost=10.178.0.0/16)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" > [18/Jan/2016:09:27:58 -0800] conn=18704 op=4 RESULT err=0 tag=101 nentries=7 etime=0 notes=P pr_idx=0 > [18/Jan/2016:09:27:59 -0800] conn=18705 fd=144 slot=144 connection from 10.21.42.41 to 10.178.0.98 > [18/Jan/2016:09:27:59 -0800] conn=18705 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" > [18/Jan/2016:09:27:59 -0800] conn=18705 op=0 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=6 op=38902 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/relay-sf-int-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/relay-sf-int-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:59 -0800] conn=6 op=38902 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=6 op=38903 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:59 -0800] conn=6 op=38903 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=6 op=38904 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:59 -0800] conn=6 op=38904 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=6 op=38905 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:27:59 -0800] conn=6 op=38905 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=18706 fd=277 slot=277 connection from 10.21.0.98 to 10.178.0.98 > [18/Jan/2016:09:27:59 -0800] conn=18706 op=-1 fd=277 closed - B1 > [18/Jan/2016:09:27:59 -0800] conn=6 op=38906 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/relay-sf-int-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/relay-sf-int-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:59 -0800] conn=6 op=38906 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=6 op=38907 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:59 -0800] conn=6 op=38907 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=6 op=38908 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:59 -0800] conn=6 op=38908 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=6 op=38909 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144233 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=6 op=38909 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144233 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7c09001b00110000 > [18/Jan/2016:09:27:59 -0800] conn=6 op=38910 SRCH base="fqdn=relay-sf-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:27:59 -0800] conn=6 op=38910 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=6 op=38911 SRCH base="cn=relay-sf-int-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144234 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144234 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7c09001c00110000 > [18/Jan/2016:09:27:59 -0800] conn=6 op=38911 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=6 op=38912 MOD dn="fqdn=relay-sf-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144235 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=6 op=38912 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b0000000f0000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144235 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7da4000500110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144236 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144236 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7da4000600110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144237 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144237 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7ec8000e00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144238 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144238 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c804f000600110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144239 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144239 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c804f000700110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144240 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144240 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8169001900110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144241 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144241 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8169001a00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144242 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144242 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c82c6000600110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144243 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144243 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8416000800110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144244 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144244 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8416000900110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144245 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144245 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c854a000700110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144246 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144246 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c854a000800110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144247 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144247 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8696002500110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144248 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144248 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8696002600110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144249 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144249 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8833000d00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144250 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144250 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8833000e00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144251 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144251 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8964000f00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144252 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144252 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8ae4000600110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144253 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144253 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8c17000900110000 > [18/Jan/2016:09:27:59 -0800] conn=6 op=38913 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144254 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144254 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8d72000500110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144255 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144255 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8ece000a00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144256 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144256 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9023001800110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144257 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144257 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9023001900110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144258 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144258 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9192001400110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144259 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144259 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9192001500110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144260 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144260 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c92e8000400110000 > [18/Jan/2016:09:27:59 -0800] conn=6 op=38913 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=6 op=38914 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144261 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144261 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9463000500110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144262 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144262 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c95c0000500110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144263 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144263 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c95c0000600110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144264 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144264 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c96de001100110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144265 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144265 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c989b000a00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144266 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144266 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c989b000b00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144267 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144267 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c99d4000c00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144268 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144268 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c99d4000d00110000 > [18/Jan/2016:09:27:59 -0800] conn=6 op=38914 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=6 op=38915 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:59 -0800] conn=6 op=38915 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=6 op=38916 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/relay-sf-int-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144269 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144269 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9b07000a00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144270 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144270 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9ca8000800110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144271 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144271 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9ca8000900110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144272 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144272 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9dca001500110000 > [18/Jan/2016:09:27:59 -0800] conn=6 op=38916 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=6 op=38917 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:59 -0800] conn=6 op=38917 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144273 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144273 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9f15001e00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144274 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144274 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9f15001f00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144275 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144275 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca0bf000a00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144276 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144276 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca0bf000b00110000 > [18/Jan/2016:09:27:59 -0800] conn=18705 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144277 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144277 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca21a000d00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144278 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144278 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca3a6001a00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144279 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144279 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca3a6001b00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144280 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144280 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca4f9000200110000 > [18/Jan/2016:09:27:59 -0800] conn=18705 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144281 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144281 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca638001a00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144282 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144282 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca638001b00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144283 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144283 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca7b4000c00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144284 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144284 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca7b4000d00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144285 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144285 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca922000d00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144286 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=3 op=82494 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:59 -0800] conn=18705 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:59 -0800] conn=18705 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144286 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca922000e00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144287 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144287 RESULT err=32 tag=103 nentries=0 etime=0 csn=569caa84000a00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144288 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144288 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cabf6000d00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144289 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144289 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cabf6000e00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144290 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144290 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cad23000800110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144291 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144291 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cae86001100110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144292 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144292 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cae86001200110000 > [18/Jan/2016:09:27:59 -0800] conn=18705 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144293 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=3 op=82494 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144293 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb02b000e00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144294 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=18705 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=relay-sf-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144294 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb02b000f00110000 > [18/Jan/2016:09:27:59 -0800] conn=3 op=82495 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=DNS/dc1-ipa-dev-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=DNS/dc1-ipa-dev-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144295 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=18705 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2842)(!(entryusn=2842)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=relay-sf-int-van.mydomain.net)(sudoHost=relay-sf-int-van)(sudoHost=10.21.42.41)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fea8:8002)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" > [18/Jan/2016:09:27:59 -0800] conn=18705 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 > [18/Jan/2016:09:27:59 -0800] conn=3 op=82495 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=3 op=82496 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:59 -0800] conn=3 op=82496 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=3 op=82497 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:59 -0800] conn=3 op=82497 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=3 op=82498 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:59 -0800] conn=3 op=82498 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144295 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb19e000600110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144296 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144296 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb302000800110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144297 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144297 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb463000400110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144298 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144298 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb5b6002300110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144299 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144299 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb733000d00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144300 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144300 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb733000e00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144301 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144301 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb8a4000600110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144302 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144302 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cba11000900110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144303 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144303 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cba11000a00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144304 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144304 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbb52001a00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144305 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144305 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbcc4001c00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144306 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144306 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbcc4001d00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144307 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144307 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbe3a000f00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144308 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144308 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbfa9000500110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144309 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144309 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc10e001000110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144310 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144310 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc10e001100110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144311 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144311 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc240001e00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144312 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144312 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc3a0001000110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144313 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144313 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc3a0001100110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144314 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144314 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc543000d00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144315 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144315 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc6a5000f00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144316 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144316 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc6a5001000110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144317 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144317 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc80d001000110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144318 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144318 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc943000800110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144319 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144319 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cca94000e00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144320 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144320 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccc35001000110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144321 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144321 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccc35001100110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144322 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144322 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccd8a000600110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144323 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144323 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccec0000c00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144324 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144324 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccec0000d00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144325 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144325 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd040000700110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144326 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144326 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd040000800110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144327 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144327 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd185001200110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144328 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144328 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd33d000700110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144329 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144329 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd493000400110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144330 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144330 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd5ed000d00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144331 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144331 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd749000900110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144332 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144332 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd893000500110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144333 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144333 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cda30001600110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144334 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144334 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cda30001700110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144335 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144335 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdb92000a00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144336 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144336 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdcdc000500110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144337 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144337 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cde51000a00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144338 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144338 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdfab000f00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144339 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144339 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce157000700110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144340 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144340 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce2f5001000110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144341 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144341 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce2f5001100110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144342 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144342 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce42d000900110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144343 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144343 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce585000f00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144344 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144344 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce6cf003500110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144345 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144345 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce6cf003600110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144346 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144346 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce860000900110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144347 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144347 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce9ce000900110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144348 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144348 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ceaf9002400110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144349 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144349 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cec51002100110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144350 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144350 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cedb6000900110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144351 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144351 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cedb6000a00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144352 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144352 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cef2a000500110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144353 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144353 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf0af000800110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144354 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144354 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf1cc000c00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144355 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144355 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf1cc000d00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144356 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144356 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf359002000110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144357 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144357 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf4b4000700110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144358 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144358 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf4b4000800110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144359 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144359 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf625000a00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144360 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144360 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf625000b00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144361 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144361 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf7ba000500110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144362 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144362 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf8d4000a00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144363 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144363 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfa64001d00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144364 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144364 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfbb2000800110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144365 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144365 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfd39000700110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144366 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144366 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfed1000a00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144367 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144367 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cffea001000110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144368 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144368 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d018b000600110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144369 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144369 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d02cf001c00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144370 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144370 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d02cf001d00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144371 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144371 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0489001300110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144372 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144372 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d061e000a00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144373 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144373 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0792000200110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144374 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144374 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d092f001500110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144375 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144375 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d092f001600110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144376 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144376 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0a69000800110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144377 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144377 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0c05001200110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144378 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144378 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0d5b001600110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144379 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144379 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0f13000f00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144380 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144380 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0f13001000110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144381 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144381 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1087000b00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144382 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144382 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d121d000500110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144383 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144383 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d13a4001200110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144384 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144384 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d14d5000500110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144385 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144385 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1693000300110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144386 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144386 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d17c4000c00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144387 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144387 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d17c4000d00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144388 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144388 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d194d000900110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144389 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144389 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1add000400110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144390 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144390 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1bef000500110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144391 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144391 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1d9b000500110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144392 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144392 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1edb000900110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144393 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144393 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d206f000600110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144394 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144394 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d21f1000a00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144395 ADD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144395 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d220b000500110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144396 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144396 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000600110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144397 MOD dn="idnsname=0.21.10.in-addr.arpa.,cn=dns,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144397 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000700110000 > [18/Jan/2016:09:27:59 -0800] conn=18707 fd=277 slot=277 connection from 10.178.0.98 to 10.178.0.98 > [18/Jan/2016:09:27:59 -0800] conn=13 op=56325 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:59 -0800] conn=13 op=56325 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=13 op=56326 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:59 -0800] conn=13 op=56326 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=13 op=56327 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:59 -0800] conn=13 op=56327 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=13 op=56328 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:59 -0800] conn=13 op=56328 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=13 op=56329 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:59 -0800] conn=13 op=56329 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=13 op=56330 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" > [18/Jan/2016:09:27:59 -0800] conn=13 op=56330 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=13 op=56331 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:59 -0800] conn=13 op=56331 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=13 op=56332 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:59 -0800] conn=13 op=56332 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=13 op=56333 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:27:59 -0800] conn=13 op=56333 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=13 op=56334 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:27:59 -0800] conn=13 op=56334 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=18707 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:59 -0800] conn=18707 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:27:59 -0800] conn=18707 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:59 -0800] conn=18707 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:27:59 -0800] conn=18707 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:59 -0800] conn=18707 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=18707 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:27:59 -0800] conn=18707 op=3 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=18707 op=4 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" > [18/Jan/2016:09:27:59 -0800] conn=18707 op=4 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=18707 op=5 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass" > [18/Jan/2016:09:27:59 -0800] conn=18707 op=5 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=18707 op=6 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass ipaSshPubKey" > [18/Jan/2016:09:27:59 -0800] conn=18707 op=6 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=18707 op=7 MOD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=18707 op=7 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000c000f0000 > [18/Jan/2016:09:27:59 -0800] conn=18707 op=8 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="macAddress memberOf ipaSshPubKey description nsHardwarePlatform ipaAllowedToPerform memberofindirect l nsOsVersion fqdn managedBy ipaAssignedIDView userCertificate krbPrincipalName nsHostLocation userClass" > [18/Jan/2016:09:27:59 -0800] conn=18707 op=8 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=18707 op=9 SRCH base="dc=mydomain,dc=net" scope=2 filter="(|(member=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberUser=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberHost=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net))" attrs="" > [18/Jan/2016:09:27:59 -0800] conn=18707 op=9 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=18707 op=10 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(userPassword=*)" attrs="userPassword" > [18/Jan/2016:09:27:59 -0800] conn=18707 op=10 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=18707 op=11 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(krbPrincipalKey=*)" attrs="krbPrincipalKey" > [18/Jan/2016:09:27:59 -0800] conn=18707 op=11 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=18707 op=12 UNBIND > [18/Jan/2016:09:27:59 -0800] conn=18707 op=12 fd=277 closed - U1 > [18/Jan/2016:09:27:59 -0800] conn=14994 op=9093 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:27:59 -0800] conn=14994 op=9093 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144398 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144398 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=273 op=207 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144399 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144399 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=273 op=207 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000e000f0000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144400 ADD dn="idnsName=98,idnsname=0.21.10.in-addr.arpa.,cn=dns,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144400 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d220b000800110000 > [18/Jan/2016:09:27:59 -0800] conn=273 op=208 MOD dn="idnsname=0.21.10.in-addr.arpa.,cn=dns,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=273 op=208 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000f000f0000 > [18/Jan/2016:09:28:01 -0800] conn=7882 op=1362 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf nsUniqueId modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock" > [18/Jan/2016:09:28:01 -0800] conn=7882 op=1362 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:01 -0800] conn=7882 op=1363 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf nsUniqueId modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock" > [18/Jan/2016:09:28:01 -0800] conn=7882 op=1363 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:01 -0800] conn=17562 op=144401 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=17562 op=144401 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000f00110000 > [18/Jan/2016:09:28:01 -0800] conn=17562 op=144402 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=273 op=209 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=17562 op=144402 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001000110000 > [18/Jan/2016:09:28:01 -0800] conn=17562 op=144403 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=273 op=209 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d0002000f0000 > [18/Jan/2016:09:28:01 -0800] conn=17562 op=144403 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001100110000 > [18/Jan/2016:09:28:01 -0800] conn=273 op=210 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=17562 op=144404 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=273 op=210 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d0004000f0000 > [18/Jan/2016:09:28:01 -0800] conn=17562 op=144404 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001200110000 > [18/Jan/2016:09:28:01 -0800] conn=17562 op=144405 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=273 op=211 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=17562 op=144405 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001300110000 > [18/Jan/2016:09:28:01 -0800] conn=17562 op=144406 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=273 op=211 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d0006000f0000 > [18/Jan/2016:09:28:01 -0800] conn=17562 op=144406 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001400110000 > [18/Jan/2016:09:28:01 -0800] conn=17562 op=144407 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=273 op=212 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=17562 op=144407 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001500110000 > [18/Jan/2016:09:28:01 -0800] conn=273 op=212 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d0009000f0000 > [18/Jan/2016:09:28:01 -0800] conn=273 op=213 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=273 op=213 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d000b000f0000 > [18/Jan/2016:09:28:01 -0800] conn=273 op=214 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=273 op=214 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d000d000f0000 > [18/Jan/2016:09:28:01 -0800] conn=17562 op=144408 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:01 -0800] conn=17562 op=144408 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:01 -0800] conn=17562 op=144409 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:01 -0800] conn=17562 op=144409 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:01 -0800] conn=17562 op=144410 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:01 -0800] conn=17562 op=144410 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9094 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9094 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9095 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9095 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9096 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9096 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9097 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9097 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9098 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9098 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9099 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9099 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9100 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9100 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9101 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9101 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9102 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9102 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9103 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9103 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9104 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9104 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9105 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9105 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9106 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9106 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9107 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9107 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9108 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9108 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9109 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9109 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9110 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9110 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9111 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9111 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9112 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9112 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9113 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9113 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=17562 op=144411 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:04 -0800] conn=17562 op=144411 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=17562 op=144412 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:04 -0800] conn=17562 op=144412 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=17562 op=144413 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:04 -0800] conn=17562 op=144413 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=17562 op=144414 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:04 -0800] conn=17562 op=144414 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=18708 fd=277 slot=277 connection from 10.21.20.251 to 10.178.0.98 > [18/Jan/2016:09:28:04 -0800] conn=18708 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" > [18/Jan/2016:09:28:04 -0800] conn=18708 op=0 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=7 op=36505 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/spool2-ops-flex-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/spool2-ops-flex-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:04 -0800] conn=7 op=36505 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=7 op=36506 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:04 -0800] conn=7 op=36506 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=7 op=36507 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:04 -0800] conn=7 op=36507 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=7 op=36508 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:28:04 -0800] conn=7 op=36508 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=3 op=82499 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/spool2-ops-flex-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/spool2-ops-flex-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:04 -0800] conn=3 op=82499 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=3 op=82500 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:04 -0800] conn=3 op=82500 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=3 op=82501 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:04 -0800] conn=3 op=82501 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=3 op=82502 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:28:04 -0800] conn=3 op=82502 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=3 op=82503 SRCH base="fqdn=spool2-ops-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:28:04 -0800] conn=3 op=82503 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=3 op=82504 SRCH base="cn=spool2-ops-flex-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:04 -0800] conn=3 op=82504 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=3 op=82505 MOD dn="fqdn=spool2-ops-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:04 -0800] conn=3 op=82505 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22100000000f0000 > [18/Jan/2016:09:28:04 -0800] conn=3 op=82506 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:04 -0800] conn=3 op=82506 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=3 op=82507 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:04 -0800] conn=3 op=82507 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=3 op=82508 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:04 -0800] conn=3 op=82508 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=3 op=82509 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/spool2-ops-flex-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:04 -0800] conn=3 op=82509 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=3 op=82510 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:04 -0800] conn=3 op=82510 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=18708 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:04 -0800] conn=18708 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:04 -0800] conn=18708 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:04 -0800] conn=18708 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:04 -0800] conn=18708 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:04 -0800] conn=18708 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=spool2-ops-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:04 -0800] conn=18708 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2842)(!(entryusn=2842)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=spool2-ops-flex-van.mydomain.net)(sudoHost=spool2-ops-flex-van)(sudoHost=10.21.20.251)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:769c)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" > [18/Jan/2016:09:28:04 -0800] conn=18708 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 > [18/Jan/2016:09:28:04 -0800] conn=14994 op=9114 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:04 -0800] conn=14994 op=9114 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=14994 op=9115 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:04 -0800] conn=14994 op=9115 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=17562 op=144415 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:04 -0800] conn=17562 op=144415 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=17562 op=144416 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:04 -0800] conn=17562 op=144416 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=17562 op=144417 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:04 -0800] conn=17562 op=144417 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=17562 op=144418 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:04 -0800] conn=17562 op=144418 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:05 -0800] conn=17562 op=144419 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:05 -0800] conn=17562 op=144419 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:05 -0800] conn=17562 op=144420 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:05 -0800] conn=17562 op=144420 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:05 -0800] conn=17562 op=144421 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:05 -0800] conn=17562 op=144421 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:05 -0800] conn=17562 op=144422 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:05 -0800] conn=17562 op=144422 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:05 -0800] conn=18709 fd=278 slot=278 SSL connection from 10.21.0.98 to 10.178.0.98 > [18/Jan/2016:09:28:05 -0800] conn=18709 TLS1.2 128-bit AES > [18/Jan/2016:09:28:05 -0800] conn=18709 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:05 -0800] conn=18709 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:05 -0800] conn=18709 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:05 -0800] conn=18709 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:05 -0800] conn=18709 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:05 -0800] conn=18709 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:05 -0800] conn=18710 fd=279 slot=279 SSL connection from 10.21.0.98 to 10.178.0.98 > [18/Jan/2016:09:28:05 -0800] conn=18710 TLS1.2 128-bit AES > [18/Jan/2016:09:28:05 -0800] conn=18710 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:05 -0800] conn=18710 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:05 -0800] conn=18710 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:05 -0800] conn=18710 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:05 -0800] conn=18710 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:05 -0800] conn=18710 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:05 -0800] conn=18709 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:06 -0800] conn=18709 op=3 RESULT err=0 tag=101 nentries=1 etime=1 > [18/Jan/2016:09:28:06 -0800] conn=18709 op=4 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" > [18/Jan/2016:09:28:06 -0800] conn=18709 op=4 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:06 -0800] conn=18709 op=5 SRCH base="cn=Domain Level,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaDomainLevel" > [18/Jan/2016:09:28:06 -0800] conn=18709 op=5 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:06 -0800] conn=18709 op=6 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" > [18/Jan/2016:09:28:06 -0800] conn=18709 op=6 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:06 -0800] conn=18709 op=7 SRCH base="cn=hostgroups,cn=accounts,dc=mydomain,dc=net" scope=1 filter="(&(&(&(objectClass=ipaobject)(objectClass=ipahostgroup))(cn=ipaservers))(member=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net))" attrs="cn memberOf memberofindirect member memberindirect description" > [18/Jan/2016:09:28:06 -0800] conn=18709 op=7 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:06 -0800] conn=18709 op=8 UNBIND > [18/Jan/2016:09:28:06 -0800] conn=18709 op=8 fd=278 closed - U1 > [18/Jan/2016:09:28:06 -0800] conn=18711 fd=278 slot=278 SSL connection from 10.21.0.98 to 10.178.0.98 > [18/Jan/2016:09:28:06 -0800] conn=18711 TLS1.2 128-bit AES > [18/Jan/2016:09:28:06 -0800] conn=18711 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:06 -0800] conn=18711 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:06 -0800] conn=18711 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:06 -0800] conn=18711 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:06 -0800] conn=18711 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:06 -0800] conn=18711 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:06 -0800] conn=18711 op=3 SRCH base="cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="memberofindirect cn memberOf * member memberindirect description aci" > [18/Jan/2016:09:28:06 -0800] conn=18711 op=3 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:06 -0800] conn=18711 op=4 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" > [18/Jan/2016:09:28:06 -0800] conn=18711 op=4 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:06 -0800] conn=18711 op=5 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(member=*)(memberOf=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net))" attrs="member" > [18/Jan/2016:09:28:06 -0800] conn=18711 op=5 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 > [18/Jan/2016:09:28:06 -0800] conn=18711 op=6 SRCH base="dc=mydomain,dc=net" scope=2 filter="(|(member=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net)(memberUser=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net)(memberHost=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net))" attrs="" > [18/Jan/2016:09:28:06 -0800] conn=18711 op=6 RESULT err=0 tag=101 nentries=2 etime=0 > [18/Jan/2016:09:28:06 -0800] conn=18711 op=7 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=krbPrincipalAux)(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs=ALL > [18/Jan/2016:09:28:06 -0800] conn=18711 op=7 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:06 -0800] conn=18711 op=8 SRCH base="cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="cosPriority * nsAccountLock aci" > [18/Jan/2016:09:28:06 -0800] conn=18711 op=8 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:06 -0800] conn=18711 op=9 SRCH base="cn=ipaservers,cn=ng,cn=alt,dc=mydomain,dc=net" scope=0 filter="(objectClass=mepmanagedentry)" attrs="" > [18/Jan/2016:09:28:06 -0800] conn=18711 op=9 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:06 -0800] conn=18711 op=10 UNBIND > [18/Jan/2016:09:28:06 -0800] conn=18711 op=10 fd=278 closed - U1 > [18/Jan/2016:09:28:06 -0800] conn=18712 fd=278 slot=278 SSL connection from 10.21.0.98 to 10.178.0.98 > [18/Jan/2016:09:28:06 -0800] conn=18712 TLS1.2 128-bit AES > [18/Jan/2016:09:28:06 -0800] conn=18712 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:06 -0800] conn=18515 op=6 UNBIND > [18/Jan/2016:09:28:06 -0800] conn=18515 op=6 fd=166 closed - U1 > [18/Jan/2016:09:28:06 -0800] conn=18712 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:06 -0800] conn=18712 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:06 -0800] conn=18712 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:06 -0800] conn=18712 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:06 -0800] conn=18712 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:06 -0800] conn=18712 op=3 SRCH base="cn=meTodc2-ipa-dev-van.mydomain.net,cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" scope=0 filter="(objectClass=*)" attrs="* aci" > [18/Jan/2016:09:28:06 -0800] conn=18712 op=3 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:06 -0800] conn=18712 op=4 SRCH base="cn=replication managers,cn=sysaccounts,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:06 -0800] conn=18712 op=4 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:06 -0800] conn=18712 op=5 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" > [18/Jan/2016:09:28:06 -0800] conn=18712 op=5 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=18712 op=6 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=DNS))" attrs=ALL > [18/Jan/2016:09:28:07 -0800] conn=18712 op=6 RESULT err=0 tag=101 nentries=3 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=18712 op=7 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(ipaConfigString=enabledService)(cn=CA))" attrs=ALL > [18/Jan/2016:09:28:07 -0800] conn=18712 op=7 RESULT err=0 tag=101 nentries=3 etime=0 notes=U > [18/Jan/2016:09:28:07 -0800] conn=18712 op=8 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(ipaConfigString=enabledService)(cn=KRA))" attrs=ALL > [18/Jan/2016:09:28:07 -0800] conn=18712 op=8 RESULT err=0 tag=101 nentries=0 etime=0 notes=U > [18/Jan/2016:09:28:07 -0800] conn=18710 op=3 UNBIND > [18/Jan/2016:09:28:07 -0800] conn=18710 op=3 fd=279 closed - U1 > [18/Jan/2016:09:28:07 -0800] conn=18712 op=9 UNBIND > [18/Jan/2016:09:28:07 -0800] conn=18712 op=9 fd=278 closed - U1 > [18/Jan/2016:09:28:07 -0800] conn=18713 fd=166 slot=166 connection from 10.178.0.98 to 10.178.0.98 > [18/Jan/2016:09:28:07 -0800] conn=3 op=82511 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:07 -0800] conn=3 op=82511 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=3 op=82512 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:07 -0800] conn=3 op=82512 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=3 op=82513 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:07 -0800] conn=3 op=82513 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=3 op=82514 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:07 -0800] conn=3 op=82514 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=3 op=82515 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:07 -0800] conn=3 op=82515 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=3 op=82516 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" > [18/Jan/2016:09:28:07 -0800] conn=3 op=82516 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=3 op=82517 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:07 -0800] conn=3 op=82517 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=3 op=82518 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:07 -0800] conn=3 op=82518 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=3 op=82519 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:28:07 -0800] conn=3 op=82519 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=3 op=82520 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:07 -0800] conn=3 op=82520 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=18713 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:07 -0800] conn=18713 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:07 -0800] conn=18713 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:07 -0800] conn=18713 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:07 -0800] conn=18713 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:07 -0800] conn=18713 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:07 -0800] conn=18713 op=3 UNBIND > [18/Jan/2016:09:28:07 -0800] conn=18713 op=3 fd=166 closed - U1 > [18/Jan/2016:09:28:07 -0800] conn=18714 fd=166 slot=166 connection from 10.178.0.98 to 10.178.0.98 > [18/Jan/2016:09:28:07 -0800] conn=7 op=36509 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:07 -0800] conn=7 op=36509 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=7 op=36510 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:07 -0800] conn=7 op=36510 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=7 op=36511 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:07 -0800] conn=7 op=36511 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=7 op=36512 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:07 -0800] conn=7 op=36512 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=7 op=36513 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:07 -0800] conn=7 op=36513 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=7 op=36514 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" > [18/Jan/2016:09:28:07 -0800] conn=7 op=36514 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=7 op=36515 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:07 -0800] conn=7 op=36515 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=7 op=36516 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:07 -0800] conn=7 op=36516 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=7 op=36517 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:28:07 -0800] conn=7 op=36517 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=7 op=36518 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:07 -0800] conn=7 op=36518 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=18714 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:07 -0800] conn=18714 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:07 -0800] conn=18714 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:07 -0800] conn=18714 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:07 -0800] conn=18714 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:07 -0800] conn=18714 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:07 -0800] conn=18714 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:07 -0800] conn=18714 op=3 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=18714 op=4 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=DNS))" attrs=ALL > [18/Jan/2016:09:28:07 -0800] conn=18714 op=4 RESULT err=0 tag=101 nentries=3 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=18714 op=5 UNBIND > [18/Jan/2016:09:28:07 -0800] conn=18714 op=5 fd=166 closed - U1 > [18/Jan/2016:09:28:07 -0800] conn=18715 fd=166 slot=166 connection from 10.21.0.98 to 10.178.0.98 > [18/Jan/2016:09:28:07 -0800] conn=18715 op=-1 fd=166 closed - B1 > [18/Jan/2016:09:28:07 -0800] conn=18716 fd=166 slot=166 SSL connection from 10.21.0.98 to 10.178.0.98 > [18/Jan/2016:09:28:07 -0800] conn=18716 op=-1 fd=166 closed - Encountered end of file. > [18/Jan/2016:09:28:07 -0800] conn=14994 op=9116 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:07 -0800] conn=14994 op=9116 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=14994 op=9117 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:07 -0800] conn=14994 op=9117 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:09 -0800] conn=18516 op=9 UNBIND > [18/Jan/2016:09:28:09 -0800] conn=18516 op=9 fd=168 closed - U1 > [18/Jan/2016:09:28:09 -0800] conn=18717 fd=166 slot=166 connection from 10.178.0.98 to 10.178.0.98 > [18/Jan/2016:09:28:09 -0800] conn=13 op=56335 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:09 -0800] conn=13 op=56335 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:09 -0800] conn=13 op=56336 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:09 -0800] conn=13 op=56336 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:09 -0800] conn=13 op=56337 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:09 -0800] conn=13 op=56337 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:09 -0800] conn=13 op=56338 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:09 -0800] conn=13 op=56338 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:09 -0800] conn=13 op=56339 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:09 -0800] conn=13 op=56339 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:09 -0800] conn=13 op=56340 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" > [18/Jan/2016:09:28:09 -0800] conn=13 op=56340 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:09 -0800] conn=13 op=56341 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:09 -0800] conn=13 op=56341 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:09 -0800] conn=13 op=56342 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:09 -0800] conn=13 op=56342 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:09 -0800] conn=13 op=56343 SRCH base="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:28:09 -0800] conn=13 op=56343 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:09 -0800] conn=18717 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:09 -0800] conn=18717 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:09 -0800] conn=18717 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:09 -0800] conn=18717 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:09 -0800] conn=18717 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:09 -0800] conn=18717 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:09 -0800] conn=18717 op=3 UNBIND > [18/Jan/2016:09:28:09 -0800] conn=18717 op=3 fd=166 closed - U1 > [18/Jan/2016:09:28:10 -0800] conn=18718 fd=166 slot=166 connection from 10.178.0.98 to 10.178.0.98 > [18/Jan/2016:09:28:10 -0800] conn=13 op=56344 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:10 -0800] conn=13 op=56344 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:10 -0800] conn=13 op=56345 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:10 -0800] conn=13 op=56345 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:10 -0800] conn=13 op=56346 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:10 -0800] conn=13 op=56346 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:10 -0800] conn=13 op=56347 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:10 -0800] conn=13 op=56347 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:10 -0800] conn=13 op=56348 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:10 -0800] conn=13 op=56348 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:10 -0800] conn=13 op=56349 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" > [18/Jan/2016:09:28:10 -0800] conn=13 op=56349 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:10 -0800] conn=13 op=56350 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:10 -0800] conn=13 op=56350 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:10 -0800] conn=13 op=56351 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:10 -0800] conn=13 op=56351 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:10 -0800] conn=13 op=56352 SRCH base="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:28:10 -0800] conn=13 op=56352 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:10 -0800] conn=18718 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:10 -0800] conn=18718 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:10 -0800] conn=18718 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:10 -0800] conn=18718 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:10 -0800] conn=18718 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:10 -0800] conn=18718 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:10 -0800] conn=18718 op=3 UNBIND > [18/Jan/2016:09:28:10 -0800] conn=18718 op=3 fd=166 closed - U1 > [18/Jan/2016:09:28:10 -0800] conn=18719 fd=166 slot=166 connection from 10.178.0.98 to 10.178.0.98 > [18/Jan/2016:09:28:10 -0800] conn=3 op=82521 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:10 -0800] conn=3 op=82521 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:10 -0800] conn=3 op=82522 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:10 -0800] conn=3 op=82522 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:10 -0800] conn=3 op=82523 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:10 -0800] conn=3 op=82523 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:10 -0800] conn=3 op=82524 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:10 -0800] conn=3 op=82524 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:10 -0800] conn=3 op=82525 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:10 -0800] conn=3 op=82525 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:10 -0800] conn=3 op=82526 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" > [18/Jan/2016:09:28:10 -0800] conn=3 op=82526 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:10 -0800] conn=3 op=82527 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:10 -0800] conn=3 op=82527 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:10 -0800] conn=3 op=82528 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:10 -0800] conn=3 op=82528 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:10 -0800] conn=3 op=82529 SRCH base="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:28:10 -0800] conn=3 op=82529 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:10 -0800] conn=18719 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:10 -0800] conn=18719 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:10 -0800] conn=18719 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:10 -0800] conn=18719 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:10 -0800] conn=18719 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:10 -0800] conn=18719 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:10 -0800] conn=18719 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:10 -0800] conn=18719 op=3 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:10 -0800] conn=18719 op=4 SRCH base="cn=dc2-ipa-dev-nvan.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" > [18/Jan/2016:09:28:10 -0800] conn=18719 op=4 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:10 -0800] conn=18719 op=5 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(memberOf=cn=Replication Administrators,cn=privileges,cn=pbac,dc=mydomain,dc=net)(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs=ALL > [18/Jan/2016:09:28:10 -0800] conn=18719 op=5 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:11 -0800] conn=18719 op=6 UNBIND > [18/Jan/2016:09:28:11 -0800] conn=18719 op=6 fd=166 closed - U1 > [18/Jan/2016:09:28:11 -0800] conn=17562 op=144423 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:11 -0800] conn=17562 op=144423 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:11 -0800] conn=17562 op=144424 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:11 -0800] conn=17562 op=144424 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:11 -0800] conn=17562 op=144425 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:11 -0800] conn=17562 op=144425 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:11 -0800] conn=17562 op=144426 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:11 -0800] conn=17562 op=144426 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:12 -0800] conn=18720 fd=166 slot=166 SSL connection from 10.21.0.98 to 10.178.0.98 > [18/Jan/2016:09:28:12 -0800] conn=18720 TLS1.2 128-bit AES > [18/Jan/2016:09:28:12 -0800] conn=18720 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:12 -0800] conn=18720 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:12 -0800] conn=18720 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:12 -0800] conn=18720 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:12 -0800] conn=18720 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:12 -0800] conn=18720 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:12 -0800] conn=18720 op=3 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" > [18/Jan/2016:09:28:12 -0800] conn=18720 op=3 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:12 -0800] conn=18720 op=4 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" > [18/Jan/2016:09:28:12 -0800] conn=18720 op=4 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:12 -0800] conn=18720 op=5 MOD dn="cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:12 -0800] conn=18720 op=5 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22180003000f0000 > [18/Jan/2016:09:28:12 -0800] conn=18720 op=6 SRCH base="cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="cn memberOf memberofindirect member memberindirect description" > [18/Jan/2016:09:28:12 -0800] conn=18720 op=6 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:12 -0800] conn=18720 op=7 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" > [18/Jan/2016:09:28:12 -0800] conn=14994 op=9118 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:12 -0800] conn=14994 op=9118 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:12 -0800] conn=14994 op=9119 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:12 -0800] conn=14994 op=9119 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:12 -0800] conn=14994 op=9120 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:12 -0800] conn=14994 op=9120 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:12 -0800] conn=14994 op=9121 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:12 -0800] conn=14994 op=9121 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:12 -0800] conn=17562 op=144427 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:12 -0800] conn=17562 op=144427 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:12 -0800] conn=17562 op=144428 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:12 -0800] conn=17562 op=144428 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:12 -0800] conn=17562 op=144429 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:12 -0800] conn=17562 op=144429 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:12 -0800] conn=17562 op=144430 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:12 -0800] conn=17562 op=144430 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:12 -0800] conn=18720 op=7 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:12 -0800] conn=18720 op=8 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(member=*)(memberOf=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net))" attrs="member" > [18/Jan/2016:09:28:12 -0800] conn=18720 op=8 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 > [18/Jan/2016:09:28:12 -0800] conn=18720 op=9 SRCH base="dc=mydomain,dc=net" scope=2 filter="(|(member=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net)(memberUser=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net)(memberHost=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net))" attrs="" > [18/Jan/2016:09:28:12 -0800] conn=18720 op=9 RESULT err=0 tag=101 nentries=2 etime=0 > [18/Jan/2016:09:28:12 -0800] conn=18720 op=10 SRCH base="cn=ipaservers,cn=ng,cn=alt,dc=mydomain,dc=net" scope=0 filter="(objectClass=mepmanagedentry)" attrs="" > [18/Jan/2016:09:28:12 -0800] conn=18720 op=10 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:12 -0800] conn=18720 op=11 UNBIND > [18/Jan/2016:09:28:12 -0800] conn=18720 op=11 fd=166 closed - U1 > [18/Jan/2016:09:28:13 -0800] conn=14994 op=9122 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:13 -0800] conn=14994 op=9122 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:13 -0800] conn=14994 op=9123 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:13 -0800] conn=14994 op=9123 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:13 -0800] conn=18721 fd=166 slot=166 connection from 10.21.0.98 to 10.178.0.98 > [18/Jan/2016:09:28:13 -0800] conn=18721 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:13 -0800] conn=18721 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:13 -0800] conn=18721 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:13 -0800] conn=18721 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:13 -0800] conn=18721 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:13 -0800] conn=18721 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:13 -0800] conn=18721 op=3 SRCH base="cn=cacert,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(cacertificate;binary=*)" attrs="cacertificate;binary" > [18/Jan/2016:09:28:13 -0800] conn=18721 op=3 RESULT err=0 tag=101 nentries=1 etime=0 notes=U > [18/Jan/2016:09:28:13 -0800] conn=18721 op=-1 fd=166 closed - B1 > [18/Jan/2016:09:28:15 -0800] conn=18722 fd=166 slot=166 connection from 10.21.31.31 to 10.178.0.98 > [18/Jan/2016:09:28:15 -0800] conn=18722 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" > [18/Jan/2016:09:28:15 -0800] conn=18722 op=0 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:15 -0800] conn=13 op=56353 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/fe1-gas-salqa1-van.login.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/fe1-gas-salqa1-van.login.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:15 -0800] conn=13 op=56353 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:15 -0800] conn=13 op=56354 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:15 -0800] conn=13 op=56354 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:15 -0800] conn=13 op=56355 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:15 -0800] conn=13 op=56355 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:15 -0800] conn=13 op=56356 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:28:15 -0800] conn=13 op=56356 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:15 -0800] conn=13 op=56357 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/fe1-gas-salqa1-van.login.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/fe1-gas-salqa1-van.login.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:15 -0800] conn=13 op=56357 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:15 -0800] conn=13 op=56358 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:15 -0800] conn=13 op=56358 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:15 -0800] conn=13 op=56359 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:15 -0800] conn=13 op=56359 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:15 -0800] conn=13 op=56360 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:28:15 -0800] conn=13 op=56360 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:15 -0800] conn=13 op=56361 SRCH base="fqdn=fe1-gas-salqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:28:15 -0800] conn=13 op=56361 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:15 -0800] conn=13 op=56362 SRCH base="cn=fe1-gas-salqa1-van.login.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:15 -0800] conn=13 op=56362 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:15 -0800] conn=13 op=56363 MOD dn="fqdn=fe1-gas-salqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:15 -0800] conn=13 op=56363 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d221b0000000f0000 > [18/Jan/2016:09:28:15 -0800] conn=13 op=56364 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:15 -0800] conn=13 op=56364 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:15 -0800] conn=13 op=56365 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:15 -0800] conn=13 op=56365 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:15 -0800] conn=13 op=56366 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:15 -0800] conn=13 op=56366 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:15 -0800] conn=13 op=56367 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/fe1-gas-salqa1-van.login.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:15 -0800] conn=13 op=56367 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:15 -0800] conn=13 op=56368 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:15 -0800] conn=13 op=56368 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:15 -0800] conn=18722 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:15 -0800] conn=18722 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:15 -0800] conn=18722 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:15 -0800] conn=18722 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:15 -0800] conn=18722 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:15 -0800] conn=18722 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=fe1-gas-salqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:15 -0800] conn=18722 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2842)(!(entryusn=2842)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=fe1-gas-salqa1-van.login.mydomain.net)(sudoHost=fe1-gas-salqa1-van)(sudoHost=10.21.31.31)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:3fd2)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" > [18/Jan/2016:09:28:15 -0800] conn=18722 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 > [18/Jan/2016:09:28:16 -0800] conn=18723 fd=168 slot=168 connection from 10.21.23.93 to 10.178.0.98 > [18/Jan/2016:09:28:16 -0800] conn=18723 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" > [18/Jan/2016:09:28:16 -0800] conn=18723 op=0 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:16 -0800] conn=3 op=82530 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/collector2-sal-cpqa1-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/collector2-sal-cpqa1-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:16 -0800] conn=3 op=82530 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:16 -0800] conn=3 op=82531 SRCH base="cn=ipaConfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaConfigString ipaKrbAuthzData ipaUserAuthType" > [18/Jan/2016:09:28:16 -0800] conn=3 op=82531 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:16 -0800] conn=3 op=82532 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:16 -0800] conn=3 op=82532 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:16 -0800] conn=3 op=82533 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:16 -0800] conn=3 op=82533 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:16 -0800] conn=3 op=82534 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:28:16 -0800] conn=3 op=82534 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:16 -0800] conn=13 op=56369 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/collector2-sal-cpqa1-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/collector2-sal-cpqa1-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:16 -0800] conn=13 op=56369 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:16 -0800] conn=13 op=56370 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:16 -0800] conn=13 op=56370 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:16 -0800] conn=13 op=56371 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:16 -0800] conn=13 op=56371 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:16 -0800] conn=13 op=56372 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:28:16 -0800] conn=13 op=56372 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:16 -0800] conn=13 op=56373 SRCH base="fqdn=collector2-sal-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:28:16 -0800] conn=13 op=56373 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:16 -0800] conn=13 op=56374 SRCH base="cn=collector2-sal-cpqa1-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:16 -0800] conn=13 op=56374 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:16 -0800] conn=13 op=56375 MOD dn="fqdn=collector2-sal-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:16 -0800] conn=13 op=56375 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d221c0000000f0000 > [18/Jan/2016:09:28:16 -0800] conn=3 op=82535 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:16 -0800] conn=3 op=82535 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:16 -0800] conn=3 op=82536 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:16 -0800] conn=3 op=82536 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:16 -0800] conn=3 op=82537 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:16 -0800] conn=3 op=82537 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:16 -0800] conn=3 op=82538 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/collector2-sal-cpqa1-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:16 -0800] conn=3 op=82538 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:16 -0800] conn=3 op=82539 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:16 -0800] conn=3 op=82539 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:16 -0800] conn=18723 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:16 -0800] conn=18723 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:16 -0800] conn=18723 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:16 -0800] conn=18723 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:16 -0800] conn=18723 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:16 -0800] conn=18723 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=collector2-sal-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:16 -0800] conn=18723 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2842)(!(entryusn=2842)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=collector2-sal-cpqa1-van.mydomain.net)(sudoHost=collector2-sal-cpqa1-van)(sudoHost=10.21.23.93)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:6b78)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" > [18/Jan/2016:09:28:16 -0800] conn=18723 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 > [18/Jan/2016:09:28:17 -0800] conn=14994 op=9124 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:17 -0800] conn=14994 op=9124 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:17 -0800] conn=14994 op=9125 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:17 -0800] conn=14994 op=9125 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:17 -0800] conn=14994 op=9126 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:17 -0800] conn=14994 op=9126 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:17 -0800] conn=14994 op=9127 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:17 -0800] conn=14994 op=9127 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:17 -0800] conn=17562 op=144431 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:17 -0800] conn=17562 op=144431 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:17 -0800] conn=17562 op=144432 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:17 -0800] conn=17562 op=144432 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:17 -0800] conn=17562 op=144433 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:17 -0800] conn=17562 op=144433 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:17 -0800] conn=17562 op=144434 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:17 -0800] conn=17562 op=144434 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:17 -0800] conn=18724 fd=278 slot=278 connection from 10.21.5.241 to 10.178.0.98 > [18/Jan/2016:09:28:17 -0800] conn=18724 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" > [18/Jan/2016:09:28:17 -0800] conn=18724 op=0 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:17 -0800] conn=18724 op=1 UNBIND > [18/Jan/2016:09:28:17 -0800] conn=18724 op=1 fd=278 closed - U1 > [18/Jan/2016:09:28:17 -0800] conn=18725 fd=278 slot=278 connection from 10.21.5.241 to 10.178.0.98 > [18/Jan/2016:09:28:17 -0800] conn=18725 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" > [18/Jan/2016:09:28:17 -0800] conn=18725 op=0 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:18 -0800] conn=14994 op=9128 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:18 -0800] conn=14994 op=9128 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:18 -0800] conn=14994 op=9129 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:18 -0800] conn=14994 op=9129 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:18 -0800] conn=18725 op=1 UNBIND > [18/Jan/2016:09:28:18 -0800] conn=18725 op=1 fd=278 closed - U1 > [18/Jan/2016:09:28:18 -0800] conn=14994 op=9130 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:18 -0800] conn=14994 op=9130 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:18 -0800] conn=14994 op=9131 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:18 -0800] conn=14994 op=9131 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:21 -0800] conn=15599 op=565 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(gidNumber=10002)(objectClass=posixGroup)(cn=*)(&(gidNumber=*)(!(gidNumber=0))))" attrs="objectClass cn userPassword gidNumber member nsUniqueId modifyTimestamp entryusn" > [18/Jan/2016:09:28:21 -0800] conn=15599 op=565 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:21 -0800] conn=17562 op=144435 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:21 -0800] conn=17562 op=144435 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:21 -0800] conn=17562 op=144436 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:21 -0800] conn=17562 op=144436 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:21 -0800] conn=17562 op=144437 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:21 -0800] conn=17562 op=144437 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:21 -0800] conn=17562 op=144438 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:21 -0800] conn=17562 op=144438 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=14994 op=9132 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:22 -0800] conn=14994 op=9132 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=14994 op=9133 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:22 -0800] conn=14994 op=9133 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=14994 op=9134 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:22 -0800] conn=14994 op=9134 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=14994 op=9135 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:22 -0800] conn=14994 op=9135 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=18726 fd=278 slot=278 connection from 10.178.0.98 to 10.178.0.98 > [18/Jan/2016:09:28:22 -0800] conn=13 op=56376 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:22 -0800] conn=13 op=56376 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=13 op=56377 SRCH base="cn=ipaConfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaConfigString ipaKrbAuthzData ipaUserAuthType" > [18/Jan/2016:09:28:22 -0800] conn=13 op=56377 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=13 op=56378 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:22 -0800] conn=13 op=56378 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=13 op=56379 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:22 -0800] conn=13 op=56379 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=13 op=56380 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:22 -0800] conn=13 op=56380 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=13 op=56381 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:22 -0800] conn=13 op=56381 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=13 op=56382 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" > [18/Jan/2016:09:28:22 -0800] conn=13 op=56382 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=13 op=56383 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:22 -0800] conn=13 op=56383 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=13 op=56384 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:22 -0800] conn=13 op=56384 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=13 op=56385 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:28:22 -0800] conn=13 op=56385 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=13 op=56386 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:22 -0800] conn=13 op=56386 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=18726 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:22 -0800] conn=18726 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:22 -0800] conn=18726 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:22 -0800] conn=18726 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:22 -0800] conn=18726 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:22 -0800] conn=18726 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:22 -0800] conn=18726 op=3 UNBIND > [18/Jan/2016:09:28:22 -0800] conn=18726 op=3 fd=278 closed - U1 > [18/Jan/2016:09:28:22 -0800] conn=18727 fd=278 slot=278 connection from 10.178.0.98 to 10.178.0.98 > [18/Jan/2016:09:28:22 -0800] conn=3 op=82540 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:22 -0800] conn=3 op=82540 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=3 op=82541 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:22 -0800] conn=3 op=82541 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=3 op=82542 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:22 -0800] conn=3 op=82542 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=3 op=82543 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:22 -0800] conn=3 op=82543 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=3 op=82544 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:22 -0800] conn=3 op=82544 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=3 op=82545 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" > [18/Jan/2016:09:28:22 -0800] conn=3 op=82545 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=3 op=82546 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:22 -0800] conn=3 op=82546 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=3 op=82547 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:22 -0800] conn=3 op=82547 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=3 op=82548 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:28:22 -0800] conn=3 op=82548 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=3 op=82549 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:22 -0800] conn=3 op=82549 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=18727 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:22 -0800] conn=18727 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:22 -0800] conn=18727 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:22 -0800] conn=18727 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:22 -0800] conn=18727 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:22 -0800] conn=18727 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:22 -0800] conn=18727 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:22 -0800] conn=18727 op=3 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=18727 op=4 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" > [18/Jan/2016:09:28:22 -0800] conn=18727 op=4 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=18727 op=5 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="macAddress memberOf description nsHardwarePlatform ipaAllowedToPerform memberofindirect l nsOsVersion fqdn managedBy ipaAssignedIDView userCertificate krbPrincipalName nsHostLocation userClass" > [18/Jan/2016:09:28:22 -0800] conn=18727 op=5 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=18727 op=6 SRCH base="dc=mydomain,dc=net" scope=2 filter="(|(member=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberUser=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberHost=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net))" attrs="" > [18/Jan/2016:09:28:22 -0800] conn=18727 op=6 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=18727 op=7 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(userPassword=*)" attrs="userPassword" > [18/Jan/2016:09:28:22 -0800] conn=18727 op=7 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=18727 op=8 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(krbPrincipalKey=*)" attrs="krbPrincipalKey" > [18/Jan/2016:09:28:22 -0800] conn=18727 op=8 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=18727 op=9 SRCH base="cn=ipaservers,cn=ng,cn=alt,dc=mydomain,dc=net" scope=0 filter="(objectClass=mepmanagedentry)" attrs="" > [18/Jan/2016:09:28:22 -0800] conn=18727 op=9 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=18727 op=10 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaSshPubKey" > [18/Jan/2016:09:28:22 -0800] conn=18727 op=10 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=18727 op=11 ADD dn="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:22 -0800] conn=18727 op=11 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d22220006000f0000 > [18/Jan/2016:09:28:22 -0800] conn=18727 op=12 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="memberOf ipaKrbAuthzData objectClass userCertificate managedBy ipaUniqueID ipaAllowedToPerform krbPrincipalName" > [18/Jan/2016:09:28:22 -0800] conn=18727 op=12 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=18727 op=13 UNBIND > [18/Jan/2016:09:28:22 -0800] conn=18727 op=13 fd=278 closed - U1 > [18/Jan/2016:09:28:22 -0800] conn=14994 op=9136 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:22 -0800] conn=14994 op=9136 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=14994 op=9137 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:22 -0800] conn=14994 op=9137 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=17562 op=144439 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:22 -0800] conn=17562 op=144439 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=17562 op=144440 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:22 -0800] conn=17562 op=144440 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=18728 fd=278 slot=278 connection from 10.21.0.98 to 10.178.0.98 > [18/Jan/2016:09:28:22 -0800] conn=18728 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:22 -0800] conn=18728 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:22 -0800] conn=18728 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:22 -0800] conn=18728 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:22 -0800] conn=18728 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:22 -0800] conn=18728 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:22 -0800] conn=18728 op=3 EXT oid="2.16.840.1.113730.3.8.10.5" name="IPA Password Manager" > [18/Jan/2016:09:28:22 -0800] conn=18728 op=3 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=18728 op=4 UNBIND > [18/Jan/2016:09:28:22 -0800] conn=18728 op=4 fd=278 closed - U1 > [18/Jan/2016:09:28:22 -0800] conn=14994 op=9138 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:22 -0800] conn=14994 op=9138 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=14994 op=9139 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:22 -0800] conn=14994 op=9139 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=14994 op=9140 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:22 -0800] conn=14994 op=9140 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=14994 op=9141 MOD dn="cn=repl keep alive 16,dc=mydomain,dc=net" > [18/Jan/2016:09:28:22 -0800] conn=14994 op=9141 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2222000e00100000 > [18/Jan/2016:09:28:23 -0800] conn=18729 fd=278 slot=278 connection from 10.178.0.98 to 10.178.0.98 > [18/Jan/2016:09:28:23 -0800] conn=7 op=36519 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:23 -0800] conn=7 op=36519 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=7 op=36520 SRCH base="cn=ipaConfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaConfigString ipaKrbAuthzData ipaUserAuthType" > [18/Jan/2016:09:28:23 -0800] conn=7 op=36520 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=7 op=36521 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:23 -0800] conn=7 op=36521 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=7 op=36522 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:23 -0800] conn=7 op=36522 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=7 op=36523 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:23 -0800] conn=7 op=36523 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=7 op=36524 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:23 -0800] conn=7 op=36524 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=18729 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:23 -0800] conn=18729 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:23 -0800] conn=18729 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:23 -0800] conn=18729 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:23 -0800] conn=18729 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:23 -0800] conn=18729 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:23 -0800] conn=18729 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:23 -0800] conn=18729 op=3 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=18729 op=4 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=CA))" attrs=ALL > [18/Jan/2016:09:28:23 -0800] conn=18729 op=4 RESULT err=0 tag=101 nentries=3 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=18729 op=5 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=krbPrincipalAux)(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs=ALL > [18/Jan/2016:09:28:23 -0800] conn=18729 op=5 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=18729 op=6 SRCH base="cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass" > [18/Jan/2016:09:28:23 -0800] conn=18729 op=6 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=18729 op=7 SRCH base="cn=caacls,cn=ca,dc=mydomain,dc=net" scope=1 filter="(&(objectClass=ipaassociation)(objectClass=ipacaacl))" attrs="serviceCategory cn ipaMemberCertProfile ipaMemberCa ipaCertProfileCategory memberUser userCategory hostCategory memberHost ipaEnabledFlag ipaCaCategory memberService description" > [18/Jan/2016:09:28:23 -0800] conn=18729 op=7 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=18729 op=8 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaKrbAuthzData userCertificate ipaAllowedToPerform * managedBy memberOf krbPrincipalName aci" > [18/Jan/2016:09:28:23 -0800] conn=18729 op=8 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=18729 op=9 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(krbPrincipalKey=*)" attrs="krbPrincipalKey" > [18/Jan/2016:09:28:23 -0800] conn=18729 op=9 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=18729 op=10 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=krbPrincipalAux)(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs=ALL > [18/Jan/2016:09:28:23 -0800] conn=18729 op=10 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=18729 op=11 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="userCertificate" > [18/Jan/2016:09:28:23 -0800] conn=18729 op=11 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=67 op=539 SRCH base="cn=7,ou=certificateRepository,ou=ca,o=ipaca" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:23 -0800] conn=67 op=539 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=217 op=10 SRCH base="ou=People,o=ipaca" scope=2 filter="(description=2;7;CN=Certificate Authority,O=MYDOMAIN.NET;CN=IPA RA,O=MYDOMAIN.NET)" attrs=ALL > [18/Jan/2016:09:28:23 -0800] conn=217 op=10 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=217 op=11 SRCH base="cn=Registration Manager Agents,ou=groups,o=ipaca" scope=0 filter="(uniqueMember=uid=ipara,ou=people,o=ipaca)" attrs="cn" > [18/Jan/2016:09:28:23 -0800] conn=217 op=11 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=67 op=540 ADD dn="cn=99990009,ou=ca,ou=requests,o=ipaca" > [18/Jan/2016:09:28:23 -0800] conn=67 op=540 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d2323000004470000 > [18/Jan/2016:09:28:23 -0800] conn=67 op=541 ADD dn="cn=2684289033,ou=certificateRepository,ou=ca,o=ipaca" > [18/Jan/2016:09:28:23 -0800] conn=67 op=541 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d2323000104470000 > [18/Jan/2016:09:28:23 -0800] conn=67 op=542 MOD dn="cn=99990009,ou=ca,ou=requests,o=ipaca" > [18/Jan/2016:09:28:23 -0800] conn=17562 op=144441 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:23 -0800] conn=17562 op=144441 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=67 op=542 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2323000304470000 > [18/Jan/2016:09:28:23 -0800] conn=67 op=543 SRCH base="cn=99990009,ou=ca,ou=requests,o=ipaca" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:23 -0800] conn=67 op=543 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=67 op=544 MOD dn="ou=ca,ou=requests,o=ipaca" > [18/Jan/2016:09:28:23 -0800] conn=18730 fd=281 slot=281 connection from 10.178.0.99 to 10.178.0.98 > [18/Jan/2016:09:28:23 -0800] conn=67 op=544 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2323000504470000 > [18/Jan/2016:09:28:23 -0800] conn=18730 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:23 -0800] conn=18729 op=12 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=CA))" attrs=ALL > [18/Jan/2016:09:28:23 -0800] conn=18729 op=12 RESULT err=0 tag=101 nentries=3 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=18730 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:23 -0800] conn=18729 op=13 SRCH base="cn=caIPAserviceCert,cn=certprofiles,cn=ca,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="cn ipaCertProfileStoreIssued description" > [18/Jan/2016:09:28:23 -0800] conn=18729 op=13 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=18729 op=14 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="userCertificate" > [18/Jan/2016:09:28:23 -0800] conn=18729 op=14 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=18731 fd=282 slot=282 connection from 10.21.0.99 to 10.178.0.98 > [18/Jan/2016:09:28:23 -0800] conn=18729 op=15 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=CA))" attrs=ALL > [18/Jan/2016:09:28:23 -0800] conn=18729 op=15 RESULT err=0 tag=101 nentries=3 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=18731 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:23 -0800] conn=18729 op=16 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=CA))" attrs=ALL > [18/Jan/2016:09:28:23 -0800] conn=18731 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:23 -0800] conn=18729 op=16 RESULT err=0 tag=101 nentries=3 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=18729 op=17 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="userCertificate" > [18/Jan/2016:09:28:23 -0800] conn=18729 op=17 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=18731 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:23 -0800] conn=18731 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:23 -0800] conn=18729 op=18 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="userCertificate" > [18/Jan/2016:09:28:23 -0800] conn=18729 op=18 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=18729 op=19 MOD dn="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:23 -0800] conn=18731 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:23 -0800] conn=18731 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="krbprincipalname=ldap/dc1-ipa-dev-van.mydomain.net at mydomain.net,cn=services,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:23 -0800] conn=18729 op=19 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22230001000f0000 > [18/Jan/2016:09:28:23 -0800] conn=18729 op=20 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaKrbAuthzData userCertificate ipaAllowedToPerform managedBy memberOf krbPrincipalName" > [18/Jan/2016:09:28:23 -0800] conn=18731 op=3 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension" > [18/Jan/2016:09:28:23 -0800] conn=18729 op=20 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=18731 op=3 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=18731 op=4 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension" > [18/Jan/2016:09:28:23 -0800] conn=18729 op=21 UNBIND > [18/Jan/2016:09:28:23 -0800] conn=18729 op=21 fd=278 closed - U1 > [18/Jan/2016:09:28:23 -0800] conn=18731 op=4 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=18731 op=5 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:23 -0800] conn=18731 op=5 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=18731 op=6 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:23 -0800] conn=18731 op=6 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:27 -0800] conn=17562 op=144442 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:27 -0800] conn=17562 op=144442 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:28 -0800] conn=18730 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:28 -0800] conn=18730 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:28 -0800] conn=18730 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:28 -0800] conn=18730 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="krbprincipalname=ldap/dc1-ipa-dev-nvan.mydomain.net at mydomain.net,cn=services,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:28 -0800] conn=18730 op=3 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension" > [18/Jan/2016:09:28:28 -0800] conn=18730 op=3 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:28 -0800] conn=18730 op=4 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension" > [18/Jan/2016:09:28:28 -0800] conn=18730 op=4 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:28 -0800] conn=18730 op=5 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:28 -0800] conn=18730 op=5 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:28 -0800] conn=18730 op=6 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:28 -0800] conn=18730 op=6 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:28 -0800] conn=14994 op=9142 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:28 -0800] conn=14994 op=9142 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:28 -0800] conn=14994 op=9143 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:28 -0800] conn=14994 op=9143 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:28 -0800] conn=14994 op=9144 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:28 -0800] conn=14994 op=9144 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:29 -0800] conn=17562 op=144443 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:29 -0800] conn=17562 op=144443 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:29 -0800] conn=17562 op=144444 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:29 -0800] conn=17562 op=144444 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:30 -0800] conn=18656 op=5 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2842)(!(entryusn=2842)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=spool1-googleapps-flex-van.mydomain.net)(sudoHost=spool1-googleapps-flex-van)(sudoHost=10.21.32.201)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:2c30)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" > [18/Jan/2016:09:28:30 -0800] conn=18656 op=5 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 > [18/Jan/2016:09:28:30 -0800] conn=18519 op=5 UNBIND > [18/Jan/2016:09:28:30 -0800] conn=18519 op=5 fd=77 closed - U1 > [18/Jan/2016:09:28:32 -0800] conn=18732 fd=77 slot=77 connection from 10.21.0.98 to 10.178.0.98 > [18/Jan/2016:09:28:32 -0800] conn=18732 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:32 -0800] conn=18732 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:32 -0800] conn=18732 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:32 -0800] conn=18732 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:32 -0800] conn=18732 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:32 -0800] conn=18732 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:32 -0800] conn=18732 op=3 SRCH base="cn=replication,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:32 -0800] conn=18732 op=3 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:32 -0800] conn=18732 op=4 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" > [18/Jan/2016:09:28:32 -0800] conn=18732 op=4 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:32 -0800] conn=17562 op=144445 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:32 -0800] conn=17562 op=144445 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:32 -0800] conn=17562 op=144446 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:32 -0800] conn=17562 op=144446 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:32 -0800] conn=17562 op=144447 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:32 -0800] conn=17562 op=144447 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:32 -0800] conn=17562 op=144448 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:32 -0800] conn=17562 op=144448 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:32 -0800] conn=18732 op=5 MOD dn="cn=replication,cn=etc,dc=mydomain,dc=net" > [18/Jan/2016:09:28:32 -0800] conn=18732 op=5 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d222c0007000f0000 > [18/Jan/2016:09:28:32 -0800] conn=14994 op=9145 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:32 -0800] conn=14994 op=9145 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:32 -0800] conn=14994 op=9146 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:32 -0800] conn=14994 op=9146 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:32 -0800] conn=17562 op=144449 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:32 -0800] conn=17562 op=144449 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:32 -0800] conn=17562 op=144450 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:32 -0800] conn=17562 op=144450 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:33 -0800] conn=18732 op=6 SRCH base="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:33 -0800] conn=18732 op=6 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:33 -0800] conn=18732 op=7 SRCH base="cn=replication,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:33 -0800] conn=18732 op=7 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:33 -0800] conn=18732 op=8 MOD dn="cn=replication,cn=etc,dc=mydomain,dc=net" > [18/Jan/2016:09:28:33 -0800] conn=18732 op=8 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d222d0000000f0000 > [18/Jan/2016:09:28:33 -0800] conn=18732 op=9 SRCH base="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:33 -0800] conn=18732 op=9 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 ADD dn="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" > [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 RESULT err=68 tag=105 nentries=0 etime=0 > [18/Jan/2016:09:28:33 -0800] conn=18732 op=11 UNBIND > [18/Jan/2016:09:28:33 -0800] conn=18732 op=11 fd=77 closed - U1 > [18/Jan/2016:09:28:33 -0800] conn=18733 fd=77 slot=77 connection from 10.178.6.56 to 10.178.0.98 > [18/Jan/2016:09:28:33 -0800] conn=18733 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" > [18/Jan/2016:09:28:33 -0800] conn=18733 op=0 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:33 -0800] conn=3 op=82550 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:33 -0800] conn=3 op=82550 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:33 -0800] conn=18733 op=1 UNBIND > [18/Jan/2016:09:28:33 -0800] conn=18733 op=1 fd=77 closed - U1 > [18/Jan/2016:09:28:33 -0800] conn=18734 fd=77 slot=77 connection from 10.178.6.56 to 10.178.0.98 > [18/Jan/2016:09:28:33 -0800] conn=18734 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" > [18/Jan/2016:09:28:33 -0800] conn=18734 op=0 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:33 -0800] conn=7 op=36525 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:33 -0800] conn=7 op=36525 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:33 -0800] conn=18734 op=1 UNBIND > [18/Jan/2016:09:28:33 -0800] conn=18734 op=1 fd=77 closed - U1 > [18/Jan/2016:09:28:33 -0800] conn=7 op=36526 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:33 -0800] conn=7 op=36526 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:33 -0800] conn=18735 fd=77 slot=77 connection from 10.178.6.56 to 10.178.0.98 > [18/Jan/2016:09:28:33 -0800] conn=18735 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" > [18/Jan/2016:09:28:33 -0800] conn=18735 op=0 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:33 -0800] conn=7 op=36527 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:33 -0800] conn=7 op=36527 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:33 -0800] conn=18735 op=1 UNBIND > [18/Jan/2016:09:28:33 -0800] conn=18735 op=1 fd=77 closed - U1 > [18/Jan/2016:09:28:34 -0800] conn=14994 op=9147 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:34 -0800] conn=14994 op=9147 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:34 -0800] conn=14994 op=9148 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:34 -0800] conn=17562 op=144451 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:34 -0800] conn=17562 op=144451 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:34 -0800] conn=14994 op=9148 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:36 -0800] conn=18520 op=5 UNBIND > > -----Original Message----- > From: Petr Vobornik [mailto:pvoborni at redhat.com] > Sent: January-18-16 10:30 AM > To: Nathan Peters; Rob Crittenden; freeipa-users at redhat.com > Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists > > On 01/18/2016 07:10 PM, Nathan Peters wrote: >> This is FreeIPA 4.3.0. There is no master generating the prepare file (unless its still handled in the background invisibly to the user). > Right. But the replica installer picks some server as a master. > > Ipa-replica-install is run directly from an unjoined client (or joined > client, I have tried both). >> However, after tracking the logs of all 3 existing IPA servers during the attempted installation, the CA master appears to be the one doing something. Here are the logs for that time period. Note that there is no "err=68" anywhere in here: > Are all 3 existing server functioning well, e.g with working replication? > > Could you check `ipa server-find` if there is no left-over server - e.g. > failed installation. > > Could be check also in `ipa-replica-manage list` if there is some > leftover, please remove it with `ipa-replica-manage del $FQDN` command. > > Wrt the logs. I did not meant that but Rob was right. The installer > tries to update "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping > tree,cn=config" entry on both master and the replica. If the entry does > not exist, the installer also creates it. > > On replica it behaves correctly: > > [18/Jan/2016:09:28:32 -0800] conn=2 op=8 SRCH > base="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" > scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:32 -0800] conn=2 op=8 RESULT err=0 tag=101 nentries=1 > etime=0 > [18/Jan/2016:09:28:32 -0800] conn=2 op=9 MOD > dn="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" > [18/Jan/2016:09:28:32 -0800] conn=2 op=9 RESULT err=0 tag=103 nentries=0 > etime=0 > > It would be good to see the same log from a master which it tries to use > in installation. - In 4.3 the server is picked automatically. > > I don't see any searches for > "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" in > the logs below which makes me wonder, what server the installer tries to > use as a master. > > Could be find out, e.g. by: > $ cat /var/log/ipareplica-install.log | grep "Forwarding 'service_add'" > > From LuisFilipe.Domingues at nagra.com Tue Jan 19 14:39:55 2016 From: LuisFilipe.Domingues at nagra.com (Domingues Luis Filipe) Date: Tue, 19 Jan 2016 14:39:55 +0000 Subject: [Freeipa-users] ns-slapd using all CPU ressources In-Reply-To: <5699077D.7040408@redhat.com> References: <44CB25C72DF2CF4591AFBE25ED76033FB063A4@CHX-EXMBX-01.hq.k.grp>, <5699077D.7040408@redhat.com> Message-ID: <44CB25C72DF2CF4591AFBE25ED76033FB07CEE@CHX-EXMBX-01.hq.k.grp> Hi, Reading the backtrace I have 30 threads with the same stack: Thread 6 (Thread 0x7f572efed700 (LWP 1335)): #0 0x00007f576f80a877 in sched_yield () from /lib64/libc.so.6 No symbol table info available. #1 0x00007f577014df28 in PR_Sleep () from /lib64/libnspr4.so No symbol table info available. #2 0x000055c939e9e7c7 in connection_threadmain () No symbol table info available. #3 0x00007f577014d5cb in _pt_root () from /lib64/libnspr4.so No symbol table info available. #4 0x00007f576faec60a in start_thread () from /lib64/libpthread.so.0 No symbol table info available. #5 0x00007f576f826a4d in clone () from /lib64/libc.so.6 No symbol table info available. While the other instance which is running fine, almost all threads are waiting on a cond_wait, with thise stack: Thread 48 (Thread 0x7fced53a9700 (LWP 1871)): #0 0x00007fcee9269b10 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0 No symbol table info available. #1 0x00007fcee98bfcf0 in PR_WaitCondVar () from /lib64/libnspr4.so No symbol table info available. #2 0x00007fceeb7172c8 in slapi_wait_condvar () from /usr/lib64/dirsrv/libslapd.so.0 No symbol table info available. #3 0x00007fcee127a67e in cos_cache_wait_on_change () from /usr/lib64/dirsrv/plugins/libcos-plugin.so No symbol table info available. #4 0x00007fcee98c55cb in _pt_root () from /lib64/libnspr4.so No symbol table info available. #5 0x00007fcee926460a in start_thread () from /lib64/libpthread.so.0 No symbol table info available. #6 0x00007fcee8f9ea4d in clone () from /lib64/libc.so.6 No symbol table info available. Luis. ________________________________________ From: Rob Crittenden [rcritten at redhat.com] Sent: Friday, January 15, 2016 3:51 PM To: Domingues Luis Filipe; freeipa-users at redhat.com Cc: Aviolat Romain Subject: Re: [Freeipa-users] ns-slapd using all CPU ressources Domingues Luis Filipe wrote: > Hi all, > > On our infra, we have two machines running Fedora with FreeIPA installed. > > we have an issue with ns-slapd using 100% of CPU after a while. If we > restart the service, it starts to use all CPU resources after one day. > > Outpute of the command strace -c -p running for 4 minutes is: > > % time seconds usecs/call calls errors syscall > ------ ----------- ----------- --------- --------- ---------------- > 99.80 229.603633 11247 20415 poll > 0.15 0.340032 10 32983 4 futex > 0.05 0.114068 114068 1 restart_syscall > 0.00 0.003464 0 20420 20416 getpeername > 0.00 0.002752 0 20416 clock_gettime > 0.00 0.001920 0 9840 read > 0.00 0.000205 5 45 close > 0.00 0.000036 2 22 access > 0.00 0.000017 1 22 open > 0.00 0.000016 1 24 accept > 0.00 0.000012 0 45 setsockopt > 0.00 0.000007 0 22 fstat > 0.00 0.000000 0 22 stat > 0.00 0.000000 0 1 sendto > 0.00 0.000000 0 24 getsockname > 0.00 0.000000 0 4 getsockopt > 0.00 0.000000 0 70 fcntl > 0.00 0.000000 0 22 gettimeofday > ------ ----------- ----------- --------- --------- ---------------- > 100.00 230.066162 104398 20420 total > > > > Plus we looked at the syscalls using FTrace: > > ns-slapd-7963 [000] .... 4063846.395630: sys_sched_yield() > ns-slapd-7956 [000] .... 4063846.395631: sys_sched_yield -> 0x0 > ns-slapd-7956 [000] .... 4063846.395632: sys_sched_yield() > ns-slapd-7973 [000] .... 4063846.395633: sys_sched_yield -> 0x0 > ns-slapd-7973 [000] .... 4063846.395634: sys_sched_yield() > ns-slapd-7965 [000] .... 4063846.395635: sys_sched_yield -> 0x0 > ns-slapd-7965 [000] .... 4063846.395637: sys_sched_yield() > ns-slapd-7963 [000] .... 4063846.395637: sys_sched_yield -> 0x0 > ns-slapd-7963 [000] .... 4063846.395639: sys_sched_yield() > ns-slapd-7956 [000] .... 4063846.395640: sys_sched_yield -> 0x0 > ns-slapd-7956 [000] .... 4063846.395641: sys_sched_yield() > ns-slapd-7973 [000] .... 4063846.395642: sys_sched_yield -> 0x0 > ns-slapd-7973 [000] .... 4063846.395643: sys_sched_yield() > ns-slapd-7965 [000] .... 4063846.395644: sys_sched_yield -> 0x0 > > The sys_sched_yield function is called almost every 2 microseconds. It seems too much. Your best bet is to get a pstack or full backtrace to see what 389-ds is doing. See http://directory.fedoraproject.org/docs/389ds/FAQ/faq.html#debugging-hangs rob From pspacek at redhat.com Tue Jan 19 14:49:15 2016 From: pspacek at redhat.com (Petr Spacek) Date: Tue, 19 Jan 2016 15:49:15 +0100 Subject: [Freeipa-users] FreeIPA 4.3.0 Replica Installation fails with the hostname is not the primary hostname In-Reply-To: References: <569CD87F.7070108@redhat.com> Message-ID: <569E4CEB.3060800@redhat.com> Hmm, you should be a detective! Here is a ticket about this: https://fedorahosted.org/freeipa/ticket/5621 Thank you very much for catching this! Petr^2 Spacek On 18.1.2016 17:52, Nathan Peters wrote: > Actually I was able to solve this one, but the error logging could certainly be improved to indicate what is actually happening > > Here is the actual issue along with the sequence of events: > > 1. DNS check for local host to be joined checks forward, cname, and PTR records against result of `hostname` command, those all came back ok > > 2. A second check is performed and I believe it is being performed on an existing FreeIPA server (in this case it was my CA master), but the logs say " DEBUG Check if dc1-ipa-dev-nvan.mydomain.net is a primary hostname for localhost" even though this check is actually being performed remotely on the Master. It almost seems like the log entry from the master is forwarded to use and that's why it says 'localhost' or something... > > 3. It performs the same forward, CNAME, and PTR checks as it did against the localhost, but doesn't log those checks. It fails on the PTR check because there actually was a second invalid PTR entry for dc1-ipa-dev-nvan.mydomain.net.mydomain.net. You can see from the logs that it actually warned us it was about to do a PTR check on the localhost " DEBUG Check reverse address of 10.21.0.98". But when it performs the remote check on the master, it just does the check without informing us what is about to happen, and because it claims that host is 'localhost' if the 2 hostnames are similar, you may not even realize its not performing the check locally > > Since the underlying technical issue that caused this was an actual invalid PTR record, the removal of the PTR record solved the issue; however, it would be nice if the logs let us know that 2nd PTR check was actually remote, not local, and if it logged that it was about to perform a PTR check so we could accurately know what the cause of the failure was. > > > -----Original Message----- > From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Petr Spacek > Sent: January-18-16 4:23 AM > To: freeipa-users at redhat.com > Subject: Re: [Freeipa-users] FreeIPA 4.3.0 Replica Installation fails with the hostname is not the primary hostname > > On 18.1.2016 04:23, Nathan Peters wrote: >> 2016-01-18T03:00:07Z DEBUG Check if dc2-ipa-dev-van.mydomain.net is a >> primary hostname for localhost 2016-01-18T03:00:07Z DEBUG Primary >> hostname for localhost: dc2-ipa-dev-van.mydomain.net >> 2016-01-18T03:00:07Z DEBUG Search DNS for dc2-ipa-dev-van.mydomain.net >> 2016-01-18T03:00:07Z DEBUG Check if dc2-ipa-dev-van.mydomain.net is >> not a CNAME 2016-01-18T03:00:07Z DEBUG Check reverse address of >> 10.21.0.98 2016-01-18T03:00:07Z DEBUG Found reverse name: >> dc2-ipa-dev-van.mydomain.net 2016-01-18T03:00:07Z DEBUG Check if >> dc1-ipa-dev-nvan.mydomain.net is a primary hostname for localhost >> ------> This line here is strange ----> 2016-01-18T03:00:07Z DEBUG >> ------> Primary hostname for localhost: >> ------> dc1-ipa-dev-nvan.mydomain.net.mydomain.net >> 2016-01-18T03:00:07Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in execute >> return_value = self.run() >> File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 318, in run >> cfgr.run() >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 308, in run >> self.validate() >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 317, in validate >> for nothing in self._validator(): >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 372, in __runner >> self._handle_exception(exc_info) >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception >> six.reraise(*exc_info) >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 362, in __runner >> step() >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 359, in >> step = lambda: next(self.__gen) >> File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from >> six.reraise(*exc_info) >> File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from >> value = gen.send(prev_value) >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 549, in _configure >> next(validator) >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 372, in __runner >> self._handle_exception(exc_info) >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 449, in _handle_exception >> self.__parent._handle_exception(exc_info) >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception >> six.reraise(*exc_info) >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 446, in _handle_exception >> super(ComponentBase, self)._handle_exception(exc_info) >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception >> six.reraise(*exc_info) >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 362, in __runner >> step() >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 359, in >> step = lambda: next(self.__gen) >> File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from >> six.reraise(*exc_info) >> File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from >> value = gen.send(prev_value) >> File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 63, in _install >> for nothing in self._installer(self.parent): >> File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 1551, in main >> promote_check(self) >> File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 372, in decorated >> func(installer) >> File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 394, in decorated >> func(installer) >> File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 980, in promote_check >> installutils.verify_fqdn(config.master_host_name, options.no_host_dns) >> File "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line 168, in verify_fqdn >> "Please check /etc/hosts or DNS name resolution" % (host_name, >> ex_name[0])) >> >> 2016-01-18T03:00:07Z DEBUG The ipa-replica-install command failed, >> exception: HostLookupError: The host name >> dc1-ipa-dev-nvan.mydomain.net does not match the primary host name >> dc1-ipa-dev-nvan.mydomain.net.mydomain.net. Please check /etc/hosts or >> DNS name resolution 2016-01-18T03:00:07Z ERROR The host name >> dc1-ipa-dev-nvan.mydomain.net does not match the primary host name >> dc1-ipa-dev-nvan.mydomain.net.mydomain.net. Please check /etc/hosts or >> DNS name resolution 2016-01-18T03:00:07Z ERROR The ipa-replica-install >> command failed. See /var/log/ipareplica-install.log for more >> information >> >> So 3 questions : >> 1)Why does it first check if my hostname is ok, and then check if my hostname matches this other host, and why is it referring to the other remote host as localhost ? >> 2)Where in the world is it getting the idea that the primary hostname for my host is actually the primary hostname for the other host in a strange format with the domain name on the end twice ? >> 3)are there any workarounds for this? It seems rather buggy. I have >> triple checked hostnames on both hosts referenced in that log entry >> >> Here is the output that proves that my hostname is fine and not ending >> with a double domain >> >> [root at dc2-ipa-dev-van ~]# cat /etc/hosts >> 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 >> ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 >> 10.21.0.98 dc2-ipa-dev-van.mydomain.net >> [root at dc2-ipa-dev-van ~]# cat /etc/hostname >> dc2-ipa-dev-van.mydomain.net [root at dc2-ipa-dev-van ~]# hostname >> dc2-ipa-dev-van.mydomain.net >> >> and on the other host : >> >> [root at dc1-ipa-dev-nvan ~]# hostname >> dc1-ipa-dev-nvan.mydomain.net >> [root at dc1-ipa-dev-nvan ~]# cat /etc/hostname >> dc1-ipa-dev-nvan.mydomain.net [root at dc1-ipa-dev-nvan ~]# cat >> /etc/hosts >> 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 >> ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 >> 10.178.0.99 dc1-ipa-dev-nvan.mydomain.net [root at dc1-ipa-dev-nvan ~]# > > Interesting ... > > Please send us information mentioned on page http://www.freeipa.org/page/Troubleshooting#Reporting_bugs > > + content of /etc/resolv.conf on the affected machine > + /var/log/ipareplica-install.log > > Thank you. > > -- > Petr^2 Spacek > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project > -- Petr^2 Spacek From christopher.lamb at ch.ibm.com Tue Jan 19 15:40:37 2016 From: christopher.lamb at ch.ibm.com (Christopher Lamb) Date: Tue, 19 Jan 2016 16:40:37 +0100 Subject: [Freeipa-users] Browser login to IPA "Authentication Required"prompt In-Reply-To: References: <569CA032.8050805@redhat.com> Message-ID: <201601191540.u0JFelGK022344@d06av11.portsmouth.uk.ibm.com> >From memory (and this may have changed since) Firefox is the only supported browser for the FreeIPA WebUI. Having said that I would welcome other common browsers working (Chrome, Safari etc....) From: Adam Kaczka To: Martin Kosek , "freeipa-users at redhat.com" , Petr Vobornik Date: 18.01.2016 16:03 Subject: Re: [Freeipa-users] Browser login to IPA "Authentication Required" prompt Sent by: freeipa-users-bounces at redhat.com This happens with FreeIPA version 4.2.0 and also version 3.0.0 with latest Chrome (47.0.2526.111 m) and IE 11 (11.63.10586.0).? The issue does not occur with FF (43.0.4).? I tried the demo page and same thing happened. Also when using IE the login prompt is the Windows Security domain login prompt. On Mon, Jan 18, 2016 at 3:20 AM Martin Kosek wrote: On 01/15/2016 09:20 PM, Adam Kaczka wrote: > Hello, > > This has been bugging me for awhile but how do I turn off the > "Authentication Required" prompt that pops up on the GUI when I login to > IPA through browser?? I can cancel it and lands on the /ipa/ui page but I'd > like to not see it by default. > > Also I take it that the prompt is related to Kerberos login; is the prompt > meant to be used as a 2 factor authentication for browser login? CCing Petr to be aware of this question. But first, I would be curious - what browser version do you use and what FreeIPA version do you use? Do you see the same troubling behavior with FreeIPA demo [1]? [1] http://www.freeipa.org/page/Demo -- Best Regards, - Adam-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: graycol.gif Type: image/gif Size: 105 bytes Desc: not available URL: From lkrispen at redhat.com Tue Jan 19 15:59:27 2016 From: lkrispen at redhat.com (Ludwig Krispenz) Date: Tue, 19 Jan 2016 16:59:27 +0100 Subject: [Freeipa-users] ns-slapd using all CPU ressources In-Reply-To: <44CB25C72DF2CF4591AFBE25ED76033FB07CEE@CHX-EXMBX-01.hq.k.grp> References: <44CB25C72DF2CF4591AFBE25ED76033FB063A4@CHX-EXMBX-01.hq.k.grp>, <5699077D.7040408@redhat.com> <44CB25C72DF2CF4591AFBE25ED76033FB07CEE@CHX-EXMBX-01.hq.k.grp> Message-ID: <569E5D5F.2070305@redhat.com> Hi, if you are running 389-ds 1.3.4+ you may hit, ticket #48379. It id fixed and a new build is in preparation Ludwig On 01/19/2016 03:39 PM, Domingues Luis Filipe wrote: > Hi, > > Reading the backtrace I have 30 threads with the same stack: > > Thread 6 (Thread 0x7f572efed700 (LWP 1335)): > #0 0x00007f576f80a877 in sched_yield () from /lib64/libc.so.6 > No symbol table info available. > #1 0x00007f577014df28 in PR_Sleep () from /lib64/libnspr4.so > No symbol table info available. > #2 0x000055c939e9e7c7 in connection_threadmain () > No symbol table info available. > #3 0x00007f577014d5cb in _pt_root () from /lib64/libnspr4.so > No symbol table info available. > #4 0x00007f576faec60a in start_thread () from /lib64/libpthread.so.0 > No symbol table info available. > #5 0x00007f576f826a4d in clone () from /lib64/libc.so.6 > No symbol table info available. > > While the other instance which is running fine, almost all threads are waiting on a cond_wait, with thise stack: > Thread 48 (Thread 0x7fced53a9700 (LWP 1871)): > #0 0x00007fcee9269b10 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0 > No symbol table info available. > #1 0x00007fcee98bfcf0 in PR_WaitCondVar () from /lib64/libnspr4.so > No symbol table info available. > #2 0x00007fceeb7172c8 in slapi_wait_condvar () from /usr/lib64/dirsrv/libslapd.so.0 > No symbol table info available. > #3 0x00007fcee127a67e in cos_cache_wait_on_change () from /usr/lib64/dirsrv/plugins/libcos-plugin.so > No symbol table info available. > #4 0x00007fcee98c55cb in _pt_root () from /lib64/libnspr4.so > No symbol table info available. > #5 0x00007fcee926460a in start_thread () from /lib64/libpthread.so.0 > No symbol table info available. > #6 0x00007fcee8f9ea4d in clone () from /lib64/libc.so.6 > No symbol table info available. > > Luis. > ________________________________________ > From: Rob Crittenden [rcritten at redhat.com] > Sent: Friday, January 15, 2016 3:51 PM > To: Domingues Luis Filipe; freeipa-users at redhat.com > Cc: Aviolat Romain > Subject: Re: [Freeipa-users] ns-slapd using all CPU ressources > > Domingues Luis Filipe wrote: >> Hi all, >> >> On our infra, we have two machines running Fedora with FreeIPA installed. >> >> we have an issue with ns-slapd using 100% of CPU after a while. If we >> restart the service, it starts to use all CPU resources after one day. >> >> Outpute of the command strace -c -p running for 4 minutes is: >> >> % time seconds usecs/call calls errors syscall >> ------ ----------- ----------- --------- --------- ---------------- >> 99.80 229.603633 11247 20415 poll >> 0.15 0.340032 10 32983 4 futex >> 0.05 0.114068 114068 1 restart_syscall >> 0.00 0.003464 0 20420 20416 getpeername >> 0.00 0.002752 0 20416 clock_gettime >> 0.00 0.001920 0 9840 read >> 0.00 0.000205 5 45 close >> 0.00 0.000036 2 22 access >> 0.00 0.000017 1 22 open >> 0.00 0.000016 1 24 accept >> 0.00 0.000012 0 45 setsockopt >> 0.00 0.000007 0 22 fstat >> 0.00 0.000000 0 22 stat >> 0.00 0.000000 0 1 sendto >> 0.00 0.000000 0 24 getsockname >> 0.00 0.000000 0 4 getsockopt >> 0.00 0.000000 0 70 fcntl >> 0.00 0.000000 0 22 gettimeofday >> ------ ----------- ----------- --------- --------- ---------------- >> 100.00 230.066162 104398 20420 total >> >> >> >> Plus we looked at the syscalls using FTrace: >> >> ns-slapd-7963 [000] .... 4063846.395630: sys_sched_yield() >> ns-slapd-7956 [000] .... 4063846.395631: sys_sched_yield -> 0x0 >> ns-slapd-7956 [000] .... 4063846.395632: sys_sched_yield() >> ns-slapd-7973 [000] .... 4063846.395633: sys_sched_yield -> 0x0 >> ns-slapd-7973 [000] .... 4063846.395634: sys_sched_yield() >> ns-slapd-7965 [000] .... 4063846.395635: sys_sched_yield -> 0x0 >> ns-slapd-7965 [000] .... 4063846.395637: sys_sched_yield() >> ns-slapd-7963 [000] .... 4063846.395637: sys_sched_yield -> 0x0 >> ns-slapd-7963 [000] .... 4063846.395639: sys_sched_yield() >> ns-slapd-7956 [000] .... 4063846.395640: sys_sched_yield -> 0x0 >> ns-slapd-7956 [000] .... 4063846.395641: sys_sched_yield() >> ns-slapd-7973 [000] .... 4063846.395642: sys_sched_yield -> 0x0 >> ns-slapd-7973 [000] .... 4063846.395643: sys_sched_yield() >> ns-slapd-7965 [000] .... 4063846.395644: sys_sched_yield -> 0x0 >> >> The sys_sched_yield function is called almost every 2 microseconds. It seems too much. > Your best bet is to get a pstack or full backtrace to see what 389-ds is > doing. See > http://directory.fedoraproject.org/docs/389ds/FAQ/faq.html#debugging-hangs > > rob > From Nathan.Peters at globalrelay.net Tue Jan 19 16:24:42 2016 From: Nathan.Peters at globalrelay.net (Nathan Peters) Date: Tue, 19 Jan 2016 16:24:42 +0000 Subject: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists In-Reply-To: <569DF522.4090505@redhat.com> References: <569CB899.9040603@redhat.com> <569CCB5D.8040400@redhat.com> <569D27C4.10602@redhat.com> <569D2F2F.6080806@redhat.com> <569DF522.4090505@redhat.com> Message-ID: So if the obsolete replica ID should cause no harm, then what is the solution to get my replica re-installed ? This problem still exists and hasn't gone away so I am still stuck with a 4th replica unable to be re-joined ... [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 ADD dn="cn=replica,cn=dc\3Ddev-globalrelay\2Cdc\3Dnet,cn=mapping tree,cn=config" [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 RESULT err=68 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:33 -0800] conn=18732 op=11 UNBIND [27/43]: restarting directory server [28/43]: setting up initial replication [error] DuplicateEntry: This entry already exists Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. -----Original Message----- From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Ludwig Krispenz Sent: January-19-16 12:37 AM To: freeipa-users at redhat.com Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists On 01/18/2016 09:55 PM, Nathan Peters wrote: > Another follow-up : dirsrv logs get really strange when I attempt to add that cleanruv task. It apears the message logged to console that the task already exists is totally lying ? o.O no, it is not totally lying, you just found another trace of a replica ID which is probably not properly cleaned. The cleanallruv task looks into the database and finally also into the changelog and remove all traces for tee replica ID to be cleaned. What you found is a ruv in the replication agreement, the replication agreement keeps track of the consumer RUV it has seen, and there was at one time replica 14. I'll open a ticket for 389-ds to handle this in the cleanallruv task. But the obsolete replica ID in the agreement should do no harm. If you want to get rid of it, you coud stop the server and remove it from the /etc/dirsrv/slapd-/dse.ldif > > So the actual error is that it cannot modify a task because it does not exist? Why does it not exist ? According to the docs here : http://directory.fedoraproject.org/docs/389ds/FAQ/troubleshoot-cleanallruv.html > > It should always exist? There is no 'changetype : modify' in that ldap syntax... > > [18/Jan/2016:12:36:56 -0800] - ldbm_back_seq deadlock retry BAD 1601, err=0 BDB0062 Successful return: 0 > [18/Jan/2016:12:39:56 -0800] - WARNING: can't modify task entry 'cn=clean 14,cn=cleanallruv,cn=tasks,cn=config'; No such object (32) > [18/Jan/2016:12:39:58 -0800] - WARNING: can't modify task entry 'cn=clean 14,cn=cleanallruv,cn=tasks,cn=config'; No such object (32) > [18/Jan/2016:12:40:00 -0800] - WARNING: can't modify task entry 'cn=clean 14,cn=cleanallruv,cn=tasks,cn=config'; No such object (32) > [18/Jan/2016:12:40:00 -0800] NSMMReplicationPlugin - CleanAllRUV Task (rid 14): Replica id (14) is already being cleaned > [18/Jan/2016:12:40:02 -0800] - WARNING: can't modify task entry 'cn=clean 14,cn=cleanallruv,cn=tasks,cn=config'; No such object (32) > [18/Jan/2016:12:40:04 -0800] - WARNING: can't modify task entry 'cn=clean 14,cn=cleanallruv,cn=tasks,cn=config'; No such object (32) > [18/Jan/2016:12:40:06 -0800] - WARNING: can't modify task entry 'cn=clean 14,cn=cleanallruv,cn=tasks,cn=config'; No such object (32) > [18/Jan/2016:12:40:06 -0800] NSMMReplicationPlugin - CleanAllRUV Task (rid 14): Task failed...(-1) > [18/Jan/2016:12:40:08 -0800] - WARNING: can't modify task entry 'cn=clean 14,cn=cleanallruv,cn=tasks,cn=config'; No such object (32) > [18/Jan/2016:12:40:08 -0800] - WARNING: can't find task entry 'cn=clean 14,cn=cleanallruv,cn=tasks,cn=config' > [18/Jan/2016:12:40:08 -0800] ipa_sidgen_add_post_op - [file ipa_sidgen.c, line 128]: Missing target entry. > > -----Original Message----- > From: Nathan Peters > Sent: January-18-16 12:13 PM > To: Nathan Peters; Petr Vobornik; Rob Crittenden; freeipa-users at redhat.com > Subject: RE: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists > > Follow-up : After finding the ghost ruvs below I tried to clean them. Apparently they are already being cleaned by some task that is clearly not working ... > > ==== attempts to clean ruv 14 ==== > > [[root at dc2-ipa-dev-nvan slapd-MYDOMAIN-NET]# ldapmodify -D "cn=directory manager" -W -a > Enter LDAP Password: > dn: cn=clean 14, cn=cleanallruv, cn=tasks, cn=config > objectclass: top > objectclass: extensibleObject > replica-base-dn: cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config > replica-id: 14 > replica-force-cleaning: yes > cn: clean 14 > > adding new entry "cn=clean 14, cn=cleanallruv, cn=tasks, cn=config" > ldap_add: Server is unwilling to perform (53) > additional info: Replica id (14) is already being cleaned > > [root at dc2-ipa-dev-nvan slapd-MYDOMAIN-NET]# ldapmodify -x -D "cn=directory manager" -W <> dn: cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config >> changetype: modify >> replace: nsds5task >> nsds5task: CLEANRUV14 >> EOF > Enter LDAP Password: > modifying entry "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" > > This one adds the entry properly (I think - I have no idea how to check if one exists), but does not actually clean the ruv. > > > -----Original Message----- > From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Nathan Peters > Sent: January-18-16 11:44 AM > To: Petr Vobornik; Rob Crittenden; freeipa-users at redhat.com > Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists > > Answers to questions : > > 1) All 3 servers are working fine. Error logs show only the expected replication keepalive entries and no other entries for the last 24 hours. Replication works. > > 2) ipa server-find output is identical on all 3 servers : > > [root at dc1-ipa-dev-nvan slapd-DEV-GLOBALRELAY-NET]# ipa server-find > --------------------- > 3 IPA servers matched > --------------------- > Server name: dc1-ipa-dev-nvan.dev-globalrelay.net > Managed suffixes: domain, ca > Min domain level: 0 > Max domain level: 1 > > Server name: dc1-ipa-dev-van.dev-globalrelay.net > Managed suffixes: domain, ca > Min domain level: 0 > Max domain level: 1 > > Server name: dc2-ipa-dev-nvan.dev-globalrelay.net > Managed suffixes: domain, ca > Min domain level: 0 > Max domain level: 1 > ---------------------------- > Number of entries returned 3 > ---------------------------- > > 3)ipa-replica-manage list is the same on all 3 servers : > > [root at dc1-ipa-dev-van slapd-DEV-GLOBALRELAY-NET]# ipa-replica-manage list > dc2-ipa-dev-nvan.dev-globalrelay.net: master > dc1-ipa-dev-nvan.dev-globalrelay.net: master > dc1-ipa-dev-van.dev-globalrelay.net: master > > 3.5)I actually tried running the remove command anyway in case there were any type of lingering records and it came back with nothing found : > > [root at dc2-ipa-dev-nvan slapd-DEV-GLOBALRELAY-NET]# ipa-replica-manage del dc2-ipa-dev-van.dev-globalrelay.net > dc2-ipa-dev-van.dev-globalrelay.net is not listed among IPA masters. > Please specify an actual server or add the --cleanup option to force clean up. > [root at dc2-ipa-dev-nvan slapd-DEV-GLOBALRELAY-NET]# ipa-replica-manage del dc2-ipa-dev-van.dev-globalrelay.net --cleanup > Checking connectivity in topology suffix 'ca' > 'dc2-ipa-dev-van.dev-globalrelay.net' is not a part of topology suffix 'ca' > Not checking connectivity > Checking connectivity in topology suffix 'domain' > 'dc2-ipa-dev-van.dev-globalrelay.net' is not a part of topology suffix 'domain' > Not checking connectivity > No RUV records found. > > 4) The command revealed it went to a different master than I thought. It was not the CA master, but a differnet one. > > [root at dc2-ipa-dev-van slapd-DEV-GLOBALRELAY-NET]# cat /var/log/ipareplica-install.log | grep "Forwarding 'service_add'" > 2016-01-18T17:28:22Z INFO Forwarding 'service_add' to json server 'https://dc2-ipa-dev-nvan.dev-globalrelay.net/ipa/json' > > For some reason, when I was monitoring the logs, nothing had been logged on the dc2-ipa-dev-nvan in the dirsrv log but it must have been buffering to disk, because when I checked the logs 5 minutes later, all the data was there. You can actually see the err=68 here : > > [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 ADD dn="cn=replica,cn=dc\3Ddev-globalrelay\2Cdc\3Dnet,cn=mapping tree,cn=config" > [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 RESULT err=68 tag=105 nentries=0 etime=0 > [18/Jan/2016:09:28:33 -0800] conn=18732 op=11 UNBIND > > I'm not sure why it would fail that call though... > > Here are the ldapsearch for that cn=replica branch performed on the master it was joining to, as well as the complete logs from that master with the err=68 in it. > > I'm not sure if this has anything to do with it, but inside the replica branch are already 2 sub branches for replication agreements. These agreements have what appears to be old ruvs for the server I am trying to join, however, because the ipa-replica-install clean-ruv command only applies to domain level 0, I cannot clean those ruvs... I also cannot lower my domain level back down to 0 so I can clean them. > > [root at dc2-ipa-dev-nvan slapd-DEV-GLOBALRELAY-NET]# ipa-replica-manage clean-ruv 14 > No RUV records found. > > > ==== LDAP SEARCH OF SECTION OF TREE THAT ADD FAILS ON ===== > > [root at dc2-ipa-dev-nvan slapd-MYDOMAIN-NET]# ldapsearch -D "cn=directory manager" -W -b "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" > Enter LDAP Password: > # extended LDIF > # > # LDAPv3 > # base with scope subtree > # filter: (objectclass=*) > # requesting: ALL > # > > # replica, dc\3Dmydomain\2Cdc\3Dnet, mapping tree, config > dn: cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config > cn: replica > nsDS5Flags: 1 > nsDS5ReplicaBindDN: cn=replication manager,cn=config > nsDS5ReplicaBindDN: krbprincipalname=ldap/dc1-ipa-dev-nvan.mydomain.net > @MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net > nsDS5ReplicaBindDN: krbprincipalname=ldap/dc1-ipa-dev-van.mydomain.net@ > MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net > nsDS5ReplicaId: 15 > nsDS5ReplicaName: 74d8b993-bcb911e5-ba5283c7-2a40cd64 > nsDS5ReplicaRoot: dc=mydomain,dc=net > nsDS5ReplicaType: 3 > nsState:: DwAAAAAAAAC/OZ1WAAAAAAAAAAAAAAAAbAEAAAAAAAAAAAAAAAAAAA== > nsds5ReplicaLegacyConsumer: off > nsds5replicabinddngroup: cn=replication managers,cn=sysaccounts,cn=etc,dc=mydomain,dc=net > nsds5replicabinddngroupcheckinterval: 60 > objectClass: nsds5replica > objectClass: top > objectClass: extensibleobject > nsds5ReplicaChangeCount: 37386 > nsds5replicareapactive: 0 > > # meTodc1-ipa-dev-nvan.mydomain.net, replica, dc\3Dmydomain\2Cdc\ > 3Dnet, mapping tree, config > dn: cn=meTodc1-ipa-dev-nvan.mydomain.net,cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config > cn: meTodc1-ipa-dev-nvan.mydomain.net > description: me to dc1-ipa-dev-nvan.mydomain.net > nsDS5ReplicaBindMethod: SASL/GSSAPI > nsDS5ReplicaHost: dc1-ipa-dev-nvan.mydomain.net > nsDS5ReplicaPort: 389 > nsDS5ReplicaRoot: dc=mydomain,dc=net > nsDS5ReplicaTransportInfo: LDAP > nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial > entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount > nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts > uccessfulauth krblastfailedauth krbloginfailedcount > nsds50ruv: {replicageneration} 553fe9bb000000040000 > nsds50ruv: {replica 16 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 569afd > 26000000100000 569b9201002200100000 > nsds50ruv: {replica 17 ldap://dc1-ipa-dev-van.mydomain.net:389} 569b124 > b000000110000 569b91af000d00110000 > nsds50ruv: {replica 15 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 569aee > 040000000f0000 569b92010002000f0000 > nsds50ruv: {replica 14 ldap://dc2-ipa-dev-van.mydomain.net:389} 569ae7b > b0000000e0000 569b91320014000e0000 > nsds5ReplicaEnabled: on > nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in > ternalModifyTimestamp > nsds5replicaTimeout: 120 > nsruvReplicaLastModified: {replica 16 ldap://dc1-ipa-dev-nvan.mydomain. > net:389} 00000000 > nsruvReplicaLastModified: {replica 17 ldap://dc1-ipa-dev-van.mydomain.n > et:389} 00000000 > nsruvReplicaLastModified: {replica 15 ldap://dc2-ipa-dev-nvan.mydomain. > net:389} 00000000 > nsruvReplicaLastModified: {replica 14 ldap://dc2-ipa-dev-van.mydomain.n > et:389} 00000000 > objectClass: nsds5replicationagreement > objectClass: top > objectClass: ipaReplTopoManagedAgreement > ipaReplTopoManagedAgreementState: managed agreement - controlled by topology p > lugin > nsds5replicareapactive: 0 > nsds5replicaLastUpdateStart: 20160118191523Z > nsds5replicaLastUpdateEnd: 20160118191523Z > nsds5replicaChangesSentSinceStartup:: MTU6Mjc0LzgyNzY5NiAxNDoxLzAgMTc6MTQvMCAx > NjoyLzAg > nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd > ate succeeded > nsds5replicaUpdateInProgress: FALSE > nsds5replicaLastInitStart: 19700101000000Z > nsds5replicaLastInitEnd: 19700101000000Z > > # meTodc1-ipa-dev-van.mydomain.net, replica, dc\3Dmydomain\2Cdc\3 > Dnet, mapping tree, config > dn: cn=meTodc1-ipa-dev-van.mydomain.net,cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config > cn: meTodc1-ipa-dev-van.mydomain.net > description: me to dc1-ipa-dev-van.mydomain.net > nsDS5ReplicaBindMethod: SASL/GSSAPI > nsDS5ReplicaHost: dc1-ipa-dev-van.mydomain.net > nsDS5ReplicaPort: 389 > nsDS5ReplicaRoot: dc=mydomain,dc=net > nsDS5ReplicaTransportInfo: LDAP > nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial > entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount > nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts > uccessfulauth krblastfailedauth krbloginfailedcount > nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in > ternalModifyTimestamp > nsds5replicaTimeout: 120 > objectClass: nsds5replicationagreement > objectClass: top > objectClass: ipaReplTopoManagedAgreement > ipaReplTopoManagedAgreementState: managed agreement - controlled by topology p > lugin > nsds50ruv: {replicageneration} 553fe9bb000000040000 > nsds50ruv: {replica 17 ldap://dc1-ipa-dev-van.mydomain.net:389} 569b124 > b000000110000 569b9201000500110000 > nsds50ruv: {replica 16 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 569afd > 26000000100000 569b918d004a00100000 > nsds50ruv: {replica 15 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 569aee > 040000000f0000 569b92010002000f0000 > nsds50ruv: {replica 14 ldap://dc2-ipa-dev-van.mydomain.net:389} 569ae7b > b0000000e0000 569b91320014000e0000 > nsruvReplicaLastModified: {replica 17 ldap://dc1-ipa-dev-van.mydomain.n > et:389} 00000000 > nsruvReplicaLastModified: {replica 16 ldap://dc1-ipa-dev-nvan.mydomain. > net:389} 00000000 > nsruvReplicaLastModified: {replica 15 ldap://dc2-ipa-dev-nvan.mydomain. > net:389} 00000000 > nsruvReplicaLastModified: {replica 14 ldap://dc2-ipa-dev-van.mydomain.n > et:389} 00000000 > nsds5replicareapactive: 0 > nsds5replicaLastUpdateStart: 20160118191523Z > nsds5replicaLastUpdateEnd: 20160118191523Z > nsds5replicaChangesSentSinceStartup:: MTU6MzY2LzE0MTg1NjkgMTY6OTYvMCAxNzoyLzAg > nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd > ate succeeded > nsds5replicaUpdateInProgress: FALSE > nsds5replicaLastInitStart: 19700101000000Z > nsds5replicaLastInitEnd: 19700101000000Z > > # search result > search: 2 > result: 0 Success > > # numResponses: 4 > # numEntries: 3 > > > > > > ===== LOGS FROM MASTER DURING REPLICA INSTALLATION ATTEMPT ==== > > [18/Jan/2016:09:27:54 -0800] conn=18695 fd=144 slot=144 connection from 10.21.0.98 to 10.178.0.98 > [18/Jan/2016:09:27:54 -0800] conn=18695 op=0 BIND dn="" method=128 version=3 > [18/Jan/2016:09:27:54 -0800] conn=18695 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="" > [18/Jan/2016:09:27:54 -0800] conn=18695 op=1 SRCH base="" scope=0 filter="(objectClass=*)" attrs="namingContexts defaultnamingcontext" > [18/Jan/2016:09:27:54 -0800] conn=18695 op=1 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=18695 op=2 SRCH base="dc=mydomain,dc=net" scope=0 filter="(info=IPA*)" attrs=ALL > [18/Jan/2016:09:27:54 -0800] conn=18695 op=2 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=18695 op=3 SRCH base="cn=kerberos,dc=mydomain,dc=net" scope=2 filter="(objectClass=krbRealmContainer)" attrs=ALL > [18/Jan/2016:09:27:54 -0800] conn=18695 op=3 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=14994 op=9086 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:27:54 -0800] conn=14994 op=9086 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=14994 op=9087 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:27:54 -0800] conn=14994 op=9087 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=14994 op=9088 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:27:54 -0800] conn=14994 op=9088 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=14994 op=9089 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:27:54 -0800] conn=14994 op=9089 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=7 op=36490 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:54 -0800] conn=7 op=36490 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=7 op=36491 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:54 -0800] conn=7 op=36491 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=7 op=36492 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:54 -0800] conn=7 op=36492 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=7 op=36493 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:27:54 -0800] conn=7 op=36493 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=6 op=38858 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:54 -0800] conn=6 op=38858 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=6 op=38859 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:54 -0800] conn=6 op=38859 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=6 op=38860 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:54 -0800] conn=6 op=38860 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=6 op=38861 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:27:54 -0800] conn=6 op=38861 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=6 op=38862 SRCH base="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:27:54 -0800] conn=6 op=38862 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=6 op=38863 MOD dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:27:54 -0800] conn=6 op=38863 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22060000000f0000 > [18/Jan/2016:09:27:54 -0800] conn=18696 fd=145 slot=145 connection from 10.21.0.98 to 10.178.0.98 > [18/Jan/2016:09:27:54 -0800] conn=6 op=38864 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:54 -0800] conn=6 op=38864 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=6 op=38865 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:54 -0800] conn=6 op=38865 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=6 op=38866 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:54 -0800] conn=6 op=38866 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=6 op=38867 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:54 -0800] conn=6 op=38867 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=6 op=38868 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:54 -0800] conn=6 op=38868 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=18696 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:54 -0800] conn=18696 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:27:54 -0800] conn=18696 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:54 -0800] conn=18696 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:27:54 -0800] conn=18696 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:54 -0800] conn=18696 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:27:54 -0800] conn=18696 op=3 SRCH base="cn=certificates,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaCertificate)(objectClass=pkiCA))" attrs="ipaKeyExtUsage cn ipaCertSubject ipaPublicKey cacertificate;binary ipaKeyTrust ipaCertIssuerSerial" > [18/Jan/2016:09:27:54 -0800] conn=18696 op=3 RESULT err=0 tag=101 nentries=2 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=18696 op=4 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" > [18/Jan/2016:09:27:54 -0800] conn=18696 op=4 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=18696 op=5 UNBIND > [18/Jan/2016:09:27:54 -0800] conn=18696 op=5 fd=145 closed - U1 > [18/Jan/2016:09:27:54 -0800] conn=6 op=38869 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:54 -0800] conn=6 op=38869 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=6 op=38870 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:54 -0800] conn=6 op=38870 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=6 op=38871 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:54 -0800] conn=6 op=38871 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=6 op=38872 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:54 -0800] conn=6 op=38872 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=6 op=38873 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:54 -0800] conn=6 op=38873 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:54 -0800] conn=3 op=82445 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:54 -0800] conn=3 op=82446 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:54 -0800] conn=3 op=82445 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=3 op=82447 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:55 -0800] conn=3 op=82446 RESULT err=0 tag=101 nentries=1 etime=1 > [18/Jan/2016:09:27:55 -0800] conn=3 op=82447 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=3 op=82448 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:55 -0800] conn=3 op=82448 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=13 op=56316 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:55 -0800] conn=13 op=56316 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=13 op=56317 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:55 -0800] conn=13 op=56317 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=13 op=56318 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:55 -0800] conn=13 op=56318 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=13 op=56319 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:27:55 -0800] conn=13 op=56319 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=7 op=36494 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:55 -0800] conn=7 op=36494 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=18697 fd=145 slot=145 connection from 10.21.5.248 to 10.178.0.98 > [18/Jan/2016:09:27:55 -0800] conn=18697 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" > [18/Jan/2016:09:27:55 -0800] conn=18697 op=0 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=7 op=36495 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:55 -0800] conn=7 op=36495 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=7 op=36496 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:55 -0800] conn=7 op=36496 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=7 op=36497 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:27:55 -0800] conn=7 op=36497 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=7 op=36498 SRCH base="cn=ad,cn=trusts,dc=mydomain,dc=net" scope=2 filter="(objectClass=ipaNTTrustedDomain)" attrs=ALL > [18/Jan/2016:09:27:55 -0800] conn=7 op=36499 SRCH base="dc=mydomain,dc=net" scope=2 filter="(objectClass=ipaNTDomainAttrs)" attrs="ipaNTFlatName ipaNTFallbackPrimaryGroup ipaNTSecurityIdentifier" > [18/Jan/2016:09:27:55 -0800] conn=7 op=36498 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=7 op=36499 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=7 op=36500 SRCH base="cn=Default SMB Group,cn=groups,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=posixGroup)" attrs="ipaNTSecurityIdentifier" > [18/Jan/2016:09:27:55 -0800] conn=7 op=36501 SRCH base="cn=ad,cn=trusts,dc=mydomain,dc=net" scope=2 filter="(objectClass=ipaNTTrustedDomain)" attrs="cn ipaNTTrustPartner ipaNTFlatName ipaNTTrustedDomainSID ipaNTSIDBlacklistIncoming ipaNTSIDBlacklistOutgoing" > [18/Jan/2016:09:27:55 -0800] conn=7 op=36500 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=7 op=36501 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=7 op=36502 SRCH base="krbprincipalname=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:27:55 -0800] conn=7 op=36502 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=7 op=36503 SRCH base="cn=dc2-ipa-dev-nvan.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:27:55 -0800] conn=7 op=36503 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=7 op=36504 MOD dn="krbprincipalname=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:27:55 -0800] conn=7 op=36504 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22070000000f0000 > [18/Jan/2016:09:27:55 -0800] conn=3 op=82449 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/fe1-gas-gasqa3-van.login.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/fe1-gas-gasqa3-van.login.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:55 -0800] conn=18698 fd=278 slot=278 connection from 10.178.0.98 to 10.178.0.98 > [18/Jan/2016:09:27:55 -0800] conn=13 op=56320 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:55 -0800] conn=3 op=82449 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=3 op=82450 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:55 -0800] conn=3 op=82450 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=3 op=82451 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:55 -0800] conn=13 op=56320 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=13 op=56321 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:55 -0800] conn=3 op=82451 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=3 op=82452 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:27:55 -0800] conn=3 op=82452 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=13 op=56321 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=13 op=56322 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:55 -0800] conn=13 op=56322 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=13 op=56323 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:55 -0800] conn=6 op=38874 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/fe1-gas-gasqa3-van.login.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/fe1-gas-gasqa3-van.login.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:55 -0800] conn=13 op=56323 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=13 op=56324 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:55 -0800] conn=13 op=56324 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=18698 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:55 -0800] conn=6 op=38874 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=6 op=38875 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:55 -0800] conn=6 op=38875 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=6 op=38876 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:55 -0800] conn=18698 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:27:55 -0800] conn=18698 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:55 -0800] conn=18698 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:27:55 -0800] conn=18698 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:55 -0800] conn=6 op=38876 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=6 op=38877 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:27:55 -0800] conn=6 op=38877 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=18698 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:27:55 -0800] conn=6 op=38878 SRCH base="fqdn=fe1-gas-gasqa3-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:27:55 -0800] conn=6 op=38878 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=18698 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:27:55 -0800] conn=6 op=38879 SRCH base="cn=fe1-gas-gasqa3-van.login.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:27:55 -0800] conn=6 op=38879 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=6 op=38880 MOD dn="fqdn=fe1-gas-gasqa3-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:27:55 -0800] conn=18698 op=3 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=18698 op=4 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" > [18/Jan/2016:09:27:55 -0800] conn=18698 op=4 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=18698 op=5 SRCH base="cn=computers,cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=ipaobject)(objectClass=nshost)(objectClass=ipahost)(objectClass=pkiuser)(objectClass=ipaservice))(serverHostName=dc2-ipa-dev-van.mydomain.net))" attrs="" > [18/Jan/2016:09:27:55 -0800] conn=18698 op=5 RESULT err=0 tag=101 nentries=0 etime=0 notes=U > [18/Jan/2016:09:27:55 -0800] conn=18698 op=6 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="macAddress memberofindirect description nsHardwarePlatform userCertificate ipaAllowedToPerform * l nsOsVersion fqdn managedBy ipaAssignedIDView memberOf krbPrincipalName nsHostLocation userClass aci" > [18/Jan/2016:09:27:55 -0800] conn=18698 op=6 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=18698 op=7 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" > [18/Jan/2016:09:27:55 -0800] conn=18698 op=7 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=18698 op=8 SRCH base="cn=computers,cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=ipaobject)(objectClass=nshost)(objectClass=ipahost)(objectClass=pkiuser)(objectClass=ipaservice))(serverHostName=dc2-ipa-dev-van.mydomain.net))" attrs="" > [18/Jan/2016:09:27:55 -0800] conn=18698 op=8 RESULT err=0 tag=101 nentries=0 etime=0 notes=U > [18/Jan/2016:09:27:55 -0800] conn=18698 op=9 ADD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:27:55 -0800] conn=6 op=38880 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22070004000f0000 > [18/Jan/2016:09:27:55 -0800] conn=6 op=38881 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:55 -0800] conn=18698 op=9 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d22070008000f0000 > [18/Jan/2016:09:27:55 -0800] conn=6 op=38881 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=6 op=38882 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:55 -0800] conn=18698 op=10 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="macAddress memberOf description nsHardwarePlatform objectClass ipaAllowedToPerform memberofindirect l nsOsVersion fqdn managedBy ipaAssignedIDView ipaUniqueID userCertificate krbPrincipalName nsHostLocation userClass" > [18/Jan/2016:09:27:55 -0800] conn=18698 op=10 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=18698 op=11 SRCH base="dc=mydomain,dc=net" scope=2 filter="(|(member=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberUser=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberHost=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net))" attrs="" > [18/Jan/2016:09:27:55 -0800] conn=18698 op=11 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=18698 op=12 SRCH base="cn=dns,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:27:55 -0800] conn=18698 op=12 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=6 op=38882 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=6 op=38883 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:55 -0800] conn=6 op=38883 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=18698 op=13 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(userPassword=*)" attrs="userPassword" > [18/Jan/2016:09:27:55 -0800] conn=18698 op=13 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=6 op=38884 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/fe1-gas-gasqa3-van.login.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:55 -0800] conn=6 op=38884 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=18698 op=14 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(krbPrincipalKey=*)" attrs="krbPrincipalKey" > [18/Jan/2016:09:27:55 -0800] conn=18698 op=14 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=6 op=38885 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:55 -0800] conn=6 op=38885 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=18698 op=15 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaSshPubKey" > [18/Jan/2016:09:27:55 -0800] conn=18698 op=15 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=18698 op=16 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaDefaultLoginShell ipaCertificateSubjectBase ipaUserSearchFields ipaSELinuxUserMapDefault ipaUserAuthType ipaDefaultPrimaryGroup ipaPwdExpAdvNotify ipaGroupSearchFields ipaDefaultEmailDomain ipaHomesRootDir ipaSearchTimeLimit ipaKrbAuthzData ipaMigrationEnabled ipaSearchRecordsLimit ipaConfigString ipaMaxUsernameLength ipaSELinuxUserMapOrder" > [18/Jan/2016:09:27:55 -0800] conn=18698 op=16 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=14994 op=9090 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:27:55 -0800] conn=14994 op=9090 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=18697 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:55 -0800] conn=18697 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:27:55 -0800] conn=14994 op=9091 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:27:55 -0800] conn=14994 op=9091 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=18698 op=17 UNBIND > [18/Jan/2016:09:27:55 -0800] conn=18698 op=17 fd=278 closed - U1 > [18/Jan/2016:09:27:55 -0800] conn=18697 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:55 -0800] conn=18697 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:27:55 -0800] conn=17562 op=144064 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:27:55 -0800] conn=17562 op=144064 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=18697 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:55 -0800] conn=18697 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=fe1-gas-gasqa3-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:27:55 -0800] conn=17562 op=144065 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:55 -0800] conn=18697 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2842)(!(entryusn=2842)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=fe1-gas-gasqa3-van.login.mydomain.net)(sudoHost=fe1-gas-gasqa3-van)(sudoHost=10.21.5.248)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:640b)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" > [18/Jan/2016:09:27:55 -0800] conn=18697 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 > [18/Jan/2016:09:27:55 -0800] conn=17562 op=144065 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7ac1000b00110000 > [18/Jan/2016:09:27:55 -0800] conn=18699 fd=278 slot=278 connection from 10.21.0.98 to 10.178.0.98 > [18/Jan/2016:09:27:55 -0800] conn=18699 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:55 -0800] conn=18699 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:27:55 -0800] conn=18699 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:55 -0800] conn=18699 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:27:55 -0800] conn=18699 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:55 -0800] conn=18699 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:27:55 -0800] conn=18699 op=3 EXT oid="2.16.840.1.113730.3.8.10.5" name="IPA Password Manager" > [18/Jan/2016:09:27:55 -0800] conn=18699 op=3 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=18699 op=4 UNBIND > [18/Jan/2016:09:27:55 -0800] conn=18699 op=4 fd=278 closed - U1 > [18/Jan/2016:09:27:55 -0800] conn=3 op=82453 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:55 -0800] conn=3 op=82453 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=3 op=82454 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:55 -0800] conn=3 op=82454 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=3 op=82455 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:55 -0800] conn=3 op=82455 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=3 op=82456 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:27:55 -0800] conn=3 op=82456 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=3 op=82457 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:55 -0800] conn=3 op=82457 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=3 op=82458 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:55 -0800] conn=3 op=82458 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=3 op=82459 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:55 -0800] conn=3 op=82459 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=3 op=82460 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:27:55 -0800] conn=3 op=82460 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=3 op=82461 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:27:55 -0800] conn=3 op=82461 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=3 op=82462 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:27:55 -0800] conn=3 op=82462 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:27:55 -0800] conn=3 op=82463 MOD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:27:55 -0800] conn=3 op=82463 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22070012000f0000 > [18/Jan/2016:09:27:55 -0800] conn=18695 op=4 UNBIND > [18/Jan/2016:09:27:55 -0800] conn=18695 op=4 fd=144 closed - U1 > [18/Jan/2016:09:27:56 -0800] conn=18683 op=7 UNBIND > [18/Jan/2016:09:27:56 -0800] conn=18683 op=7 fd=277 closed - U1 > [18/Jan/2016:09:27:56 -0800] conn=14994 op=9092 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:27:56 -0800] conn=14994 op=9092 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144066 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144066 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7c09001b00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144067 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144067 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7c09001c00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144068 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144068 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7da4000500110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144069 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144069 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7da4000600110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144070 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144070 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7ec8000e00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144071 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144071 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c804f000600110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144072 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144072 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c804f000700110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144073 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144073 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8169001900110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144074 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144074 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8169001a00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144075 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144075 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c82c6000600110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144076 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144076 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8416000800110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144077 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144077 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8416000900110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144078 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144078 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c854a000700110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144079 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144079 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c854a000800110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144080 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144080 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8696002500110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144081 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144081 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8696002600110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144082 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144082 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8833000d00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144083 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144083 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8833000e00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144084 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144084 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8964000f00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144085 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144085 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8ae4000600110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144086 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144086 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8c17000900110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144087 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144087 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8d72000500110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144088 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144088 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8ece000a00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144089 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144089 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9023001800110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144090 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144090 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9023001900110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144091 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144091 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9192001400110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144092 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144092 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9192001500110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144093 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144093 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c92e8000400110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144094 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144094 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9463000500110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144095 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144095 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c95c0000500110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144096 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144096 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c95c0000600110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144097 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144097 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c96de001100110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144098 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144098 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c989b000a00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144099 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144099 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c989b000b00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144100 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144100 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c99d4000c00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144101 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144101 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c99d4000d00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144102 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144102 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9b07000a00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144103 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144103 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9ca8000800110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144104 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144104 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9ca8000900110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144105 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144105 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9dca001500110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144106 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144106 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9f15001e00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144107 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144107 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9f15001f00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144108 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144108 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca0bf000a00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144109 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144109 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca0bf000b00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144110 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144110 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca21a000d00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144111 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144111 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca3a6001a00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144112 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144112 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca3a6001b00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144113 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144113 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca4f9000200110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144114 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144114 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca638001a00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144115 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144115 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca638001b00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144116 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144116 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca7b4000c00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144117 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144117 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca7b4000d00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144118 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144118 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca922000d00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144119 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144119 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca922000e00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144120 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144120 RESULT err=32 tag=103 nentries=0 etime=0 csn=569caa84000a00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144121 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144121 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cabf6000d00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144122 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144122 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cabf6000e00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144123 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144123 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cad23000800110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144124 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144124 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cae86001100110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144125 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144125 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cae86001200110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144126 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144126 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb02b000e00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144127 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144127 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb02b000f00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144128 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144128 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb19e000600110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144129 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144129 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb302000800110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144130 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144130 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb463000400110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144131 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144131 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb5b6002300110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144132 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144132 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb733000d00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144133 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144133 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb733000e00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144134 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144134 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb8a4000600110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144135 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144135 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cba11000900110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144136 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144136 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cba11000a00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144137 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144137 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbb52001a00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144138 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144138 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbcc4001c00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144139 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144139 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbcc4001d00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144140 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144140 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbe3a000f00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144141 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144141 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbfa9000500110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144142 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144142 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc10e001000110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144143 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144143 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc10e001100110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144144 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144144 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc240001e00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144145 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144145 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc3a0001000110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144146 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144146 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc3a0001100110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144147 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144147 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc543000d00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144148 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144148 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc6a5000f00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144149 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144149 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc6a5001000110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144150 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144150 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc80d001000110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144151 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144151 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc943000800110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144152 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144152 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cca94000e00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144153 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144153 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccc35001000110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144154 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144154 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccc35001100110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144155 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144155 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccd8a000600110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144156 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144156 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccec0000c00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144157 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144157 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccec0000d00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144158 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144158 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd040000700110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144159 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144159 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd040000800110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144160 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144160 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd185001200110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144161 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144161 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd33d000700110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144162 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144162 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd493000400110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144163 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144163 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd5ed000d00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144164 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144164 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd749000900110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144165 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144165 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd893000500110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144166 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144166 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cda30001600110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144167 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144167 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cda30001700110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144168 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144168 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdb92000a00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144169 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144169 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdcdc000500110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144170 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144170 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cde51000a00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144171 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144171 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdfab000f00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144172 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144172 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce157000700110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144173 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144173 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce2f5001000110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144174 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144174 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce2f5001100110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144175 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144175 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce42d000900110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144176 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144176 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce585000f00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144177 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144177 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce6cf003500110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144178 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144178 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce6cf003600110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144179 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144179 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce860000900110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144180 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144180 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce9ce000900110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144181 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144181 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ceaf9002400110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144182 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144182 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cec51002100110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144183 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144183 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cedb6000900110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144184 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144184 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cedb6000a00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144185 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144185 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cef2a000500110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144186 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144186 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf0af000800110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144187 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144187 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf1cc000c00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144188 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144188 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf1cc000d00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144189 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144189 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf359002000110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144190 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144190 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf4b4000700110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144191 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144191 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf4b4000800110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144192 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144192 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf625000a00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144193 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144193 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf625000b00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144194 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144194 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf7ba000500110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144195 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144195 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf8d4000a00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144196 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144196 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfa64001d00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144197 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144197 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfbb2000800110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144198 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144198 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfd39000700110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144199 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144199 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfed1000a00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144200 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144200 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cffea001000110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144201 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144201 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d018b000600110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144202 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144202 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d02cf001c00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144203 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144203 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d02cf001d00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144204 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144204 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0489001300110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144205 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144205 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d061e000a00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144206 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144206 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0792000200110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144207 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144207 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d092f001500110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144208 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144208 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d092f001600110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144209 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144209 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0a69000800110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144210 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144210 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0c05001200110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144211 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144211 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0d5b001600110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144212 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144212 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0f13000f00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144213 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144213 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0f13001000110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144214 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144214 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1087000b00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144215 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144215 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d121d000500110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144216 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144216 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d13a4001200110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144217 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144217 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d14d5000500110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144218 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144218 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1693000300110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144219 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144219 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d17c4000c00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144220 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144220 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d17c4000d00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144221 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144221 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d194d000900110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144222 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144222 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1add000400110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144223 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144223 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1bef000500110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144224 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144224 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1d9b000500110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144225 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144225 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1edb000900110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144226 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144226 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d206f000600110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144227 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144227 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d21f1000a00110000 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144228 MOD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144228 RESULT err=0 tag=103 nentries=0 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144229 MOD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144229 RESULT err=0 tag=103 nentries=0 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=18700 fd=144 slot=144 connection from 10.178.0.98 to 10.178.0.98 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82464 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:57 -0800] conn=3 op=82464 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82465 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:57 -0800] conn=3 op=82465 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82466 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:57 -0800] conn=3 op=82466 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82467 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:57 -0800] conn=3 op=82467 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82468 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:57 -0800] conn=3 op=82468 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82469 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" > [18/Jan/2016:09:27:57 -0800] conn=3 op=82469 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82470 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:57 -0800] conn=3 op=82470 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82471 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:57 -0800] conn=3 op=82471 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82472 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:27:57 -0800] conn=3 op=82472 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82473 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:27:57 -0800] conn=3 op=82473 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=18700 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:57 -0800] conn=18700 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:27:57 -0800] conn=18700 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:57 -0800] conn=18700 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:27:57 -0800] conn=18700 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:57 -0800] conn=18700 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=18700 op=3 UNBIND > [18/Jan/2016:09:27:57 -0800] conn=18700 op=3 fd=144 closed - U1 > [18/Jan/2016:09:27:57 -0800] conn=18701 fd=144 slot=144 connection from 10.178.0.98 to 10.178.0.98 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82474 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:57 -0800] conn=3 op=82474 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82475 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:57 -0800] conn=3 op=82475 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82476 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:57 -0800] conn=3 op=82476 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82477 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:57 -0800] conn=3 op=82477 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82478 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:57 -0800] conn=3 op=82478 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82479 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" > [18/Jan/2016:09:27:57 -0800] conn=3 op=82479 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82480 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:57 -0800] conn=3 op=82480 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82481 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:57 -0800] conn=3 op=82481 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82482 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:27:57 -0800] conn=3 op=82482 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82483 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:27:57 -0800] conn=3 op=82483 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=18701 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:57 -0800] conn=18701 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:27:57 -0800] conn=18701 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:57 -0800] conn=18701 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:27:57 -0800] conn=18701 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:57 -0800] conn=18701 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=18701 op=3 UNBIND > [18/Jan/2016:09:27:57 -0800] conn=18701 op=3 fd=144 closed - U1 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144230 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144230 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144231 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144231 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=18702 fd=144 slot=144 connection from 10.178.0.98 to 10.178.0.98 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82484 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144232 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=17562 op=144232 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7ac1000b00110000 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82484 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82485 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:57 -0800] conn=3 op=82485 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82486 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:57 -0800] conn=3 op=82486 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82487 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:57 -0800] conn=3 op=82487 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82488 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:57 -0800] conn=3 op=82488 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82489 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" > [18/Jan/2016:09:27:57 -0800] conn=3 op=82489 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82490 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:57 -0800] conn=3 op=82490 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82491 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:57 -0800] conn=3 op=82491 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82492 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:27:57 -0800] conn=3 op=82492 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=3 op=82493 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:27:57 -0800] conn=3 op=82493 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=18702 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:57 -0800] conn=18702 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:27:57 -0800] conn=18702 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:57 -0800] conn=18702 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:27:57 -0800] conn=18702 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:57 -0800] conn=18702 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=18702 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:27:57 -0800] conn=18702 op=3 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=18702 op=4 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=CA))" attrs=ALL > [18/Jan/2016:09:27:57 -0800] conn=18702 op=4 RESULT err=0 tag=101 nentries=3 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=18702 op=5 UNBIND > [18/Jan/2016:09:27:57 -0800] conn=18702 op=5 fd=144 closed - U1 > [18/Jan/2016:09:27:57 -0800] conn=18703 fd=144 slot=144 connection from 10.21.0.98 to 10.178.0.98 > [18/Jan/2016:09:27:57 -0800] conn=18703 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:57 -0800] conn=18703 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:27:57 -0800] conn=18703 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:57 -0800] conn=18703 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:27:57 -0800] conn=18703 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:57 -0800] conn=18703 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=18703 op=3 SRCH base="cn=certificates,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaCertificate)(objectClass=pkiCA))" attrs="ipaKeyExtUsage cn ipaCertSubject ipaPublicKey cacertificate;binary ipaKeyTrust ipaCertIssuerSerial" > [18/Jan/2016:09:27:57 -0800] conn=18703 op=3 RESULT err=0 tag=101 nentries=2 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=18703 op=4 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" > [18/Jan/2016:09:27:57 -0800] conn=18703 op=4 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=18513 op=5 UNBIND > [18/Jan/2016:09:27:57 -0800] conn=18513 op=5 fd=153 closed - U1 > [18/Jan/2016:09:27:57 -0800] conn=18704 fd=153 slot=153 connection from 10.178.59.236 to 10.178.0.98 > [18/Jan/2016:09:27:57 -0800] conn=18704 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" > [18/Jan/2016:09:27:57 -0800] conn=18704 op=0 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=6 op=38886 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/hadoop1-mc-mcci1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/hadoop1-mc-mcci1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:57 -0800] conn=6 op=38886 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=6 op=38887 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:57 -0800] conn=6 op=38887 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=6 op=38888 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:57 -0800] conn=6 op=38888 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=6 op=38889 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:27:57 -0800] conn=6 op=38889 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=6 op=38890 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/hadoop1-mc-mcci1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/hadoop1-mc-mcci1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:57 -0800] conn=18703 op=5 UNBIND > [18/Jan/2016:09:27:57 -0800] conn=18703 op=5 fd=144 closed - U1 > [18/Jan/2016:09:27:57 -0800] conn=6 op=38890 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=6 op=38891 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:57 -0800] conn=6 op=38891 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=6 op=38892 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:57 -0800] conn=6 op=38892 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=6 op=38893 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:27:57 -0800] conn=6 op=38893 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=6 op=38894 SRCH base="fqdn=hadoop1-mc-mcci1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:27:57 -0800] conn=6 op=38894 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=6 op=38895 SRCH base="cn=hadoop1-mc-mcci1-nvan.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:27:57 -0800] conn=6 op=38895 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:27:57 -0800] conn=6 op=38896 MOD dn="fqdn=hadoop1-mc-mcci1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:27:57 -0800] conn=6 op=38896 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2209000e000f0000 > [18/Jan/2016:09:27:57 -0800] conn=6 op=38897 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:58 -0800] conn=6 op=38897 RESULT err=0 tag=101 nentries=1 etime=1 > [18/Jan/2016:09:27:58 -0800] conn=6 op=38898 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:58 -0800] conn=6 op=38898 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:58 -0800] conn=6 op=38899 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:58 -0800] conn=6 op=38899 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:58 -0800] conn=6 op=38900 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/hadoop1-mc-mcci1-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:58 -0800] conn=6 op=38901 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:58 -0800] conn=6 op=38901 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:58 -0800] conn=6 op=38900 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:58 -0800] conn=18704 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:58 -0800] conn=18704 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:27:58 -0800] conn=18704 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:58 -0800] conn=18704 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:27:58 -0800] conn=18704 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:58 -0800] conn=18704 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=hadoop1-mc-mcci1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:27:58 -0800] conn=18704 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2)(!(entryusn=2)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=hadoop1-mc-mcci1-nvan.mydomain.net)(sudoHost=hadoop1-mc-mcci1-nvan)(sudoHost=10.178.59.236)(sudoHost=10.178.0.0/16)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" > [18/Jan/2016:09:27:58 -0800] conn=18704 op=4 RESULT err=0 tag=101 nentries=7 etime=0 notes=P pr_idx=0 > [18/Jan/2016:09:27:59 -0800] conn=18705 fd=144 slot=144 connection from 10.21.42.41 to 10.178.0.98 > [18/Jan/2016:09:27:59 -0800] conn=18705 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" > [18/Jan/2016:09:27:59 -0800] conn=18705 op=0 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=6 op=38902 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/relay-sf-int-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/relay-sf-int-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:59 -0800] conn=6 op=38902 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=6 op=38903 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:59 -0800] conn=6 op=38903 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=6 op=38904 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:59 -0800] conn=6 op=38904 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=6 op=38905 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:27:59 -0800] conn=6 op=38905 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=18706 fd=277 slot=277 connection from 10.21.0.98 to 10.178.0.98 > [18/Jan/2016:09:27:59 -0800] conn=18706 op=-1 fd=277 closed - B1 > [18/Jan/2016:09:27:59 -0800] conn=6 op=38906 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/relay-sf-int-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/relay-sf-int-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:59 -0800] conn=6 op=38906 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=6 op=38907 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:59 -0800] conn=6 op=38907 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=6 op=38908 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:59 -0800] conn=6 op=38908 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=6 op=38909 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144233 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=6 op=38909 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144233 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7c09001b00110000 > [18/Jan/2016:09:27:59 -0800] conn=6 op=38910 SRCH base="fqdn=relay-sf-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:27:59 -0800] conn=6 op=38910 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=6 op=38911 SRCH base="cn=relay-sf-int-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144234 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144234 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7c09001c00110000 > [18/Jan/2016:09:27:59 -0800] conn=6 op=38911 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=6 op=38912 MOD dn="fqdn=relay-sf-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144235 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=6 op=38912 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b0000000f0000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144235 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7da4000500110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144236 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144236 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7da4000600110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144237 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144237 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7ec8000e00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144238 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144238 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c804f000600110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144239 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144239 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c804f000700110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144240 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144240 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8169001900110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144241 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144241 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8169001a00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144242 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144242 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c82c6000600110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144243 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144243 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8416000800110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144244 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144244 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8416000900110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144245 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144245 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c854a000700110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144246 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144246 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c854a000800110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144247 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144247 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8696002500110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144248 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144248 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8696002600110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144249 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144249 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8833000d00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144250 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144250 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8833000e00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144251 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144251 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8964000f00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144252 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144252 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8ae4000600110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144253 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144253 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8c17000900110000 > [18/Jan/2016:09:27:59 -0800] conn=6 op=38913 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144254 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144254 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8d72000500110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144255 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144255 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8ece000a00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144256 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144256 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9023001800110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144257 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144257 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9023001900110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144258 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144258 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9192001400110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144259 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144259 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9192001500110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144260 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144260 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c92e8000400110000 > [18/Jan/2016:09:27:59 -0800] conn=6 op=38913 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=6 op=38914 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144261 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144261 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9463000500110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144262 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144262 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c95c0000500110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144263 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144263 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c95c0000600110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144264 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144264 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c96de001100110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144265 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144265 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c989b000a00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144266 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144266 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c989b000b00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144267 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144267 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c99d4000c00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144268 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144268 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c99d4000d00110000 > [18/Jan/2016:09:27:59 -0800] conn=6 op=38914 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=6 op=38915 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:59 -0800] conn=6 op=38915 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=6 op=38916 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/relay-sf-int-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144269 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144269 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9b07000a00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144270 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144270 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9ca8000800110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144271 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144271 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9ca8000900110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144272 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144272 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9dca001500110000 > [18/Jan/2016:09:27:59 -0800] conn=6 op=38916 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=6 op=38917 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:59 -0800] conn=6 op=38917 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144273 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144273 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9f15001e00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144274 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144274 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9f15001f00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144275 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144275 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca0bf000a00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144276 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144276 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca0bf000b00110000 > [18/Jan/2016:09:27:59 -0800] conn=18705 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144277 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144277 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca21a000d00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144278 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144278 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca3a6001a00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144279 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144279 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca3a6001b00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144280 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144280 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca4f9000200110000 > [18/Jan/2016:09:27:59 -0800] conn=18705 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144281 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144281 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca638001a00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144282 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144282 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca638001b00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144283 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144283 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca7b4000c00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144284 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144284 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca7b4000d00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144285 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144285 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca922000d00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144286 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=3 op=82494 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:59 -0800] conn=18705 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:59 -0800] conn=18705 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144286 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca922000e00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144287 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144287 RESULT err=32 tag=103 nentries=0 etime=0 csn=569caa84000a00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144288 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144288 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cabf6000d00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144289 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144289 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cabf6000e00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144290 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144290 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cad23000800110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144291 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144291 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cae86001100110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144292 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144292 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cae86001200110000 > [18/Jan/2016:09:27:59 -0800] conn=18705 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144293 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=3 op=82494 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144293 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb02b000e00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144294 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=18705 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=relay-sf-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144294 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb02b000f00110000 > [18/Jan/2016:09:27:59 -0800] conn=3 op=82495 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=DNS/dc1-ipa-dev-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=DNS/dc1-ipa-dev-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144295 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=18705 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2842)(!(entryusn=2842)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=relay-sf-int-van.mydomain.net)(sudoHost=relay-sf-int-van)(sudoHost=10.21.42.41)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fea8:8002)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" > [18/Jan/2016:09:27:59 -0800] conn=18705 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 > [18/Jan/2016:09:27:59 -0800] conn=3 op=82495 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=3 op=82496 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:59 -0800] conn=3 op=82496 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=3 op=82497 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:59 -0800] conn=3 op=82497 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=3 op=82498 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:59 -0800] conn=3 op=82498 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144295 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb19e000600110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144296 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144296 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb302000800110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144297 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144297 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb463000400110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144298 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144298 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb5b6002300110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144299 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144299 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb733000d00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144300 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144300 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb733000e00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144301 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144301 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb8a4000600110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144302 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144302 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cba11000900110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144303 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144303 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cba11000a00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144304 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144304 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbb52001a00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144305 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144305 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbcc4001c00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144306 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144306 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbcc4001d00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144307 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144307 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbe3a000f00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144308 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144308 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbfa9000500110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144309 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144309 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc10e001000110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144310 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144310 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc10e001100110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144311 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144311 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc240001e00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144312 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144312 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc3a0001000110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144313 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144313 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc3a0001100110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144314 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144314 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc543000d00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144315 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144315 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc6a5000f00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144316 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144316 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc6a5001000110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144317 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144317 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc80d001000110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144318 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144318 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc943000800110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144319 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144319 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cca94000e00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144320 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144320 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccc35001000110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144321 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144321 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccc35001100110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144322 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144322 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccd8a000600110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144323 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144323 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccec0000c00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144324 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144324 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccec0000d00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144325 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144325 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd040000700110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144326 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144326 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd040000800110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144327 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144327 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd185001200110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144328 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144328 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd33d000700110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144329 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144329 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd493000400110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144330 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144330 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd5ed000d00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144331 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144331 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd749000900110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144332 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144332 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd893000500110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144333 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144333 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cda30001600110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144334 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144334 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cda30001700110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144335 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144335 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdb92000a00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144336 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144336 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdcdc000500110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144337 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144337 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cde51000a00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144338 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144338 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdfab000f00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144339 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144339 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce157000700110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144340 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144340 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce2f5001000110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144341 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144341 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce2f5001100110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144342 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144342 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce42d000900110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144343 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144343 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce585000f00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144344 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144344 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce6cf003500110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144345 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144345 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce6cf003600110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144346 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144346 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce860000900110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144347 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144347 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce9ce000900110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144348 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144348 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ceaf9002400110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144349 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144349 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cec51002100110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144350 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144350 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cedb6000900110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144351 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144351 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cedb6000a00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144352 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144352 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cef2a000500110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144353 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144353 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf0af000800110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144354 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144354 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf1cc000c00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144355 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144355 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf1cc000d00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144356 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144356 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf359002000110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144357 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144357 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf4b4000700110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144358 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144358 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf4b4000800110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144359 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144359 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf625000a00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144360 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144360 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf625000b00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144361 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144361 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf7ba000500110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144362 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144362 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf8d4000a00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144363 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144363 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfa64001d00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144364 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144364 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfbb2000800110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144365 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144365 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfd39000700110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144366 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144366 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfed1000a00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144367 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144367 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cffea001000110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144368 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144368 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d018b000600110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144369 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144369 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d02cf001c00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144370 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144370 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d02cf001d00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144371 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144371 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0489001300110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144372 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144372 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d061e000a00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144373 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144373 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0792000200110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144374 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144374 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d092f001500110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144375 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144375 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d092f001600110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144376 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144376 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0a69000800110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144377 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144377 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0c05001200110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144378 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144378 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0d5b001600110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144379 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144379 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0f13000f00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144380 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144380 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0f13001000110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144381 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144381 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1087000b00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144382 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144382 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d121d000500110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144383 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144383 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d13a4001200110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144384 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144384 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d14d5000500110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144385 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144385 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1693000300110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144386 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144386 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d17c4000c00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144387 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144387 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d17c4000d00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144388 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144388 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d194d000900110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144389 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144389 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1add000400110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144390 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144390 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1bef000500110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144391 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144391 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1d9b000500110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144392 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144392 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1edb000900110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144393 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144393 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d206f000600110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144394 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144394 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d21f1000a00110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144395 ADD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144395 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d220b000500110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144396 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144396 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000600110000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144397 MOD dn="idnsname=0.21.10.in-addr.arpa.,cn=dns,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144397 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000700110000 > [18/Jan/2016:09:27:59 -0800] conn=18707 fd=277 slot=277 connection from 10.178.0.98 to 10.178.0.98 > [18/Jan/2016:09:27:59 -0800] conn=13 op=56325 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:59 -0800] conn=13 op=56325 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=13 op=56326 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:59 -0800] conn=13 op=56326 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=13 op=56327 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:59 -0800] conn=13 op=56327 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=13 op=56328 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:59 -0800] conn=13 op=56328 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=13 op=56329 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:59 -0800] conn=13 op=56329 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=13 op=56330 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" > [18/Jan/2016:09:27:59 -0800] conn=13 op=56330 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=13 op=56331 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:27:59 -0800] conn=13 op=56331 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=13 op=56332 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:27:59 -0800] conn=13 op=56332 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=13 op=56333 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:27:59 -0800] conn=13 op=56333 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=13 op=56334 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:27:59 -0800] conn=13 op=56334 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=18707 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:59 -0800] conn=18707 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:27:59 -0800] conn=18707 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:59 -0800] conn=18707 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:27:59 -0800] conn=18707 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:27:59 -0800] conn=18707 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=18707 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:27:59 -0800] conn=18707 op=3 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=18707 op=4 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" > [18/Jan/2016:09:27:59 -0800] conn=18707 op=4 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=18707 op=5 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass" > [18/Jan/2016:09:27:59 -0800] conn=18707 op=5 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=18707 op=6 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass ipaSshPubKey" > [18/Jan/2016:09:27:59 -0800] conn=18707 op=6 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=18707 op=7 MOD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=18707 op=7 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000c000f0000 > [18/Jan/2016:09:27:59 -0800] conn=18707 op=8 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="macAddress memberOf ipaSshPubKey description nsHardwarePlatform ipaAllowedToPerform memberofindirect l nsOsVersion fqdn managedBy ipaAssignedIDView userCertificate krbPrincipalName nsHostLocation userClass" > [18/Jan/2016:09:27:59 -0800] conn=18707 op=8 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=18707 op=9 SRCH base="dc=mydomain,dc=net" scope=2 filter="(|(member=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberUser=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberHost=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net))" attrs="" > [18/Jan/2016:09:27:59 -0800] conn=18707 op=9 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=18707 op=10 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(userPassword=*)" attrs="userPassword" > [18/Jan/2016:09:27:59 -0800] conn=18707 op=10 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=18707 op=11 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(krbPrincipalKey=*)" attrs="krbPrincipalKey" > [18/Jan/2016:09:27:59 -0800] conn=18707 op=11 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=18707 op=12 UNBIND > [18/Jan/2016:09:27:59 -0800] conn=18707 op=12 fd=277 closed - U1 > [18/Jan/2016:09:27:59 -0800] conn=14994 op=9093 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:27:59 -0800] conn=14994 op=9093 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144398 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144398 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=273 op=207 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144399 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144399 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:27:59 -0800] conn=273 op=207 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000e000f0000 > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144400 ADD dn="idnsName=98,idnsname=0.21.10.in-addr.arpa.,cn=dns,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=17562 op=144400 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d220b000800110000 > [18/Jan/2016:09:27:59 -0800] conn=273 op=208 MOD dn="idnsname=0.21.10.in-addr.arpa.,cn=dns,dc=mydomain,dc=net" > [18/Jan/2016:09:27:59 -0800] conn=273 op=208 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000f000f0000 > [18/Jan/2016:09:28:01 -0800] conn=7882 op=1362 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf nsUniqueId modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock" > [18/Jan/2016:09:28:01 -0800] conn=7882 op=1362 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:01 -0800] conn=7882 op=1363 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf nsUniqueId modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock" > [18/Jan/2016:09:28:01 -0800] conn=7882 op=1363 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:01 -0800] conn=17562 op=144401 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=17562 op=144401 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000f00110000 > [18/Jan/2016:09:28:01 -0800] conn=17562 op=144402 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=273 op=209 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=17562 op=144402 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001000110000 > [18/Jan/2016:09:28:01 -0800] conn=17562 op=144403 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=273 op=209 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d0002000f0000 > [18/Jan/2016:09:28:01 -0800] conn=17562 op=144403 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001100110000 > [18/Jan/2016:09:28:01 -0800] conn=273 op=210 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=17562 op=144404 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=273 op=210 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d0004000f0000 > [18/Jan/2016:09:28:01 -0800] conn=17562 op=144404 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001200110000 > [18/Jan/2016:09:28:01 -0800] conn=17562 op=144405 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=273 op=211 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=17562 op=144405 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001300110000 > [18/Jan/2016:09:28:01 -0800] conn=17562 op=144406 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=273 op=211 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d0006000f0000 > [18/Jan/2016:09:28:01 -0800] conn=17562 op=144406 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001400110000 > [18/Jan/2016:09:28:01 -0800] conn=17562 op=144407 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=273 op=212 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=17562 op=144407 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001500110000 > [18/Jan/2016:09:28:01 -0800] conn=273 op=212 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d0009000f0000 > [18/Jan/2016:09:28:01 -0800] conn=273 op=213 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=273 op=213 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d000b000f0000 > [18/Jan/2016:09:28:01 -0800] conn=273 op=214 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" > [18/Jan/2016:09:28:01 -0800] conn=273 op=214 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d000d000f0000 > [18/Jan/2016:09:28:01 -0800] conn=17562 op=144408 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:01 -0800] conn=17562 op=144408 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:01 -0800] conn=17562 op=144409 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:01 -0800] conn=17562 op=144409 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:01 -0800] conn=17562 op=144410 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:01 -0800] conn=17562 op=144410 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9094 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9094 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9095 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9095 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9096 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9096 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9097 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9097 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9098 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9098 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9099 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9099 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9100 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9100 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9101 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9101 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9102 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9102 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9103 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9103 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9104 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9104 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9105 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9105 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9106 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9106 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9107 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9107 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9108 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9108 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9109 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9109 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9110 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9110 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9111 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9111 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9112 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9112 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9113 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:02 -0800] conn=14994 op=9113 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=17562 op=144411 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:04 -0800] conn=17562 op=144411 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=17562 op=144412 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:04 -0800] conn=17562 op=144412 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=17562 op=144413 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:04 -0800] conn=17562 op=144413 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=17562 op=144414 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:04 -0800] conn=17562 op=144414 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=18708 fd=277 slot=277 connection from 10.21.20.251 to 10.178.0.98 > [18/Jan/2016:09:28:04 -0800] conn=18708 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" > [18/Jan/2016:09:28:04 -0800] conn=18708 op=0 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=7 op=36505 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/spool2-ops-flex-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/spool2-ops-flex-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:04 -0800] conn=7 op=36505 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=7 op=36506 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:04 -0800] conn=7 op=36506 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=7 op=36507 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:04 -0800] conn=7 op=36507 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=7 op=36508 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:28:04 -0800] conn=7 op=36508 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=3 op=82499 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/spool2-ops-flex-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/spool2-ops-flex-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:04 -0800] conn=3 op=82499 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=3 op=82500 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:04 -0800] conn=3 op=82500 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=3 op=82501 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:04 -0800] conn=3 op=82501 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=3 op=82502 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:28:04 -0800] conn=3 op=82502 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=3 op=82503 SRCH base="fqdn=spool2-ops-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:28:04 -0800] conn=3 op=82503 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=3 op=82504 SRCH base="cn=spool2-ops-flex-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:04 -0800] conn=3 op=82504 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=3 op=82505 MOD dn="fqdn=spool2-ops-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:04 -0800] conn=3 op=82505 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22100000000f0000 > [18/Jan/2016:09:28:04 -0800] conn=3 op=82506 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:04 -0800] conn=3 op=82506 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=3 op=82507 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:04 -0800] conn=3 op=82507 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=3 op=82508 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:04 -0800] conn=3 op=82508 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=3 op=82509 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/spool2-ops-flex-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:04 -0800] conn=3 op=82509 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=3 op=82510 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:04 -0800] conn=3 op=82510 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=18708 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:04 -0800] conn=18708 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:04 -0800] conn=18708 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:04 -0800] conn=18708 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:04 -0800] conn=18708 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:04 -0800] conn=18708 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=spool2-ops-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:04 -0800] conn=18708 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2842)(!(entryusn=2842)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=spool2-ops-flex-van.mydomain.net)(sudoHost=spool2-ops-flex-van)(sudoHost=10.21.20.251)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:769c)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" > [18/Jan/2016:09:28:04 -0800] conn=18708 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 > [18/Jan/2016:09:28:04 -0800] conn=14994 op=9114 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:04 -0800] conn=14994 op=9114 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=14994 op=9115 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:04 -0800] conn=14994 op=9115 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=17562 op=144415 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:04 -0800] conn=17562 op=144415 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=17562 op=144416 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:04 -0800] conn=17562 op=144416 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=17562 op=144417 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:04 -0800] conn=17562 op=144417 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:04 -0800] conn=17562 op=144418 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:04 -0800] conn=17562 op=144418 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:05 -0800] conn=17562 op=144419 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:05 -0800] conn=17562 op=144419 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:05 -0800] conn=17562 op=144420 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:05 -0800] conn=17562 op=144420 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:05 -0800] conn=17562 op=144421 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:05 -0800] conn=17562 op=144421 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:05 -0800] conn=17562 op=144422 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:05 -0800] conn=17562 op=144422 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:05 -0800] conn=18709 fd=278 slot=278 SSL connection from 10.21.0.98 to 10.178.0.98 > [18/Jan/2016:09:28:05 -0800] conn=18709 TLS1.2 128-bit AES > [18/Jan/2016:09:28:05 -0800] conn=18709 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:05 -0800] conn=18709 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:05 -0800] conn=18709 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:05 -0800] conn=18709 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:05 -0800] conn=18709 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:05 -0800] conn=18709 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:05 -0800] conn=18710 fd=279 slot=279 SSL connection from 10.21.0.98 to 10.178.0.98 > [18/Jan/2016:09:28:05 -0800] conn=18710 TLS1.2 128-bit AES > [18/Jan/2016:09:28:05 -0800] conn=18710 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:05 -0800] conn=18710 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:05 -0800] conn=18710 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:05 -0800] conn=18710 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:05 -0800] conn=18710 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:05 -0800] conn=18710 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:05 -0800] conn=18709 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:06 -0800] conn=18709 op=3 RESULT err=0 tag=101 nentries=1 etime=1 > [18/Jan/2016:09:28:06 -0800] conn=18709 op=4 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" > [18/Jan/2016:09:28:06 -0800] conn=18709 op=4 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:06 -0800] conn=18709 op=5 SRCH base="cn=Domain Level,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaDomainLevel" > [18/Jan/2016:09:28:06 -0800] conn=18709 op=5 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:06 -0800] conn=18709 op=6 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" > [18/Jan/2016:09:28:06 -0800] conn=18709 op=6 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:06 -0800] conn=18709 op=7 SRCH base="cn=hostgroups,cn=accounts,dc=mydomain,dc=net" scope=1 filter="(&(&(&(objectClass=ipaobject)(objectClass=ipahostgroup))(cn=ipaservers))(member=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net))" attrs="cn memberOf memberofindirect member memberindirect description" > [18/Jan/2016:09:28:06 -0800] conn=18709 op=7 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:06 -0800] conn=18709 op=8 UNBIND > [18/Jan/2016:09:28:06 -0800] conn=18709 op=8 fd=278 closed - U1 > [18/Jan/2016:09:28:06 -0800] conn=18711 fd=278 slot=278 SSL connection from 10.21.0.98 to 10.178.0.98 > [18/Jan/2016:09:28:06 -0800] conn=18711 TLS1.2 128-bit AES > [18/Jan/2016:09:28:06 -0800] conn=18711 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:06 -0800] conn=18711 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:06 -0800] conn=18711 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:06 -0800] conn=18711 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:06 -0800] conn=18711 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:06 -0800] conn=18711 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:06 -0800] conn=18711 op=3 SRCH base="cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="memberofindirect cn memberOf * member memberindirect description aci" > [18/Jan/2016:09:28:06 -0800] conn=18711 op=3 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:06 -0800] conn=18711 op=4 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" > [18/Jan/2016:09:28:06 -0800] conn=18711 op=4 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:06 -0800] conn=18711 op=5 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(member=*)(memberOf=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net))" attrs="member" > [18/Jan/2016:09:28:06 -0800] conn=18711 op=5 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 > [18/Jan/2016:09:28:06 -0800] conn=18711 op=6 SRCH base="dc=mydomain,dc=net" scope=2 filter="(|(member=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net)(memberUser=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net)(memberHost=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net))" attrs="" > [18/Jan/2016:09:28:06 -0800] conn=18711 op=6 RESULT err=0 tag=101 nentries=2 etime=0 > [18/Jan/2016:09:28:06 -0800] conn=18711 op=7 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=krbPrincipalAux)(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs=ALL > [18/Jan/2016:09:28:06 -0800] conn=18711 op=7 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:06 -0800] conn=18711 op=8 SRCH base="cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="cosPriority * nsAccountLock aci" > [18/Jan/2016:09:28:06 -0800] conn=18711 op=8 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:06 -0800] conn=18711 op=9 SRCH base="cn=ipaservers,cn=ng,cn=alt,dc=mydomain,dc=net" scope=0 filter="(objectClass=mepmanagedentry)" attrs="" > [18/Jan/2016:09:28:06 -0800] conn=18711 op=9 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:06 -0800] conn=18711 op=10 UNBIND > [18/Jan/2016:09:28:06 -0800] conn=18711 op=10 fd=278 closed - U1 > [18/Jan/2016:09:28:06 -0800] conn=18712 fd=278 slot=278 SSL connection from 10.21.0.98 to 10.178.0.98 > [18/Jan/2016:09:28:06 -0800] conn=18712 TLS1.2 128-bit AES > [18/Jan/2016:09:28:06 -0800] conn=18712 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:06 -0800] conn=18515 op=6 UNBIND > [18/Jan/2016:09:28:06 -0800] conn=18515 op=6 fd=166 closed - U1 > [18/Jan/2016:09:28:06 -0800] conn=18712 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:06 -0800] conn=18712 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:06 -0800] conn=18712 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:06 -0800] conn=18712 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:06 -0800] conn=18712 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:06 -0800] conn=18712 op=3 SRCH base="cn=meTodc2-ipa-dev-van.mydomain.net,cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" scope=0 filter="(objectClass=*)" attrs="* aci" > [18/Jan/2016:09:28:06 -0800] conn=18712 op=3 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:06 -0800] conn=18712 op=4 SRCH base="cn=replication managers,cn=sysaccounts,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:06 -0800] conn=18712 op=4 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:06 -0800] conn=18712 op=5 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" > [18/Jan/2016:09:28:06 -0800] conn=18712 op=5 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=18712 op=6 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=DNS))" attrs=ALL > [18/Jan/2016:09:28:07 -0800] conn=18712 op=6 RESULT err=0 tag=101 nentries=3 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=18712 op=7 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(ipaConfigString=enabledService)(cn=CA))" attrs=ALL > [18/Jan/2016:09:28:07 -0800] conn=18712 op=7 RESULT err=0 tag=101 nentries=3 etime=0 notes=U > [18/Jan/2016:09:28:07 -0800] conn=18712 op=8 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(ipaConfigString=enabledService)(cn=KRA))" attrs=ALL > [18/Jan/2016:09:28:07 -0800] conn=18712 op=8 RESULT err=0 tag=101 nentries=0 etime=0 notes=U > [18/Jan/2016:09:28:07 -0800] conn=18710 op=3 UNBIND > [18/Jan/2016:09:28:07 -0800] conn=18710 op=3 fd=279 closed - U1 > [18/Jan/2016:09:28:07 -0800] conn=18712 op=9 UNBIND > [18/Jan/2016:09:28:07 -0800] conn=18712 op=9 fd=278 closed - U1 > [18/Jan/2016:09:28:07 -0800] conn=18713 fd=166 slot=166 connection from 10.178.0.98 to 10.178.0.98 > [18/Jan/2016:09:28:07 -0800] conn=3 op=82511 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:07 -0800] conn=3 op=82511 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=3 op=82512 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:07 -0800] conn=3 op=82512 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=3 op=82513 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:07 -0800] conn=3 op=82513 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=3 op=82514 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:07 -0800] conn=3 op=82514 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=3 op=82515 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:07 -0800] conn=3 op=82515 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=3 op=82516 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" > [18/Jan/2016:09:28:07 -0800] conn=3 op=82516 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=3 op=82517 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:07 -0800] conn=3 op=82517 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=3 op=82518 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:07 -0800] conn=3 op=82518 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=3 op=82519 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:28:07 -0800] conn=3 op=82519 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=3 op=82520 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:07 -0800] conn=3 op=82520 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=18713 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:07 -0800] conn=18713 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:07 -0800] conn=18713 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:07 -0800] conn=18713 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:07 -0800] conn=18713 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:07 -0800] conn=18713 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:07 -0800] conn=18713 op=3 UNBIND > [18/Jan/2016:09:28:07 -0800] conn=18713 op=3 fd=166 closed - U1 > [18/Jan/2016:09:28:07 -0800] conn=18714 fd=166 slot=166 connection from 10.178.0.98 to 10.178.0.98 > [18/Jan/2016:09:28:07 -0800] conn=7 op=36509 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:07 -0800] conn=7 op=36509 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=7 op=36510 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:07 -0800] conn=7 op=36510 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=7 op=36511 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:07 -0800] conn=7 op=36511 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=7 op=36512 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:07 -0800] conn=7 op=36512 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=7 op=36513 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:07 -0800] conn=7 op=36513 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=7 op=36514 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" > [18/Jan/2016:09:28:07 -0800] conn=7 op=36514 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=7 op=36515 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:07 -0800] conn=7 op=36515 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=7 op=36516 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:07 -0800] conn=7 op=36516 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=7 op=36517 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:28:07 -0800] conn=7 op=36517 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=7 op=36518 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:07 -0800] conn=7 op=36518 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=18714 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:07 -0800] conn=18714 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:07 -0800] conn=18714 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:07 -0800] conn=18714 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:07 -0800] conn=18714 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:07 -0800] conn=18714 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:07 -0800] conn=18714 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:07 -0800] conn=18714 op=3 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=18714 op=4 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=DNS))" attrs=ALL > [18/Jan/2016:09:28:07 -0800] conn=18714 op=4 RESULT err=0 tag=101 nentries=3 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=18714 op=5 UNBIND > [18/Jan/2016:09:28:07 -0800] conn=18714 op=5 fd=166 closed - U1 > [18/Jan/2016:09:28:07 -0800] conn=18715 fd=166 slot=166 connection from 10.21.0.98 to 10.178.0.98 > [18/Jan/2016:09:28:07 -0800] conn=18715 op=-1 fd=166 closed - B1 > [18/Jan/2016:09:28:07 -0800] conn=18716 fd=166 slot=166 SSL connection from 10.21.0.98 to 10.178.0.98 > [18/Jan/2016:09:28:07 -0800] conn=18716 op=-1 fd=166 closed - Encountered end of file. > [18/Jan/2016:09:28:07 -0800] conn=14994 op=9116 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:07 -0800] conn=14994 op=9116 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:07 -0800] conn=14994 op=9117 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:07 -0800] conn=14994 op=9117 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:09 -0800] conn=18516 op=9 UNBIND > [18/Jan/2016:09:28:09 -0800] conn=18516 op=9 fd=168 closed - U1 > [18/Jan/2016:09:28:09 -0800] conn=18717 fd=166 slot=166 connection from 10.178.0.98 to 10.178.0.98 > [18/Jan/2016:09:28:09 -0800] conn=13 op=56335 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:09 -0800] conn=13 op=56335 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:09 -0800] conn=13 op=56336 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:09 -0800] conn=13 op=56336 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:09 -0800] conn=13 op=56337 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:09 -0800] conn=13 op=56337 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:09 -0800] conn=13 op=56338 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:09 -0800] conn=13 op=56338 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:09 -0800] conn=13 op=56339 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:09 -0800] conn=13 op=56339 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:09 -0800] conn=13 op=56340 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" > [18/Jan/2016:09:28:09 -0800] conn=13 op=56340 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:09 -0800] conn=13 op=56341 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:09 -0800] conn=13 op=56341 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:09 -0800] conn=13 op=56342 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:09 -0800] conn=13 op=56342 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:09 -0800] conn=13 op=56343 SRCH base="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:28:09 -0800] conn=13 op=56343 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:09 -0800] conn=18717 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:09 -0800] conn=18717 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:09 -0800] conn=18717 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:09 -0800] conn=18717 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:09 -0800] conn=18717 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:09 -0800] conn=18717 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:09 -0800] conn=18717 op=3 UNBIND > [18/Jan/2016:09:28:09 -0800] conn=18717 op=3 fd=166 closed - U1 > [18/Jan/2016:09:28:10 -0800] conn=18718 fd=166 slot=166 connection from 10.178.0.98 to 10.178.0.98 > [18/Jan/2016:09:28:10 -0800] conn=13 op=56344 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:10 -0800] conn=13 op=56344 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:10 -0800] conn=13 op=56345 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:10 -0800] conn=13 op=56345 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:10 -0800] conn=13 op=56346 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:10 -0800] conn=13 op=56346 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:10 -0800] conn=13 op=56347 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:10 -0800] conn=13 op=56347 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:10 -0800] conn=13 op=56348 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:10 -0800] conn=13 op=56348 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:10 -0800] conn=13 op=56349 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" > [18/Jan/2016:09:28:10 -0800] conn=13 op=56349 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:10 -0800] conn=13 op=56350 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:10 -0800] conn=13 op=56350 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:10 -0800] conn=13 op=56351 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:10 -0800] conn=13 op=56351 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:10 -0800] conn=13 op=56352 SRCH base="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:28:10 -0800] conn=13 op=56352 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:10 -0800] conn=18718 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:10 -0800] conn=18718 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:10 -0800] conn=18718 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:10 -0800] conn=18718 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:10 -0800] conn=18718 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:10 -0800] conn=18718 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:10 -0800] conn=18718 op=3 UNBIND > [18/Jan/2016:09:28:10 -0800] conn=18718 op=3 fd=166 closed - U1 > [18/Jan/2016:09:28:10 -0800] conn=18719 fd=166 slot=166 connection from 10.178.0.98 to 10.178.0.98 > [18/Jan/2016:09:28:10 -0800] conn=3 op=82521 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:10 -0800] conn=3 op=82521 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:10 -0800] conn=3 op=82522 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:10 -0800] conn=3 op=82522 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:10 -0800] conn=3 op=82523 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:10 -0800] conn=3 op=82523 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:10 -0800] conn=3 op=82524 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:10 -0800] conn=3 op=82524 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:10 -0800] conn=3 op=82525 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:10 -0800] conn=3 op=82525 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:10 -0800] conn=3 op=82526 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" > [18/Jan/2016:09:28:10 -0800] conn=3 op=82526 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:10 -0800] conn=3 op=82527 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:10 -0800] conn=3 op=82527 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:10 -0800] conn=3 op=82528 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:10 -0800] conn=3 op=82528 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:10 -0800] conn=3 op=82529 SRCH base="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:28:10 -0800] conn=3 op=82529 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:10 -0800] conn=18719 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:10 -0800] conn=18719 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:10 -0800] conn=18719 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:10 -0800] conn=18719 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:10 -0800] conn=18719 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:10 -0800] conn=18719 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:10 -0800] conn=18719 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:10 -0800] conn=18719 op=3 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:10 -0800] conn=18719 op=4 SRCH base="cn=dc2-ipa-dev-nvan.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" > [18/Jan/2016:09:28:10 -0800] conn=18719 op=4 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:10 -0800] conn=18719 op=5 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(memberOf=cn=Replication Administrators,cn=privileges,cn=pbac,dc=mydomain,dc=net)(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs=ALL > [18/Jan/2016:09:28:10 -0800] conn=18719 op=5 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:11 -0800] conn=18719 op=6 UNBIND > [18/Jan/2016:09:28:11 -0800] conn=18719 op=6 fd=166 closed - U1 > [18/Jan/2016:09:28:11 -0800] conn=17562 op=144423 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:11 -0800] conn=17562 op=144423 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:11 -0800] conn=17562 op=144424 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:11 -0800] conn=17562 op=144424 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:11 -0800] conn=17562 op=144425 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:11 -0800] conn=17562 op=144425 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:11 -0800] conn=17562 op=144426 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:11 -0800] conn=17562 op=144426 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:12 -0800] conn=18720 fd=166 slot=166 SSL connection from 10.21.0.98 to 10.178.0.98 > [18/Jan/2016:09:28:12 -0800] conn=18720 TLS1.2 128-bit AES > [18/Jan/2016:09:28:12 -0800] conn=18720 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:12 -0800] conn=18720 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:12 -0800] conn=18720 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:12 -0800] conn=18720 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:12 -0800] conn=18720 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:12 -0800] conn=18720 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:12 -0800] conn=18720 op=3 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" > [18/Jan/2016:09:28:12 -0800] conn=18720 op=3 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:12 -0800] conn=18720 op=4 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" > [18/Jan/2016:09:28:12 -0800] conn=18720 op=4 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:12 -0800] conn=18720 op=5 MOD dn="cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:12 -0800] conn=18720 op=5 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22180003000f0000 > [18/Jan/2016:09:28:12 -0800] conn=18720 op=6 SRCH base="cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="cn memberOf memberofindirect member memberindirect description" > [18/Jan/2016:09:28:12 -0800] conn=18720 op=6 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:12 -0800] conn=18720 op=7 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" > [18/Jan/2016:09:28:12 -0800] conn=14994 op=9118 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:12 -0800] conn=14994 op=9118 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:12 -0800] conn=14994 op=9119 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:12 -0800] conn=14994 op=9119 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:12 -0800] conn=14994 op=9120 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:12 -0800] conn=14994 op=9120 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:12 -0800] conn=14994 op=9121 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:12 -0800] conn=14994 op=9121 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:12 -0800] conn=17562 op=144427 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:12 -0800] conn=17562 op=144427 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:12 -0800] conn=17562 op=144428 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:12 -0800] conn=17562 op=144428 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:12 -0800] conn=17562 op=144429 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:12 -0800] conn=17562 op=144429 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:12 -0800] conn=17562 op=144430 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:12 -0800] conn=17562 op=144430 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:12 -0800] conn=18720 op=7 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:12 -0800] conn=18720 op=8 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(member=*)(memberOf=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net))" attrs="member" > [18/Jan/2016:09:28:12 -0800] conn=18720 op=8 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 > [18/Jan/2016:09:28:12 -0800] conn=18720 op=9 SRCH base="dc=mydomain,dc=net" scope=2 filter="(|(member=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net)(memberUser=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net)(memberHost=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net))" attrs="" > [18/Jan/2016:09:28:12 -0800] conn=18720 op=9 RESULT err=0 tag=101 nentries=2 etime=0 > [18/Jan/2016:09:28:12 -0800] conn=18720 op=10 SRCH base="cn=ipaservers,cn=ng,cn=alt,dc=mydomain,dc=net" scope=0 filter="(objectClass=mepmanagedentry)" attrs="" > [18/Jan/2016:09:28:12 -0800] conn=18720 op=10 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:12 -0800] conn=18720 op=11 UNBIND > [18/Jan/2016:09:28:12 -0800] conn=18720 op=11 fd=166 closed - U1 > [18/Jan/2016:09:28:13 -0800] conn=14994 op=9122 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:13 -0800] conn=14994 op=9122 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:13 -0800] conn=14994 op=9123 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:13 -0800] conn=14994 op=9123 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:13 -0800] conn=18721 fd=166 slot=166 connection from 10.21.0.98 to 10.178.0.98 > [18/Jan/2016:09:28:13 -0800] conn=18721 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:13 -0800] conn=18721 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:13 -0800] conn=18721 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:13 -0800] conn=18721 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:13 -0800] conn=18721 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:13 -0800] conn=18721 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:13 -0800] conn=18721 op=3 SRCH base="cn=cacert,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(cacertificate;binary=*)" attrs="cacertificate;binary" > [18/Jan/2016:09:28:13 -0800] conn=18721 op=3 RESULT err=0 tag=101 nentries=1 etime=0 notes=U > [18/Jan/2016:09:28:13 -0800] conn=18721 op=-1 fd=166 closed - B1 > [18/Jan/2016:09:28:15 -0800] conn=18722 fd=166 slot=166 connection from 10.21.31.31 to 10.178.0.98 > [18/Jan/2016:09:28:15 -0800] conn=18722 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" > [18/Jan/2016:09:28:15 -0800] conn=18722 op=0 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:15 -0800] conn=13 op=56353 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/fe1-gas-salqa1-van.login.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/fe1-gas-salqa1-van.login.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:15 -0800] conn=13 op=56353 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:15 -0800] conn=13 op=56354 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:15 -0800] conn=13 op=56354 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:15 -0800] conn=13 op=56355 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:15 -0800] conn=13 op=56355 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:15 -0800] conn=13 op=56356 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:28:15 -0800] conn=13 op=56356 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:15 -0800] conn=13 op=56357 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/fe1-gas-salqa1-van.login.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/fe1-gas-salqa1-van.login.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:15 -0800] conn=13 op=56357 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:15 -0800] conn=13 op=56358 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:15 -0800] conn=13 op=56358 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:15 -0800] conn=13 op=56359 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:15 -0800] conn=13 op=56359 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:15 -0800] conn=13 op=56360 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:28:15 -0800] conn=13 op=56360 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:15 -0800] conn=13 op=56361 SRCH base="fqdn=fe1-gas-salqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:28:15 -0800] conn=13 op=56361 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:15 -0800] conn=13 op=56362 SRCH base="cn=fe1-gas-salqa1-van.login.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:15 -0800] conn=13 op=56362 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:15 -0800] conn=13 op=56363 MOD dn="fqdn=fe1-gas-salqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:15 -0800] conn=13 op=56363 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d221b0000000f0000 > [18/Jan/2016:09:28:15 -0800] conn=13 op=56364 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:15 -0800] conn=13 op=56364 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:15 -0800] conn=13 op=56365 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:15 -0800] conn=13 op=56365 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:15 -0800] conn=13 op=56366 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:15 -0800] conn=13 op=56366 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:15 -0800] conn=13 op=56367 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/fe1-gas-salqa1-van.login.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:15 -0800] conn=13 op=56367 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:15 -0800] conn=13 op=56368 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:15 -0800] conn=13 op=56368 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:15 -0800] conn=18722 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:15 -0800] conn=18722 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:15 -0800] conn=18722 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:15 -0800] conn=18722 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:15 -0800] conn=18722 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:15 -0800] conn=18722 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=fe1-gas-salqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:15 -0800] conn=18722 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2842)(!(entryusn=2842)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=fe1-gas-salqa1-van.login.mydomain.net)(sudoHost=fe1-gas-salqa1-van)(sudoHost=10.21.31.31)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:3fd2)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" > [18/Jan/2016:09:28:15 -0800] conn=18722 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 > [18/Jan/2016:09:28:16 -0800] conn=18723 fd=168 slot=168 connection from 10.21.23.93 to 10.178.0.98 > [18/Jan/2016:09:28:16 -0800] conn=18723 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" > [18/Jan/2016:09:28:16 -0800] conn=18723 op=0 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:16 -0800] conn=3 op=82530 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/collector2-sal-cpqa1-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/collector2-sal-cpqa1-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:16 -0800] conn=3 op=82530 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:16 -0800] conn=3 op=82531 SRCH base="cn=ipaConfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaConfigString ipaKrbAuthzData ipaUserAuthType" > [18/Jan/2016:09:28:16 -0800] conn=3 op=82531 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:16 -0800] conn=3 op=82532 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:16 -0800] conn=3 op=82532 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:16 -0800] conn=3 op=82533 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:16 -0800] conn=3 op=82533 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:16 -0800] conn=3 op=82534 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:28:16 -0800] conn=3 op=82534 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:16 -0800] conn=13 op=56369 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/collector2-sal-cpqa1-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/collector2-sal-cpqa1-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:16 -0800] conn=13 op=56369 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:16 -0800] conn=13 op=56370 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:16 -0800] conn=13 op=56370 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:16 -0800] conn=13 op=56371 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:16 -0800] conn=13 op=56371 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:16 -0800] conn=13 op=56372 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" > [18/Jan/2016:09:28:16 -0800] conn=13 op=56372 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:16 -0800] conn=13 op=56373 SRCH base="fqdn=collector2-sal-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:28:16 -0800] conn=13 op=56373 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:16 -0800] conn=13 op=56374 SRCH base="cn=collector2-sal-cpqa1-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:16 -0800] conn=13 op=56374 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:16 -0800] conn=13 op=56375 MOD dn="fqdn=collector2-sal-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:16 -0800] conn=13 op=56375 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d221c0000000f0000 > [18/Jan/2016:09:28:16 -0800] conn=3 op=82535 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:16 -0800] conn=3 op=82535 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:16 -0800] conn=3 op=82536 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:16 -0800] conn=3 op=82536 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:16 -0800] conn=3 op=82537 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:16 -0800] conn=3 op=82537 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:16 -0800] conn=3 op=82538 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/collector2-sal-cpqa1-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:16 -0800] conn=3 op=82538 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:16 -0800] conn=3 op=82539 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:16 -0800] conn=3 op=82539 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:16 -0800] conn=18723 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:16 -0800] conn=18723 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:16 -0800] conn=18723 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:16 -0800] conn=18723 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:16 -0800] conn=18723 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:16 -0800] conn=18723 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=collector2-sal-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:16 -0800] conn=18723 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2842)(!(entryusn=2842)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=collector2-sal-cpqa1-van.mydomain.net)(sudoHost=collector2-sal-cpqa1-van)(sudoHost=10.21.23.93)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:6b78)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" > [18/Jan/2016:09:28:16 -0800] conn=18723 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 > [18/Jan/2016:09:28:17 -0800] conn=14994 op=9124 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:17 -0800] conn=14994 op=9124 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:17 -0800] conn=14994 op=9125 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:17 -0800] conn=14994 op=9125 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:17 -0800] conn=14994 op=9126 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:17 -0800] conn=14994 op=9126 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:17 -0800] conn=14994 op=9127 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:17 -0800] conn=14994 op=9127 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:17 -0800] conn=17562 op=144431 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:17 -0800] conn=17562 op=144431 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:17 -0800] conn=17562 op=144432 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:17 -0800] conn=17562 op=144432 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:17 -0800] conn=17562 op=144433 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:17 -0800] conn=17562 op=144433 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:17 -0800] conn=17562 op=144434 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:17 -0800] conn=17562 op=144434 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:17 -0800] conn=18724 fd=278 slot=278 connection from 10.21.5.241 to 10.178.0.98 > [18/Jan/2016:09:28:17 -0800] conn=18724 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" > [18/Jan/2016:09:28:17 -0800] conn=18724 op=0 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:17 -0800] conn=18724 op=1 UNBIND > [18/Jan/2016:09:28:17 -0800] conn=18724 op=1 fd=278 closed - U1 > [18/Jan/2016:09:28:17 -0800] conn=18725 fd=278 slot=278 connection from 10.21.5.241 to 10.178.0.98 > [18/Jan/2016:09:28:17 -0800] conn=18725 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" > [18/Jan/2016:09:28:17 -0800] conn=18725 op=0 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:18 -0800] conn=14994 op=9128 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:18 -0800] conn=14994 op=9128 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:18 -0800] conn=14994 op=9129 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:18 -0800] conn=14994 op=9129 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:18 -0800] conn=18725 op=1 UNBIND > [18/Jan/2016:09:28:18 -0800] conn=18725 op=1 fd=278 closed - U1 > [18/Jan/2016:09:28:18 -0800] conn=14994 op=9130 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:18 -0800] conn=14994 op=9130 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:18 -0800] conn=14994 op=9131 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:18 -0800] conn=14994 op=9131 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:21 -0800] conn=15599 op=565 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(gidNumber=10002)(objectClass=posixGroup)(cn=*)(&(gidNumber=*)(!(gidNumber=0))))" attrs="objectClass cn userPassword gidNumber member nsUniqueId modifyTimestamp entryusn" > [18/Jan/2016:09:28:21 -0800] conn=15599 op=565 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:21 -0800] conn=17562 op=144435 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:21 -0800] conn=17562 op=144435 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:21 -0800] conn=17562 op=144436 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:21 -0800] conn=17562 op=144436 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:21 -0800] conn=17562 op=144437 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:21 -0800] conn=17562 op=144437 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:21 -0800] conn=17562 op=144438 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:21 -0800] conn=17562 op=144438 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=14994 op=9132 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:22 -0800] conn=14994 op=9132 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=14994 op=9133 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:22 -0800] conn=14994 op=9133 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=14994 op=9134 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:22 -0800] conn=14994 op=9134 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=14994 op=9135 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:22 -0800] conn=14994 op=9135 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=18726 fd=278 slot=278 connection from 10.178.0.98 to 10.178.0.98 > [18/Jan/2016:09:28:22 -0800] conn=13 op=56376 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:22 -0800] conn=13 op=56376 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=13 op=56377 SRCH base="cn=ipaConfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaConfigString ipaKrbAuthzData ipaUserAuthType" > [18/Jan/2016:09:28:22 -0800] conn=13 op=56377 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=13 op=56378 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:22 -0800] conn=13 op=56378 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=13 op=56379 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:22 -0800] conn=13 op=56379 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=13 op=56380 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:22 -0800] conn=13 op=56380 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=13 op=56381 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:22 -0800] conn=13 op=56381 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=13 op=56382 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" > [18/Jan/2016:09:28:22 -0800] conn=13 op=56382 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=13 op=56383 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:22 -0800] conn=13 op=56383 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=13 op=56384 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:22 -0800] conn=13 op=56384 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=13 op=56385 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:28:22 -0800] conn=13 op=56385 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=13 op=56386 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:22 -0800] conn=13 op=56386 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=18726 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:22 -0800] conn=18726 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:22 -0800] conn=18726 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:22 -0800] conn=18726 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:22 -0800] conn=18726 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:22 -0800] conn=18726 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:22 -0800] conn=18726 op=3 UNBIND > [18/Jan/2016:09:28:22 -0800] conn=18726 op=3 fd=278 closed - U1 > [18/Jan/2016:09:28:22 -0800] conn=18727 fd=278 slot=278 connection from 10.178.0.98 to 10.178.0.98 > [18/Jan/2016:09:28:22 -0800] conn=3 op=82540 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:22 -0800] conn=3 op=82540 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=3 op=82541 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:22 -0800] conn=3 op=82541 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=3 op=82542 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:22 -0800] conn=3 op=82542 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=3 op=82543 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:22 -0800] conn=3 op=82543 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=3 op=82544 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:22 -0800] conn=3 op=82544 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=3 op=82545 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" > [18/Jan/2016:09:28:22 -0800] conn=3 op=82545 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=3 op=82546 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:22 -0800] conn=3 op=82546 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=3 op=82547 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:22 -0800] conn=3 op=82547 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=3 op=82548 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" > [18/Jan/2016:09:28:22 -0800] conn=3 op=82548 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=3 op=82549 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:22 -0800] conn=3 op=82549 RESULT err=32 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=18727 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:22 -0800] conn=18727 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:22 -0800] conn=18727 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:22 -0800] conn=18727 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:22 -0800] conn=18727 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:22 -0800] conn=18727 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:22 -0800] conn=18727 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:22 -0800] conn=18727 op=3 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=18727 op=4 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" > [18/Jan/2016:09:28:22 -0800] conn=18727 op=4 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=18727 op=5 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="macAddress memberOf description nsHardwarePlatform ipaAllowedToPerform memberofindirect l nsOsVersion fqdn managedBy ipaAssignedIDView userCertificate krbPrincipalName nsHostLocation userClass" > [18/Jan/2016:09:28:22 -0800] conn=18727 op=5 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=18727 op=6 SRCH base="dc=mydomain,dc=net" scope=2 filter="(|(member=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberUser=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberHost=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net))" attrs="" > [18/Jan/2016:09:28:22 -0800] conn=18727 op=6 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=18727 op=7 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(userPassword=*)" attrs="userPassword" > [18/Jan/2016:09:28:22 -0800] conn=18727 op=7 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=18727 op=8 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(krbPrincipalKey=*)" attrs="krbPrincipalKey" > [18/Jan/2016:09:28:22 -0800] conn=18727 op=8 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=18727 op=9 SRCH base="cn=ipaservers,cn=ng,cn=alt,dc=mydomain,dc=net" scope=0 filter="(objectClass=mepmanagedentry)" attrs="" > [18/Jan/2016:09:28:22 -0800] conn=18727 op=9 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=18727 op=10 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaSshPubKey" > [18/Jan/2016:09:28:22 -0800] conn=18727 op=10 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=18727 op=11 ADD dn="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:22 -0800] conn=18727 op=11 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d22220006000f0000 > [18/Jan/2016:09:28:22 -0800] conn=18727 op=12 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="memberOf ipaKrbAuthzData objectClass userCertificate managedBy ipaUniqueID ipaAllowedToPerform krbPrincipalName" > [18/Jan/2016:09:28:22 -0800] conn=18727 op=12 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=18727 op=13 UNBIND > [18/Jan/2016:09:28:22 -0800] conn=18727 op=13 fd=278 closed - U1 > [18/Jan/2016:09:28:22 -0800] conn=14994 op=9136 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:22 -0800] conn=14994 op=9136 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=14994 op=9137 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:22 -0800] conn=14994 op=9137 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=17562 op=144439 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:22 -0800] conn=17562 op=144439 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=17562 op=144440 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:22 -0800] conn=17562 op=144440 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=18728 fd=278 slot=278 connection from 10.21.0.98 to 10.178.0.98 > [18/Jan/2016:09:28:22 -0800] conn=18728 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:22 -0800] conn=18728 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:22 -0800] conn=18728 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:22 -0800] conn=18728 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:22 -0800] conn=18728 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:22 -0800] conn=18728 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:22 -0800] conn=18728 op=3 EXT oid="2.16.840.1.113730.3.8.10.5" name="IPA Password Manager" > [18/Jan/2016:09:28:22 -0800] conn=18728 op=3 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=18728 op=4 UNBIND > [18/Jan/2016:09:28:22 -0800] conn=18728 op=4 fd=278 closed - U1 > [18/Jan/2016:09:28:22 -0800] conn=14994 op=9138 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:22 -0800] conn=14994 op=9138 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=14994 op=9139 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:22 -0800] conn=14994 op=9139 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=14994 op=9140 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:22 -0800] conn=14994 op=9140 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:22 -0800] conn=14994 op=9141 MOD dn="cn=repl keep alive 16,dc=mydomain,dc=net" > [18/Jan/2016:09:28:22 -0800] conn=14994 op=9141 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2222000e00100000 > [18/Jan/2016:09:28:23 -0800] conn=18729 fd=278 slot=278 connection from 10.178.0.98 to 10.178.0.98 > [18/Jan/2016:09:28:23 -0800] conn=7 op=36519 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:23 -0800] conn=7 op=36519 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=7 op=36520 SRCH base="cn=ipaConfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaConfigString ipaKrbAuthzData ipaUserAuthType" > [18/Jan/2016:09:28:23 -0800] conn=7 op=36520 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=7 op=36521 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:23 -0800] conn=7 op=36521 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=7 op=36522 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:23 -0800] conn=7 op=36522 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=7 op=36523 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:23 -0800] conn=7 op=36523 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=7 op=36524 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" > [18/Jan/2016:09:28:23 -0800] conn=7 op=36524 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=18729 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:23 -0800] conn=18729 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:23 -0800] conn=18729 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:23 -0800] conn=18729 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:23 -0800] conn=18729 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:23 -0800] conn=18729 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:23 -0800] conn=18729 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:23 -0800] conn=18729 op=3 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=18729 op=4 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=CA))" attrs=ALL > [18/Jan/2016:09:28:23 -0800] conn=18729 op=4 RESULT err=0 tag=101 nentries=3 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=18729 op=5 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=krbPrincipalAux)(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs=ALL > [18/Jan/2016:09:28:23 -0800] conn=18729 op=5 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=18729 op=6 SRCH base="cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass" > [18/Jan/2016:09:28:23 -0800] conn=18729 op=6 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=18729 op=7 SRCH base="cn=caacls,cn=ca,dc=mydomain,dc=net" scope=1 filter="(&(objectClass=ipaassociation)(objectClass=ipacaacl))" attrs="serviceCategory cn ipaMemberCertProfile ipaMemberCa ipaCertProfileCategory memberUser userCategory hostCategory memberHost ipaEnabledFlag ipaCaCategory memberService description" > [18/Jan/2016:09:28:23 -0800] conn=18729 op=7 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=18729 op=8 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaKrbAuthzData userCertificate ipaAllowedToPerform * managedBy memberOf krbPrincipalName aci" > [18/Jan/2016:09:28:23 -0800] conn=18729 op=8 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=18729 op=9 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(krbPrincipalKey=*)" attrs="krbPrincipalKey" > [18/Jan/2016:09:28:23 -0800] conn=18729 op=9 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=18729 op=10 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=krbPrincipalAux)(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs=ALL > [18/Jan/2016:09:28:23 -0800] conn=18729 op=10 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=18729 op=11 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="userCertificate" > [18/Jan/2016:09:28:23 -0800] conn=18729 op=11 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=67 op=539 SRCH base="cn=7,ou=certificateRepository,ou=ca,o=ipaca" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:23 -0800] conn=67 op=539 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=217 op=10 SRCH base="ou=People,o=ipaca" scope=2 filter="(description=2;7;CN=Certificate Authority,O=MYDOMAIN.NET;CN=IPA RA,O=MYDOMAIN.NET)" attrs=ALL > [18/Jan/2016:09:28:23 -0800] conn=217 op=10 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=217 op=11 SRCH base="cn=Registration Manager Agents,ou=groups,o=ipaca" scope=0 filter="(uniqueMember=uid=ipara,ou=people,o=ipaca)" attrs="cn" > [18/Jan/2016:09:28:23 -0800] conn=217 op=11 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=67 op=540 ADD dn="cn=99990009,ou=ca,ou=requests,o=ipaca" > [18/Jan/2016:09:28:23 -0800] conn=67 op=540 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d2323000004470000 > [18/Jan/2016:09:28:23 -0800] conn=67 op=541 ADD dn="cn=2684289033,ou=certificateRepository,ou=ca,o=ipaca" > [18/Jan/2016:09:28:23 -0800] conn=67 op=541 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d2323000104470000 > [18/Jan/2016:09:28:23 -0800] conn=67 op=542 MOD dn="cn=99990009,ou=ca,ou=requests,o=ipaca" > [18/Jan/2016:09:28:23 -0800] conn=17562 op=144441 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:23 -0800] conn=17562 op=144441 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=67 op=542 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2323000304470000 > [18/Jan/2016:09:28:23 -0800] conn=67 op=543 SRCH base="cn=99990009,ou=ca,ou=requests,o=ipaca" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:23 -0800] conn=67 op=543 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=67 op=544 MOD dn="ou=ca,ou=requests,o=ipaca" > [18/Jan/2016:09:28:23 -0800] conn=18730 fd=281 slot=281 connection from 10.178.0.99 to 10.178.0.98 > [18/Jan/2016:09:28:23 -0800] conn=67 op=544 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2323000504470000 > [18/Jan/2016:09:28:23 -0800] conn=18730 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:23 -0800] conn=18729 op=12 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=CA))" attrs=ALL > [18/Jan/2016:09:28:23 -0800] conn=18729 op=12 RESULT err=0 tag=101 nentries=3 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=18730 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:23 -0800] conn=18729 op=13 SRCH base="cn=caIPAserviceCert,cn=certprofiles,cn=ca,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="cn ipaCertProfileStoreIssued description" > [18/Jan/2016:09:28:23 -0800] conn=18729 op=13 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=18729 op=14 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="userCertificate" > [18/Jan/2016:09:28:23 -0800] conn=18729 op=14 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=18731 fd=282 slot=282 connection from 10.21.0.99 to 10.178.0.98 > [18/Jan/2016:09:28:23 -0800] conn=18729 op=15 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=CA))" attrs=ALL > [18/Jan/2016:09:28:23 -0800] conn=18729 op=15 RESULT err=0 tag=101 nentries=3 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=18731 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:23 -0800] conn=18729 op=16 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=CA))" attrs=ALL > [18/Jan/2016:09:28:23 -0800] conn=18731 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:23 -0800] conn=18729 op=16 RESULT err=0 tag=101 nentries=3 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=18729 op=17 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="userCertificate" > [18/Jan/2016:09:28:23 -0800] conn=18729 op=17 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=18731 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:23 -0800] conn=18731 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:23 -0800] conn=18729 op=18 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="userCertificate" > [18/Jan/2016:09:28:23 -0800] conn=18729 op=18 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=18729 op=19 MOD dn="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:23 -0800] conn=18731 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:23 -0800] conn=18731 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="krbprincipalname=ldap/dc1-ipa-dev-van.mydomain.net at mydomain.net,cn=services,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:23 -0800] conn=18729 op=19 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22230001000f0000 > [18/Jan/2016:09:28:23 -0800] conn=18729 op=20 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaKrbAuthzData userCertificate ipaAllowedToPerform managedBy memberOf krbPrincipalName" > [18/Jan/2016:09:28:23 -0800] conn=18731 op=3 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension" > [18/Jan/2016:09:28:23 -0800] conn=18729 op=20 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=18731 op=3 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=18731 op=4 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension" > [18/Jan/2016:09:28:23 -0800] conn=18729 op=21 UNBIND > [18/Jan/2016:09:28:23 -0800] conn=18729 op=21 fd=278 closed - U1 > [18/Jan/2016:09:28:23 -0800] conn=18731 op=4 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=18731 op=5 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:23 -0800] conn=18731 op=5 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:23 -0800] conn=18731 op=6 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:23 -0800] conn=18731 op=6 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:27 -0800] conn=17562 op=144442 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:27 -0800] conn=17562 op=144442 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:28 -0800] conn=18730 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:28 -0800] conn=18730 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:28 -0800] conn=18730 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:28 -0800] conn=18730 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="krbprincipalname=ldap/dc1-ipa-dev-nvan.mydomain.net at mydomain.net,cn=services,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:28 -0800] conn=18730 op=3 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension" > [18/Jan/2016:09:28:28 -0800] conn=18730 op=3 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:28 -0800] conn=18730 op=4 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension" > [18/Jan/2016:09:28:28 -0800] conn=18730 op=4 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:28 -0800] conn=18730 op=5 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:28 -0800] conn=18730 op=5 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:28 -0800] conn=18730 op=6 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:28 -0800] conn=18730 op=6 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:28 -0800] conn=14994 op=9142 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:28 -0800] conn=14994 op=9142 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:28 -0800] conn=14994 op=9143 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:28 -0800] conn=14994 op=9143 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:28 -0800] conn=14994 op=9144 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:28 -0800] conn=14994 op=9144 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:29 -0800] conn=17562 op=144443 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:29 -0800] conn=17562 op=144443 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:29 -0800] conn=17562 op=144444 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:29 -0800] conn=17562 op=144444 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:30 -0800] conn=18656 op=5 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2842)(!(entryusn=2842)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=spool1-googleapps-flex-van.mydomain.net)(sudoHost=spool1-googleapps-flex-van)(sudoHost=10.21.32.201)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:2c30)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" > [18/Jan/2016:09:28:30 -0800] conn=18656 op=5 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 > [18/Jan/2016:09:28:30 -0800] conn=18519 op=5 UNBIND > [18/Jan/2016:09:28:30 -0800] conn=18519 op=5 fd=77 closed - U1 > [18/Jan/2016:09:28:32 -0800] conn=18732 fd=77 slot=77 connection from 10.21.0.98 to 10.178.0.98 > [18/Jan/2016:09:28:32 -0800] conn=18732 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:32 -0800] conn=18732 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:32 -0800] conn=18732 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:32 -0800] conn=18732 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:32 -0800] conn=18732 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:32 -0800] conn=18732 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:32 -0800] conn=18732 op=3 SRCH base="cn=replication,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:32 -0800] conn=18732 op=3 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:32 -0800] conn=18732 op=4 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" > [18/Jan/2016:09:28:32 -0800] conn=18732 op=4 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:32 -0800] conn=17562 op=144445 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:32 -0800] conn=17562 op=144445 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:32 -0800] conn=17562 op=144446 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:32 -0800] conn=17562 op=144446 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:32 -0800] conn=17562 op=144447 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:32 -0800] conn=17562 op=144447 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:32 -0800] conn=17562 op=144448 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:32 -0800] conn=17562 op=144448 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:32 -0800] conn=18732 op=5 MOD dn="cn=replication,cn=etc,dc=mydomain,dc=net" > [18/Jan/2016:09:28:32 -0800] conn=18732 op=5 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d222c0007000f0000 > [18/Jan/2016:09:28:32 -0800] conn=14994 op=9145 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:32 -0800] conn=14994 op=9145 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:32 -0800] conn=14994 op=9146 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:32 -0800] conn=14994 op=9146 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:32 -0800] conn=17562 op=144449 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:32 -0800] conn=17562 op=144449 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:32 -0800] conn=17562 op=144450 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:32 -0800] conn=17562 op=144450 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:33 -0800] conn=18732 op=6 SRCH base="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:33 -0800] conn=18732 op=6 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:33 -0800] conn=18732 op=7 SRCH base="cn=replication,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:33 -0800] conn=18732 op=7 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:33 -0800] conn=18732 op=8 MOD dn="cn=replication,cn=etc,dc=mydomain,dc=net" > [18/Jan/2016:09:28:33 -0800] conn=18732 op=8 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d222d0000000f0000 > [18/Jan/2016:09:28:33 -0800] conn=18732 op=9 SRCH base="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:33 -0800] conn=18732 op=9 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 ADD dn="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" > [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 RESULT err=68 tag=105 nentries=0 etime=0 > [18/Jan/2016:09:28:33 -0800] conn=18732 op=11 UNBIND > [18/Jan/2016:09:28:33 -0800] conn=18732 op=11 fd=77 closed - U1 > [18/Jan/2016:09:28:33 -0800] conn=18733 fd=77 slot=77 connection from 10.178.6.56 to 10.178.0.98 > [18/Jan/2016:09:28:33 -0800] conn=18733 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" > [18/Jan/2016:09:28:33 -0800] conn=18733 op=0 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:33 -0800] conn=3 op=82550 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:33 -0800] conn=3 op=82550 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:33 -0800] conn=18733 op=1 UNBIND > [18/Jan/2016:09:28:33 -0800] conn=18733 op=1 fd=77 closed - U1 > [18/Jan/2016:09:28:33 -0800] conn=18734 fd=77 slot=77 connection from 10.178.6.56 to 10.178.0.98 > [18/Jan/2016:09:28:33 -0800] conn=18734 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" > [18/Jan/2016:09:28:33 -0800] conn=18734 op=0 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:33 -0800] conn=7 op=36525 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:33 -0800] conn=7 op=36525 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:33 -0800] conn=18734 op=1 UNBIND > [18/Jan/2016:09:28:33 -0800] conn=18734 op=1 fd=77 closed - U1 > [18/Jan/2016:09:28:33 -0800] conn=7 op=36526 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:33 -0800] conn=7 op=36526 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:33 -0800] conn=18735 fd=77 slot=77 connection from 10.178.6.56 to 10.178.0.98 > [18/Jan/2016:09:28:33 -0800] conn=18735 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" > [18/Jan/2016:09:28:33 -0800] conn=18735 op=0 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:33 -0800] conn=7 op=36527 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" > [18/Jan/2016:09:28:33 -0800] conn=7 op=36527 RESULT err=0 tag=101 nentries=0 etime=0 > [18/Jan/2016:09:28:33 -0800] conn=18735 op=1 UNBIND > [18/Jan/2016:09:28:33 -0800] conn=18735 op=1 fd=77 closed - U1 > [18/Jan/2016:09:28:34 -0800] conn=14994 op=9147 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:34 -0800] conn=14994 op=9147 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:34 -0800] conn=14994 op=9148 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [18/Jan/2016:09:28:34 -0800] conn=17562 op=144451 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" > [18/Jan/2016:09:28:34 -0800] conn=17562 op=144451 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:34 -0800] conn=14994 op=9148 RESULT err=0 tag=120 nentries=0 etime=0 > [18/Jan/2016:09:28:36 -0800] conn=18520 op=5 UNBIND > > -----Original Message----- > From: Petr Vobornik [mailto:pvoborni at redhat.com] > Sent: January-18-16 10:30 AM > To: Nathan Peters; Rob Crittenden; freeipa-users at redhat.com > Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists > > On 01/18/2016 07:10 PM, Nathan Peters wrote: >> This is FreeIPA 4.3.0. There is no master generating the prepare file (unless its still handled in the background invisibly to the user). > Right. But the replica installer picks some server as a master. > > Ipa-replica-install is run directly from an unjoined client (or joined > client, I have tried both). >> However, after tracking the logs of all 3 existing IPA servers during the attempted installation, the CA master appears to be the one doing something. Here are the logs for that time period. Note that there is no "err=68" anywhere in here: > Are all 3 existing server functioning well, e.g with working replication? > > Could you check `ipa server-find` if there is no left-over server - e.g. > failed installation. > > Could be check also in `ipa-replica-manage list` if there is some > leftover, please remove it with `ipa-replica-manage del $FQDN` command. > > Wrt the logs. I did not meant that but Rob was right. The installer > tries to update "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping > tree,cn=config" entry on both master and the replica. If the entry does > not exist, the installer also creates it. > > On replica it behaves correctly: > > [18/Jan/2016:09:28:32 -0800] conn=2 op=8 SRCH > base="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" > scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:32 -0800] conn=2 op=8 RESULT err=0 tag=101 nentries=1 > etime=0 > [18/Jan/2016:09:28:32 -0800] conn=2 op=9 MOD > dn="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" > [18/Jan/2016:09:28:32 -0800] conn=2 op=9 RESULT err=0 tag=103 nentries=0 > etime=0 > > It would be good to see the same log from a master which it tries to use > in installation. - In 4.3 the server is picked automatically. > > I don't see any searches for > "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" in > the logs below which makes me wonder, what server the installer tries to > use as a master. > > Could be find out, e.g. by: > $ cat /var/log/ipareplica-install.log | grep "Forwarding 'service_add'" > > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project From lkrispen at redhat.com Tue Jan 19 16:46:53 2016 From: lkrispen at redhat.com (Ludwig Krispenz) Date: Tue, 19 Jan 2016 17:46:53 +0100 Subject: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists In-Reply-To: References: <569CB899.9040603@redhat.com> <569CCB5D.8040400@redhat.com> <569D27C4.10602@redhat.com> <569D2F2F.6080806@redhat.com> <569DF522.4090505@redhat.com> Message-ID: <569E687D.5040006@redhat.com> On 01/19/2016 05:24 PM, Nathan Peters wrote: > So if the obsolete replica ID should cause no harm, then what is the solution to get my replica re-installed ? > > This problem still exists and hasn't gone away so I am still stuck with a 4th replica unable to be re-joined ... > > [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 ADD dn="cn=replica,cn=dc\3Ddev-globalrelay\2Cdc\3Dnet,cn=mapping tree,cn=config" > [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 RESULT err=68 tag=105 nentries=0 etime=0 > [18/Jan/2016:09:28:33 -0800] conn=18732 op=11 UNBIND where do you see this ? The high connection number indicates it is not on the server you just install. If it is on the master then it is correct, the entry exists there already. Did you uninstall server and client before ? Do you still have an /etc/openldap/ldap.conf having an URI pointin to the master ? > > [27/43]: restarting directory server > [28/43]: setting up initial replication > [error] DuplicateEntry: This entry already exists Your system may be > partly configured. > Run /usr/sbin/ipa-server-install --uninstall to clean up. > > -----Original Message----- > From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Ludwig Krispenz > Sent: January-19-16 12:37 AM > To: freeipa-users at redhat.com > Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists > > > On 01/18/2016 09:55 PM, Nathan Peters wrote: >> Another follow-up : dirsrv logs get really strange when I attempt to add that cleanruv task. It apears the message logged to console that the task already exists is totally lying ? o.O > no, it is not totally lying, you just found another trace of a replica > ID which is probably not properly cleaned. The cleanallruv task looks > into the database and finally also into the changelog and remove all > traces for tee replica ID to be cleaned. > What you found is a ruv in the replication agreement, the replication > agreement keeps track of the consumer RUV it has seen, and there was at > one time replica 14. > > I'll open a ticket for 389-ds to handle this in the cleanallruv task. > But the obsolete replica ID in the agreement should do no harm. If you > want to get rid of it, you coud stop the server and remove it from the > /etc/dirsrv/slapd-/dse.ldif >> So the actual error is that it cannot modify a task because it does not exist? Why does it not exist ? According to the docs here : http://directory.fedoraproject.org/docs/389ds/FAQ/troubleshoot-cleanallruv.html >> >> It should always exist? There is no 'changetype : modify' in that ldap syntax... >> >> [18/Jan/2016:12:36:56 -0800] - ldbm_back_seq deadlock retry BAD 1601, err=0 BDB0062 Successful return: 0 >> [18/Jan/2016:12:39:56 -0800] - WARNING: can't modify task entry 'cn=clean 14,cn=cleanallruv,cn=tasks,cn=config'; No such object (32) >> [18/Jan/2016:12:39:58 -0800] - WARNING: can't modify task entry 'cn=clean 14,cn=cleanallruv,cn=tasks,cn=config'; No such object (32) >> [18/Jan/2016:12:40:00 -0800] - WARNING: can't modify task entry 'cn=clean 14,cn=cleanallruv,cn=tasks,cn=config'; No such object (32) >> [18/Jan/2016:12:40:00 -0800] NSMMReplicationPlugin - CleanAllRUV Task (rid 14): Replica id (14) is already being cleaned >> [18/Jan/2016:12:40:02 -0800] - WARNING: can't modify task entry 'cn=clean 14,cn=cleanallruv,cn=tasks,cn=config'; No such object (32) >> [18/Jan/2016:12:40:04 -0800] - WARNING: can't modify task entry 'cn=clean 14,cn=cleanallruv,cn=tasks,cn=config'; No such object (32) >> [18/Jan/2016:12:40:06 -0800] - WARNING: can't modify task entry 'cn=clean 14,cn=cleanallruv,cn=tasks,cn=config'; No such object (32) >> [18/Jan/2016:12:40:06 -0800] NSMMReplicationPlugin - CleanAllRUV Task (rid 14): Task failed...(-1) >> [18/Jan/2016:12:40:08 -0800] - WARNING: can't modify task entry 'cn=clean 14,cn=cleanallruv,cn=tasks,cn=config'; No such object (32) >> [18/Jan/2016:12:40:08 -0800] - WARNING: can't find task entry 'cn=clean 14,cn=cleanallruv,cn=tasks,cn=config' >> [18/Jan/2016:12:40:08 -0800] ipa_sidgen_add_post_op - [file ipa_sidgen.c, line 128]: Missing target entry. >> >> -----Original Message----- >> From: Nathan Peters >> Sent: January-18-16 12:13 PM >> To: Nathan Peters; Petr Vobornik; Rob Crittenden; freeipa-users at redhat.com >> Subject: RE: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists >> >> Follow-up : After finding the ghost ruvs below I tried to clean them. Apparently they are already being cleaned by some task that is clearly not working ... >> >> ==== attempts to clean ruv 14 ==== >> >> [[root at dc2-ipa-dev-nvan slapd-MYDOMAIN-NET]# ldapmodify -D "cn=directory manager" -W -a >> Enter LDAP Password: >> dn: cn=clean 14, cn=cleanallruv, cn=tasks, cn=config >> objectclass: top >> objectclass: extensibleObject >> replica-base-dn: cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config >> replica-id: 14 >> replica-force-cleaning: yes >> cn: clean 14 >> >> adding new entry "cn=clean 14, cn=cleanallruv, cn=tasks, cn=config" >> ldap_add: Server is unwilling to perform (53) >> additional info: Replica id (14) is already being cleaned >> >> [root at dc2-ipa-dev-nvan slapd-MYDOMAIN-NET]# ldapmodify -x -D "cn=directory manager" -W <>> dn: cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config >>> changetype: modify >>> replace: nsds5task >>> nsds5task: CLEANRUV14 >>> EOF >> Enter LDAP Password: >> modifying entry "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" >> >> This one adds the entry properly (I think - I have no idea how to check if one exists), but does not actually clean the ruv. >> >> >> -----Original Message----- >> From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Nathan Peters >> Sent: January-18-16 11:44 AM >> To: Petr Vobornik; Rob Crittenden; freeipa-users at redhat.com >> Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists >> >> Answers to questions : >> >> 1) All 3 servers are working fine. Error logs show only the expected replication keepalive entries and no other entries for the last 24 hours. Replication works. >> >> 2) ipa server-find output is identical on all 3 servers : >> >> [root at dc1-ipa-dev-nvan slapd-DEV-GLOBALRELAY-NET]# ipa server-find >> --------------------- >> 3 IPA servers matched >> --------------------- >> Server name: dc1-ipa-dev-nvan.dev-globalrelay.net >> Managed suffixes: domain, ca >> Min domain level: 0 >> Max domain level: 1 >> >> Server name: dc1-ipa-dev-van.dev-globalrelay.net >> Managed suffixes: domain, ca >> Min domain level: 0 >> Max domain level: 1 >> >> Server name: dc2-ipa-dev-nvan.dev-globalrelay.net >> Managed suffixes: domain, ca >> Min domain level: 0 >> Max domain level: 1 >> ---------------------------- >> Number of entries returned 3 >> ---------------------------- >> >> 3)ipa-replica-manage list is the same on all 3 servers : >> >> [root at dc1-ipa-dev-van slapd-DEV-GLOBALRELAY-NET]# ipa-replica-manage list >> dc2-ipa-dev-nvan.dev-globalrelay.net: master >> dc1-ipa-dev-nvan.dev-globalrelay.net: master >> dc1-ipa-dev-van.dev-globalrelay.net: master >> >> 3.5)I actually tried running the remove command anyway in case there were any type of lingering records and it came back with nothing found : >> >> [root at dc2-ipa-dev-nvan slapd-DEV-GLOBALRELAY-NET]# ipa-replica-manage del dc2-ipa-dev-van.dev-globalrelay.net >> dc2-ipa-dev-van.dev-globalrelay.net is not listed among IPA masters. >> Please specify an actual server or add the --cleanup option to force clean up. >> [root at dc2-ipa-dev-nvan slapd-DEV-GLOBALRELAY-NET]# ipa-replica-manage del dc2-ipa-dev-van.dev-globalrelay.net --cleanup >> Checking connectivity in topology suffix 'ca' >> 'dc2-ipa-dev-van.dev-globalrelay.net' is not a part of topology suffix 'ca' >> Not checking connectivity >> Checking connectivity in topology suffix 'domain' >> 'dc2-ipa-dev-van.dev-globalrelay.net' is not a part of topology suffix 'domain' >> Not checking connectivity >> No RUV records found. >> >> 4) The command revealed it went to a different master than I thought. It was not the CA master, but a differnet one. >> >> [root at dc2-ipa-dev-van slapd-DEV-GLOBALRELAY-NET]# cat /var/log/ipareplica-install.log | grep "Forwarding 'service_add'" >> 2016-01-18T17:28:22Z INFO Forwarding 'service_add' to json server 'https://dc2-ipa-dev-nvan.dev-globalrelay.net/ipa/json' >> >> For some reason, when I was monitoring the logs, nothing had been logged on the dc2-ipa-dev-nvan in the dirsrv log but it must have been buffering to disk, because when I checked the logs 5 minutes later, all the data was there. You can actually see the err=68 here : >> >> [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 ADD dn="cn=replica,cn=dc\3Ddev-globalrelay\2Cdc\3Dnet,cn=mapping tree,cn=config" >> [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 RESULT err=68 tag=105 nentries=0 etime=0 >> [18/Jan/2016:09:28:33 -0800] conn=18732 op=11 UNBIND >> >> I'm not sure why it would fail that call though... >> >> Here are the ldapsearch for that cn=replica branch performed on the master it was joining to, as well as the complete logs from that master with the err=68 in it. >> >> I'm not sure if this has anything to do with it, but inside the replica branch are already 2 sub branches for replication agreements. These agreements have what appears to be old ruvs for the server I am trying to join, however, because the ipa-replica-install clean-ruv command only applies to domain level 0, I cannot clean those ruvs... I also cannot lower my domain level back down to 0 so I can clean them. >> >> [root at dc2-ipa-dev-nvan slapd-DEV-GLOBALRELAY-NET]# ipa-replica-manage clean-ruv 14 >> No RUV records found. >> >> >> ==== LDAP SEARCH OF SECTION OF TREE THAT ADD FAILS ON ===== >> >> [root at dc2-ipa-dev-nvan slapd-MYDOMAIN-NET]# ldapsearch -D "cn=directory manager" -W -b "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" >> Enter LDAP Password: >> # extended LDIF >> # >> # LDAPv3 >> # base with scope subtree >> # filter: (objectclass=*) >> # requesting: ALL >> # >> >> # replica, dc\3Dmydomain\2Cdc\3Dnet, mapping tree, config >> dn: cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config >> cn: replica >> nsDS5Flags: 1 >> nsDS5ReplicaBindDN: cn=replication manager,cn=config >> nsDS5ReplicaBindDN: krbprincipalname=ldap/dc1-ipa-dev-nvan.mydomain.net >> @MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net >> nsDS5ReplicaBindDN: krbprincipalname=ldap/dc1-ipa-dev-van.mydomain.net@ >> MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net >> nsDS5ReplicaId: 15 >> nsDS5ReplicaName: 74d8b993-bcb911e5-ba5283c7-2a40cd64 >> nsDS5ReplicaRoot: dc=mydomain,dc=net >> nsDS5ReplicaType: 3 >> nsState:: DwAAAAAAAAC/OZ1WAAAAAAAAAAAAAAAAbAEAAAAAAAAAAAAAAAAAAA== >> nsds5ReplicaLegacyConsumer: off >> nsds5replicabinddngroup: cn=replication managers,cn=sysaccounts,cn=etc,dc=mydomain,dc=net >> nsds5replicabinddngroupcheckinterval: 60 >> objectClass: nsds5replica >> objectClass: top >> objectClass: extensibleobject >> nsds5ReplicaChangeCount: 37386 >> nsds5replicareapactive: 0 >> >> # meTodc1-ipa-dev-nvan.mydomain.net, replica, dc\3Dmydomain\2Cdc\ >> 3Dnet, mapping tree, config >> dn: cn=meTodc1-ipa-dev-nvan.mydomain.net,cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config >> cn: meTodc1-ipa-dev-nvan.mydomain.net >> description: me to dc1-ipa-dev-nvan.mydomain.net >> nsDS5ReplicaBindMethod: SASL/GSSAPI >> nsDS5ReplicaHost: dc1-ipa-dev-nvan.mydomain.net >> nsDS5ReplicaPort: 389 >> nsDS5ReplicaRoot: dc=mydomain,dc=net >> nsDS5ReplicaTransportInfo: LDAP >> nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial >> entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount >> nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts >> uccessfulauth krblastfailedauth krbloginfailedcount >> nsds50ruv: {replicageneration} 553fe9bb000000040000 >> nsds50ruv: {replica 16 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 569afd >> 26000000100000 569b9201002200100000 >> nsds50ruv: {replica 17 ldap://dc1-ipa-dev-van.mydomain.net:389} 569b124 >> b000000110000 569b91af000d00110000 >> nsds50ruv: {replica 15 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 569aee >> 040000000f0000 569b92010002000f0000 >> nsds50ruv: {replica 14 ldap://dc2-ipa-dev-van.mydomain.net:389} 569ae7b >> b0000000e0000 569b91320014000e0000 >> nsds5ReplicaEnabled: on >> nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in >> ternalModifyTimestamp >> nsds5replicaTimeout: 120 >> nsruvReplicaLastModified: {replica 16 ldap://dc1-ipa-dev-nvan.mydomain. >> net:389} 00000000 >> nsruvReplicaLastModified: {replica 17 ldap://dc1-ipa-dev-van.mydomain.n >> et:389} 00000000 >> nsruvReplicaLastModified: {replica 15 ldap://dc2-ipa-dev-nvan.mydomain. >> net:389} 00000000 >> nsruvReplicaLastModified: {replica 14 ldap://dc2-ipa-dev-van.mydomain.n >> et:389} 00000000 >> objectClass: nsds5replicationagreement >> objectClass: top >> objectClass: ipaReplTopoManagedAgreement >> ipaReplTopoManagedAgreementState: managed agreement - controlled by topology p >> lugin >> nsds5replicareapactive: 0 >> nsds5replicaLastUpdateStart: 20160118191523Z >> nsds5replicaLastUpdateEnd: 20160118191523Z >> nsds5replicaChangesSentSinceStartup:: MTU6Mjc0LzgyNzY5NiAxNDoxLzAgMTc6MTQvMCAx >> NjoyLzAg >> nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd >> ate succeeded >> nsds5replicaUpdateInProgress: FALSE >> nsds5replicaLastInitStart: 19700101000000Z >> nsds5replicaLastInitEnd: 19700101000000Z >> >> # meTodc1-ipa-dev-van.mydomain.net, replica, dc\3Dmydomain\2Cdc\3 >> Dnet, mapping tree, config >> dn: cn=meTodc1-ipa-dev-van.mydomain.net,cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config >> cn: meTodc1-ipa-dev-van.mydomain.net >> description: me to dc1-ipa-dev-van.mydomain.net >> nsDS5ReplicaBindMethod: SASL/GSSAPI >> nsDS5ReplicaHost: dc1-ipa-dev-van.mydomain.net >> nsDS5ReplicaPort: 389 >> nsDS5ReplicaRoot: dc=mydomain,dc=net >> nsDS5ReplicaTransportInfo: LDAP >> nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial >> entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount >> nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts >> uccessfulauth krblastfailedauth krbloginfailedcount >> nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in >> ternalModifyTimestamp >> nsds5replicaTimeout: 120 >> objectClass: nsds5replicationagreement >> objectClass: top >> objectClass: ipaReplTopoManagedAgreement >> ipaReplTopoManagedAgreementState: managed agreement - controlled by topology p >> lugin >> nsds50ruv: {replicageneration} 553fe9bb000000040000 >> nsds50ruv: {replica 17 ldap://dc1-ipa-dev-van.mydomain.net:389} 569b124 >> b000000110000 569b9201000500110000 >> nsds50ruv: {replica 16 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 569afd >> 26000000100000 569b918d004a00100000 >> nsds50ruv: {replica 15 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 569aee >> 040000000f0000 569b92010002000f0000 >> nsds50ruv: {replica 14 ldap://dc2-ipa-dev-van.mydomain.net:389} 569ae7b >> b0000000e0000 569b91320014000e0000 >> nsruvReplicaLastModified: {replica 17 ldap://dc1-ipa-dev-van.mydomain.n >> et:389} 00000000 >> nsruvReplicaLastModified: {replica 16 ldap://dc1-ipa-dev-nvan.mydomain. >> net:389} 00000000 >> nsruvReplicaLastModified: {replica 15 ldap://dc2-ipa-dev-nvan.mydomain. >> net:389} 00000000 >> nsruvReplicaLastModified: {replica 14 ldap://dc2-ipa-dev-van.mydomain.n >> et:389} 00000000 >> nsds5replicareapactive: 0 >> nsds5replicaLastUpdateStart: 20160118191523Z >> nsds5replicaLastUpdateEnd: 20160118191523Z >> nsds5replicaChangesSentSinceStartup:: MTU6MzY2LzE0MTg1NjkgMTY6OTYvMCAxNzoyLzAg >> nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd >> ate succeeded >> nsds5replicaUpdateInProgress: FALSE >> nsds5replicaLastInitStart: 19700101000000Z >> nsds5replicaLastInitEnd: 19700101000000Z >> >> # search result >> search: 2 >> result: 0 Success >> >> # numResponses: 4 >> # numEntries: 3 >> >> >> >> >> >> ===== LOGS FROM MASTER DURING REPLICA INSTALLATION ATTEMPT ==== >> >> [18/Jan/2016:09:27:54 -0800] conn=18695 fd=144 slot=144 connection from 10.21.0.98 to 10.178.0.98 >> [18/Jan/2016:09:27:54 -0800] conn=18695 op=0 BIND dn="" method=128 version=3 >> [18/Jan/2016:09:27:54 -0800] conn=18695 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="" >> [18/Jan/2016:09:27:54 -0800] conn=18695 op=1 SRCH base="" scope=0 filter="(objectClass=*)" attrs="namingContexts defaultnamingcontext" >> [18/Jan/2016:09:27:54 -0800] conn=18695 op=1 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=18695 op=2 SRCH base="dc=mydomain,dc=net" scope=0 filter="(info=IPA*)" attrs=ALL >> [18/Jan/2016:09:27:54 -0800] conn=18695 op=2 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=18695 op=3 SRCH base="cn=kerberos,dc=mydomain,dc=net" scope=2 filter="(objectClass=krbRealmContainer)" attrs=ALL >> [18/Jan/2016:09:27:54 -0800] conn=18695 op=3 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=14994 op=9086 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:27:54 -0800] conn=14994 op=9086 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=14994 op=9087 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:27:54 -0800] conn=14994 op=9087 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=14994 op=9088 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:27:54 -0800] conn=14994 op=9088 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=14994 op=9089 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:27:54 -0800] conn=14994 op=9089 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=7 op=36490 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:54 -0800] conn=7 op=36490 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=7 op=36491 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:54 -0800] conn=7 op=36491 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=7 op=36492 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:54 -0800] conn=7 op=36492 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=7 op=36493 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >> [18/Jan/2016:09:27:54 -0800] conn=7 op=36493 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38858 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38858 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38859 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38859 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38860 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38860 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38861 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38861 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38862 SRCH base="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38862 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38863 MOD dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38863 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22060000000f0000 >> [18/Jan/2016:09:27:54 -0800] conn=18696 fd=145 slot=145 connection from 10.21.0.98 to 10.178.0.98 >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38864 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38864 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38865 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38865 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38866 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38866 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38867 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38867 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38868 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38868 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=18696 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:54 -0800] conn=18696 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:54 -0800] conn=18696 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:54 -0800] conn=18696 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:54 -0800] conn=18696 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:54 -0800] conn=18696 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:54 -0800] conn=18696 op=3 SRCH base="cn=certificates,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaCertificate)(objectClass=pkiCA))" attrs="ipaKeyExtUsage cn ipaCertSubject ipaPublicKey cacertificate;binary ipaKeyTrust ipaCertIssuerSerial" >> [18/Jan/2016:09:27:54 -0800] conn=18696 op=3 RESULT err=0 tag=101 nentries=2 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=18696 op=4 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" >> [18/Jan/2016:09:27:54 -0800] conn=18696 op=4 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=18696 op=5 UNBIND >> [18/Jan/2016:09:27:54 -0800] conn=18696 op=5 fd=145 closed - U1 >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38869 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38869 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38870 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38870 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38871 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38871 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38872 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38872 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38873 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38873 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=3 op=82445 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:54 -0800] conn=3 op=82446 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:54 -0800] conn=3 op=82445 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82447 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82446 RESULT err=0 tag=101 nentries=1 etime=1 >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82447 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82448 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82448 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=13 op=56316 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:55 -0800] conn=13 op=56316 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=13 op=56317 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:55 -0800] conn=13 op=56317 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=13 op=56318 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:55 -0800] conn=13 op=56318 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=13 op=56319 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >> [18/Jan/2016:09:27:55 -0800] conn=13 op=56319 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36494 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36494 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=18697 fd=145 slot=145 connection from 10.21.5.248 to 10.178.0.98 >> [18/Jan/2016:09:27:55 -0800] conn=18697 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" >> [18/Jan/2016:09:27:55 -0800] conn=18697 op=0 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36495 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36495 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36496 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36496 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36497 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36497 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36498 SRCH base="cn=ad,cn=trusts,dc=mydomain,dc=net" scope=2 filter="(objectClass=ipaNTTrustedDomain)" attrs=ALL >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36499 SRCH base="dc=mydomain,dc=net" scope=2 filter="(objectClass=ipaNTDomainAttrs)" attrs="ipaNTFlatName ipaNTFallbackPrimaryGroup ipaNTSecurityIdentifier" >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36498 RESULT err=0 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36499 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36500 SRCH base="cn=Default SMB Group,cn=groups,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=posixGroup)" attrs="ipaNTSecurityIdentifier" >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36501 SRCH base="cn=ad,cn=trusts,dc=mydomain,dc=net" scope=2 filter="(objectClass=ipaNTTrustedDomain)" attrs="cn ipaNTTrustPartner ipaNTFlatName ipaNTTrustedDomainSID ipaNTSIDBlacklistIncoming ipaNTSIDBlacklistOutgoing" >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36500 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36501 RESULT err=0 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36502 SRCH base="krbprincipalname=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36502 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36503 SRCH base="cn=dc2-ipa-dev-nvan.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36503 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36504 MOD dn="krbprincipalname=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36504 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22070000000f0000 >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82449 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/fe1-gas-gasqa3-van.login.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/fe1-gas-gasqa3-van.login.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:55 -0800] conn=18698 fd=278 slot=278 connection from 10.178.0.98 to 10.178.0.98 >> [18/Jan/2016:09:27:55 -0800] conn=13 op=56320 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82449 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82450 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82450 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82451 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:55 -0800] conn=13 op=56320 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=13 op=56321 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82451 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82452 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82452 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=13 op=56321 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=13 op=56322 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:55 -0800] conn=13 op=56322 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=13 op=56323 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38874 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/fe1-gas-gasqa3-van.login.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/fe1-gas-gasqa3-van.login.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:55 -0800] conn=13 op=56323 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=13 op=56324 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:55 -0800] conn=13 op=56324 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38874 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38875 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38875 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38876 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38876 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38877 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38877 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38878 SRCH base="fqdn=fe1-gas-gasqa3-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38878 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38879 SRCH base="cn=fe1-gas-gasqa3-van.login.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38879 RESULT err=32 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38880 MOD dn="fqdn=fe1-gas-gasqa3-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=3 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=4 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=4 RESULT err=32 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=5 SRCH base="cn=computers,cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=ipaobject)(objectClass=nshost)(objectClass=ipahost)(objectClass=pkiuser)(objectClass=ipaservice))(serverHostName=dc2-ipa-dev-van.mydomain.net))" attrs="" >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=5 RESULT err=0 tag=101 nentries=0 etime=0 notes=U >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=6 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="macAddress memberofindirect description nsHardwarePlatform userCertificate ipaAllowedToPerform * l nsOsVersion fqdn managedBy ipaAssignedIDView memberOf krbPrincipalName nsHostLocation userClass aci" >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=6 RESULT err=32 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=7 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=7 RESULT err=32 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=8 SRCH base="cn=computers,cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=ipaobject)(objectClass=nshost)(objectClass=ipahost)(objectClass=pkiuser)(objectClass=ipaservice))(serverHostName=dc2-ipa-dev-van.mydomain.net))" attrs="" >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=8 RESULT err=0 tag=101 nentries=0 etime=0 notes=U >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=9 ADD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38880 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22070004000f0000 >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38881 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=9 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d22070008000f0000 >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38881 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38882 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=10 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="macAddress memberOf description nsHardwarePlatform objectClass ipaAllowedToPerform memberofindirect l nsOsVersion fqdn managedBy ipaAssignedIDView ipaUniqueID userCertificate krbPrincipalName nsHostLocation userClass" >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=10 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=11 SRCH base="dc=mydomain,dc=net" scope=2 filter="(|(member=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberUser=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberHost=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net))" attrs="" >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=11 RESULT err=0 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=12 SRCH base="cn=dns,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=12 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38882 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38883 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38883 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=13 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(userPassword=*)" attrs="userPassword" >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=13 RESULT err=0 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38884 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/fe1-gas-gasqa3-van.login.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38884 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=14 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(krbPrincipalKey=*)" attrs="krbPrincipalKey" >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=14 RESULT err=0 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38885 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38885 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=15 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaSshPubKey" >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=15 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=16 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaDefaultLoginShell ipaCertificateSubjectBase ipaUserSearchFields ipaSELinuxUserMapDefault ipaUserAuthType ipaDefaultPrimaryGroup ipaPwdExpAdvNotify ipaGroupSearchFields ipaDefaultEmailDomain ipaHomesRootDir ipaSearchTimeLimit ipaKrbAuthzData ipaMigrationEnabled ipaSearchRecordsLimit ipaConfigString ipaMaxUsernameLength ipaSELinuxUserMapOrder" >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=16 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=14994 op=9090 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:27:55 -0800] conn=14994 op=9090 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=18697 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:55 -0800] conn=18697 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:55 -0800] conn=14994 op=9091 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:27:55 -0800] conn=14994 op=9091 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=17 UNBIND >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=17 fd=278 closed - U1 >> [18/Jan/2016:09:27:55 -0800] conn=18697 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:55 -0800] conn=18697 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:55 -0800] conn=17562 op=144064 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:27:55 -0800] conn=17562 op=144064 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=18697 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:55 -0800] conn=18697 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=fe1-gas-gasqa3-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:55 -0800] conn=17562 op=144065 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:55 -0800] conn=18697 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2842)(!(entryusn=2842)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=fe1-gas-gasqa3-van.login.mydomain.net)(sudoHost=fe1-gas-gasqa3-van)(sudoHost=10.21.5.248)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:640b)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" >> [18/Jan/2016:09:27:55 -0800] conn=18697 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 >> [18/Jan/2016:09:27:55 -0800] conn=17562 op=144065 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7ac1000b00110000 >> [18/Jan/2016:09:27:55 -0800] conn=18699 fd=278 slot=278 connection from 10.21.0.98 to 10.178.0.98 >> [18/Jan/2016:09:27:55 -0800] conn=18699 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:55 -0800] conn=18699 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:55 -0800] conn=18699 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:55 -0800] conn=18699 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:55 -0800] conn=18699 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:55 -0800] conn=18699 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:55 -0800] conn=18699 op=3 EXT oid="2.16.840.1.113730.3.8.10.5" name="IPA Password Manager" >> [18/Jan/2016:09:27:55 -0800] conn=18699 op=3 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=18699 op=4 UNBIND >> [18/Jan/2016:09:27:55 -0800] conn=18699 op=4 fd=278 closed - U1 >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82453 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82453 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82454 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82454 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82455 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82455 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82456 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82456 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82457 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82457 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82458 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82458 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82459 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82459 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82460 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82460 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82461 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82461 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82462 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82462 RESULT err=32 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82463 MOD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82463 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22070012000f0000 >> [18/Jan/2016:09:27:55 -0800] conn=18695 op=4 UNBIND >> [18/Jan/2016:09:27:55 -0800] conn=18695 op=4 fd=144 closed - U1 >> [18/Jan/2016:09:27:56 -0800] conn=18683 op=7 UNBIND >> [18/Jan/2016:09:27:56 -0800] conn=18683 op=7 fd=277 closed - U1 >> [18/Jan/2016:09:27:56 -0800] conn=14994 op=9092 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:27:56 -0800] conn=14994 op=9092 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144066 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144066 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7c09001b00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144067 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144067 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7c09001c00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144068 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144068 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7da4000500110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144069 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144069 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7da4000600110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144070 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144070 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7ec8000e00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144071 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144071 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c804f000600110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144072 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144072 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c804f000700110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144073 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144073 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8169001900110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144074 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144074 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8169001a00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144075 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144075 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c82c6000600110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144076 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144076 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8416000800110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144077 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144077 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8416000900110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144078 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144078 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c854a000700110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144079 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144079 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c854a000800110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144080 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144080 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8696002500110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144081 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144081 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8696002600110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144082 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144082 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8833000d00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144083 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144083 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8833000e00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144084 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144084 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8964000f00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144085 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144085 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8ae4000600110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144086 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144086 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8c17000900110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144087 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144087 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8d72000500110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144088 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144088 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8ece000a00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144089 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144089 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9023001800110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144090 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144090 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9023001900110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144091 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144091 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9192001400110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144092 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144092 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9192001500110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144093 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144093 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c92e8000400110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144094 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144094 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9463000500110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144095 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144095 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c95c0000500110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144096 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144096 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c95c0000600110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144097 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144097 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c96de001100110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144098 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144098 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c989b000a00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144099 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144099 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c989b000b00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144100 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144100 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c99d4000c00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144101 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144101 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c99d4000d00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144102 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144102 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9b07000a00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144103 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144103 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9ca8000800110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144104 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144104 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9ca8000900110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144105 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144105 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9dca001500110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144106 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144106 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9f15001e00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144107 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144107 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9f15001f00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144108 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144108 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca0bf000a00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144109 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144109 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca0bf000b00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144110 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144110 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca21a000d00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144111 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144111 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca3a6001a00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144112 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144112 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca3a6001b00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144113 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144113 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca4f9000200110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144114 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144114 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca638001a00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144115 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144115 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca638001b00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144116 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144116 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca7b4000c00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144117 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144117 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca7b4000d00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144118 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144118 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca922000d00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144119 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144119 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca922000e00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144120 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144120 RESULT err=32 tag=103 nentries=0 etime=0 csn=569caa84000a00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144121 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144121 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cabf6000d00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144122 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144122 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cabf6000e00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144123 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144123 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cad23000800110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144124 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144124 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cae86001100110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144125 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144125 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cae86001200110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144126 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144126 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb02b000e00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144127 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144127 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb02b000f00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144128 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144128 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb19e000600110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144129 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144129 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb302000800110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144130 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144130 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb463000400110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144131 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144131 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb5b6002300110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144132 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144132 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb733000d00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144133 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144133 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb733000e00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144134 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144134 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb8a4000600110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144135 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144135 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cba11000900110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144136 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144136 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cba11000a00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144137 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144137 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbb52001a00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144138 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144138 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbcc4001c00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144139 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144139 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbcc4001d00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144140 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144140 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbe3a000f00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144141 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144141 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbfa9000500110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144142 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144142 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc10e001000110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144143 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144143 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc10e001100110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144144 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144144 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc240001e00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144145 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144145 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc3a0001000110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144146 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144146 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc3a0001100110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144147 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144147 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc543000d00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144148 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144148 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc6a5000f00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144149 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144149 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc6a5001000110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144150 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144150 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc80d001000110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144151 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144151 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc943000800110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144152 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144152 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cca94000e00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144153 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144153 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccc35001000110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144154 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144154 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccc35001100110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144155 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144155 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccd8a000600110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144156 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144156 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccec0000c00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144157 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144157 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccec0000d00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144158 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144158 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd040000700110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144159 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144159 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd040000800110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144160 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144160 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd185001200110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144161 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144161 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd33d000700110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144162 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144162 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd493000400110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144163 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144163 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd5ed000d00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144164 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144164 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd749000900110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144165 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144165 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd893000500110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144166 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144166 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cda30001600110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144167 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144167 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cda30001700110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144168 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144168 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdb92000a00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144169 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144169 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdcdc000500110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144170 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144170 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cde51000a00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144171 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144171 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdfab000f00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144172 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144172 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce157000700110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144173 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144173 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce2f5001000110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144174 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144174 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce2f5001100110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144175 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144175 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce42d000900110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144176 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144176 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce585000f00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144177 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144177 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce6cf003500110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144178 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144178 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce6cf003600110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144179 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144179 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce860000900110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144180 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144180 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce9ce000900110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144181 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144181 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ceaf9002400110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144182 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144182 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cec51002100110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144183 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144183 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cedb6000900110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144184 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144184 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cedb6000a00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144185 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144185 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cef2a000500110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144186 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144186 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf0af000800110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144187 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144187 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf1cc000c00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144188 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144188 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf1cc000d00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144189 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144189 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf359002000110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144190 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144190 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf4b4000700110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144191 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144191 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf4b4000800110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144192 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144192 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf625000a00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144193 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144193 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf625000b00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144194 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144194 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf7ba000500110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144195 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144195 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf8d4000a00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144196 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144196 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfa64001d00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144197 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144197 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfbb2000800110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144198 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144198 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfd39000700110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144199 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144199 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfed1000a00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144200 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144200 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cffea001000110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144201 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144201 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d018b000600110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144202 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144202 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d02cf001c00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144203 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144203 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d02cf001d00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144204 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144204 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0489001300110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144205 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144205 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d061e000a00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144206 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144206 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0792000200110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144207 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144207 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d092f001500110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144208 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144208 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d092f001600110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144209 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144209 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0a69000800110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144210 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144210 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0c05001200110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144211 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144211 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0d5b001600110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144212 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144212 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0f13000f00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144213 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144213 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0f13001000110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144214 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144214 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1087000b00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144215 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144215 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d121d000500110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144216 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144216 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d13a4001200110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144217 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144217 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d14d5000500110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144218 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144218 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1693000300110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144219 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144219 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d17c4000c00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144220 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144220 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d17c4000d00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144221 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144221 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d194d000900110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144222 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144222 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1add000400110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144223 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144223 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1bef000500110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144224 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144224 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1d9b000500110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144225 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144225 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1edb000900110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144226 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144226 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d206f000600110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144227 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144227 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d21f1000a00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144228 MOD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144228 RESULT err=0 tag=103 nentries=0 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144229 MOD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144229 RESULT err=0 tag=103 nentries=0 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=18700 fd=144 slot=144 connection from 10.178.0.98 to 10.178.0.98 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82464 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82464 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82465 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82465 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82466 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82466 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82467 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82467 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82468 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82468 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82469 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82469 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82470 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82470 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82471 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82471 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82472 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82472 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82473 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82473 RESULT err=32 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=18700 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:57 -0800] conn=18700 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:57 -0800] conn=18700 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:57 -0800] conn=18700 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:57 -0800] conn=18700 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:57 -0800] conn=18700 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=18700 op=3 UNBIND >> [18/Jan/2016:09:27:57 -0800] conn=18700 op=3 fd=144 closed - U1 >> [18/Jan/2016:09:27:57 -0800] conn=18701 fd=144 slot=144 connection from 10.178.0.98 to 10.178.0.98 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82474 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82474 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82475 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82475 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82476 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82476 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82477 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82477 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82478 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82478 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82479 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82479 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82480 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82480 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82481 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82481 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82482 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82482 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82483 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82483 RESULT err=32 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=18701 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:57 -0800] conn=18701 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:57 -0800] conn=18701 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:57 -0800] conn=18701 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:57 -0800] conn=18701 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:57 -0800] conn=18701 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=18701 op=3 UNBIND >> [18/Jan/2016:09:27:57 -0800] conn=18701 op=3 fd=144 closed - U1 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144230 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144230 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144231 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144231 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=18702 fd=144 slot=144 connection from 10.178.0.98 to 10.178.0.98 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82484 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144232 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144232 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7ac1000b00110000 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82484 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82485 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82485 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82486 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82486 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82487 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82487 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82488 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82488 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82489 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82489 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82490 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82490 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82491 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82491 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82492 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82492 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82493 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82493 RESULT err=32 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=18702 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:57 -0800] conn=18702 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:57 -0800] conn=18702 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:57 -0800] conn=18702 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:57 -0800] conn=18702 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:57 -0800] conn=18702 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=18702 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:27:57 -0800] conn=18702 op=3 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=18702 op=4 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=CA))" attrs=ALL >> [18/Jan/2016:09:27:57 -0800] conn=18702 op=4 RESULT err=0 tag=101 nentries=3 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=18702 op=5 UNBIND >> [18/Jan/2016:09:27:57 -0800] conn=18702 op=5 fd=144 closed - U1 >> [18/Jan/2016:09:27:57 -0800] conn=18703 fd=144 slot=144 connection from 10.21.0.98 to 10.178.0.98 >> [18/Jan/2016:09:27:57 -0800] conn=18703 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:57 -0800] conn=18703 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:57 -0800] conn=18703 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:57 -0800] conn=18703 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:57 -0800] conn=18703 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:57 -0800] conn=18703 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=18703 op=3 SRCH base="cn=certificates,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaCertificate)(objectClass=pkiCA))" attrs="ipaKeyExtUsage cn ipaCertSubject ipaPublicKey cacertificate;binary ipaKeyTrust ipaCertIssuerSerial" >> [18/Jan/2016:09:27:57 -0800] conn=18703 op=3 RESULT err=0 tag=101 nentries=2 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=18703 op=4 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" >> [18/Jan/2016:09:27:57 -0800] conn=18703 op=4 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=18513 op=5 UNBIND >> [18/Jan/2016:09:27:57 -0800] conn=18513 op=5 fd=153 closed - U1 >> [18/Jan/2016:09:27:57 -0800] conn=18704 fd=153 slot=153 connection from 10.178.59.236 to 10.178.0.98 >> [18/Jan/2016:09:27:57 -0800] conn=18704 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" >> [18/Jan/2016:09:27:57 -0800] conn=18704 op=0 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38886 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/hadoop1-mc-mcci1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/hadoop1-mc-mcci1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38886 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38887 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38887 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38888 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38888 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38889 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38889 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38890 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/hadoop1-mc-mcci1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/hadoop1-mc-mcci1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:57 -0800] conn=18703 op=5 UNBIND >> [18/Jan/2016:09:27:57 -0800] conn=18703 op=5 fd=144 closed - U1 >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38890 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38891 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38891 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38892 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38892 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38893 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38893 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38894 SRCH base="fqdn=hadoop1-mc-mcci1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38894 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38895 SRCH base="cn=hadoop1-mc-mcci1-nvan.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38895 RESULT err=32 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38896 MOD dn="fqdn=hadoop1-mc-mcci1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38896 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2209000e000f0000 >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38897 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:58 -0800] conn=6 op=38897 RESULT err=0 tag=101 nentries=1 etime=1 >> [18/Jan/2016:09:27:58 -0800] conn=6 op=38898 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:58 -0800] conn=6 op=38898 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:58 -0800] conn=6 op=38899 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:58 -0800] conn=6 op=38899 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:58 -0800] conn=6 op=38900 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/hadoop1-mc-mcci1-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:58 -0800] conn=6 op=38901 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:58 -0800] conn=6 op=38901 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:58 -0800] conn=6 op=38900 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:58 -0800] conn=18704 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:58 -0800] conn=18704 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:58 -0800] conn=18704 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:58 -0800] conn=18704 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:58 -0800] conn=18704 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:58 -0800] conn=18704 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=hadoop1-mc-mcci1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:58 -0800] conn=18704 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2)(!(entryusn=2)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=hadoop1-mc-mcci1-nvan.mydomain.net)(sudoHost=hadoop1-mc-mcci1-nvan)(sudoHost=10.178.59.236)(sudoHost=10.178.0.0/16)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" >> [18/Jan/2016:09:27:58 -0800] conn=18704 op=4 RESULT err=0 tag=101 nentries=7 etime=0 notes=P pr_idx=0 >> [18/Jan/2016:09:27:59 -0800] conn=18705 fd=144 slot=144 connection from 10.21.42.41 to 10.178.0.98 >> [18/Jan/2016:09:27:59 -0800] conn=18705 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" >> [18/Jan/2016:09:27:59 -0800] conn=18705 op=0 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38902 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/relay-sf-int-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/relay-sf-int-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38902 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38903 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38903 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38904 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38904 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38905 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38905 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=18706 fd=277 slot=277 connection from 10.21.0.98 to 10.178.0.98 >> [18/Jan/2016:09:27:59 -0800] conn=18706 op=-1 fd=277 closed - B1 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38906 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/relay-sf-int-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/relay-sf-int-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38906 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38907 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38907 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38908 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38908 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38909 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144233 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38909 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144233 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7c09001b00110000 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38910 SRCH base="fqdn=relay-sf-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38910 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38911 SRCH base="cn=relay-sf-int-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144234 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144234 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7c09001c00110000 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38911 RESULT err=32 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38912 MOD dn="fqdn=relay-sf-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144235 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38912 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b0000000f0000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144235 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7da4000500110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144236 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144236 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7da4000600110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144237 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144237 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7ec8000e00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144238 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144238 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c804f000600110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144239 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144239 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c804f000700110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144240 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144240 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8169001900110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144241 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144241 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8169001a00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144242 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144242 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c82c6000600110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144243 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144243 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8416000800110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144244 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144244 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8416000900110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144245 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144245 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c854a000700110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144246 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144246 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c854a000800110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144247 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144247 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8696002500110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144248 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144248 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8696002600110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144249 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144249 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8833000d00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144250 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144250 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8833000e00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144251 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144251 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8964000f00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144252 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144252 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8ae4000600110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144253 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144253 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8c17000900110000 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38913 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144254 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144254 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8d72000500110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144255 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144255 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8ece000a00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144256 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144256 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9023001800110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144257 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144257 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9023001900110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144258 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144258 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9192001400110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144259 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144259 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9192001500110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144260 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144260 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c92e8000400110000 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38913 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38914 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144261 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144261 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9463000500110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144262 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144262 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c95c0000500110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144263 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144263 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c95c0000600110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144264 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144264 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c96de001100110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144265 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144265 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c989b000a00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144266 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144266 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c989b000b00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144267 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144267 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c99d4000c00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144268 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144268 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c99d4000d00110000 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38914 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38915 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38915 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38916 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/relay-sf-int-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144269 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144269 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9b07000a00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144270 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144270 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9ca8000800110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144271 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144271 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9ca8000900110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144272 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144272 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9dca001500110000 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38916 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38917 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38917 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144273 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144273 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9f15001e00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144274 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144274 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9f15001f00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144275 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144275 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca0bf000a00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144276 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144276 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca0bf000b00110000 >> [18/Jan/2016:09:27:59 -0800] conn=18705 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144277 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144277 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca21a000d00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144278 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144278 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca3a6001a00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144279 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144279 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca3a6001b00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144280 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144280 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca4f9000200110000 >> [18/Jan/2016:09:27:59 -0800] conn=18705 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144281 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144281 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca638001a00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144282 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144282 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca638001b00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144283 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144283 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca7b4000c00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144284 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144284 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca7b4000d00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144285 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144285 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca922000d00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144286 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=3 op=82494 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:59 -0800] conn=18705 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:59 -0800] conn=18705 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144286 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca922000e00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144287 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144287 RESULT err=32 tag=103 nentries=0 etime=0 csn=569caa84000a00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144288 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144288 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cabf6000d00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144289 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144289 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cabf6000e00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144290 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144290 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cad23000800110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144291 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144291 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cae86001100110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144292 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144292 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cae86001200110000 >> [18/Jan/2016:09:27:59 -0800] conn=18705 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144293 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=3 op=82494 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144293 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb02b000e00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144294 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=18705 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=relay-sf-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144294 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb02b000f00110000 >> [18/Jan/2016:09:27:59 -0800] conn=3 op=82495 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=DNS/dc1-ipa-dev-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=DNS/dc1-ipa-dev-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144295 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=18705 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2842)(!(entryusn=2842)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=relay-sf-int-van.mydomain.net)(sudoHost=relay-sf-int-van)(sudoHost=10.21.42.41)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fea8:8002)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" >> [18/Jan/2016:09:27:59 -0800] conn=18705 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 >> [18/Jan/2016:09:27:59 -0800] conn=3 op=82495 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=3 op=82496 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:59 -0800] conn=3 op=82496 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=3 op=82497 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:59 -0800] conn=3 op=82497 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=3 op=82498 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:59 -0800] conn=3 op=82498 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144295 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb19e000600110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144296 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144296 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb302000800110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144297 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144297 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb463000400110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144298 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144298 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb5b6002300110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144299 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144299 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb733000d00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144300 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144300 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb733000e00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144301 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144301 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb8a4000600110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144302 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144302 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cba11000900110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144303 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144303 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cba11000a00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144304 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144304 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbb52001a00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144305 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144305 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbcc4001c00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144306 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144306 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbcc4001d00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144307 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144307 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbe3a000f00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144308 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144308 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbfa9000500110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144309 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144309 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc10e001000110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144310 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144310 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc10e001100110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144311 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144311 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc240001e00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144312 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144312 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc3a0001000110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144313 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144313 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc3a0001100110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144314 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144314 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc543000d00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144315 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144315 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc6a5000f00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144316 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144316 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc6a5001000110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144317 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144317 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc80d001000110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144318 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144318 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc943000800110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144319 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144319 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cca94000e00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144320 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144320 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccc35001000110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144321 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144321 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccc35001100110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144322 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144322 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccd8a000600110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144323 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144323 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccec0000c00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144324 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144324 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccec0000d00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144325 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144325 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd040000700110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144326 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144326 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd040000800110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144327 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144327 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd185001200110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144328 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144328 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd33d000700110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144329 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144329 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd493000400110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144330 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144330 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd5ed000d00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144331 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144331 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd749000900110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144332 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144332 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd893000500110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144333 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144333 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cda30001600110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144334 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144334 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cda30001700110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144335 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144335 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdb92000a00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144336 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144336 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdcdc000500110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144337 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144337 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cde51000a00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144338 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144338 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdfab000f00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144339 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144339 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce157000700110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144340 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144340 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce2f5001000110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144341 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144341 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce2f5001100110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144342 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144342 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce42d000900110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144343 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144343 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce585000f00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144344 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144344 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce6cf003500110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144345 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144345 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce6cf003600110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144346 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144346 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce860000900110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144347 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144347 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce9ce000900110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144348 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144348 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ceaf9002400110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144349 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144349 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cec51002100110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144350 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144350 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cedb6000900110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144351 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144351 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cedb6000a00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144352 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144352 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cef2a000500110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144353 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144353 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf0af000800110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144354 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144354 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf1cc000c00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144355 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144355 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf1cc000d00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144356 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144356 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf359002000110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144357 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144357 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf4b4000700110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144358 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144358 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf4b4000800110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144359 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144359 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf625000a00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144360 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144360 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf625000b00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144361 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144361 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf7ba000500110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144362 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144362 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf8d4000a00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144363 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144363 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfa64001d00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144364 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144364 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfbb2000800110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144365 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144365 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfd39000700110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144366 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144366 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfed1000a00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144367 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144367 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cffea001000110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144368 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144368 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d018b000600110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144369 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144369 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d02cf001c00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144370 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144370 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d02cf001d00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144371 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144371 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0489001300110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144372 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144372 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d061e000a00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144373 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144373 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0792000200110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144374 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144374 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d092f001500110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144375 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144375 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d092f001600110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144376 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144376 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0a69000800110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144377 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144377 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0c05001200110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144378 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144378 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0d5b001600110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144379 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144379 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0f13000f00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144380 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144380 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0f13001000110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144381 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144381 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1087000b00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144382 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144382 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d121d000500110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144383 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144383 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d13a4001200110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144384 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144384 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d14d5000500110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144385 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144385 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1693000300110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144386 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144386 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d17c4000c00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144387 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144387 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d17c4000d00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144388 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144388 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d194d000900110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144389 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144389 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1add000400110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144390 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144390 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1bef000500110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144391 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144391 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1d9b000500110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144392 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144392 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1edb000900110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144393 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144393 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d206f000600110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144394 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144394 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d21f1000a00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144395 ADD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144395 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d220b000500110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144396 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144396 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000600110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144397 MOD dn="idnsname=0.21.10.in-addr.arpa.,cn=dns,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144397 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000700110000 >> [18/Jan/2016:09:27:59 -0800] conn=18707 fd=277 slot=277 connection from 10.178.0.98 to 10.178.0.98 >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56325 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56325 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56326 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56326 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56327 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56327 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56328 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56328 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56329 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56329 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56330 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56330 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56331 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56331 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56332 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56332 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56333 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56333 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56334 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56334 RESULT err=32 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=3 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=4 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=4 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=5 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass" >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=5 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=6 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass ipaSshPubKey" >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=6 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=7 MOD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=7 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000c000f0000 >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=8 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="macAddress memberOf ipaSshPubKey description nsHardwarePlatform ipaAllowedToPerform memberofindirect l nsOsVersion fqdn managedBy ipaAssignedIDView userCertificate krbPrincipalName nsHostLocation userClass" >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=8 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=9 SRCH base="dc=mydomain,dc=net" scope=2 filter="(|(member=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberUser=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberHost=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net))" attrs="" >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=9 RESULT err=0 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=10 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(userPassword=*)" attrs="userPassword" >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=10 RESULT err=0 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=11 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(krbPrincipalKey=*)" attrs="krbPrincipalKey" >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=11 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=12 UNBIND >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=12 fd=277 closed - U1 >> [18/Jan/2016:09:27:59 -0800] conn=14994 op=9093 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:27:59 -0800] conn=14994 op=9093 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144398 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144398 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=273 op=207 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144399 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144399 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=273 op=207 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000e000f0000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144400 ADD dn="idnsName=98,idnsname=0.21.10.in-addr.arpa.,cn=dns,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144400 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d220b000800110000 >> [18/Jan/2016:09:27:59 -0800] conn=273 op=208 MOD dn="idnsname=0.21.10.in-addr.arpa.,cn=dns,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=273 op=208 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000f000f0000 >> [18/Jan/2016:09:28:01 -0800] conn=7882 op=1362 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf nsUniqueId modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock" >> [18/Jan/2016:09:28:01 -0800] conn=7882 op=1362 RESULT err=0 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:28:01 -0800] conn=7882 op=1363 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf nsUniqueId modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock" >> [18/Jan/2016:09:28:01 -0800] conn=7882 op=1363 RESULT err=0 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144401 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144401 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000f00110000 >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144402 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:01 -0800] conn=273 op=209 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144402 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001000110000 >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144403 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:01 -0800] conn=273 op=209 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d0002000f0000 >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144403 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001100110000 >> [18/Jan/2016:09:28:01 -0800] conn=273 op=210 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144404 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:01 -0800] conn=273 op=210 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d0004000f0000 >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144404 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001200110000 >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144405 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:01 -0800] conn=273 op=211 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144405 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001300110000 >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144406 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:01 -0800] conn=273 op=211 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d0006000f0000 >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144406 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001400110000 >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144407 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:01 -0800] conn=273 op=212 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144407 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001500110000 >> [18/Jan/2016:09:28:01 -0800] conn=273 op=212 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d0009000f0000 >> [18/Jan/2016:09:28:01 -0800] conn=273 op=213 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:01 -0800] conn=273 op=213 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d000b000f0000 >> [18/Jan/2016:09:28:01 -0800] conn=273 op=214 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:01 -0800] conn=273 op=214 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d000d000f0000 >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144408 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144408 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144409 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144409 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144410 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144410 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9094 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9094 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9095 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9095 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9096 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9096 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9097 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9097 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9098 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9098 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9099 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9099 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9100 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9100 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9101 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9101 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9102 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9102 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9103 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9103 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9104 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9104 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9105 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9105 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9106 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9106 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9107 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9107 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9108 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9108 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9109 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9109 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9110 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9110 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9111 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9111 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9112 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9112 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9113 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9113 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144411 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144411 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144412 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144412 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144413 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144413 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144414 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144414 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=18708 fd=277 slot=277 connection from 10.21.20.251 to 10.178.0.98 >> [18/Jan/2016:09:28:04 -0800] conn=18708 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" >> [18/Jan/2016:09:28:04 -0800] conn=18708 op=0 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=7 op=36505 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/spool2-ops-flex-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/spool2-ops-flex-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:04 -0800] conn=7 op=36505 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=7 op=36506 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:04 -0800] conn=7 op=36506 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=7 op=36507 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:04 -0800] conn=7 op=36507 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=7 op=36508 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >> [18/Jan/2016:09:28:04 -0800] conn=7 op=36508 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82499 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/spool2-ops-flex-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/spool2-ops-flex-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82499 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82500 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82500 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82501 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82501 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82502 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82502 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82503 SRCH base="fqdn=spool2-ops-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82503 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82504 SRCH base="cn=spool2-ops-flex-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82504 RESULT err=32 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82505 MOD dn="fqdn=spool2-ops-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82505 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22100000000f0000 >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82506 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82506 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82507 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82507 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82508 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82508 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82509 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/spool2-ops-flex-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82509 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82510 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82510 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=18708 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:04 -0800] conn=18708 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:04 -0800] conn=18708 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:04 -0800] conn=18708 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:04 -0800] conn=18708 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:04 -0800] conn=18708 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=spool2-ops-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:04 -0800] conn=18708 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2842)(!(entryusn=2842)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=spool2-ops-flex-van.mydomain.net)(sudoHost=spool2-ops-flex-van)(sudoHost=10.21.20.251)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:769c)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" >> [18/Jan/2016:09:28:04 -0800] conn=18708 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 >> [18/Jan/2016:09:28:04 -0800] conn=14994 op=9114 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:04 -0800] conn=14994 op=9114 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=14994 op=9115 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:04 -0800] conn=14994 op=9115 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144415 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144415 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144416 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144416 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144417 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144417 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144418 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144418 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:05 -0800] conn=17562 op=144419 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:05 -0800] conn=17562 op=144419 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:05 -0800] conn=17562 op=144420 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:05 -0800] conn=17562 op=144420 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:05 -0800] conn=17562 op=144421 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:05 -0800] conn=17562 op=144421 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:05 -0800] conn=17562 op=144422 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:05 -0800] conn=17562 op=144422 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:05 -0800] conn=18709 fd=278 slot=278 SSL connection from 10.21.0.98 to 10.178.0.98 >> [18/Jan/2016:09:28:05 -0800] conn=18709 TLS1.2 128-bit AES >> [18/Jan/2016:09:28:05 -0800] conn=18709 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:05 -0800] conn=18709 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:05 -0800] conn=18709 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:05 -0800] conn=18709 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:05 -0800] conn=18709 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:05 -0800] conn=18709 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:05 -0800] conn=18710 fd=279 slot=279 SSL connection from 10.21.0.98 to 10.178.0.98 >> [18/Jan/2016:09:28:05 -0800] conn=18710 TLS1.2 128-bit AES >> [18/Jan/2016:09:28:05 -0800] conn=18710 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:05 -0800] conn=18710 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:05 -0800] conn=18710 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:05 -0800] conn=18710 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:05 -0800] conn=18710 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:05 -0800] conn=18710 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:05 -0800] conn=18709 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:06 -0800] conn=18709 op=3 RESULT err=0 tag=101 nentries=1 etime=1 >> [18/Jan/2016:09:28:06 -0800] conn=18709 op=4 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" >> [18/Jan/2016:09:28:06 -0800] conn=18709 op=4 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:06 -0800] conn=18709 op=5 SRCH base="cn=Domain Level,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaDomainLevel" >> [18/Jan/2016:09:28:06 -0800] conn=18709 op=5 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:06 -0800] conn=18709 op=6 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" >> [18/Jan/2016:09:28:06 -0800] conn=18709 op=6 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:06 -0800] conn=18709 op=7 SRCH base="cn=hostgroups,cn=accounts,dc=mydomain,dc=net" scope=1 filter="(&(&(&(objectClass=ipaobject)(objectClass=ipahostgroup))(cn=ipaservers))(member=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net))" attrs="cn memberOf memberofindirect member memberindirect description" >> [18/Jan/2016:09:28:06 -0800] conn=18709 op=7 RESULT err=0 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:28:06 -0800] conn=18709 op=8 UNBIND >> [18/Jan/2016:09:28:06 -0800] conn=18709 op=8 fd=278 closed - U1 >> [18/Jan/2016:09:28:06 -0800] conn=18711 fd=278 slot=278 SSL connection from 10.21.0.98 to 10.178.0.98 >> [18/Jan/2016:09:28:06 -0800] conn=18711 TLS1.2 128-bit AES >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=3 SRCH base="cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="memberofindirect cn memberOf * member memberindirect description aci" >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=3 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=4 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=4 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=5 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(member=*)(memberOf=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net))" attrs="member" >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=5 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=6 SRCH base="dc=mydomain,dc=net" scope=2 filter="(|(member=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net)(memberUser=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net)(memberHost=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net))" attrs="" >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=6 RESULT err=0 tag=101 nentries=2 etime=0 >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=7 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=krbPrincipalAux)(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs=ALL >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=7 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=8 SRCH base="cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="cosPriority * nsAccountLock aci" >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=8 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=9 SRCH base="cn=ipaservers,cn=ng,cn=alt,dc=mydomain,dc=net" scope=0 filter="(objectClass=mepmanagedentry)" attrs="" >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=9 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=10 UNBIND >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=10 fd=278 closed - U1 >> [18/Jan/2016:09:28:06 -0800] conn=18712 fd=278 slot=278 SSL connection from 10.21.0.98 to 10.178.0.98 >> [18/Jan/2016:09:28:06 -0800] conn=18712 TLS1.2 128-bit AES >> [18/Jan/2016:09:28:06 -0800] conn=18712 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:06 -0800] conn=18515 op=6 UNBIND >> [18/Jan/2016:09:28:06 -0800] conn=18515 op=6 fd=166 closed - U1 >> [18/Jan/2016:09:28:06 -0800] conn=18712 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:06 -0800] conn=18712 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:06 -0800] conn=18712 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:06 -0800] conn=18712 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:06 -0800] conn=18712 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:06 -0800] conn=18712 op=3 SRCH base="cn=meTodc2-ipa-dev-van.mydomain.net,cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" scope=0 filter="(objectClass=*)" attrs="* aci" >> [18/Jan/2016:09:28:06 -0800] conn=18712 op=3 RESULT err=32 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:28:06 -0800] conn=18712 op=4 SRCH base="cn=replication managers,cn=sysaccounts,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:06 -0800] conn=18712 op=4 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:06 -0800] conn=18712 op=5 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" >> [18/Jan/2016:09:28:06 -0800] conn=18712 op=5 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=18712 op=6 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=DNS))" attrs=ALL >> [18/Jan/2016:09:28:07 -0800] conn=18712 op=6 RESULT err=0 tag=101 nentries=3 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=18712 op=7 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(ipaConfigString=enabledService)(cn=CA))" attrs=ALL >> [18/Jan/2016:09:28:07 -0800] conn=18712 op=7 RESULT err=0 tag=101 nentries=3 etime=0 notes=U >> [18/Jan/2016:09:28:07 -0800] conn=18712 op=8 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(ipaConfigString=enabledService)(cn=KRA))" attrs=ALL >> [18/Jan/2016:09:28:07 -0800] conn=18712 op=8 RESULT err=0 tag=101 nentries=0 etime=0 notes=U >> [18/Jan/2016:09:28:07 -0800] conn=18710 op=3 UNBIND >> [18/Jan/2016:09:28:07 -0800] conn=18710 op=3 fd=279 closed - U1 >> [18/Jan/2016:09:28:07 -0800] conn=18712 op=9 UNBIND >> [18/Jan/2016:09:28:07 -0800] conn=18712 op=9 fd=278 closed - U1 >> [18/Jan/2016:09:28:07 -0800] conn=18713 fd=166 slot=166 connection from 10.178.0.98 to 10.178.0.98 >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82511 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82511 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82512 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82512 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82513 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82513 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82514 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82514 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82515 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82515 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82516 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82516 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82517 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82517 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82518 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82518 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82519 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82519 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82520 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82520 RESULT err=32 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=18713 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:07 -0800] conn=18713 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:07 -0800] conn=18713 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:07 -0800] conn=18713 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:07 -0800] conn=18713 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:07 -0800] conn=18713 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:07 -0800] conn=18713 op=3 UNBIND >> [18/Jan/2016:09:28:07 -0800] conn=18713 op=3 fd=166 closed - U1 >> [18/Jan/2016:09:28:07 -0800] conn=18714 fd=166 slot=166 connection from 10.178.0.98 to 10.178.0.98 >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36509 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36509 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36510 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36510 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36511 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36511 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36512 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36512 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36513 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36513 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36514 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36514 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36515 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36515 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36516 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36516 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36517 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36517 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36518 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36518 RESULT err=32 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=18714 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:07 -0800] conn=18714 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:07 -0800] conn=18714 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:07 -0800] conn=18714 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:07 -0800] conn=18714 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:07 -0800] conn=18714 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:07 -0800] conn=18714 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:07 -0800] conn=18714 op=3 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=18714 op=4 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=DNS))" attrs=ALL >> [18/Jan/2016:09:28:07 -0800] conn=18714 op=4 RESULT err=0 tag=101 nentries=3 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=18714 op=5 UNBIND >> [18/Jan/2016:09:28:07 -0800] conn=18714 op=5 fd=166 closed - U1 >> [18/Jan/2016:09:28:07 -0800] conn=18715 fd=166 slot=166 connection from 10.21.0.98 to 10.178.0.98 >> [18/Jan/2016:09:28:07 -0800] conn=18715 op=-1 fd=166 closed - B1 >> [18/Jan/2016:09:28:07 -0800] conn=18716 fd=166 slot=166 SSL connection from 10.21.0.98 to 10.178.0.98 >> [18/Jan/2016:09:28:07 -0800] conn=18716 op=-1 fd=166 closed - Encountered end of file. >> [18/Jan/2016:09:28:07 -0800] conn=14994 op=9116 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:07 -0800] conn=14994 op=9116 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=14994 op=9117 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:07 -0800] conn=14994 op=9117 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:09 -0800] conn=18516 op=9 UNBIND >> [18/Jan/2016:09:28:09 -0800] conn=18516 op=9 fd=168 closed - U1 >> [18/Jan/2016:09:28:09 -0800] conn=18717 fd=166 slot=166 connection from 10.178.0.98 to 10.178.0.98 >> [18/Jan/2016:09:28:09 -0800] conn=13 op=56335 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:09 -0800] conn=13 op=56335 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:09 -0800] conn=13 op=56336 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:09 -0800] conn=13 op=56336 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:09 -0800] conn=13 op=56337 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:09 -0800] conn=13 op=56337 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:09 -0800] conn=13 op=56338 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:09 -0800] conn=13 op=56338 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:09 -0800] conn=13 op=56339 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:09 -0800] conn=13 op=56339 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:09 -0800] conn=13 op=56340 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" >> [18/Jan/2016:09:28:09 -0800] conn=13 op=56340 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:09 -0800] conn=13 op=56341 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:09 -0800] conn=13 op=56341 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:09 -0800] conn=13 op=56342 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:09 -0800] conn=13 op=56342 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:09 -0800] conn=13 op=56343 SRCH base="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:28:09 -0800] conn=13 op=56343 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:09 -0800] conn=18717 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:09 -0800] conn=18717 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:09 -0800] conn=18717 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:09 -0800] conn=18717 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:09 -0800] conn=18717 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:09 -0800] conn=18717 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:09 -0800] conn=18717 op=3 UNBIND >> [18/Jan/2016:09:28:09 -0800] conn=18717 op=3 fd=166 closed - U1 >> [18/Jan/2016:09:28:10 -0800] conn=18718 fd=166 slot=166 connection from 10.178.0.98 to 10.178.0.98 >> [18/Jan/2016:09:28:10 -0800] conn=13 op=56344 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:10 -0800] conn=13 op=56344 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=13 op=56345 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:10 -0800] conn=13 op=56345 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=13 op=56346 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:10 -0800] conn=13 op=56346 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=13 op=56347 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:10 -0800] conn=13 op=56347 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=13 op=56348 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:10 -0800] conn=13 op=56348 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=13 op=56349 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" >> [18/Jan/2016:09:28:10 -0800] conn=13 op=56349 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=13 op=56350 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:10 -0800] conn=13 op=56350 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=13 op=56351 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:10 -0800] conn=13 op=56351 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=13 op=56352 SRCH base="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:28:10 -0800] conn=13 op=56352 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=18718 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:10 -0800] conn=18718 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:10 -0800] conn=18718 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:10 -0800] conn=18718 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:10 -0800] conn=18718 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:10 -0800] conn=18718 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:10 -0800] conn=18718 op=3 UNBIND >> [18/Jan/2016:09:28:10 -0800] conn=18718 op=3 fd=166 closed - U1 >> [18/Jan/2016:09:28:10 -0800] conn=18719 fd=166 slot=166 connection from 10.178.0.98 to 10.178.0.98 >> [18/Jan/2016:09:28:10 -0800] conn=3 op=82521 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:10 -0800] conn=3 op=82521 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=3 op=82522 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:10 -0800] conn=3 op=82522 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=3 op=82523 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:10 -0800] conn=3 op=82523 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=3 op=82524 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:10 -0800] conn=3 op=82524 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=3 op=82525 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:10 -0800] conn=3 op=82525 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=3 op=82526 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" >> [18/Jan/2016:09:28:10 -0800] conn=3 op=82526 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=3 op=82527 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:10 -0800] conn=3 op=82527 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=3 op=82528 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:10 -0800] conn=3 op=82528 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=3 op=82529 SRCH base="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:28:10 -0800] conn=3 op=82529 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=18719 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:10 -0800] conn=18719 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:10 -0800] conn=18719 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:10 -0800] conn=18719 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:10 -0800] conn=18719 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:10 -0800] conn=18719 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:10 -0800] conn=18719 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:10 -0800] conn=18719 op=3 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=18719 op=4 SRCH base="cn=dc2-ipa-dev-nvan.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" >> [18/Jan/2016:09:28:10 -0800] conn=18719 op=4 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=18719 op=5 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(memberOf=cn=Replication Administrators,cn=privileges,cn=pbac,dc=mydomain,dc=net)(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs=ALL >> [18/Jan/2016:09:28:10 -0800] conn=18719 op=5 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:11 -0800] conn=18719 op=6 UNBIND >> [18/Jan/2016:09:28:11 -0800] conn=18719 op=6 fd=166 closed - U1 >> [18/Jan/2016:09:28:11 -0800] conn=17562 op=144423 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:11 -0800] conn=17562 op=144423 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:11 -0800] conn=17562 op=144424 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:11 -0800] conn=17562 op=144424 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:11 -0800] conn=17562 op=144425 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:11 -0800] conn=17562 op=144425 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:11 -0800] conn=17562 op=144426 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:11 -0800] conn=17562 op=144426 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:12 -0800] conn=18720 fd=166 slot=166 SSL connection from 10.21.0.98 to 10.178.0.98 >> [18/Jan/2016:09:28:12 -0800] conn=18720 TLS1.2 128-bit AES >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=3 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=3 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=4 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=4 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=5 MOD dn="cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=5 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22180003000f0000 >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=6 SRCH base="cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="cn memberOf memberofindirect member memberindirect description" >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=6 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=7 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" >> [18/Jan/2016:09:28:12 -0800] conn=14994 op=9118 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:12 -0800] conn=14994 op=9118 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:12 -0800] conn=14994 op=9119 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:12 -0800] conn=14994 op=9119 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:12 -0800] conn=14994 op=9120 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:12 -0800] conn=14994 op=9120 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:12 -0800] conn=14994 op=9121 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:12 -0800] conn=14994 op=9121 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:12 -0800] conn=17562 op=144427 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:12 -0800] conn=17562 op=144427 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:12 -0800] conn=17562 op=144428 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:12 -0800] conn=17562 op=144428 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:12 -0800] conn=17562 op=144429 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:12 -0800] conn=17562 op=144429 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:12 -0800] conn=17562 op=144430 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:12 -0800] conn=17562 op=144430 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=7 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=8 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(member=*)(memberOf=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net))" attrs="member" >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=8 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=9 SRCH base="dc=mydomain,dc=net" scope=2 filter="(|(member=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net)(memberUser=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net)(memberHost=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net))" attrs="" >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=9 RESULT err=0 tag=101 nentries=2 etime=0 >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=10 SRCH base="cn=ipaservers,cn=ng,cn=alt,dc=mydomain,dc=net" scope=0 filter="(objectClass=mepmanagedentry)" attrs="" >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=10 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=11 UNBIND >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=11 fd=166 closed - U1 >> [18/Jan/2016:09:28:13 -0800] conn=14994 op=9122 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:13 -0800] conn=14994 op=9122 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:13 -0800] conn=14994 op=9123 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:13 -0800] conn=14994 op=9123 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:13 -0800] conn=18721 fd=166 slot=166 connection from 10.21.0.98 to 10.178.0.98 >> [18/Jan/2016:09:28:13 -0800] conn=18721 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:13 -0800] conn=18721 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:13 -0800] conn=18721 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:13 -0800] conn=18721 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:13 -0800] conn=18721 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:13 -0800] conn=18721 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:13 -0800] conn=18721 op=3 SRCH base="cn=cacert,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(cacertificate;binary=*)" attrs="cacertificate;binary" >> [18/Jan/2016:09:28:13 -0800] conn=18721 op=3 RESULT err=0 tag=101 nentries=1 etime=0 notes=U >> [18/Jan/2016:09:28:13 -0800] conn=18721 op=-1 fd=166 closed - B1 >> [18/Jan/2016:09:28:15 -0800] conn=18722 fd=166 slot=166 connection from 10.21.31.31 to 10.178.0.98 >> [18/Jan/2016:09:28:15 -0800] conn=18722 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" >> [18/Jan/2016:09:28:15 -0800] conn=18722 op=0 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56353 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/fe1-gas-salqa1-van.login.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/fe1-gas-salqa1-van.login.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56353 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56354 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56354 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56355 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56355 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56356 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56356 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56357 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/fe1-gas-salqa1-van.login.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/fe1-gas-salqa1-van.login.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56357 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56358 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56358 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56359 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56359 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56360 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56360 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56361 SRCH base="fqdn=fe1-gas-salqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56361 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56362 SRCH base="cn=fe1-gas-salqa1-van.login.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56362 RESULT err=32 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56363 MOD dn="fqdn=fe1-gas-salqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56363 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d221b0000000f0000 >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56364 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56364 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56365 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56365 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56366 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56366 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56367 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/fe1-gas-salqa1-van.login.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56367 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56368 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56368 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:15 -0800] conn=18722 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:15 -0800] conn=18722 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:15 -0800] conn=18722 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:15 -0800] conn=18722 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:15 -0800] conn=18722 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:15 -0800] conn=18722 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=fe1-gas-salqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:15 -0800] conn=18722 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2842)(!(entryusn=2842)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=fe1-gas-salqa1-van.login.mydomain.net)(sudoHost=fe1-gas-salqa1-van)(sudoHost=10.21.31.31)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:3fd2)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" >> [18/Jan/2016:09:28:15 -0800] conn=18722 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 >> [18/Jan/2016:09:28:16 -0800] conn=18723 fd=168 slot=168 connection from 10.21.23.93 to 10.178.0.98 >> [18/Jan/2016:09:28:16 -0800] conn=18723 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" >> [18/Jan/2016:09:28:16 -0800] conn=18723 op=0 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82530 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/collector2-sal-cpqa1-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/collector2-sal-cpqa1-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82530 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82531 SRCH base="cn=ipaConfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaConfigString ipaKrbAuthzData ipaUserAuthType" >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82531 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82532 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82532 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82533 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82533 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82534 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82534 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:16 -0800] conn=13 op=56369 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/collector2-sal-cpqa1-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/collector2-sal-cpqa1-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:16 -0800] conn=13 op=56369 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:16 -0800] conn=13 op=56370 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:16 -0800] conn=13 op=56370 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:16 -0800] conn=13 op=56371 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:16 -0800] conn=13 op=56371 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:16 -0800] conn=13 op=56372 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >> [18/Jan/2016:09:28:16 -0800] conn=13 op=56372 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:16 -0800] conn=13 op=56373 SRCH base="fqdn=collector2-sal-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:28:16 -0800] conn=13 op=56373 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:16 -0800] conn=13 op=56374 SRCH base="cn=collector2-sal-cpqa1-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:16 -0800] conn=13 op=56374 RESULT err=32 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:28:16 -0800] conn=13 op=56375 MOD dn="fqdn=collector2-sal-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:16 -0800] conn=13 op=56375 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d221c0000000f0000 >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82535 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82535 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82536 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82536 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82537 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82537 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82538 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/collector2-sal-cpqa1-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82538 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82539 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82539 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:16 -0800] conn=18723 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:16 -0800] conn=18723 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:16 -0800] conn=18723 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:16 -0800] conn=18723 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:16 -0800] conn=18723 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:16 -0800] conn=18723 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=collector2-sal-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:16 -0800] conn=18723 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2842)(!(entryusn=2842)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=collector2-sal-cpqa1-van.mydomain.net)(sudoHost=collector2-sal-cpqa1-van)(sudoHost=10.21.23.93)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:6b78)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" >> [18/Jan/2016:09:28:16 -0800] conn=18723 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 >> [18/Jan/2016:09:28:17 -0800] conn=14994 op=9124 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:17 -0800] conn=14994 op=9124 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:17 -0800] conn=14994 op=9125 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:17 -0800] conn=14994 op=9125 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:17 -0800] conn=14994 op=9126 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:17 -0800] conn=14994 op=9126 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:17 -0800] conn=14994 op=9127 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:17 -0800] conn=14994 op=9127 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:17 -0800] conn=17562 op=144431 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:17 -0800] conn=17562 op=144431 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:17 -0800] conn=17562 op=144432 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:17 -0800] conn=17562 op=144432 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:17 -0800] conn=17562 op=144433 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:17 -0800] conn=17562 op=144433 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:17 -0800] conn=17562 op=144434 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:17 -0800] conn=17562 op=144434 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:17 -0800] conn=18724 fd=278 slot=278 connection from 10.21.5.241 to 10.178.0.98 >> [18/Jan/2016:09:28:17 -0800] conn=18724 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" >> [18/Jan/2016:09:28:17 -0800] conn=18724 op=0 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:17 -0800] conn=18724 op=1 UNBIND >> [18/Jan/2016:09:28:17 -0800] conn=18724 op=1 fd=278 closed - U1 >> [18/Jan/2016:09:28:17 -0800] conn=18725 fd=278 slot=278 connection from 10.21.5.241 to 10.178.0.98 >> [18/Jan/2016:09:28:17 -0800] conn=18725 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" >> [18/Jan/2016:09:28:17 -0800] conn=18725 op=0 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:18 -0800] conn=14994 op=9128 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:18 -0800] conn=14994 op=9128 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:18 -0800] conn=14994 op=9129 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:18 -0800] conn=14994 op=9129 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:18 -0800] conn=18725 op=1 UNBIND >> [18/Jan/2016:09:28:18 -0800] conn=18725 op=1 fd=278 closed - U1 >> [18/Jan/2016:09:28:18 -0800] conn=14994 op=9130 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:18 -0800] conn=14994 op=9130 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:18 -0800] conn=14994 op=9131 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:18 -0800] conn=14994 op=9131 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:21 -0800] conn=15599 op=565 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(gidNumber=10002)(objectClass=posixGroup)(cn=*)(&(gidNumber=*)(!(gidNumber=0))))" attrs="objectClass cn userPassword gidNumber member nsUniqueId modifyTimestamp entryusn" >> [18/Jan/2016:09:28:21 -0800] conn=15599 op=565 RESULT err=0 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:28:21 -0800] conn=17562 op=144435 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:21 -0800] conn=17562 op=144435 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:21 -0800] conn=17562 op=144436 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:21 -0800] conn=17562 op=144436 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:21 -0800] conn=17562 op=144437 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:21 -0800] conn=17562 op=144437 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:21 -0800] conn=17562 op=144438 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:21 -0800] conn=17562 op=144438 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9132 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9132 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9133 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9133 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9134 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9134 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9135 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9135 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=18726 fd=278 slot=278 connection from 10.178.0.98 to 10.178.0.98 >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56376 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56376 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56377 SRCH base="cn=ipaConfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaConfigString ipaKrbAuthzData ipaUserAuthType" >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56377 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56378 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56378 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56379 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56379 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56380 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56380 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56381 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56381 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56382 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56382 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56383 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56383 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56384 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56384 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56385 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56385 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56386 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56386 RESULT err=32 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=18726 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:22 -0800] conn=18726 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:22 -0800] conn=18726 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:22 -0800] conn=18726 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:22 -0800] conn=18726 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:22 -0800] conn=18726 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:22 -0800] conn=18726 op=3 UNBIND >> [18/Jan/2016:09:28:22 -0800] conn=18726 op=3 fd=278 closed - U1 >> [18/Jan/2016:09:28:22 -0800] conn=18727 fd=278 slot=278 connection from 10.178.0.98 to 10.178.0.98 >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82540 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82540 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82541 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82541 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82542 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82542 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82543 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82543 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82544 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82544 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82545 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82545 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82546 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82546 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82547 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82547 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82548 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82548 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82549 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82549 RESULT err=32 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=3 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=4 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=4 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=5 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="macAddress memberOf description nsHardwarePlatform ipaAllowedToPerform memberofindirect l nsOsVersion fqdn managedBy ipaAssignedIDView userCertificate krbPrincipalName nsHostLocation userClass" >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=5 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=6 SRCH base="dc=mydomain,dc=net" scope=2 filter="(|(member=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberUser=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberHost=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net))" attrs="" >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=6 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=7 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(userPassword=*)" attrs="userPassword" >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=7 RESULT err=0 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=8 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(krbPrincipalKey=*)" attrs="krbPrincipalKey" >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=8 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=9 SRCH base="cn=ipaservers,cn=ng,cn=alt,dc=mydomain,dc=net" scope=0 filter="(objectClass=mepmanagedentry)" attrs="" >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=9 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=10 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaSshPubKey" >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=10 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=11 ADD dn="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=11 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d22220006000f0000 >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=12 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="memberOf ipaKrbAuthzData objectClass userCertificate managedBy ipaUniqueID ipaAllowedToPerform krbPrincipalName" >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=12 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=13 UNBIND >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=13 fd=278 closed - U1 >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9136 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9136 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9137 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9137 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=17562 op=144439 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:22 -0800] conn=17562 op=144439 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=17562 op=144440 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:22 -0800] conn=17562 op=144440 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=18728 fd=278 slot=278 connection from 10.21.0.98 to 10.178.0.98 >> [18/Jan/2016:09:28:22 -0800] conn=18728 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:22 -0800] conn=18728 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:22 -0800] conn=18728 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:22 -0800] conn=18728 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:22 -0800] conn=18728 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:22 -0800] conn=18728 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:22 -0800] conn=18728 op=3 EXT oid="2.16.840.1.113730.3.8.10.5" name="IPA Password Manager" >> [18/Jan/2016:09:28:22 -0800] conn=18728 op=3 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=18728 op=4 UNBIND >> [18/Jan/2016:09:28:22 -0800] conn=18728 op=4 fd=278 closed - U1 >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9138 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9138 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9139 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9139 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9140 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9140 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9141 MOD dn="cn=repl keep alive 16,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9141 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2222000e00100000 >> [18/Jan/2016:09:28:23 -0800] conn=18729 fd=278 slot=278 connection from 10.178.0.98 to 10.178.0.98 >> [18/Jan/2016:09:28:23 -0800] conn=7 op=36519 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:23 -0800] conn=7 op=36519 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=7 op=36520 SRCH base="cn=ipaConfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaConfigString ipaKrbAuthzData ipaUserAuthType" >> [18/Jan/2016:09:28:23 -0800] conn=7 op=36520 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=7 op=36521 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:23 -0800] conn=7 op=36521 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=7 op=36522 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:23 -0800] conn=7 op=36522 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=7 op=36523 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:23 -0800] conn=7 op=36523 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=7 op=36524 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:23 -0800] conn=7 op=36524 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=3 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=4 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=CA))" attrs=ALL >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=4 RESULT err=0 tag=101 nentries=3 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=5 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=krbPrincipalAux)(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs=ALL >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=5 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=6 SRCH base="cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass" >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=6 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=7 SRCH base="cn=caacls,cn=ca,dc=mydomain,dc=net" scope=1 filter="(&(objectClass=ipaassociation)(objectClass=ipacaacl))" attrs="serviceCategory cn ipaMemberCertProfile ipaMemberCa ipaCertProfileCategory memberUser userCategory hostCategory memberHost ipaEnabledFlag ipaCaCategory memberService description" >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=7 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=8 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaKrbAuthzData userCertificate ipaAllowedToPerform * managedBy memberOf krbPrincipalName aci" >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=8 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=9 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(krbPrincipalKey=*)" attrs="krbPrincipalKey" >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=9 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=10 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=krbPrincipalAux)(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs=ALL >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=10 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=11 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="userCertificate" >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=11 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=67 op=539 SRCH base="cn=7,ou=certificateRepository,ou=ca,o=ipaca" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:23 -0800] conn=67 op=539 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=217 op=10 SRCH base="ou=People,o=ipaca" scope=2 filter="(description=2;7;CN=Certificate Authority,O=MYDOMAIN.NET;CN=IPA RA,O=MYDOMAIN.NET)" attrs=ALL >> [18/Jan/2016:09:28:23 -0800] conn=217 op=10 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=217 op=11 SRCH base="cn=Registration Manager Agents,ou=groups,o=ipaca" scope=0 filter="(uniqueMember=uid=ipara,ou=people,o=ipaca)" attrs="cn" >> [18/Jan/2016:09:28:23 -0800] conn=217 op=11 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=67 op=540 ADD dn="cn=99990009,ou=ca,ou=requests,o=ipaca" >> [18/Jan/2016:09:28:23 -0800] conn=67 op=540 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d2323000004470000 >> [18/Jan/2016:09:28:23 -0800] conn=67 op=541 ADD dn="cn=2684289033,ou=certificateRepository,ou=ca,o=ipaca" >> [18/Jan/2016:09:28:23 -0800] conn=67 op=541 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d2323000104470000 >> [18/Jan/2016:09:28:23 -0800] conn=67 op=542 MOD dn="cn=99990009,ou=ca,ou=requests,o=ipaca" >> [18/Jan/2016:09:28:23 -0800] conn=17562 op=144441 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:23 -0800] conn=17562 op=144441 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=67 op=542 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2323000304470000 >> [18/Jan/2016:09:28:23 -0800] conn=67 op=543 SRCH base="cn=99990009,ou=ca,ou=requests,o=ipaca" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:23 -0800] conn=67 op=543 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=67 op=544 MOD dn="ou=ca,ou=requests,o=ipaca" >> [18/Jan/2016:09:28:23 -0800] conn=18730 fd=281 slot=281 connection from 10.178.0.99 to 10.178.0.98 >> [18/Jan/2016:09:28:23 -0800] conn=67 op=544 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2323000504470000 >> [18/Jan/2016:09:28:23 -0800] conn=18730 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=12 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=CA))" attrs=ALL >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=12 RESULT err=0 tag=101 nentries=3 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18730 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=13 SRCH base="cn=caIPAserviceCert,cn=certprofiles,cn=ca,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="cn ipaCertProfileStoreIssued description" >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=13 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=14 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="userCertificate" >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=14 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18731 fd=282 slot=282 connection from 10.21.0.99 to 10.178.0.98 >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=15 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=CA))" attrs=ALL >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=15 RESULT err=0 tag=101 nentries=3 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18731 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=16 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=CA))" attrs=ALL >> [18/Jan/2016:09:28:23 -0800] conn=18731 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=16 RESULT err=0 tag=101 nentries=3 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=17 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="userCertificate" >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=17 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18731 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:23 -0800] conn=18731 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=18 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="userCertificate" >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=18 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=19 MOD dn="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:23 -0800] conn=18731 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:23 -0800] conn=18731 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="krbprincipalname=ldap/dc1-ipa-dev-van.mydomain.net at mydomain.net,cn=services,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=19 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22230001000f0000 >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=20 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaKrbAuthzData userCertificate ipaAllowedToPerform managedBy memberOf krbPrincipalName" >> [18/Jan/2016:09:28:23 -0800] conn=18731 op=3 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension" >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=20 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18731 op=3 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18731 op=4 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension" >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=21 UNBIND >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=21 fd=278 closed - U1 >> [18/Jan/2016:09:28:23 -0800] conn=18731 op=4 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18731 op=5 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:23 -0800] conn=18731 op=5 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18731 op=6 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:23 -0800] conn=18731 op=6 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:27 -0800] conn=17562 op=144442 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:27 -0800] conn=17562 op=144442 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:28 -0800] conn=18730 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:28 -0800] conn=18730 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:28 -0800] conn=18730 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:28 -0800] conn=18730 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="krbprincipalname=ldap/dc1-ipa-dev-nvan.mydomain.net at mydomain.net,cn=services,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:28 -0800] conn=18730 op=3 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension" >> [18/Jan/2016:09:28:28 -0800] conn=18730 op=3 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:28 -0800] conn=18730 op=4 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension" >> [18/Jan/2016:09:28:28 -0800] conn=18730 op=4 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:28 -0800] conn=18730 op=5 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:28 -0800] conn=18730 op=5 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:28 -0800] conn=18730 op=6 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:28 -0800] conn=18730 op=6 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:28 -0800] conn=14994 op=9142 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:28 -0800] conn=14994 op=9142 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:28 -0800] conn=14994 op=9143 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:28 -0800] conn=14994 op=9143 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:28 -0800] conn=14994 op=9144 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:28 -0800] conn=14994 op=9144 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:29 -0800] conn=17562 op=144443 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:29 -0800] conn=17562 op=144443 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:29 -0800] conn=17562 op=144444 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:29 -0800] conn=17562 op=144444 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:30 -0800] conn=18656 op=5 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2842)(!(entryusn=2842)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=spool1-googleapps-flex-van.mydomain.net)(sudoHost=spool1-googleapps-flex-van)(sudoHost=10.21.32.201)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:2c30)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" >> [18/Jan/2016:09:28:30 -0800] conn=18656 op=5 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 >> [18/Jan/2016:09:28:30 -0800] conn=18519 op=5 UNBIND >> [18/Jan/2016:09:28:30 -0800] conn=18519 op=5 fd=77 closed - U1 >> [18/Jan/2016:09:28:32 -0800] conn=18732 fd=77 slot=77 connection from 10.21.0.98 to 10.178.0.98 >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=3 SRCH base="cn=replication,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=3 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=4 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=4 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:32 -0800] conn=17562 op=144445 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:32 -0800] conn=17562 op=144445 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:32 -0800] conn=17562 op=144446 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:32 -0800] conn=17562 op=144446 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:32 -0800] conn=17562 op=144447 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:32 -0800] conn=17562 op=144447 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:32 -0800] conn=17562 op=144448 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:32 -0800] conn=17562 op=144448 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=5 MOD dn="cn=replication,cn=etc,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=5 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d222c0007000f0000 >> [18/Jan/2016:09:28:32 -0800] conn=14994 op=9145 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:32 -0800] conn=14994 op=9145 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:32 -0800] conn=14994 op=9146 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:32 -0800] conn=14994 op=9146 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:32 -0800] conn=17562 op=144449 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:32 -0800] conn=17562 op=144449 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:32 -0800] conn=17562 op=144450 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:32 -0800] conn=17562 op=144450 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:33 -0800] conn=18732 op=6 SRCH base="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:33 -0800] conn=18732 op=6 RESULT err=0 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:28:33 -0800] conn=18732 op=7 SRCH base="cn=replication,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:33 -0800] conn=18732 op=7 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:33 -0800] conn=18732 op=8 MOD dn="cn=replication,cn=etc,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:33 -0800] conn=18732 op=8 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d222d0000000f0000 >> [18/Jan/2016:09:28:33 -0800] conn=18732 op=9 SRCH base="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:33 -0800] conn=18732 op=9 RESULT err=0 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 ADD dn="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" >> [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 RESULT err=68 tag=105 nentries=0 etime=0 >> [18/Jan/2016:09:28:33 -0800] conn=18732 op=11 UNBIND >> [18/Jan/2016:09:28:33 -0800] conn=18732 op=11 fd=77 closed - U1 >> [18/Jan/2016:09:28:33 -0800] conn=18733 fd=77 slot=77 connection from 10.178.6.56 to 10.178.0.98 >> [18/Jan/2016:09:28:33 -0800] conn=18733 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" >> [18/Jan/2016:09:28:33 -0800] conn=18733 op=0 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:33 -0800] conn=3 op=82550 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:33 -0800] conn=3 op=82550 RESULT err=0 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:28:33 -0800] conn=18733 op=1 UNBIND >> [18/Jan/2016:09:28:33 -0800] conn=18733 op=1 fd=77 closed - U1 >> [18/Jan/2016:09:28:33 -0800] conn=18734 fd=77 slot=77 connection from 10.178.6.56 to 10.178.0.98 >> [18/Jan/2016:09:28:33 -0800] conn=18734 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" >> [18/Jan/2016:09:28:33 -0800] conn=18734 op=0 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:33 -0800] conn=7 op=36525 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:33 -0800] conn=7 op=36525 RESULT err=0 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:28:33 -0800] conn=18734 op=1 UNBIND >> [18/Jan/2016:09:28:33 -0800] conn=18734 op=1 fd=77 closed - U1 >> [18/Jan/2016:09:28:33 -0800] conn=7 op=36526 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:33 -0800] conn=7 op=36526 RESULT err=0 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:28:33 -0800] conn=18735 fd=77 slot=77 connection from 10.178.6.56 to 10.178.0.98 >> [18/Jan/2016:09:28:33 -0800] conn=18735 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" >> [18/Jan/2016:09:28:33 -0800] conn=18735 op=0 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:33 -0800] conn=7 op=36527 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:33 -0800] conn=7 op=36527 RESULT err=0 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:28:33 -0800] conn=18735 op=1 UNBIND >> [18/Jan/2016:09:28:33 -0800] conn=18735 op=1 fd=77 closed - U1 >> [18/Jan/2016:09:28:34 -0800] conn=14994 op=9147 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:34 -0800] conn=14994 op=9147 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:34 -0800] conn=14994 op=9148 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:34 -0800] conn=17562 op=144451 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:34 -0800] conn=17562 op=144451 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:34 -0800] conn=14994 op=9148 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:36 -0800] conn=18520 op=5 UNBIND >> >> -----Original Message----- >> From: Petr Vobornik [mailto:pvoborni at redhat.com] >> Sent: January-18-16 10:30 AM >> To: Nathan Peters; Rob Crittenden; freeipa-users at redhat.com >> Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists >> >> On 01/18/2016 07:10 PM, Nathan Peters wrote: >>> This is FreeIPA 4.3.0. There is no master generating the prepare file (unless its still handled in the background invisibly to the user). >> Right. But the replica installer picks some server as a master. >> >> Ipa-replica-install is run directly from an unjoined client (or joined >> client, I have tried both). >>> However, after tracking the logs of all 3 existing IPA servers during the attempted installation, the CA master appears to be the one doing something. Here are the logs for that time period. Note that there is no "err=68" anywhere in here: >> Are all 3 existing server functioning well, e.g with working replication? >> >> Could you check `ipa server-find` if there is no left-over server - e.g. >> failed installation. >> >> Could be check also in `ipa-replica-manage list` if there is some >> leftover, please remove it with `ipa-replica-manage del $FQDN` command. >> >> Wrt the logs. I did not meant that but Rob was right. The installer >> tries to update "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping >> tree,cn=config" entry on both master and the replica. If the entry does >> not exist, the installer also creates it. >> >> On replica it behaves correctly: >> >> [18/Jan/2016:09:28:32 -0800] conn=2 op=8 SRCH >> base="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" >> scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:32 -0800] conn=2 op=8 RESULT err=0 tag=101 nentries=1 >> etime=0 >> [18/Jan/2016:09:28:32 -0800] conn=2 op=9 MOD >> dn="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" >> [18/Jan/2016:09:28:32 -0800] conn=2 op=9 RESULT err=0 tag=103 nentries=0 >> etime=0 >> >> It would be good to see the same log from a master which it tries to use >> in installation. - In 4.3 the server is picked automatically. >> >> I don't see any searches for >> "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" in >> the logs below which makes me wonder, what server the installer tries to >> use as a master. >> >> Could be find out, e.g. by: >> $ cat /var/log/ipareplica-install.log | grep "Forwarding 'service_add'" >> >> From three18ti at gmail.com Tue Jan 19 18:34:21 2016 From: three18ti at gmail.com (Jon) Date: Tue, 19 Jan 2016 12:34:21 -0600 Subject: [Freeipa-users] Fwd: Creating Trusts with AD - (RH#878168, FIPA#3266) In-Reply-To: References: Message-ID: Hello, While following the guide on setting up FreeIPA with AD , I got to the step where I'm adding the AD trust to FreeIPA but I receive an error: >> Active Directory domain administrator's password: >> ipa: ERROR: CIFS server communication error: code "-1073741801", >> message "Memory allocation error" (both may be "None") Thinking that the error was what was stated (my VM at the time only had 1GB of ram), I shutdown my VM (memory hot add was not enabled in VMware, it is now), bumped the RAM to 4GB, and booted the VM. Upon running the same command after reboot I received an error: >> ipa: ERROR: did not receive Kerberos credentials kinit admin is also reporting an error: >> kinit: Cannot contact any KDC for realm 'myrealm' while getting initial credentials trying to start FreeIPA in debug mode identified the samba service as at fault. >> Jan 19 10:19:50 myfreeipaserver smbd[3676]: kerberos error: code=-1765328203, message=Keytab contains no suitable keys for cifs/ myfreeipaserver at SUB.DOMAIN.MYDOMAIN.COM >> Jan 19 10:19:51 myfreeipaserver smbd[3676]: [2016/01/19 10:19:51.261648, 0] ipa_sam.c:4520(pdb_init_ipasam) >> Jan 19 10:19:51 myfreeipaserver smbd[3676]: Failed to get base DN. >> Jan 19 10:19:51 myfreeipaserver smbd[3676]: [2016/01/19 10:19:51.262675, 0] ../source3/passdb/pdb_interface.c:179(make_pdb_method_name) >> Jan 19 10:19:51 myfreeipaserver smbd[3676]: pdb backend ipasam:ldapi://%2fvar%2frun%2fslapd-SUB-DOMAIN-MYDOMAIN-COM.socket did not correctly init (error was NT_STATUS_UNSUCCESSFUL) Googling for these errors turned up a few similar threads but none of the solutions seemed to work and all signs pointed to AD integration as the culprit... So I did what any good sysadmin would do and forced freeipa to start while ignoring any failures. Every service except samba starts without issue. So I tried my trust connection again, and received the same error, >> Active Directory domain administrator's password: >> ipa: ERROR: CIFS server communication error: code "-1073741801", >> message "Memory allocation error" (both may be "None") Which brought me to googling two bug reports opened on this exact issue: >> https://bugzilla.redhat.com/show_bug.cgi?id=878168 >> https://fedorahosted.org/freeipa/ticket/3266 Both of these bug reports indicate there's an upstream bug in Samba, the bug has been closed and reopened at least once. I did add the AD servers to /etc/hosts and rebooted the server. I have to go through the same process of forcing freeipa to start after the server rebooted... However, I received the same error message. While the bug report is currently closed, I seem to be experiencing the same issues... Given this bug report, can you please answer me these questions three: 1) Given the issues with Samba starting after reboot, is this bug report actually what's wrong or is the error message when trying to create a trust a red herring and it's actually samba that's the problem? 2) Does this bug report mean that trusts between FreeIPA and AD are broken and can not be established until the upstream bug in Samba is fixed? 3) Is there a workaround? (as adding the domain controllers to /etc/hosts with IPv4 address does not appear to work) System Stats: - AD Server: Win2k8R2 - FreeIPA server: >> CentOS Linux release 7.2.1511 (Core) >> # uname -a >> Linux myserver 3.10.0-327.4.4.el7.x86_64 #1 SMP Tue Jan 5 16:07:00 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux >> # rpm -qa | grep ipa >> python-libipa_hbac-1.13.0-40.el7_2.1.x86_64 >> ipa-server-4.2.0-15.el7.centos.3.x86_64 >> ipa-server-dns-4.2.0-15.el7.centos.3.x86_64 >> python-iniparse-0.4-9.el7.noarch >> libipa_hbac-1.13.0-40.el7_2.1.x86_64 >> sssd-ipa-1.13.0-40.el7_2.1.x86_64 >> ipa-python-4.2.0-15.el7.centos.3.x86_64 >> ipa-client-4.2.0-15.el7.centos.3.x86_64 >> ipa-server-trust-ad-4.2.0-15.el7.centos.3.x86_64 >> ipa-admintools-4.2.0-15.el7.centos.3.x86_64 I appreciate any help. I've been trying to get FreeIPA going for a couple of weeks now and have run into nothing but frustrations. The funny thing is, I've never had a problem deploying FreeIPA by itself... Microsoft seems to be the common denominator in my hair pulling lately... Correlation does not equal causation... but it sure is a coincidence... :) Thanks for your time! Best Regards, Jon A -------------- next part -------------- An HTML attachment was scrubbed... URL: From Nathan.Peters at globalrelay.net Tue Jan 19 19:25:47 2016 From: Nathan.Peters at globalrelay.net (Nathan Peters) Date: Tue, 19 Jan 2016 19:25:47 +0000 Subject: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists In-Reply-To: <569E687D.5040006@redhat.com> References: <569CB899.9040603@redhat.com> <569CCB5D.8040400@redhat.com> <569D27C4.10602@redhat.com> <569D2F2F.6080806@redhat.com> <569DF522.4090505@redhat.com> <569E687D.5040006@redhat.com> Message-ID: Yes, I uninstall and re-install the server and client every time the installation fails because it won't let me attempt a reinstall with them installed. Here is what that looks like. Now its not even getting to the part where I was getting the err=68 before... Nothing strange in /etc/openldap/ldap.conf ========================================== [root at dc2-ipa-dev-van etc]# cat /etc/openldap/ldap.conf # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. #BASE dc=example,dc=com #URI ldap://ldap.example.com ldap://ldap-master.example.com:666 #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never TLS_CACERTDIR /etc/openldap/certs # Turning this off breaks GSSAPI used with krb5 when rdns = false SASL_NOCANON on No IPA packages installed ========================= [root at dc2-ipa-dev-van etc]# yum list installed | grep "ipa" Yum command has been deprecated, redirecting to '/usr/bin/dnf list installed'. See 'man dnf' and 'man yum2dnf' for more information. To transfer transaction metadata from yum to DNF, run: 'dnf install python-dnf-plugins-extras-migrate && dnf-2 migrate' device-mapper-multipath.x86_64 0.4.9-80.fc23 @anaconda device-mapper-multipath-libs.x86_64 0.4.9-80.fc23 @anaconda python3-iniparse.noarch 0.4-16.fc23 @anaconda Now install IPA packages ======================== [root at dc2-ipa-dev-van etc]# yum reinstall freeipa-server Yum command has been deprecated, redirecting to '/usr/bin/dnf reinstall freeipa-server'. See 'man dnf' and 'man yum2dnf' for more information. To transfer transaction metadata from yum to DNF, run: 'dnf install python-dnf-plugins-extras-migrate && dnf-2 migrate' .... snipped for readability .... xmlstreambuffer.noarch 1.5.4-2.fc23 xsom.noarch 0-14.20110809svn.fc23 Complete! Install IPA replica fails ========================= [root at dc2-ipa-dev-van etc]# ipa-replica-install --mkhomedir --setup-ca --setup-dns --no-forwarders --principal nathan.peters -w Configuring client side components Discovery was successful! Client hostname: dc2-ipa-dev-van.dev-mydomain.net Realm: DEV-mydomain.NET DNS Domain: dev-mydomain.net IPA Server: dc2-ipa-dev-nvan.dev-mydomain.net BaseDN: dc=dev-mydomain,dc=net Synchronizing time with KDC... Attempting to sync time using ntpd. Will timeout after 15 seconds Successfully retrieved CA cert Subject: CN=Certificate Authority,O=DEV-mydomain.NET Issuer: CN=Certificate Authority,O=DEV-mydomain.NET Valid From: Wed Mar 25 18:48:27 2015 UTC Valid Until: Sun Mar 25 18:48:27 2035 UTC Subject: CN=Certificate Authority,O=DEV-mydomain.NET Issuer: CN=Certificate Authority,O=DEV-mydomain.NET Valid From: Wed Mar 25 18:48:27 2015 UTC Valid Until: Sun Mar 25 18:48:27 2035 UTC Joining realm failed: Host is already joined. Use --force-join option to override the host entry on the server and force client enrollment. Installation failed. Rolling back changes. IPA client is not configured on this system. Removing client side components IPA client is not configured on this system. ipa.ipapython.install.cli.install_tool(Replica): ERROR Configuration of client side components failed! ipa.ipapython.install.cli.install_tool(Replica): ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information IPA client install fails ======================== [root at dc2-ipa-dev-van etc]# ipa-client-install --mkhomedir --enable-dns-updates Using existing certificate '/etc/ipa/ca.crt'. Discovery was successful! Client hostname: dc2-ipa-dev-van.dev-mydomain.net Realm: DEV-mydomain.NET DNS Domain: dev-mydomain.net IPA Server: dc1-ipa-dev-nvan.dev-mydomain.net BaseDN: dc=dev-mydomain,dc=net Continue to configure the system with these values? [no]: yes Synchronizing time with KDC... Attempting to sync time using ntpd. Will timeout after 15 seconds User authorized to enroll computers: nathan.peters Password for nathan.peters at DEV-mydomain.NET: Joining realm failed: Host is already joined. Use --force-join option to override the host entry on the server and force client enrollment. Installation failed. Rolling back changes. IPA client is not configured on this system. IPA client install succeeds with --force-join ============================================= [root at dc2-ipa-dev-van etc]# ipa-client-install --mkhomedir --enable-dns-updates --force-join Using existing certificate '/etc/ipa/ca.crt'. Discovery was successful! Client hostname: dc2-ipa-dev-van.dev-mydomain.net Realm: DEV-mydomain.NET DNS Domain: dev-mydomain.net IPA Server: dc1-ipa-dev-van.dev-mydomain.net BaseDN: dc=dev-mydomain,dc=net Continue to configure the system with these values? [no]: yes Synchronizing time with KDC... Attempting to sync time using ntpd. Will timeout after 15 seconds User authorized to enroll computers: nathan.peters Password for nathan.peters at DEV-mydomain.NET: Enrolled in IPA realm DEV-mydomain.NET Created /etc/ipa/default.conf New SSSD config will be created Configured sudoers in /etc/nsswitch.conf Configured /etc/sssd/sssd.conf Configured /etc/krb5.conf for IPA realm DEV-mydomain.NET trying https://dc1-ipa-dev-van.dev-mydomain.net/ipa/json Forwarding 'ping' to json server 'https://dc1-ipa-dev-van.dev-mydomain.net/ipa/json' Forwarding 'ca_is_enabled' to json server 'https://dc1-ipa-dev-van.dev-mydomain.net/ipa/json' Systemwide CA database updated. Added CA certificates to the default NSS database. Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub Forwarding 'host_mod' to json server 'https://dc1-ipa-dev-van.dev-mydomain.net/ipa/json' SSSD enabled Configured /etc/openldap/ldap.conf NTP enabled Configured /etc/ssh/ssh_config Configured /etc/ssh/sshd_config Configuring dev-mydomain.net as NIS domain. Client configuration complete. Now we can finally try ipa-replica-install and it fails with CRITICAL failed to create ds instance ========================================== [root at dc2-ipa-dev-van etc]# ipa-replica-install --mkhomedir --setup-ca --setup-dns --no-forwarders Run connection check to master Connection check OK Configuring NTP daemon (ntpd) [1/4]: stopping ntpd [2/4]: writing configuration [3/4]: configuring ntpd to start on boot [4/4]: starting ntpd Done configuring NTP daemon (ntpd). Configuring directory server (dirsrv). Estimated time: 1 minute [1/43]: creating directory server user [2/43]: creating directory server instance ipa : CRITICAL failed to create ds instance Command '/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmprmHBYG' returned non-zero exit status 1 [3/43]: restarting directory server ipa : CRITICAL Failed to restart the directory server (Command '/bin/systemctl restart dirsrv at DEV-mydomain-NET.service' returned non-zero exit status 1). See the installation log for details. [4/43]: adding default schema [5/43]: enabling memberof plugin [error] timeout: Timeout exceeded Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. ipa.ipapython.install.cli.install_tool(Replica): ERROR Timeout exceeded ipa.ipapython.install.cli.install_tool(Replica): ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information since that failed, try removing the server ========================================== [root at dc2-ipa-dev-van etc]# ipa-server-install --uninstall This is a NON REVERSIBLE operation and will delete all data and configuration! Are you sure you want to continue with the uninstall procedure? [no]: yes WARNING: Failed to connect to Directory Server to find information about replication agreements. Uninstallation will continue despite the possible existing replication agreements. Shutting down all IPA services Unconfiguring ntpd Configuring certmonger to stop tracking system certificates for KRA Configuring certmonger to stop tracking system certificates for CA Unconfiguring directory server ipa : ERROR Instance removal failed. ipa : ERROR Failed to remove DS instance. You may need to remove instance data manually ipa : ERROR Unable to restart ds instance DEV-mydomain-NET: Command '/bin/systemctl restart dirsrv at DEV-mydomain-NET.service' returned non-zero exit status 1 Removing IPA client configuration Removing Kerberos service principals from /etc/krb5.keytab Disabling client Kerberos and LDAP configurations Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to /etc/sssd/sssd.conf.deleted Restoring client configuration files Unconfiguring the NIS domain. nscd daemon is not installed, skip configuration nslcd daemon is not installed, skip configuration Systemwide CA database updated. Client uninstall complete. [root at dc2-ipa-dev-van etc]# ipa-client-install --uninstall IPA client is not configured on this system. [root at dc2-ipa-dev-van etc]# cd dirsrv/ [root at dc2-ipa-dev-van dirsrv]# ls -al total 16 drwxr-xr-x 5 root root 67 Jan 19 11:11 . drwxr-xr-x. 116 root root 8192 Jan 19 11:18 .. drwxr-xr-x 2 root root 105 Jan 19 11:11 config drwxr-xr-x 2 root root 4096 Jan 19 11:11 schema drwxrwx--- 3 dirsrv dirsrv 61 Jan 19 08:57 slapd-DEV-mydomain-NET [root at dc2-ipa-dev-van dirsrv]# cd .. [root at dc2-ipa-dev-van etc]# rm -rf dirsrv re-join client ============== [root at dc2-ipa-dev-van etc]# ipa-client-install --mkhomedir --enable-dns-updates --force-join Discovery was successful! Client hostname: dc2-ipa-dev-van.dev-mydomain.net Realm: DEV-mydomain.NET DNS Domain: dev-mydomain.net IPA Server: dc2-ipa-dev-nvan.dev-mydomain.net BaseDN: dc=dev-mydomain,dc=net Continue to configure the system with these values? [no]: yes Synchronizing time with KDC... Attempting to sync time using ntpd. Will timeout after 15 seconds User authorized to enroll computers: nathan.peters Password for nathan.peters at DEV-mydomain.NET: Successfully retrieved CA cert Subject: CN=Certificate Authority,O=DEV-mydomain.NET Issuer: CN=Certificate Authority,O=DEV-mydomain.NET Valid From: Wed Mar 25 18:48:27 2015 UTC Valid Until: Sun Mar 25 18:48:27 2035 UTC Subject: CN=Certificate Authority,O=DEV-mydomain.NET Issuer: CN=Certificate Authority,O=DEV-mydomain.NET Valid From: Wed Mar 25 18:48:27 2015 UTC Valid Until: Sun Mar 25 18:48:27 2035 UTC Enrolled in IPA realm DEV-mydomain.NET Created /etc/ipa/default.conf New SSSD config will be created Configured sudoers in /etc/nsswitch.conf Configured /etc/sssd/sssd.conf Configured /etc/krb5.conf for IPA realm DEV-mydomain.NET trying https://dc2-ipa-dev-nvan.dev-mydomain.net/ipa/json Forwarding 'ping' to json server 'https://dc2-ipa-dev-nvan.dev-mydomain.net/ipa/json' Forwarding 'ca_is_enabled' to json server 'https://dc2-ipa-dev-nvan.dev-mydomain.net/ipa/json' Systemwide CA database updated. Added CA certificates to the default NSS database. Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub Forwarding 'host_mod' to json server 'https://dc2-ipa-dev-nvan.dev-mydomain.net/ipa/json' SSSD enabled Configured /etc/openldap/ldap.conf NTP enabled Configured /etc/ssh/ssh_config Configured /etc/ssh/sshd_config Configuring dev-mydomain.net as NIS domain. Client configuration complete. Attempt to install the replica again ==================================== [root at dc2-ipa-dev-van etc]# ipa-replica-install --mkhomedir --setup-ca --setup-dns --no-forwarders Run connection check to master Connection check OK Configuring NTP daemon (ntpd) [1/4]: stopping ntpd [2/4]: writing configuration [3/4]: configuring ntpd to start on boot [4/4]: starting ntpd Done configuring NTP daemon (ntpd). Configuring directory server (dirsrv). Estimated time: 1 minute [1/43]: creating directory server user [2/43]: creating directory server instance ipa : CRITICAL failed to create ds instance Command '/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmpCIlkrQ' returned non-zero exit status 1 [3/43]: restarting directory server ipa : CRITICAL Failed to restart the directory server (Command '/bin/systemctl restart dirsrv at DEV-mydomain-NET.service' returned non-zero exit status 1). See the installation log for details. [4/43]: adding default schema [5/43]: enabling memberof plugin [error] timeout: Timeout exceeded Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. ipa.ipapython.install.cli.install_tool(Replica): ERROR Timeout exceeded ipa.ipapython.install.cli.install_tool(Replica): ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information check log ========== [root at dc2-ipa-dev-van etc]# cat /var/log/ipareplica-install.log 2016-01-19T19:21:30Z DEBUG Logging to /var/log/ipareplica-install.log 2016-01-19T19:21:30Z DEBUG ipa-replica-install was invoked with arguments [] and options: {'no_dns_sshfp': None, 'skip_schema_check': None, 'setup_kra': None, 'ip_addresses': None, 'mkhomedir': True, 'no_pkinit': None, 'http_cert_files': None, 'no_ntp': None, 'verbose': False, 'no_forwarders': True, 'keytab': None, 'ssh_trust_dns': None, 'domain_name': None, 'http_cert_name': None, 'dirsrv_cert_files': None, 'no_dnssec_validation': None, 'no_reverse': None, 'pkinit_cert_files': None, 'unattended': False, 'auto_reverse': None, 'auto_forwarders': None, 'no_host_dns': None, 'no_sshd': None, 'no_ui_redirect': None, 'dirsrv_config_file': None, 'forwarders': None, 'pkinit_cert_name': None, 'setup_ca': True, 'realm_name': None, 'skip_conncheck': None, 'no_ssh': None, 'dirsrv_cert_name': None, 'quiet': False, 'server': None, 'setup_dns': True, 'host_name': None, 'log_file': None, 'reverse_zones': None, 'allow_zone_overlap': None} 2016-01-19T19:21:30Z DEBUG IPA version 4.3.0-1.fc23 2016-01-19T19:21:30Z DEBUG Starting external process 2016-01-19T19:21:30Z DEBUG args=/usr/sbin/selinuxenabled 2016-01-19T19:21:30Z DEBUG Process finished, return code=1 2016-01-19T19:21:30Z DEBUG stdout= 2016-01-19T19:21:30Z DEBUG stderr= 2016-01-19T19:21:30Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2016-01-19T19:21:30Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2016-01-19T19:21:30Z DEBUG httpd is not configured 2016-01-19T19:21:30Z DEBUG kadmin is not configured 2016-01-19T19:21:30Z DEBUG dirsrv is not configured 2016-01-19T19:21:30Z DEBUG pki-tomcatd is not configured 2016-01-19T19:21:30Z DEBUG install is not configured 2016-01-19T19:21:30Z DEBUG krb5kdc is not configured 2016-01-19T19:21:30Z DEBUG ntpd is not configured 2016-01-19T19:21:30Z DEBUG named is not configured 2016-01-19T19:21:30Z DEBUG ipa_memcached is not configured 2016-01-19T19:21:30Z DEBUG filestore is tracking no files 2016-01-19T19:21:30Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' 2016-01-19T19:21:30Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2016-01-19T19:21:30Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2016-01-19T19:21:30Z DEBUG Starting external process 2016-01-19T19:21:30Z DEBUG args=/usr/sbin/httpd -t -D DUMP_VHOSTS 2016-01-19T19:21:30Z DEBUG Process finished, return code=0 2016-01-19T19:21:30Z DEBUG stdout=VirtualHost configuration: *:8443 dc2-ipa-dev-van.dev-mydomain.net (/etc/httpd/conf.d/nss.conf:83) 2016-01-19T19:21:30Z DEBUG stderr= 2016-01-19T19:21:30Z DEBUG Starting external process 2016-01-19T19:21:30Z DEBUG args=/bin/systemctl is-enabled chronyd.service 2016-01-19T19:21:30Z DEBUG Process finished, return code=1 2016-01-19T19:21:30Z DEBUG stdout=disabled 2016-01-19T19:21:30Z DEBUG stderr= 2016-01-19T19:21:30Z DEBUG Starting external process 2016-01-19T19:21:30Z DEBUG args=/bin/systemctl is-active chronyd.service 2016-01-19T19:21:30Z DEBUG Process finished, return code=3 2016-01-19T19:21:30Z DEBUG stdout=inactive 2016-01-19T19:21:30Z DEBUG stderr= 2016-01-19T19:21:30Z DEBUG importing all plugin modules in ipalib.plugins... 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.aci 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.automember 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.automount 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.baseldap 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.baseuser 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.batch 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.caacl 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.cert 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.certprofile 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.config 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.delegation 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.dns 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.domainlevel 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.group 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.hbacrule 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.hbacsvc 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.hbacsvcgroup 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.hbactest 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.host 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.hostgroup 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.idrange 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.idviews 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.internal 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.krbtpolicy 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.migration 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.misc 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.netgroup 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.otpconfig 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.otptoken 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.otptoken_yubikey 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.passwd 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.permission 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.ping 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.pkinit 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.privilege 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.pwpolicy 2016-01-19T19:21:30Z DEBUG Starting external process 2016-01-19T19:21:30Z DEBUG args=klist -V 2016-01-19T19:21:30Z DEBUG Process finished, return code=0 2016-01-19T19:21:30Z DEBUG stdout=Kerberos 5 version 1.14 2016-01-19T19:21:30Z DEBUG stderr= 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.radiusproxy 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.realmdomains 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.role 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.rpcclient 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.selfservice 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.selinuxusermap 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.server 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.service 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.servicedelegation 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.session 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.stageuser 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.sudocmd 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.sudocmdgroup 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.sudorule 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.topology 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.trust 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.user 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.vault 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.virtual 2016-01-19T19:21:30Z DEBUG importing all plugin modules in ipaserver.install.plugins... 2016-01-19T19:21:30Z DEBUG importing plugin module ipaserver.install.plugins.adtrust 2016-01-19T19:21:30Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master 2016-01-19T19:21:30Z DEBUG importing plugin module ipaserver.install.plugins.dns 2016-01-19T19:21:30Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements 2016-01-19T19:21:30Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed 2016-01-19T19:21:30Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology 2016-01-19T19:21:30Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges 2016-01-19T19:21:30Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions 2016-01-19T19:21:30Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs 2016-01-19T19:21:30Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync 2016-01-19T19:21:30Z DEBUG importing plugin module ipaserver.install.plugins.update_referint 2016-01-19T19:21:30Z DEBUG importing plugin module ipaserver.install.plugins.update_services 2016-01-19T19:21:30Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness 2016-01-19T19:21:30Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt 2016-01-19T19:21:32Z DEBUG Check if dc2-ipa-dev-van.dev-mydomain.net is a primary hostname for localhost 2016-01-19T19:21:32Z DEBUG Primary hostname for localhost: dc2-ipa-dev-van.dev-mydomain.net 2016-01-19T19:21:32Z DEBUG Search DNS for dc2-ipa-dev-van.dev-mydomain.net 2016-01-19T19:21:32Z DEBUG Check if dc2-ipa-dev-van.dev-mydomain.net is not a CNAME 2016-01-19T19:21:32Z DEBUG Check reverse address of 10.21.0.98 2016-01-19T19:21:32Z DEBUG Found reverse name: dc2-ipa-dev-van.dev-mydomain.net 2016-01-19T19:21:32Z DEBUG Check if dc2-ipa-dev-nvan.dev-mydomain.net is a primary hostname for localhost 2016-01-19T19:21:32Z DEBUG Primary hostname for localhost: dc2-ipa-dev-nvan.dev-mydomain.net 2016-01-19T19:21:32Z DEBUG Search DNS for dc2-ipa-dev-nvan.dev-mydomain.net 2016-01-19T19:21:32Z DEBUG Check if dc2-ipa-dev-nvan.dev-mydomain.net is not a CNAME 2016-01-19T19:21:32Z DEBUG Check reverse address of 10.178.0.98 2016-01-19T19:21:32Z DEBUG Found reverse name: dc2-ipa-dev-nvan.dev-mydomain.net 2016-01-19T19:21:32Z DEBUG Initializing principal host/dc2-ipa-dev-van.dev-mydomain.net at DEV-mydomain.NET using keytab /etc/krb5.keytab 2016-01-19T19:21:32Z DEBUG using ccache /tmp/krbcc50gCM_/ccache 2016-01-19T19:21:32Z DEBUG Attempt 1/1: success 2016-01-19T19:21:32Z DEBUG importing all plugin modules in ipalib.plugins... 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.aci 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.automember 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.automount 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.baseldap 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.baseuser 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.batch 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.caacl 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.cert 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.certprofile 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.config 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.delegation 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.dns 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.domainlevel 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.group 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.hbacrule 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.hbacsvc 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.hbacsvcgroup 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.hbactest 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.host 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.hostgroup 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.idrange 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.idviews 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.internal 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.krbtpolicy 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.migration 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.misc 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.netgroup 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.otpconfig 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.otptoken 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.otptoken_yubikey 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.passwd 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.permission 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.ping 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.pkinit 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.privilege 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.pwpolicy 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.radiusproxy 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.realmdomains 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.role 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.rpcclient 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.selfservice 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.selinuxusermap 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.server 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.service 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.servicedelegation 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.session 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.stageuser 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.sudocmd 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.sudocmdgroup 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.sudorule 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.topology 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.trust 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.user 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.vault 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.virtual 2016-01-19T19:21:32Z DEBUG importing all plugin modules in ipaserver.plugins... 2016-01-19T19:21:32Z DEBUG importing plugin module ipaserver.plugins.dogtag 2016-01-19T19:21:32Z DEBUG skipping plugin module ipaserver.plugins.dogtag: dogtag not selected as RA plugin 2016-01-19T19:21:32Z DEBUG importing plugin module ipaserver.plugins.join 2016-01-19T19:21:32Z DEBUG importing plugin module ipaserver.plugins.ldap2 2016-01-19T19:21:32Z DEBUG importing plugin module ipaserver.plugins.rabase 2016-01-19T19:21:32Z DEBUG importing plugin module ipaserver.plugins.xmlserver 2016-01-19T19:21:32Z DEBUG importing all plugin modules in ipaserver.install.plugins... 2016-01-19T19:21:32Z DEBUG importing plugin module ipaserver.install.plugins.adtrust 2016-01-19T19:21:32Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master 2016-01-19T19:21:32Z DEBUG importing plugin module ipaserver.install.plugins.dns 2016-01-19T19:21:32Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements 2016-01-19T19:21:32Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed 2016-01-19T19:21:32Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology 2016-01-19T19:21:32Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges 2016-01-19T19:21:32Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions 2016-01-19T19:21:32Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs 2016-01-19T19:21:32Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync 2016-01-19T19:21:32Z DEBUG importing plugin module ipaserver.install.plugins.update_referint 2016-01-19T19:21:32Z DEBUG importing plugin module ipaserver.install.plugins.update_services 2016-01-19T19:21:32Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness 2016-01-19T19:21:32Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt 2016-01-19T19:21:34Z DEBUG Created connection context.ldap2_139983595969360 2016-01-19T19:21:34Z DEBUG raw: domainlevel_get(version=u'2.163') 2016-01-19T19:21:34Z DEBUG domainlevel_get(version=u'2.163') 2016-01-19T19:21:34Z DEBUG flushing ldaps://dc2-ipa-dev-nvan.dev-mydomain.net from SchemaCache 2016-01-19T19:21:34Z DEBUG retrieving schema for SchemaCache url=ldaps://dc2-ipa-dev-nvan.dev-mydomain.net conn= 2016-01-19T19:21:34Z DEBUG raw: hostgroup_find(None, cn=u'ipaservers', version=u'2.163', host=[u'dc2-ipa-dev-van.dev-mydomain.net']) 2016-01-19T19:21:34Z DEBUG hostgroup_find(None, cn=u'ipaservers', all=False, raw=False, version=u'2.163', no_members=False, pkey_only=False, host=(u'dc2-ipa-dev-van.dev-mydomain.net',)) 2016-01-19T19:21:34Z DEBUG Check forward/reverse DNS resolution 2016-01-19T19:21:34Z DEBUG Search DNS server dc2-ipa-dev-nvan.dev-mydomain.net (['10.178.0.98', '10.178.0.98', '10.178.0.98']) for dc2-ipa-dev-nvan.dev-mydomain.net 2016-01-19T19:21:34Z DEBUG Check reverse address 10.178.0.98 (dc2-ipa-dev-nvan.dev-mydomain.net) 2016-01-19T19:21:34Z DEBUG Address 10.178.0.98 resolves to: dc2-ipa-dev-nvan.dev-mydomain.net.. 2016-01-19T19:21:34Z DEBUG Search DNS server dc2-ipa-dev-nvan.dev-mydomain.net (['10.178.0.98', '10.178.0.98', '10.178.0.98']) for dc2-ipa-dev-van.dev-mydomain.net 2016-01-19T19:21:34Z DEBUG Check reverse address 10.21.0.98 (dc2-ipa-dev-van.dev-mydomain.net) 2016-01-19T19:21:34Z DEBUG Address 10.21.0.98 resolves to: dc2-ipa-dev-van.dev-mydomain.net.. 2016-01-19T19:21:34Z DEBUG Destroyed connection context.ldap2_139983595969360 2016-01-19T19:21:34Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2016-01-19T19:21:34Z DEBUG failed to find session_cookie in persistent storage for principal 'host/dc2-ipa-dev-van.dev-mydomain.net at DEV-mydomain.NET' 2016-01-19T19:21:34Z INFO trying https://dc2-ipa-dev-nvan.dev-mydomain.net/ipa/json 2016-01-19T19:21:35Z DEBUG NSSConnection init dc2-ipa-dev-nvan.dev-mydomain.net 2016-01-19T19:21:35Z DEBUG Connecting: 10.178.0.98:0 2016-01-19T19:21:35Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2016-01-19T19:21:35Z DEBUG cert valid True for "CN=dc2-ipa-dev-nvan.dev-mydomain.net,OU=pki-ipa,O=IPA" 2016-01-19T19:21:35Z DEBUG handshake complete, peer = 10.178.0.98:443 2016-01-19T19:21:35Z DEBUG Protocol: TLS1.2 2016-01-19T19:21:35Z DEBUG Cipher: TLS_RSA_WITH_AES_128_CBC_SHA 2016-01-19T19:21:35Z DEBUG received Set-Cookie 'ipa_session=b05ed6993a0efe3e174416e80f3ecb35; Domain=dc2-ipa-dev-nvan.dev-mydomain.net; Path=/ipa; Expires=Tue, 19 Jan 2016 19:41:35 GMT; Secure; HttpOnly' 2016-01-19T19:21:35Z DEBUG storing cookie 'ipa_session=b05ed6993a0efe3e174416e80f3ecb35; Domain=dc2-ipa-dev-nvan.dev-mydomain.net; Path=/ipa; Expires=Tue, 19 Jan 2016 19:41:35 GMT; Secure; HttpOnly' for principal host/dc2-ipa-dev-van.dev-mydomain.net at DEV-mydomain.NET 2016-01-19T19:21:35Z DEBUG Created connection context.rpcclient_139983628815056 2016-01-19T19:21:35Z INFO Forwarding 'dns_is_enabled' to json server 'https://dc2-ipa-dev-nvan.dev-mydomain.net/ipa/json' 2016-01-19T19:21:35Z DEBUG NSSConnection init dc2-ipa-dev-nvan.dev-mydomain.net 2016-01-19T19:21:35Z DEBUG Connecting: 10.178.0.98:0 2016-01-19T19:21:35Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2016-01-19T19:21:35Z DEBUG cert valid True for "CN=dc2-ipa-dev-nvan.dev-mydomain.net,OU=pki-ipa,O=IPA" 2016-01-19T19:21:35Z DEBUG handshake complete, peer = 10.178.0.98:443 2016-01-19T19:21:35Z DEBUG Protocol: TLS1.2 2016-01-19T19:21:35Z DEBUG Cipher: TLS_RSA_WITH_AES_128_CBC_SHA 2016-01-19T19:21:35Z DEBUG received Set-Cookie 'ipa_session=bbc3744aa455331ade1822b33addc72d; Domain=dc2-ipa-dev-nvan.dev-mydomain.net; Path=/ipa; Expires=Tue, 19 Jan 2016 19:41:35 GMT; Secure; HttpOnly' 2016-01-19T19:21:35Z DEBUG storing cookie 'ipa_session=bbc3744aa455331ade1822b33addc72d; Domain=dc2-ipa-dev-nvan.dev-mydomain.net; Path=/ipa; Expires=Tue, 19 Jan 2016 19:41:35 GMT; Secure; HttpOnly' for principal host/dc2-ipa-dev-van.dev-mydomain.net at DEV-mydomain.NET 2016-01-19T19:21:35Z DEBUG Destroyed connection context.rpcclient_139983628815056 2016-01-19T19:21:35Z DEBUG Starting external process 2016-01-19T19:21:35Z DEBUG args=/sbin/ip -family inet -oneline address show 2016-01-19T19:21:35Z DEBUG Process finished, return code=0 2016-01-19T19:21:35Z DEBUG stdout=1: lo inet 127.0.0.1/8 scope host lo\ valid_lft forever preferred_lft forever 2: eno16777728 inet 10.21.0.98/16 brd 10.21.255.255 scope global eno16777728\ valid_lft forever preferred_lft forever 2016-01-19T19:21:35Z DEBUG stderr= 2016-01-19T19:21:35Z DEBUG will use DNS forwarders: [] 2016-01-19T19:21:35Z DEBUG Starting external process 2016-01-19T19:21:35Z DEBUG args=/usr/sbin/ipa-replica-conncheck --master dc2-ipa-dev-nvan.dev-mydomain.net --auto-master-check --realm DEV-mydomain.NET --hostname dc2-ipa-dev-van.dev-mydomain.net --ca-cert-file /etc/ipa/ca.crt 2016-01-19T19:21:40Z DEBUG Process finished, return code=0 2016-01-19T19:21:40Z DEBUG stdout=Check connection from replica to remote master 'dc2-ipa-dev-nvan.dev-mydomain.net': Directory Service: Unsecure port (389): OK Directory Service: Secure port (636): OK Kerberos KDC: TCP (88): OK Kerberos Kpasswd: TCP (464): OK HTTP Server: Unsecure port (80): OK HTTP Server: Secure port (443): OK The following list of ports use UDP protocol and would need to be checked manually: Kerberos KDC: UDP (88): SKIPPED Kerberos Kpasswd: UDP (464): SKIPPED Connection from replica to master is OK. Start listening on required ports for remote master check Get credentials to log in to remote master Check RPC connection to remote master Execute check on remote master Check connection from master to remote replica 'dc2-ipa-dev-van.dev-mydomain.net': Directory Service: Unsecure port (389): OK Directory Service: Secure port (636): OK Kerberos KDC: TCP (88): OK Kerberos KDC: UDP (88): OK Kerberos Kpasswd: TCP (464): OK Kerberos Kpasswd: UDP (464): OK HTTP Server: Unsecure port (80): OK HTTP Server: Secure port (443): OK Connection from master to replica is OK. 2016-01-19T19:21:40Z DEBUG stderr= 2016-01-19T19:21:40Z DEBUG Backing up system configuration file '/etc/ipa/default.conf' 2016-01-19T19:21:40Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' 2016-01-19T19:21:40Z DEBUG Starting external process 2016-01-19T19:21:40Z DEBUG args=/bin/systemctl start messagebus.service 2016-01-19T19:21:40Z DEBUG Process finished, return code=0 2016-01-19T19:21:40Z DEBUG stdout= 2016-01-19T19:21:40Z DEBUG stderr= 2016-01-19T19:21:40Z DEBUG Starting external process 2016-01-19T19:21:40Z DEBUG args=/bin/systemctl is-active messagebus.service 2016-01-19T19:21:40Z DEBUG Process finished, return code=0 2016-01-19T19:21:40Z DEBUG stdout=active 2016-01-19T19:21:40Z DEBUG stderr= 2016-01-19T19:21:40Z DEBUG Starting external process 2016-01-19T19:21:40Z DEBUG args=/bin/systemctl restart certmonger.service 2016-01-19T19:21:40Z DEBUG Process finished, return code=0 2016-01-19T19:21:40Z DEBUG stdout= 2016-01-19T19:21:40Z DEBUG stderr= 2016-01-19T19:21:40Z DEBUG Starting external process 2016-01-19T19:21:40Z DEBUG args=/bin/systemctl is-active certmonger.service 2016-01-19T19:21:40Z DEBUG Process finished, return code=0 2016-01-19T19:21:40Z DEBUG stdout=active 2016-01-19T19:21:40Z DEBUG stderr= 2016-01-19T19:21:40Z DEBUG Starting external process 2016-01-19T19:21:40Z DEBUG args=/bin/systemctl enable certmonger.service 2016-01-19T19:21:40Z DEBUG Process finished, return code=0 2016-01-19T19:21:40Z DEBUG stdout= 2016-01-19T19:21:40Z DEBUG stderr=Created symlink from /etc/systemd/system/multi-user.target.wants/certmonger.service to /usr/lib/systemd/system/certmonger.service. 2016-01-19T19:21:40Z DEBUG group dirsrv exists 2016-01-19T19:21:40Z DEBUG user dirsrv exists 2016-01-19T19:21:40Z DEBUG Starting external process 2016-01-19T19:21:40Z DEBUG args=/bin/systemctl is-enabled chronyd.service 2016-01-19T19:21:40Z DEBUG Process finished, return code=1 2016-01-19T19:21:40Z DEBUG stdout=disabled 2016-01-19T19:21:40Z DEBUG stderr= 2016-01-19T19:21:40Z DEBUG Starting external process 2016-01-19T19:21:40Z DEBUG args=/bin/systemctl is-active chronyd.service 2016-01-19T19:21:40Z DEBUG Process finished, return code=3 2016-01-19T19:21:40Z DEBUG stdout=inactive 2016-01-19T19:21:40Z DEBUG stderr= 2016-01-19T19:21:40Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2016-01-19T19:21:40Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2016-01-19T19:21:40Z DEBUG Configuring NTP daemon (ntpd) 2016-01-19T19:21:40Z DEBUG [1/4]: stopping ntpd 2016-01-19T19:21:40Z DEBUG Starting external process 2016-01-19T19:21:40Z DEBUG args=/bin/systemctl is-active ntpd.service 2016-01-19T19:21:40Z DEBUG Process finished, return code=0 2016-01-19T19:21:40Z DEBUG stdout=active 2016-01-19T19:21:40Z DEBUG stderr= 2016-01-19T19:21:40Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2016-01-19T19:21:40Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2016-01-19T19:21:40Z DEBUG Starting external process 2016-01-19T19:21:40Z DEBUG args=/bin/systemctl stop ntpd.service 2016-01-19T19:21:40Z DEBUG Process finished, return code=0 2016-01-19T19:21:40Z DEBUG stdout= 2016-01-19T19:21:40Z DEBUG stderr= 2016-01-19T19:21:40Z DEBUG duration: 0 seconds 2016-01-19T19:21:40Z DEBUG [2/4]: writing configuration 2016-01-19T19:21:40Z DEBUG Backing up system configuration file '/etc/ntp.conf' 2016-01-19T19:21:40Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' 2016-01-19T19:21:40Z DEBUG Backing up system configuration file '/etc/sysconfig/ntpd' 2016-01-19T19:21:40Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' 2016-01-19T19:21:40Z DEBUG duration: 0 seconds 2016-01-19T19:21:40Z DEBUG [3/4]: configuring ntpd to start on boot 2016-01-19T19:21:40Z DEBUG Starting external process 2016-01-19T19:21:40Z DEBUG args=/bin/systemctl is-enabled ntpd.service 2016-01-19T19:21:40Z DEBUG Process finished, return code=0 2016-01-19T19:21:40Z DEBUG stdout=enabled 2016-01-19T19:21:40Z DEBUG stderr= 2016-01-19T19:21:40Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2016-01-19T19:21:40Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2016-01-19T19:21:40Z DEBUG Starting external process 2016-01-19T19:21:40Z DEBUG args=/bin/systemctl enable ntpd.service 2016-01-19T19:21:40Z DEBUG Process finished, return code=0 2016-01-19T19:21:40Z DEBUG stdout= 2016-01-19T19:21:40Z DEBUG stderr= 2016-01-19T19:21:40Z DEBUG duration: 0 seconds 2016-01-19T19:21:40Z DEBUG [4/4]: starting ntpd 2016-01-19T19:21:40Z DEBUG Starting external process 2016-01-19T19:21:40Z DEBUG args=/bin/systemctl start ntpd.service 2016-01-19T19:21:40Z DEBUG Process finished, return code=0 2016-01-19T19:21:40Z DEBUG stdout= 2016-01-19T19:21:40Z DEBUG stderr= 2016-01-19T19:21:40Z DEBUG Starting external process 2016-01-19T19:21:40Z DEBUG args=/bin/systemctl is-active ntpd.service 2016-01-19T19:21:40Z DEBUG Process finished, return code=0 2016-01-19T19:21:40Z DEBUG stdout=active 2016-01-19T19:21:40Z DEBUG stderr= 2016-01-19T19:21:40Z DEBUG duration: 0 seconds 2016-01-19T19:21:40Z DEBUG Done configuring NTP daemon (ntpd). 2016-01-19T19:21:40Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2016-01-19T19:21:40Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2016-01-19T19:21:40Z DEBUG Configuring directory server (dirsrv). Estimated time: 1 minute 2016-01-19T19:21:40Z DEBUG [1/43]: creating directory server user 2016-01-19T19:21:40Z DEBUG group dirsrv exists 2016-01-19T19:21:40Z DEBUG user dirsrv exists 2016-01-19T19:21:40Z DEBUG duration: 0 seconds 2016-01-19T19:21:40Z DEBUG [2/43]: creating directory server instance 2016-01-19T19:21:40Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2016-01-19T19:21:40Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2016-01-19T19:21:40Z DEBUG Backing up system configuration file '/etc/sysconfig/dirsrv' 2016-01-19T19:21:40Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' 2016-01-19T19:21:40Z DEBUG dn: dc=dev-mydomain,dc=net objectClass: top objectClass: domain objectClass: pilotObject dc: dev-mydomain info: IPA V2.0 2016-01-19T19:21:40Z DEBUG writing inf template 2016-01-19T19:21:40Z DEBUG [General] FullMachineName= dc2-ipa-dev-van.dev-mydomain.net SuiteSpotUserID= dirsrv SuiteSpotGroup= dirsrv ServerRoot= /usr/lib64/dirsrv [slapd] ServerPort= 389 ServerIdentifier= DEV-mydomain-NET Suffix= dc=dev-mydomain,dc=net RootDN= cn=Directory Manager InstallLdifFile= /var/lib/dirsrv/boot.ldif inst_dir= /var/lib/dirsrv/scripts-DEV-mydomain-NET 2016-01-19T19:21:40Z DEBUG calling setup-ds.pl 2016-01-19T19:21:40Z DEBUG Starting external process 2016-01-19T19:21:40Z DEBUG args=/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmpCIlkrQ 2016-01-19T19:21:41Z DEBUG Process finished, return code=1 2016-01-19T19:21:41Z DEBUG stdout=[16/01/19:11:21:41] - [Setup] Info Could not copy file '/etc/dirsrv/config/certmap.conf' to '/etc/dirsrv/slapd-DEV-mydomain-NET/certmap.conf'. Error: No such file or directory Could not copy file '/etc/dirsrv/config/certmap.conf' to '/etc/dirsrv/slapd-DEV-mydomain-NET/certmap.conf'. Error: No such file or directory [16/01/19:11:21:41] - [Setup] Fatal Error: Could not create directory server instance 'DEV-mydomain-NET'. Error: Could not create directory server instance 'DEV-mydomain-NET'. [16/01/19:11:21:41] - [Setup] Fatal Exiting . . . Log file is '-' Exiting . . . Log file is '-' 2016-01-19T19:21:41Z DEBUG stderr= 2016-01-19T19:21:41Z CRITICAL failed to create ds instance Command '/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmpCIlkrQ' returned non-zero exit status 1 2016-01-19T19:21:41Z DEBUG duration: 0 seconds 2016-01-19T19:21:41Z DEBUG [3/43]: restarting directory server 2016-01-19T19:21:41Z DEBUG Starting external process 2016-01-19T19:21:41Z DEBUG args=/bin/systemctl --system daemon-reload 2016-01-19T19:21:41Z DEBUG Process finished, return code=0 2016-01-19T19:21:41Z DEBUG stdout= 2016-01-19T19:21:41Z DEBUG stderr= 2016-01-19T19:21:41Z DEBUG Starting external process 2016-01-19T19:21:41Z DEBUG args=/bin/systemctl restart dirsrv at DEV-mydomain-NET.service 2016-01-19T19:21:41Z DEBUG Process finished, return code=1 2016-01-19T19:21:41Z DEBUG stdout= 2016-01-19T19:21:41Z DEBUG stderr=Job for dirsrv at DEV-mydomain-NET.service failed because a configured resource limit was exceeded. See "systemctl status dirsrv at DEV-mydomain-NET.service" and "journalctl -xe" for details. 2016-01-19T19:21:41Z CRITICAL Failed to restart the directory server (Command '/bin/systemctl restart dirsrv at DEV-mydomain-NET.service' returned non-zero exit status 1). See the installation log for details. 2016-01-19T19:21:41Z DEBUG duration: 0 seconds 2016-01-19T19:21:41Z DEBUG [4/43]: adding default schema 2016-01-19T19:21:41Z DEBUG duration: 0 seconds 2016-01-19T19:21:41Z DEBUG [5/43]: enabling memberof plugin 2016-01-19T19:21:41Z DEBUG wait_for_open_ports: dc2-ipa-dev-van.dev-mydomain.net [389] timeout 10 2016-01-19T19:21:51Z DEBUG Could not connect to the Directory Server on dc2-ipa-dev-van.dev-mydomain.net: Timeout exceeded 2016-01-19T19:21:51Z DEBUG Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 447, in start_creation run_step(full_msg, method) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 437, in run_step method() File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 630, in __add_memberof_module self._ldap_mod("memberof-conf.ldif") File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 209, in _ldap_mod self.ldap_connect() File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 176, in ldap_connect conn.do_bind(self.dm_password, autobind=self.autobind) File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1625, in do_bind self.do_simple_bind(bindpw=dm_password, timeout=timeout) File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1615, in do_simple_bind self.__bind_with_wait(self.simple_bind, timeout, binddn, bindpw) File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1610, in __bind_with_wait self.__wait_for_connection(timeout) File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1596, in __wait_for_connection wait_for_open_ports(host, int(port), timeout) File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 1392, in wait_for_open_ports raise socket.timeout("Timeout exceeded") timeout: Timeout exceeded 2016-01-19T19:21:51Z DEBUG [error] timeout: Timeout exceeded 2016-01-19T19:21:51Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in execute return_value = self.run() File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 318, in run cfgr.run() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 310, in run self.execute() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 332, in execute for nothing in self._executor(): File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 372, in __runner self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 362, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 359, in step = lambda: next(self.__gen) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 571, in _configure next(executor) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 372, in __runner self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 449, in _handle_exception self.__parent._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 446, in _handle_exception super(ComponentBase, self)._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 362, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 359, in step = lambda: next(self.__gen) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 63, in _install for nothing in self._installer(self.parent): File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 1553, in main promote(self) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 372, in decorated func(installer) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 1275, in promote promote=True, pkcs12_info=dirsrv_pkcs12_info) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 120, in install_replica_ds promote=promote, File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 398, in create_replica self.start_creation(runtime=60) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 447, in start_creation run_step(full_msg, method) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 437, in run_step method() File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 630, in __add_memberof_module self._ldap_mod("memberof-conf.ldif") File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 209, in _ldap_mod self.ldap_connect() File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 176, in ldap_connect conn.do_bind(self.dm_password, autobind=self.autobind) File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1625, in do_bind self.do_simple_bind(bindpw=dm_password, timeout=timeout) File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1615, in do_simple_bind self.__bind_with_wait(self.simple_bind, timeout, binddn, bindpw) File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1610, in __bind_with_wait self.__wait_for_connection(timeout) File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1596, in __wait_for_connection wait_for_open_ports(host, int(port), timeout) File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 1392, in wait_for_open_ports raise socket.timeout("Timeout exceeded") 2016-01-19T19:21:51Z DEBUG The ipa-replica-install command failed, exception: timeout: Timeout exceeded 2016-01-19T19:21:51Z ERROR Timeout exceeded 2016-01-19T19:21:51Z ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information [root at dc2-ipa-dev-van etc]# check status of dirsrv as suggested in log ========================================== [root at dc2-ipa-dev-van etc]# systemctl status dirsrv at DEV-mydomain-NET.service -l ? dirsrv at DEV-mydomain-NET.service - 389 Directory Server DEV-mydomain-NET. Loaded: loaded (/usr/lib/systemd/system/dirsrv at .service; enabled; vendor preset: disabled) Active: failed (Result: resources) Jan 19 11:18:46 dc2-ipa-dev-van.dev-mydomain.net systemd[1]: dirsrv at DEV-mydomain-NET.service: Failed to load environment files: No such file or directory Jan 19 11:18:46 dc2-ipa-dev-van.dev-mydomain.net systemd[1]: dirsrv at DEV-mydomain-NET.service: Failed to run 'start' task: No such file or directory Jan 19 11:18:46 dc2-ipa-dev-van.dev-mydomain.net systemd[1]: Failed to start 389 Directory Server DEV-mydomain-NET.. Jan 19 11:18:46 dc2-ipa-dev-van.dev-mydomain.net systemd[1]: dirsrv at DEV-mydomain-NET.service: Failed with result 'resources'. Jan 19 11:18:46 dc2-ipa-dev-van.dev-mydomain.net systemd[1]: Starting 389 Directory Server DEV-mydomain-NET.... Jan 19 11:21:41 dc2-ipa-dev-van.dev-mydomain.net systemd[1]: dirsrv at DEV-mydomain-NET.service: Failed to load environment files: No such file or directory Jan 19 11:21:41 dc2-ipa-dev-van.dev-mydomain.net systemd[1]: dirsrv at DEV-mydomain-NET.service: Failed to run 'start' task: No such file or directory Jan 19 11:21:41 dc2-ipa-dev-van.dev-mydomain.net systemd[1]: Failed to start 389 Directory Server DEV-mydomain-NET.. Jan 19 11:21:41 dc2-ipa-dev-van.dev-mydomain.net systemd[1]: dirsrv at DEV-mydomain-NET.service: Failed with result 'resources'. Jan 19 11:21:41 dc2-ipa-dev-van.dev-mydomain.net systemd[1]: Starting 389 Directory Server DEV-mydomain-NET.... -----Original Message----- From: Ludwig Krispenz [mailto:lkrispen at redhat.com] Sent: January-19-16 8:45 AM To: Nathan Peters Cc: freeipa-users at redhat.com Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists On 01/19/2016 05:24 PM, Nathan Peters wrote: > So if the obsolete replica ID should cause no harm, then what is the solution to get my replica re-installed ? > > This problem still exists and hasn't gone away so I am still stuck with a 4th replica unable to be re-joined ... > > [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 ADD dn="cn=replica,cn=dc\3Ddev-globalrelay\2Cdc\3Dnet,cn=mapping tree,cn=config" > [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 RESULT err=68 tag=105 nentries=0 etime=0 > [18/Jan/2016:09:28:33 -0800] conn=18732 op=11 UNBIND where do you see this ? The high connection number indicates it is not on the server you just install. If it is on the master then it is correct, the entry exists there already. Did you uninstall server and client before ? Do you still have an /etc/openldap/ldap.conf having an URI pointin to the master ? > > [27/43]: restarting directory server > [28/43]: setting up initial replication > [error] DuplicateEntry: This entry already exists Your system may be > partly configured. > Run /usr/sbin/ipa-server-install --uninstall to clean up. > > -----Original Message----- > From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Ludwig Krispenz > Sent: January-19-16 12:37 AM > To: freeipa-users at redhat.com > Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists > > > On 01/18/2016 09:55 PM, Nathan Peters wrote: >> Another follow-up : dirsrv logs get really strange when I attempt to add that cleanruv task. It apears the message logged to console that the task already exists is totally lying ? o.O > no, it is not totally lying, you just found another trace of a replica > ID which is probably not properly cleaned. The cleanallruv task looks > into the database and finally also into the changelog and remove all > traces for tee replica ID to be cleaned. > What you found is a ruv in the replication agreement, the replication > agreement keeps track of the consumer RUV it has seen, and there was at > one time replica 14. > > I'll open a ticket for 389-ds to handle this in the cleanallruv task. > But the obsolete replica ID in the agreement should do no harm. If you > want to get rid of it, you coud stop the server and remove it from the > /etc/dirsrv/slapd-/dse.ldif >> So the actual error is that it cannot modify a task because it does not exist? Why does it not exist ? According to the docs here : http://directory.fedoraproject.org/docs/389ds/FAQ/troubleshoot-cleanallruv.html >> >> It should always exist? There is no 'changetype : modify' in that ldap syntax... >> >> [18/Jan/2016:12:36:56 -0800] - ldbm_back_seq deadlock retry BAD 1601, err=0 BDB0062 Successful return: 0 >> [18/Jan/2016:12:39:56 -0800] - WARNING: can't modify task entry 'cn=clean 14,cn=cleanallruv,cn=tasks,cn=config'; No such object (32) >> [18/Jan/2016:12:39:58 -0800] - WARNING: can't modify task entry 'cn=clean 14,cn=cleanallruv,cn=tasks,cn=config'; No such object (32) >> [18/Jan/2016:12:40:00 -0800] - WARNING: can't modify task entry 'cn=clean 14,cn=cleanallruv,cn=tasks,cn=config'; No such object (32) >> [18/Jan/2016:12:40:00 -0800] NSMMReplicationPlugin - CleanAllRUV Task (rid 14): Replica id (14) is already being cleaned >> [18/Jan/2016:12:40:02 -0800] - WARNING: can't modify task entry 'cn=clean 14,cn=cleanallruv,cn=tasks,cn=config'; No such object (32) >> [18/Jan/2016:12:40:04 -0800] - WARNING: can't modify task entry 'cn=clean 14,cn=cleanallruv,cn=tasks,cn=config'; No such object (32) >> [18/Jan/2016:12:40:06 -0800] - WARNING: can't modify task entry 'cn=clean 14,cn=cleanallruv,cn=tasks,cn=config'; No such object (32) >> [18/Jan/2016:12:40:06 -0800] NSMMReplicationPlugin - CleanAllRUV Task (rid 14): Task failed...(-1) >> [18/Jan/2016:12:40:08 -0800] - WARNING: can't modify task entry 'cn=clean 14,cn=cleanallruv,cn=tasks,cn=config'; No such object (32) >> [18/Jan/2016:12:40:08 -0800] - WARNING: can't find task entry 'cn=clean 14,cn=cleanallruv,cn=tasks,cn=config' >> [18/Jan/2016:12:40:08 -0800] ipa_sidgen_add_post_op - [file ipa_sidgen.c, line 128]: Missing target entry. >> >> -----Original Message----- >> From: Nathan Peters >> Sent: January-18-16 12:13 PM >> To: Nathan Peters; Petr Vobornik; Rob Crittenden; freeipa-users at redhat.com >> Subject: RE: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists >> >> Follow-up : After finding the ghost ruvs below I tried to clean them. Apparently they are already being cleaned by some task that is clearly not working ... >> >> ==== attempts to clean ruv 14 ==== >> >> [[root at dc2-ipa-dev-nvan slapd-MYDOMAIN-NET]# ldapmodify -D "cn=directory manager" -W -a >> Enter LDAP Password: >> dn: cn=clean 14, cn=cleanallruv, cn=tasks, cn=config >> objectclass: top >> objectclass: extensibleObject >> replica-base-dn: cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config >> replica-id: 14 >> replica-force-cleaning: yes >> cn: clean 14 >> >> adding new entry "cn=clean 14, cn=cleanallruv, cn=tasks, cn=config" >> ldap_add: Server is unwilling to perform (53) >> additional info: Replica id (14) is already being cleaned >> >> [root at dc2-ipa-dev-nvan slapd-MYDOMAIN-NET]# ldapmodify -x -D "cn=directory manager" -W <>> dn: cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config >>> changetype: modify >>> replace: nsds5task >>> nsds5task: CLEANRUV14 >>> EOF >> Enter LDAP Password: >> modifying entry "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" >> >> This one adds the entry properly (I think - I have no idea how to check if one exists), but does not actually clean the ruv. >> >> >> -----Original Message----- >> From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Nathan Peters >> Sent: January-18-16 11:44 AM >> To: Petr Vobornik; Rob Crittenden; freeipa-users at redhat.com >> Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists >> >> Answers to questions : >> >> 1) All 3 servers are working fine. Error logs show only the expected replication keepalive entries and no other entries for the last 24 hours. Replication works. >> >> 2) ipa server-find output is identical on all 3 servers : >> >> [root at dc1-ipa-dev-nvan slapd-DEV-GLOBALRELAY-NET]# ipa server-find >> --------------------- >> 3 IPA servers matched >> --------------------- >> Server name: dc1-ipa-dev-nvan.dev-globalrelay.net >> Managed suffixes: domain, ca >> Min domain level: 0 >> Max domain level: 1 >> >> Server name: dc1-ipa-dev-van.dev-globalrelay.net >> Managed suffixes: domain, ca >> Min domain level: 0 >> Max domain level: 1 >> >> Server name: dc2-ipa-dev-nvan.dev-globalrelay.net >> Managed suffixes: domain, ca >> Min domain level: 0 >> Max domain level: 1 >> ---------------------------- >> Number of entries returned 3 >> ---------------------------- >> >> 3)ipa-replica-manage list is the same on all 3 servers : >> >> [root at dc1-ipa-dev-van slapd-DEV-GLOBALRELAY-NET]# ipa-replica-manage list >> dc2-ipa-dev-nvan.dev-globalrelay.net: master >> dc1-ipa-dev-nvan.dev-globalrelay.net: master >> dc1-ipa-dev-van.dev-globalrelay.net: master >> >> 3.5)I actually tried running the remove command anyway in case there were any type of lingering records and it came back with nothing found : >> >> [root at dc2-ipa-dev-nvan slapd-DEV-GLOBALRELAY-NET]# ipa-replica-manage del dc2-ipa-dev-van.dev-globalrelay.net >> dc2-ipa-dev-van.dev-globalrelay.net is not listed among IPA masters. >> Please specify an actual server or add the --cleanup option to force clean up. >> [root at dc2-ipa-dev-nvan slapd-DEV-GLOBALRELAY-NET]# ipa-replica-manage del dc2-ipa-dev-van.dev-globalrelay.net --cleanup >> Checking connectivity in topology suffix 'ca' >> 'dc2-ipa-dev-van.dev-globalrelay.net' is not a part of topology suffix 'ca' >> Not checking connectivity >> Checking connectivity in topology suffix 'domain' >> 'dc2-ipa-dev-van.dev-globalrelay.net' is not a part of topology suffix 'domain' >> Not checking connectivity >> No RUV records found. >> >> 4) The command revealed it went to a different master than I thought. It was not the CA master, but a differnet one. >> >> [root at dc2-ipa-dev-van slapd-DEV-GLOBALRELAY-NET]# cat /var/log/ipareplica-install.log | grep "Forwarding 'service_add'" >> 2016-01-18T17:28:22Z INFO Forwarding 'service_add' to json server 'https://dc2-ipa-dev-nvan.dev-globalrelay.net/ipa/json' >> >> For some reason, when I was monitoring the logs, nothing had been logged on the dc2-ipa-dev-nvan in the dirsrv log but it must have been buffering to disk, because when I checked the logs 5 minutes later, all the data was there. You can actually see the err=68 here : >> >> [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 ADD dn="cn=replica,cn=dc\3Ddev-globalrelay\2Cdc\3Dnet,cn=mapping tree,cn=config" >> [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 RESULT err=68 tag=105 nentries=0 etime=0 >> [18/Jan/2016:09:28:33 -0800] conn=18732 op=11 UNBIND >> >> I'm not sure why it would fail that call though... >> >> Here are the ldapsearch for that cn=replica branch performed on the master it was joining to, as well as the complete logs from that master with the err=68 in it. >> >> I'm not sure if this has anything to do with it, but inside the replica branch are already 2 sub branches for replication agreements. These agreements have what appears to be old ruvs for the server I am trying to join, however, because the ipa-replica-install clean-ruv command only applies to domain level 0, I cannot clean those ruvs... I also cannot lower my domain level back down to 0 so I can clean them. >> >> [root at dc2-ipa-dev-nvan slapd-DEV-GLOBALRELAY-NET]# ipa-replica-manage clean-ruv 14 >> No RUV records found. >> >> >> ==== LDAP SEARCH OF SECTION OF TREE THAT ADD FAILS ON ===== >> >> [root at dc2-ipa-dev-nvan slapd-MYDOMAIN-NET]# ldapsearch -D "cn=directory manager" -W -b "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" >> Enter LDAP Password: >> # extended LDIF >> # >> # LDAPv3 >> # base with scope subtree >> # filter: (objectclass=*) >> # requesting: ALL >> # >> >> # replica, dc\3Dmydomain\2Cdc\3Dnet, mapping tree, config >> dn: cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config >> cn: replica >> nsDS5Flags: 1 >> nsDS5ReplicaBindDN: cn=replication manager,cn=config >> nsDS5ReplicaBindDN: krbprincipalname=ldap/dc1-ipa-dev-nvan.mydomain.net >> @MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net >> nsDS5ReplicaBindDN: krbprincipalname=ldap/dc1-ipa-dev-van.mydomain.net@ >> MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net >> nsDS5ReplicaId: 15 >> nsDS5ReplicaName: 74d8b993-bcb911e5-ba5283c7-2a40cd64 >> nsDS5ReplicaRoot: dc=mydomain,dc=net >> nsDS5ReplicaType: 3 >> nsState:: DwAAAAAAAAC/OZ1WAAAAAAAAAAAAAAAAbAEAAAAAAAAAAAAAAAAAAA== >> nsds5ReplicaLegacyConsumer: off >> nsds5replicabinddngroup: cn=replication managers,cn=sysaccounts,cn=etc,dc=mydomain,dc=net >> nsds5replicabinddngroupcheckinterval: 60 >> objectClass: nsds5replica >> objectClass: top >> objectClass: extensibleobject >> nsds5ReplicaChangeCount: 37386 >> nsds5replicareapactive: 0 >> >> # meTodc1-ipa-dev-nvan.mydomain.net, replica, dc\3Dmydomain\2Cdc\ >> 3Dnet, mapping tree, config >> dn: cn=meTodc1-ipa-dev-nvan.mydomain.net,cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config >> cn: meTodc1-ipa-dev-nvan.mydomain.net >> description: me to dc1-ipa-dev-nvan.mydomain.net >> nsDS5ReplicaBindMethod: SASL/GSSAPI >> nsDS5ReplicaHost: dc1-ipa-dev-nvan.mydomain.net >> nsDS5ReplicaPort: 389 >> nsDS5ReplicaRoot: dc=mydomain,dc=net >> nsDS5ReplicaTransportInfo: LDAP >> nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial >> entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount >> nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts >> uccessfulauth krblastfailedauth krbloginfailedcount >> nsds50ruv: {replicageneration} 553fe9bb000000040000 >> nsds50ruv: {replica 16 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 569afd >> 26000000100000 569b9201002200100000 >> nsds50ruv: {replica 17 ldap://dc1-ipa-dev-van.mydomain.net:389} 569b124 >> b000000110000 569b91af000d00110000 >> nsds50ruv: {replica 15 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 569aee >> 040000000f0000 569b92010002000f0000 >> nsds50ruv: {replica 14 ldap://dc2-ipa-dev-van.mydomain.net:389} 569ae7b >> b0000000e0000 569b91320014000e0000 >> nsds5ReplicaEnabled: on >> nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in >> ternalModifyTimestamp >> nsds5replicaTimeout: 120 >> nsruvReplicaLastModified: {replica 16 ldap://dc1-ipa-dev-nvan.mydomain. >> net:389} 00000000 >> nsruvReplicaLastModified: {replica 17 ldap://dc1-ipa-dev-van.mydomain.n >> et:389} 00000000 >> nsruvReplicaLastModified: {replica 15 ldap://dc2-ipa-dev-nvan.mydomain. >> net:389} 00000000 >> nsruvReplicaLastModified: {replica 14 ldap://dc2-ipa-dev-van.mydomain.n >> et:389} 00000000 >> objectClass: nsds5replicationagreement >> objectClass: top >> objectClass: ipaReplTopoManagedAgreement >> ipaReplTopoManagedAgreementState: managed agreement - controlled by topology p >> lugin >> nsds5replicareapactive: 0 >> nsds5replicaLastUpdateStart: 20160118191523Z >> nsds5replicaLastUpdateEnd: 20160118191523Z >> nsds5replicaChangesSentSinceStartup:: MTU6Mjc0LzgyNzY5NiAxNDoxLzAgMTc6MTQvMCAx >> NjoyLzAg >> nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd >> ate succeeded >> nsds5replicaUpdateInProgress: FALSE >> nsds5replicaLastInitStart: 19700101000000Z >> nsds5replicaLastInitEnd: 19700101000000Z >> >> # meTodc1-ipa-dev-van.mydomain.net, replica, dc\3Dmydomain\2Cdc\3 >> Dnet, mapping tree, config >> dn: cn=meTodc1-ipa-dev-van.mydomain.net,cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config >> cn: meTodc1-ipa-dev-van.mydomain.net >> description: me to dc1-ipa-dev-van.mydomain.net >> nsDS5ReplicaBindMethod: SASL/GSSAPI >> nsDS5ReplicaHost: dc1-ipa-dev-van.mydomain.net >> nsDS5ReplicaPort: 389 >> nsDS5ReplicaRoot: dc=mydomain,dc=net >> nsDS5ReplicaTransportInfo: LDAP >> nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial >> entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount >> nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts >> uccessfulauth krblastfailedauth krbloginfailedcount >> nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in >> ternalModifyTimestamp >> nsds5replicaTimeout: 120 >> objectClass: nsds5replicationagreement >> objectClass: top >> objectClass: ipaReplTopoManagedAgreement >> ipaReplTopoManagedAgreementState: managed agreement - controlled by topology p >> lugin >> nsds50ruv: {replicageneration} 553fe9bb000000040000 >> nsds50ruv: {replica 17 ldap://dc1-ipa-dev-van.mydomain.net:389} 569b124 >> b000000110000 569b9201000500110000 >> nsds50ruv: {replica 16 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 569afd >> 26000000100000 569b918d004a00100000 >> nsds50ruv: {replica 15 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 569aee >> 040000000f0000 569b92010002000f0000 >> nsds50ruv: {replica 14 ldap://dc2-ipa-dev-van.mydomain.net:389} 569ae7b >> b0000000e0000 569b91320014000e0000 >> nsruvReplicaLastModified: {replica 17 ldap://dc1-ipa-dev-van.mydomain.n >> et:389} 00000000 >> nsruvReplicaLastModified: {replica 16 ldap://dc1-ipa-dev-nvan.mydomain. >> net:389} 00000000 >> nsruvReplicaLastModified: {replica 15 ldap://dc2-ipa-dev-nvan.mydomain. >> net:389} 00000000 >> nsruvReplicaLastModified: {replica 14 ldap://dc2-ipa-dev-van.mydomain.n >> et:389} 00000000 >> nsds5replicareapactive: 0 >> nsds5replicaLastUpdateStart: 20160118191523Z >> nsds5replicaLastUpdateEnd: 20160118191523Z >> nsds5replicaChangesSentSinceStartup:: MTU6MzY2LzE0MTg1NjkgMTY6OTYvMCAxNzoyLzAg >> nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd >> ate succeeded >> nsds5replicaUpdateInProgress: FALSE >> nsds5replicaLastInitStart: 19700101000000Z >> nsds5replicaLastInitEnd: 19700101000000Z >> >> # search result >> search: 2 >> result: 0 Success >> >> # numResponses: 4 >> # numEntries: 3 >> >> >> >> >> >> ===== LOGS FROM MASTER DURING REPLICA INSTALLATION ATTEMPT ==== >> >> [18/Jan/2016:09:27:54 -0800] conn=18695 fd=144 slot=144 connection from 10.21.0.98 to 10.178.0.98 >> [18/Jan/2016:09:27:54 -0800] conn=18695 op=0 BIND dn="" method=128 version=3 >> [18/Jan/2016:09:27:54 -0800] conn=18695 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="" >> [18/Jan/2016:09:27:54 -0800] conn=18695 op=1 SRCH base="" scope=0 filter="(objectClass=*)" attrs="namingContexts defaultnamingcontext" >> [18/Jan/2016:09:27:54 -0800] conn=18695 op=1 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=18695 op=2 SRCH base="dc=mydomain,dc=net" scope=0 filter="(info=IPA*)" attrs=ALL >> [18/Jan/2016:09:27:54 -0800] conn=18695 op=2 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=18695 op=3 SRCH base="cn=kerberos,dc=mydomain,dc=net" scope=2 filter="(objectClass=krbRealmContainer)" attrs=ALL >> [18/Jan/2016:09:27:54 -0800] conn=18695 op=3 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=14994 op=9086 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:27:54 -0800] conn=14994 op=9086 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=14994 op=9087 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:27:54 -0800] conn=14994 op=9087 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=14994 op=9088 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:27:54 -0800] conn=14994 op=9088 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=14994 op=9089 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:27:54 -0800] conn=14994 op=9089 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=7 op=36490 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:54 -0800] conn=7 op=36490 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=7 op=36491 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:54 -0800] conn=7 op=36491 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=7 op=36492 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:54 -0800] conn=7 op=36492 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=7 op=36493 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >> [18/Jan/2016:09:27:54 -0800] conn=7 op=36493 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38858 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38858 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38859 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38859 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38860 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38860 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38861 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38861 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38862 SRCH base="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38862 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38863 MOD dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38863 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22060000000f0000 >> [18/Jan/2016:09:27:54 -0800] conn=18696 fd=145 slot=145 connection from 10.21.0.98 to 10.178.0.98 >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38864 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38864 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38865 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38865 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38866 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38866 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38867 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38867 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38868 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38868 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=18696 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:54 -0800] conn=18696 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:54 -0800] conn=18696 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:54 -0800] conn=18696 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:54 -0800] conn=18696 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:54 -0800] conn=18696 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:54 -0800] conn=18696 op=3 SRCH base="cn=certificates,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaCertificate)(objectClass=pkiCA))" attrs="ipaKeyExtUsage cn ipaCertSubject ipaPublicKey cacertificate;binary ipaKeyTrust ipaCertIssuerSerial" >> [18/Jan/2016:09:27:54 -0800] conn=18696 op=3 RESULT err=0 tag=101 nentries=2 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=18696 op=4 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" >> [18/Jan/2016:09:27:54 -0800] conn=18696 op=4 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=18696 op=5 UNBIND >> [18/Jan/2016:09:27:54 -0800] conn=18696 op=5 fd=145 closed - U1 >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38869 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38869 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38870 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38870 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38871 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38871 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38872 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38872 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38873 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38873 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=3 op=82445 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:54 -0800] conn=3 op=82446 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:54 -0800] conn=3 op=82445 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82447 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82446 RESULT err=0 tag=101 nentries=1 etime=1 >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82447 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82448 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82448 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=13 op=56316 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:55 -0800] conn=13 op=56316 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=13 op=56317 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:55 -0800] conn=13 op=56317 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=13 op=56318 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:55 -0800] conn=13 op=56318 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=13 op=56319 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >> [18/Jan/2016:09:27:55 -0800] conn=13 op=56319 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36494 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36494 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=18697 fd=145 slot=145 connection from 10.21.5.248 to 10.178.0.98 >> [18/Jan/2016:09:27:55 -0800] conn=18697 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" >> [18/Jan/2016:09:27:55 -0800] conn=18697 op=0 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36495 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36495 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36496 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36496 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36497 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36497 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36498 SRCH base="cn=ad,cn=trusts,dc=mydomain,dc=net" scope=2 filter="(objectClass=ipaNTTrustedDomain)" attrs=ALL >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36499 SRCH base="dc=mydomain,dc=net" scope=2 filter="(objectClass=ipaNTDomainAttrs)" attrs="ipaNTFlatName ipaNTFallbackPrimaryGroup ipaNTSecurityIdentifier" >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36498 RESULT err=0 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36499 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36500 SRCH base="cn=Default SMB Group,cn=groups,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=posixGroup)" attrs="ipaNTSecurityIdentifier" >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36501 SRCH base="cn=ad,cn=trusts,dc=mydomain,dc=net" scope=2 filter="(objectClass=ipaNTTrustedDomain)" attrs="cn ipaNTTrustPartner ipaNTFlatName ipaNTTrustedDomainSID ipaNTSIDBlacklistIncoming ipaNTSIDBlacklistOutgoing" >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36500 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36501 RESULT err=0 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36502 SRCH base="krbprincipalname=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36502 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36503 SRCH base="cn=dc2-ipa-dev-nvan.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36503 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36504 MOD dn="krbprincipalname=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36504 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22070000000f0000 >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82449 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/fe1-gas-gasqa3-van.login.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/fe1-gas-gasqa3-van.login.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:55 -0800] conn=18698 fd=278 slot=278 connection from 10.178.0.98 to 10.178.0.98 >> [18/Jan/2016:09:27:55 -0800] conn=13 op=56320 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82449 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82450 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82450 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82451 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:55 -0800] conn=13 op=56320 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=13 op=56321 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82451 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82452 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82452 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=13 op=56321 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=13 op=56322 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:55 -0800] conn=13 op=56322 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=13 op=56323 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38874 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/fe1-gas-gasqa3-van.login.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/fe1-gas-gasqa3-van.login.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:55 -0800] conn=13 op=56323 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=13 op=56324 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:55 -0800] conn=13 op=56324 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38874 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38875 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38875 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38876 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38876 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38877 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38877 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38878 SRCH base="fqdn=fe1-gas-gasqa3-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38878 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38879 SRCH base="cn=fe1-gas-gasqa3-van.login.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38879 RESULT err=32 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38880 MOD dn="fqdn=fe1-gas-gasqa3-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=3 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=4 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=4 RESULT err=32 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=5 SRCH base="cn=computers,cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=ipaobject)(objectClass=nshost)(objectClass=ipahost)(objectClass=pkiuser)(objectClass=ipaservice))(serverHostName=dc2-ipa-dev-van.mydomain.net))" attrs="" >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=5 RESULT err=0 tag=101 nentries=0 etime=0 notes=U >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=6 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="macAddress memberofindirect description nsHardwarePlatform userCertificate ipaAllowedToPerform * l nsOsVersion fqdn managedBy ipaAssignedIDView memberOf krbPrincipalName nsHostLocation userClass aci" >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=6 RESULT err=32 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=7 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=7 RESULT err=32 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=8 SRCH base="cn=computers,cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=ipaobject)(objectClass=nshost)(objectClass=ipahost)(objectClass=pkiuser)(objectClass=ipaservice))(serverHostName=dc2-ipa-dev-van.mydomain.net))" attrs="" >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=8 RESULT err=0 tag=101 nentries=0 etime=0 notes=U >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=9 ADD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38880 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22070004000f0000 >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38881 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=9 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d22070008000f0000 >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38881 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38882 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=10 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="macAddress memberOf description nsHardwarePlatform objectClass ipaAllowedToPerform memberofindirect l nsOsVersion fqdn managedBy ipaAssignedIDView ipaUniqueID userCertificate krbPrincipalName nsHostLocation userClass" >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=10 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=11 SRCH base="dc=mydomain,dc=net" scope=2 filter="(|(member=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberUser=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberHost=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net))" attrs="" >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=11 RESULT err=0 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=12 SRCH base="cn=dns,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=12 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38882 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38883 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38883 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=13 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(userPassword=*)" attrs="userPassword" >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=13 RESULT err=0 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38884 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/fe1-gas-gasqa3-van.login.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38884 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=14 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(krbPrincipalKey=*)" attrs="krbPrincipalKey" >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=14 RESULT err=0 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38885 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38885 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=15 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaSshPubKey" >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=15 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=16 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaDefaultLoginShell ipaCertificateSubjectBase ipaUserSearchFields ipaSELinuxUserMapDefault ipaUserAuthType ipaDefaultPrimaryGroup ipaPwdExpAdvNotify ipaGroupSearchFields ipaDefaultEmailDomain ipaHomesRootDir ipaSearchTimeLimit ipaKrbAuthzData ipaMigrationEnabled ipaSearchRecordsLimit ipaConfigString ipaMaxUsernameLength ipaSELinuxUserMapOrder" >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=16 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=14994 op=9090 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:27:55 -0800] conn=14994 op=9090 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=18697 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:55 -0800] conn=18697 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:55 -0800] conn=14994 op=9091 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:27:55 -0800] conn=14994 op=9091 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=17 UNBIND >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=17 fd=278 closed - U1 >> [18/Jan/2016:09:27:55 -0800] conn=18697 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:55 -0800] conn=18697 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:55 -0800] conn=17562 op=144064 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:27:55 -0800] conn=17562 op=144064 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=18697 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:55 -0800] conn=18697 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=fe1-gas-gasqa3-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:55 -0800] conn=17562 op=144065 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:55 -0800] conn=18697 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2842)(!(entryusn=2842)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=fe1-gas-gasqa3-van.login.mydomain.net)(sudoHost=fe1-gas-gasqa3-van)(sudoHost=10.21.5.248)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:640b)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" >> [18/Jan/2016:09:27:55 -0800] conn=18697 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 >> [18/Jan/2016:09:27:55 -0800] conn=17562 op=144065 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7ac1000b00110000 >> [18/Jan/2016:09:27:55 -0800] conn=18699 fd=278 slot=278 connection from 10.21.0.98 to 10.178.0.98 >> [18/Jan/2016:09:27:55 -0800] conn=18699 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:55 -0800] conn=18699 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:55 -0800] conn=18699 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:55 -0800] conn=18699 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:55 -0800] conn=18699 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:55 -0800] conn=18699 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:55 -0800] conn=18699 op=3 EXT oid="2.16.840.1.113730.3.8.10.5" name="IPA Password Manager" >> [18/Jan/2016:09:27:55 -0800] conn=18699 op=3 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=18699 op=4 UNBIND >> [18/Jan/2016:09:27:55 -0800] conn=18699 op=4 fd=278 closed - U1 >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82453 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82453 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82454 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82454 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82455 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82455 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82456 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82456 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82457 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82457 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82458 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82458 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82459 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82459 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82460 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82460 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82461 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82461 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82462 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82462 RESULT err=32 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82463 MOD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82463 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22070012000f0000 >> [18/Jan/2016:09:27:55 -0800] conn=18695 op=4 UNBIND >> [18/Jan/2016:09:27:55 -0800] conn=18695 op=4 fd=144 closed - U1 >> [18/Jan/2016:09:27:56 -0800] conn=18683 op=7 UNBIND >> [18/Jan/2016:09:27:56 -0800] conn=18683 op=7 fd=277 closed - U1 >> [18/Jan/2016:09:27:56 -0800] conn=14994 op=9092 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:27:56 -0800] conn=14994 op=9092 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144066 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144066 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7c09001b00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144067 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144067 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7c09001c00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144068 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144068 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7da4000500110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144069 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144069 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7da4000600110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144070 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144070 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7ec8000e00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144071 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144071 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c804f000600110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144072 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144072 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c804f000700110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144073 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144073 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8169001900110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144074 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144074 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8169001a00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144075 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144075 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c82c6000600110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144076 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144076 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8416000800110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144077 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144077 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8416000900110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144078 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144078 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c854a000700110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144079 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144079 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c854a000800110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144080 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144080 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8696002500110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144081 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144081 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8696002600110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144082 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144082 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8833000d00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144083 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144083 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8833000e00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144084 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144084 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8964000f00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144085 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144085 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8ae4000600110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144086 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144086 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8c17000900110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144087 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144087 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8d72000500110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144088 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144088 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8ece000a00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144089 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144089 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9023001800110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144090 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144090 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9023001900110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144091 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144091 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9192001400110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144092 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144092 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9192001500110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144093 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144093 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c92e8000400110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144094 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144094 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9463000500110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144095 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144095 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c95c0000500110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144096 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144096 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c95c0000600110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144097 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144097 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c96de001100110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144098 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144098 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c989b000a00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144099 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144099 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c989b000b00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144100 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144100 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c99d4000c00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144101 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144101 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c99d4000d00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144102 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144102 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9b07000a00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144103 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144103 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9ca8000800110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144104 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144104 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9ca8000900110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144105 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144105 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9dca001500110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144106 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144106 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9f15001e00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144107 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144107 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9f15001f00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144108 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144108 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca0bf000a00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144109 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144109 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca0bf000b00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144110 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144110 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca21a000d00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144111 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144111 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca3a6001a00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144112 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144112 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca3a6001b00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144113 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144113 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca4f9000200110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144114 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144114 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca638001a00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144115 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144115 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca638001b00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144116 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144116 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca7b4000c00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144117 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144117 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca7b4000d00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144118 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144118 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca922000d00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144119 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144119 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca922000e00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144120 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144120 RESULT err=32 tag=103 nentries=0 etime=0 csn=569caa84000a00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144121 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144121 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cabf6000d00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144122 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144122 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cabf6000e00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144123 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144123 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cad23000800110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144124 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144124 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cae86001100110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144125 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144125 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cae86001200110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144126 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144126 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb02b000e00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144127 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144127 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb02b000f00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144128 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144128 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb19e000600110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144129 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144129 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb302000800110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144130 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144130 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb463000400110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144131 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144131 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb5b6002300110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144132 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144132 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb733000d00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144133 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144133 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb733000e00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144134 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144134 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb8a4000600110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144135 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144135 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cba11000900110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144136 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144136 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cba11000a00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144137 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144137 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbb52001a00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144138 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144138 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbcc4001c00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144139 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144139 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbcc4001d00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144140 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144140 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbe3a000f00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144141 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144141 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbfa9000500110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144142 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144142 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc10e001000110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144143 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144143 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc10e001100110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144144 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144144 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc240001e00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144145 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144145 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc3a0001000110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144146 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144146 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc3a0001100110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144147 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144147 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc543000d00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144148 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144148 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc6a5000f00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144149 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144149 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc6a5001000110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144150 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144150 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc80d001000110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144151 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144151 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc943000800110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144152 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144152 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cca94000e00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144153 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144153 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccc35001000110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144154 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144154 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccc35001100110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144155 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144155 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccd8a000600110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144156 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144156 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccec0000c00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144157 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144157 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccec0000d00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144158 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144158 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd040000700110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144159 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144159 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd040000800110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144160 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144160 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd185001200110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144161 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144161 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd33d000700110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144162 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144162 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd493000400110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144163 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144163 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd5ed000d00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144164 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144164 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd749000900110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144165 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144165 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd893000500110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144166 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144166 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cda30001600110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144167 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144167 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cda30001700110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144168 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144168 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdb92000a00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144169 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144169 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdcdc000500110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144170 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144170 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cde51000a00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144171 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144171 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdfab000f00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144172 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144172 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce157000700110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144173 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144173 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce2f5001000110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144174 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144174 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce2f5001100110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144175 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144175 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce42d000900110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144176 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144176 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce585000f00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144177 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144177 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce6cf003500110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144178 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144178 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce6cf003600110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144179 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144179 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce860000900110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144180 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144180 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce9ce000900110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144181 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144181 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ceaf9002400110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144182 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144182 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cec51002100110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144183 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144183 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cedb6000900110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144184 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144184 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cedb6000a00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144185 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144185 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cef2a000500110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144186 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144186 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf0af000800110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144187 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144187 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf1cc000c00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144188 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144188 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf1cc000d00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144189 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144189 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf359002000110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144190 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144190 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf4b4000700110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144191 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144191 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf4b4000800110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144192 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144192 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf625000a00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144193 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144193 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf625000b00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144194 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144194 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf7ba000500110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144195 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144195 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf8d4000a00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144196 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144196 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfa64001d00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144197 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144197 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfbb2000800110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144198 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144198 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfd39000700110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144199 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144199 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfed1000a00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144200 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144200 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cffea001000110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144201 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144201 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d018b000600110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144202 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144202 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d02cf001c00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144203 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144203 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d02cf001d00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144204 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144204 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0489001300110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144205 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144205 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d061e000a00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144206 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144206 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0792000200110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144207 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144207 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d092f001500110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144208 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144208 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d092f001600110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144209 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144209 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0a69000800110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144210 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144210 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0c05001200110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144211 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144211 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0d5b001600110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144212 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144212 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0f13000f00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144213 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144213 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0f13001000110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144214 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144214 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1087000b00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144215 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144215 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d121d000500110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144216 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144216 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d13a4001200110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144217 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144217 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d14d5000500110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144218 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144218 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1693000300110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144219 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144219 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d17c4000c00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144220 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144220 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d17c4000d00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144221 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144221 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d194d000900110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144222 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144222 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1add000400110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144223 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144223 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1bef000500110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144224 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144224 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1d9b000500110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144225 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144225 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1edb000900110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144226 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144226 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d206f000600110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144227 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144227 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d21f1000a00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144228 MOD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144228 RESULT err=0 tag=103 nentries=0 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144229 MOD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144229 RESULT err=0 tag=103 nentries=0 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=18700 fd=144 slot=144 connection from 10.178.0.98 to 10.178.0.98 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82464 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82464 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82465 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82465 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82466 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82466 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82467 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82467 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82468 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82468 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82469 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82469 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82470 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82470 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82471 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82471 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82472 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82472 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82473 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82473 RESULT err=32 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=18700 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:57 -0800] conn=18700 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:57 -0800] conn=18700 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:57 -0800] conn=18700 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:57 -0800] conn=18700 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:57 -0800] conn=18700 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=18700 op=3 UNBIND >> [18/Jan/2016:09:27:57 -0800] conn=18700 op=3 fd=144 closed - U1 >> [18/Jan/2016:09:27:57 -0800] conn=18701 fd=144 slot=144 connection from 10.178.0.98 to 10.178.0.98 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82474 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82474 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82475 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82475 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82476 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82476 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82477 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82477 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82478 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82478 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82479 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82479 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82480 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82480 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82481 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82481 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82482 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82482 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82483 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82483 RESULT err=32 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=18701 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:57 -0800] conn=18701 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:57 -0800] conn=18701 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:57 -0800] conn=18701 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:57 -0800] conn=18701 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:57 -0800] conn=18701 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=18701 op=3 UNBIND >> [18/Jan/2016:09:27:57 -0800] conn=18701 op=3 fd=144 closed - U1 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144230 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144230 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144231 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144231 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=18702 fd=144 slot=144 connection from 10.178.0.98 to 10.178.0.98 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82484 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144232 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144232 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7ac1000b00110000 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82484 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82485 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82485 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82486 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82486 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82487 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82487 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82488 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82488 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82489 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82489 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82490 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82490 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82491 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82491 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82492 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82492 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82493 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82493 RESULT err=32 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=18702 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:57 -0800] conn=18702 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:57 -0800] conn=18702 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:57 -0800] conn=18702 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:57 -0800] conn=18702 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:57 -0800] conn=18702 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=18702 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:27:57 -0800] conn=18702 op=3 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=18702 op=4 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=CA))" attrs=ALL >> [18/Jan/2016:09:27:57 -0800] conn=18702 op=4 RESULT err=0 tag=101 nentries=3 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=18702 op=5 UNBIND >> [18/Jan/2016:09:27:57 -0800] conn=18702 op=5 fd=144 closed - U1 >> [18/Jan/2016:09:27:57 -0800] conn=18703 fd=144 slot=144 connection from 10.21.0.98 to 10.178.0.98 >> [18/Jan/2016:09:27:57 -0800] conn=18703 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:57 -0800] conn=18703 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:57 -0800] conn=18703 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:57 -0800] conn=18703 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:57 -0800] conn=18703 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:57 -0800] conn=18703 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=18703 op=3 SRCH base="cn=certificates,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaCertificate)(objectClass=pkiCA))" attrs="ipaKeyExtUsage cn ipaCertSubject ipaPublicKey cacertificate;binary ipaKeyTrust ipaCertIssuerSerial" >> [18/Jan/2016:09:27:57 -0800] conn=18703 op=3 RESULT err=0 tag=101 nentries=2 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=18703 op=4 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" >> [18/Jan/2016:09:27:57 -0800] conn=18703 op=4 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=18513 op=5 UNBIND >> [18/Jan/2016:09:27:57 -0800] conn=18513 op=5 fd=153 closed - U1 >> [18/Jan/2016:09:27:57 -0800] conn=18704 fd=153 slot=153 connection from 10.178.59.236 to 10.178.0.98 >> [18/Jan/2016:09:27:57 -0800] conn=18704 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" >> [18/Jan/2016:09:27:57 -0800] conn=18704 op=0 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38886 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/hadoop1-mc-mcci1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/hadoop1-mc-mcci1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38886 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38887 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38887 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38888 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38888 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38889 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38889 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38890 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/hadoop1-mc-mcci1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/hadoop1-mc-mcci1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:57 -0800] conn=18703 op=5 UNBIND >> [18/Jan/2016:09:27:57 -0800] conn=18703 op=5 fd=144 closed - U1 >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38890 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38891 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38891 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38892 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38892 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38893 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38893 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38894 SRCH base="fqdn=hadoop1-mc-mcci1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38894 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38895 SRCH base="cn=hadoop1-mc-mcci1-nvan.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38895 RESULT err=32 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38896 MOD dn="fqdn=hadoop1-mc-mcci1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38896 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2209000e000f0000 >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38897 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:58 -0800] conn=6 op=38897 RESULT err=0 tag=101 nentries=1 etime=1 >> [18/Jan/2016:09:27:58 -0800] conn=6 op=38898 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:58 -0800] conn=6 op=38898 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:58 -0800] conn=6 op=38899 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:58 -0800] conn=6 op=38899 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:58 -0800] conn=6 op=38900 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/hadoop1-mc-mcci1-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:58 -0800] conn=6 op=38901 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:58 -0800] conn=6 op=38901 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:58 -0800] conn=6 op=38900 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:58 -0800] conn=18704 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:58 -0800] conn=18704 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:58 -0800] conn=18704 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:58 -0800] conn=18704 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:58 -0800] conn=18704 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:58 -0800] conn=18704 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=hadoop1-mc-mcci1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:58 -0800] conn=18704 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2)(!(entryusn=2)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=hadoop1-mc-mcci1-nvan.mydomain.net)(sudoHost=hadoop1-mc-mcci1-nvan)(sudoHost=10.178.59.236)(sudoHost=10.178.0.0/16)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" >> [18/Jan/2016:09:27:58 -0800] conn=18704 op=4 RESULT err=0 tag=101 nentries=7 etime=0 notes=P pr_idx=0 >> [18/Jan/2016:09:27:59 -0800] conn=18705 fd=144 slot=144 connection from 10.21.42.41 to 10.178.0.98 >> [18/Jan/2016:09:27:59 -0800] conn=18705 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" >> [18/Jan/2016:09:27:59 -0800] conn=18705 op=0 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38902 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/relay-sf-int-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/relay-sf-int-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38902 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38903 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38903 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38904 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38904 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38905 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38905 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=18706 fd=277 slot=277 connection from 10.21.0.98 to 10.178.0.98 >> [18/Jan/2016:09:27:59 -0800] conn=18706 op=-1 fd=277 closed - B1 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38906 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/relay-sf-int-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/relay-sf-int-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38906 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38907 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38907 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38908 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38908 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38909 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144233 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38909 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144233 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7c09001b00110000 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38910 SRCH base="fqdn=relay-sf-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38910 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38911 SRCH base="cn=relay-sf-int-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144234 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144234 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7c09001c00110000 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38911 RESULT err=32 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38912 MOD dn="fqdn=relay-sf-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144235 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38912 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b0000000f0000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144235 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7da4000500110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144236 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144236 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7da4000600110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144237 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144237 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7ec8000e00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144238 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144238 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c804f000600110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144239 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144239 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c804f000700110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144240 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144240 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8169001900110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144241 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144241 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8169001a00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144242 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144242 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c82c6000600110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144243 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144243 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8416000800110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144244 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144244 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8416000900110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144245 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144245 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c854a000700110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144246 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144246 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c854a000800110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144247 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144247 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8696002500110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144248 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144248 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8696002600110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144249 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144249 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8833000d00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144250 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144250 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8833000e00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144251 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144251 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8964000f00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144252 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144252 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8ae4000600110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144253 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144253 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8c17000900110000 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38913 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144254 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144254 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8d72000500110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144255 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144255 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8ece000a00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144256 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144256 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9023001800110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144257 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144257 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9023001900110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144258 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144258 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9192001400110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144259 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144259 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9192001500110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144260 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144260 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c92e8000400110000 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38913 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38914 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144261 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144261 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9463000500110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144262 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144262 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c95c0000500110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144263 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144263 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c95c0000600110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144264 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144264 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c96de001100110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144265 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144265 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c989b000a00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144266 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144266 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c989b000b00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144267 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144267 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c99d4000c00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144268 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144268 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c99d4000d00110000 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38914 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38915 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38915 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38916 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/relay-sf-int-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144269 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144269 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9b07000a00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144270 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144270 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9ca8000800110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144271 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144271 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9ca8000900110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144272 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144272 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9dca001500110000 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38916 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38917 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38917 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144273 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144273 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9f15001e00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144274 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144274 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9f15001f00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144275 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144275 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca0bf000a00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144276 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144276 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca0bf000b00110000 >> [18/Jan/2016:09:27:59 -0800] conn=18705 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144277 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144277 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca21a000d00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144278 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144278 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca3a6001a00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144279 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144279 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca3a6001b00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144280 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144280 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca4f9000200110000 >> [18/Jan/2016:09:27:59 -0800] conn=18705 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144281 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144281 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca638001a00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144282 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144282 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca638001b00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144283 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144283 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca7b4000c00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144284 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144284 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca7b4000d00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144285 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144285 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca922000d00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144286 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=3 op=82494 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:59 -0800] conn=18705 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:59 -0800] conn=18705 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144286 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca922000e00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144287 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144287 RESULT err=32 tag=103 nentries=0 etime=0 csn=569caa84000a00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144288 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144288 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cabf6000d00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144289 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144289 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cabf6000e00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144290 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144290 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cad23000800110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144291 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144291 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cae86001100110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144292 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144292 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cae86001200110000 >> [18/Jan/2016:09:27:59 -0800] conn=18705 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144293 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=3 op=82494 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144293 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb02b000e00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144294 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=18705 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=relay-sf-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144294 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb02b000f00110000 >> [18/Jan/2016:09:27:59 -0800] conn=3 op=82495 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=DNS/dc1-ipa-dev-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=DNS/dc1-ipa-dev-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144295 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=18705 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2842)(!(entryusn=2842)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=relay-sf-int-van.mydomain.net)(sudoHost=relay-sf-int-van)(sudoHost=10.21.42.41)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fea8:8002)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" >> [18/Jan/2016:09:27:59 -0800] conn=18705 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 >> [18/Jan/2016:09:27:59 -0800] conn=3 op=82495 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=3 op=82496 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:59 -0800] conn=3 op=82496 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=3 op=82497 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:59 -0800] conn=3 op=82497 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=3 op=82498 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:59 -0800] conn=3 op=82498 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144295 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb19e000600110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144296 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144296 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb302000800110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144297 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144297 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb463000400110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144298 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144298 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb5b6002300110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144299 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144299 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb733000d00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144300 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144300 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb733000e00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144301 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144301 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb8a4000600110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144302 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144302 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cba11000900110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144303 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144303 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cba11000a00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144304 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144304 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbb52001a00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144305 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144305 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbcc4001c00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144306 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144306 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbcc4001d00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144307 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144307 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbe3a000f00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144308 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144308 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbfa9000500110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144309 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144309 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc10e001000110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144310 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144310 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc10e001100110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144311 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144311 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc240001e00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144312 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144312 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc3a0001000110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144313 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144313 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc3a0001100110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144314 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144314 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc543000d00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144315 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144315 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc6a5000f00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144316 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144316 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc6a5001000110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144317 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144317 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc80d001000110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144318 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144318 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc943000800110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144319 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144319 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cca94000e00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144320 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144320 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccc35001000110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144321 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144321 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccc35001100110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144322 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144322 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccd8a000600110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144323 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144323 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccec0000c00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144324 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144324 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccec0000d00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144325 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144325 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd040000700110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144326 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144326 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd040000800110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144327 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144327 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd185001200110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144328 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144328 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd33d000700110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144329 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144329 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd493000400110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144330 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144330 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd5ed000d00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144331 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144331 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd749000900110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144332 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144332 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd893000500110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144333 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144333 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cda30001600110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144334 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144334 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cda30001700110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144335 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144335 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdb92000a00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144336 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144336 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdcdc000500110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144337 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144337 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cde51000a00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144338 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144338 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdfab000f00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144339 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144339 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce157000700110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144340 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144340 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce2f5001000110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144341 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144341 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce2f5001100110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144342 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144342 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce42d000900110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144343 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144343 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce585000f00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144344 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144344 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce6cf003500110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144345 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144345 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce6cf003600110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144346 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144346 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce860000900110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144347 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144347 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce9ce000900110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144348 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144348 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ceaf9002400110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144349 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144349 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cec51002100110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144350 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144350 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cedb6000900110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144351 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144351 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cedb6000a00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144352 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144352 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cef2a000500110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144353 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144353 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf0af000800110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144354 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144354 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf1cc000c00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144355 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144355 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf1cc000d00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144356 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144356 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf359002000110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144357 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144357 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf4b4000700110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144358 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144358 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf4b4000800110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144359 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144359 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf625000a00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144360 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144360 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf625000b00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144361 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144361 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf7ba000500110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144362 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144362 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf8d4000a00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144363 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144363 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfa64001d00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144364 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144364 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfbb2000800110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144365 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144365 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfd39000700110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144366 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144366 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfed1000a00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144367 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144367 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cffea001000110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144368 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144368 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d018b000600110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144369 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144369 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d02cf001c00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144370 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144370 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d02cf001d00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144371 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144371 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0489001300110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144372 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144372 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d061e000a00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144373 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144373 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0792000200110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144374 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144374 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d092f001500110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144375 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144375 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d092f001600110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144376 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144376 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0a69000800110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144377 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144377 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0c05001200110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144378 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144378 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0d5b001600110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144379 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144379 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0f13000f00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144380 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144380 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0f13001000110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144381 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144381 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1087000b00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144382 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144382 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d121d000500110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144383 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144383 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d13a4001200110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144384 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144384 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d14d5000500110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144385 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144385 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1693000300110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144386 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144386 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d17c4000c00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144387 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144387 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d17c4000d00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144388 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144388 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d194d000900110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144389 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144389 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1add000400110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144390 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144390 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1bef000500110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144391 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144391 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1d9b000500110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144392 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144392 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1edb000900110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144393 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144393 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d206f000600110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144394 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144394 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d21f1000a00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144395 ADD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144395 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d220b000500110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144396 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144396 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000600110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144397 MOD dn="idnsname=0.21.10.in-addr.arpa.,cn=dns,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144397 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000700110000 >> [18/Jan/2016:09:27:59 -0800] conn=18707 fd=277 slot=277 connection from 10.178.0.98 to 10.178.0.98 >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56325 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56325 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56326 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56326 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56327 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56327 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56328 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56328 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56329 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56329 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56330 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56330 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56331 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56331 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56332 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56332 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56333 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56333 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56334 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56334 RESULT err=32 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=3 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=4 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=4 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=5 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass" >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=5 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=6 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass ipaSshPubKey" >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=6 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=7 MOD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=7 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000c000f0000 >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=8 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="macAddress memberOf ipaSshPubKey description nsHardwarePlatform ipaAllowedToPerform memberofindirect l nsOsVersion fqdn managedBy ipaAssignedIDView userCertificate krbPrincipalName nsHostLocation userClass" >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=8 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=9 SRCH base="dc=mydomain,dc=net" scope=2 filter="(|(member=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberUser=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberHost=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net))" attrs="" >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=9 RESULT err=0 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=10 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(userPassword=*)" attrs="userPassword" >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=10 RESULT err=0 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=11 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(krbPrincipalKey=*)" attrs="krbPrincipalKey" >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=11 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=12 UNBIND >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=12 fd=277 closed - U1 >> [18/Jan/2016:09:27:59 -0800] conn=14994 op=9093 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:27:59 -0800] conn=14994 op=9093 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144398 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144398 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=273 op=207 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144399 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144399 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=273 op=207 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000e000f0000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144400 ADD dn="idnsName=98,idnsname=0.21.10.in-addr.arpa.,cn=dns,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144400 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d220b000800110000 >> [18/Jan/2016:09:27:59 -0800] conn=273 op=208 MOD dn="idnsname=0.21.10.in-addr.arpa.,cn=dns,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=273 op=208 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000f000f0000 >> [18/Jan/2016:09:28:01 -0800] conn=7882 op=1362 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf nsUniqueId modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock" >> [18/Jan/2016:09:28:01 -0800] conn=7882 op=1362 RESULT err=0 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:28:01 -0800] conn=7882 op=1363 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf nsUniqueId modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock" >> [18/Jan/2016:09:28:01 -0800] conn=7882 op=1363 RESULT err=0 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144401 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144401 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000f00110000 >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144402 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:01 -0800] conn=273 op=209 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144402 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001000110000 >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144403 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:01 -0800] conn=273 op=209 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d0002000f0000 >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144403 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001100110000 >> [18/Jan/2016:09:28:01 -0800] conn=273 op=210 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144404 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:01 -0800] conn=273 op=210 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d0004000f0000 >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144404 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001200110000 >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144405 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:01 -0800] conn=273 op=211 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144405 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001300110000 >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144406 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:01 -0800] conn=273 op=211 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d0006000f0000 >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144406 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001400110000 >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144407 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:01 -0800] conn=273 op=212 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144407 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001500110000 >> [18/Jan/2016:09:28:01 -0800] conn=273 op=212 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d0009000f0000 >> [18/Jan/2016:09:28:01 -0800] conn=273 op=213 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:01 -0800] conn=273 op=213 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d000b000f0000 >> [18/Jan/2016:09:28:01 -0800] conn=273 op=214 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:01 -0800] conn=273 op=214 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d000d000f0000 >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144408 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144408 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144409 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144409 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144410 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144410 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9094 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9094 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9095 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9095 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9096 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9096 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9097 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9097 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9098 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9098 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9099 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9099 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9100 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9100 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9101 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9101 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9102 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9102 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9103 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9103 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9104 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9104 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9105 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9105 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9106 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9106 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9107 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9107 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9108 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9108 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9109 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9109 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9110 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9110 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9111 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9111 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9112 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9112 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9113 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9113 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144411 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144411 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144412 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144412 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144413 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144413 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144414 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144414 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=18708 fd=277 slot=277 connection from 10.21.20.251 to 10.178.0.98 >> [18/Jan/2016:09:28:04 -0800] conn=18708 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" >> [18/Jan/2016:09:28:04 -0800] conn=18708 op=0 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=7 op=36505 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/spool2-ops-flex-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/spool2-ops-flex-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:04 -0800] conn=7 op=36505 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=7 op=36506 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:04 -0800] conn=7 op=36506 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=7 op=36507 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:04 -0800] conn=7 op=36507 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=7 op=36508 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >> [18/Jan/2016:09:28:04 -0800] conn=7 op=36508 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82499 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/spool2-ops-flex-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/spool2-ops-flex-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82499 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82500 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82500 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82501 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82501 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82502 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82502 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82503 SRCH base="fqdn=spool2-ops-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82503 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82504 SRCH base="cn=spool2-ops-flex-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82504 RESULT err=32 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82505 MOD dn="fqdn=spool2-ops-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82505 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22100000000f0000 >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82506 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82506 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82507 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82507 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82508 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82508 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82509 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/spool2-ops-flex-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82509 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82510 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82510 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=18708 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:04 -0800] conn=18708 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:04 -0800] conn=18708 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:04 -0800] conn=18708 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:04 -0800] conn=18708 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:04 -0800] conn=18708 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=spool2-ops-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:04 -0800] conn=18708 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2842)(!(entryusn=2842)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=spool2-ops-flex-van.mydomain.net)(sudoHost=spool2-ops-flex-van)(sudoHost=10.21.20.251)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:769c)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" >> [18/Jan/2016:09:28:04 -0800] conn=18708 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 >> [18/Jan/2016:09:28:04 -0800] conn=14994 op=9114 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:04 -0800] conn=14994 op=9114 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=14994 op=9115 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:04 -0800] conn=14994 op=9115 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144415 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144415 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144416 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144416 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144417 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144417 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144418 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144418 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:05 -0800] conn=17562 op=144419 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:05 -0800] conn=17562 op=144419 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:05 -0800] conn=17562 op=144420 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:05 -0800] conn=17562 op=144420 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:05 -0800] conn=17562 op=144421 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:05 -0800] conn=17562 op=144421 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:05 -0800] conn=17562 op=144422 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:05 -0800] conn=17562 op=144422 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:05 -0800] conn=18709 fd=278 slot=278 SSL connection from 10.21.0.98 to 10.178.0.98 >> [18/Jan/2016:09:28:05 -0800] conn=18709 TLS1.2 128-bit AES >> [18/Jan/2016:09:28:05 -0800] conn=18709 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:05 -0800] conn=18709 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:05 -0800] conn=18709 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:05 -0800] conn=18709 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:05 -0800] conn=18709 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:05 -0800] conn=18709 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:05 -0800] conn=18710 fd=279 slot=279 SSL connection from 10.21.0.98 to 10.178.0.98 >> [18/Jan/2016:09:28:05 -0800] conn=18710 TLS1.2 128-bit AES >> [18/Jan/2016:09:28:05 -0800] conn=18710 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:05 -0800] conn=18710 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:05 -0800] conn=18710 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:05 -0800] conn=18710 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:05 -0800] conn=18710 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:05 -0800] conn=18710 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:05 -0800] conn=18709 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:06 -0800] conn=18709 op=3 RESULT err=0 tag=101 nentries=1 etime=1 >> [18/Jan/2016:09:28:06 -0800] conn=18709 op=4 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" >> [18/Jan/2016:09:28:06 -0800] conn=18709 op=4 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:06 -0800] conn=18709 op=5 SRCH base="cn=Domain Level,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaDomainLevel" >> [18/Jan/2016:09:28:06 -0800] conn=18709 op=5 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:06 -0800] conn=18709 op=6 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" >> [18/Jan/2016:09:28:06 -0800] conn=18709 op=6 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:06 -0800] conn=18709 op=7 SRCH base="cn=hostgroups,cn=accounts,dc=mydomain,dc=net" scope=1 filter="(&(&(&(objectClass=ipaobject)(objectClass=ipahostgroup))(cn=ipaservers))(member=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net))" attrs="cn memberOf memberofindirect member memberindirect description" >> [18/Jan/2016:09:28:06 -0800] conn=18709 op=7 RESULT err=0 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:28:06 -0800] conn=18709 op=8 UNBIND >> [18/Jan/2016:09:28:06 -0800] conn=18709 op=8 fd=278 closed - U1 >> [18/Jan/2016:09:28:06 -0800] conn=18711 fd=278 slot=278 SSL connection from 10.21.0.98 to 10.178.0.98 >> [18/Jan/2016:09:28:06 -0800] conn=18711 TLS1.2 128-bit AES >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=3 SRCH base="cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="memberofindirect cn memberOf * member memberindirect description aci" >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=3 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=4 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=4 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=5 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(member=*)(memberOf=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net))" attrs="member" >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=5 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=6 SRCH base="dc=mydomain,dc=net" scope=2 filter="(|(member=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net)(memberUser=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net)(memberHost=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net))" attrs="" >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=6 RESULT err=0 tag=101 nentries=2 etime=0 >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=7 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=krbPrincipalAux)(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs=ALL >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=7 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=8 SRCH base="cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="cosPriority * nsAccountLock aci" >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=8 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=9 SRCH base="cn=ipaservers,cn=ng,cn=alt,dc=mydomain,dc=net" scope=0 filter="(objectClass=mepmanagedentry)" attrs="" >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=9 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=10 UNBIND >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=10 fd=278 closed - U1 >> [18/Jan/2016:09:28:06 -0800] conn=18712 fd=278 slot=278 SSL connection from 10.21.0.98 to 10.178.0.98 >> [18/Jan/2016:09:28:06 -0800] conn=18712 TLS1.2 128-bit AES >> [18/Jan/2016:09:28:06 -0800] conn=18712 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:06 -0800] conn=18515 op=6 UNBIND >> [18/Jan/2016:09:28:06 -0800] conn=18515 op=6 fd=166 closed - U1 >> [18/Jan/2016:09:28:06 -0800] conn=18712 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:06 -0800] conn=18712 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:06 -0800] conn=18712 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:06 -0800] conn=18712 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:06 -0800] conn=18712 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:06 -0800] conn=18712 op=3 SRCH base="cn=meTodc2-ipa-dev-van.mydomain.net,cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" scope=0 filter="(objectClass=*)" attrs="* aci" >> [18/Jan/2016:09:28:06 -0800] conn=18712 op=3 RESULT err=32 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:28:06 -0800] conn=18712 op=4 SRCH base="cn=replication managers,cn=sysaccounts,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:06 -0800] conn=18712 op=4 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:06 -0800] conn=18712 op=5 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" >> [18/Jan/2016:09:28:06 -0800] conn=18712 op=5 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=18712 op=6 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=DNS))" attrs=ALL >> [18/Jan/2016:09:28:07 -0800] conn=18712 op=6 RESULT err=0 tag=101 nentries=3 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=18712 op=7 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(ipaConfigString=enabledService)(cn=CA))" attrs=ALL >> [18/Jan/2016:09:28:07 -0800] conn=18712 op=7 RESULT err=0 tag=101 nentries=3 etime=0 notes=U >> [18/Jan/2016:09:28:07 -0800] conn=18712 op=8 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(ipaConfigString=enabledService)(cn=KRA))" attrs=ALL >> [18/Jan/2016:09:28:07 -0800] conn=18712 op=8 RESULT err=0 tag=101 nentries=0 etime=0 notes=U >> [18/Jan/2016:09:28:07 -0800] conn=18710 op=3 UNBIND >> [18/Jan/2016:09:28:07 -0800] conn=18710 op=3 fd=279 closed - U1 >> [18/Jan/2016:09:28:07 -0800] conn=18712 op=9 UNBIND >> [18/Jan/2016:09:28:07 -0800] conn=18712 op=9 fd=278 closed - U1 >> [18/Jan/2016:09:28:07 -0800] conn=18713 fd=166 slot=166 connection from 10.178.0.98 to 10.178.0.98 >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82511 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82511 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82512 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82512 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82513 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82513 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82514 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82514 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82515 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82515 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82516 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82516 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82517 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82517 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82518 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82518 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82519 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82519 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82520 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82520 RESULT err=32 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=18713 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:07 -0800] conn=18713 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:07 -0800] conn=18713 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:07 -0800] conn=18713 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:07 -0800] conn=18713 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:07 -0800] conn=18713 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:07 -0800] conn=18713 op=3 UNBIND >> [18/Jan/2016:09:28:07 -0800] conn=18713 op=3 fd=166 closed - U1 >> [18/Jan/2016:09:28:07 -0800] conn=18714 fd=166 slot=166 connection from 10.178.0.98 to 10.178.0.98 >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36509 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36509 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36510 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36510 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36511 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36511 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36512 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36512 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36513 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36513 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36514 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36514 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36515 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36515 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36516 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36516 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36517 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36517 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36518 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36518 RESULT err=32 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=18714 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:07 -0800] conn=18714 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:07 -0800] conn=18714 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:07 -0800] conn=18714 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:07 -0800] conn=18714 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:07 -0800] conn=18714 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:07 -0800] conn=18714 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:07 -0800] conn=18714 op=3 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=18714 op=4 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=DNS))" attrs=ALL >> [18/Jan/2016:09:28:07 -0800] conn=18714 op=4 RESULT err=0 tag=101 nentries=3 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=18714 op=5 UNBIND >> [18/Jan/2016:09:28:07 -0800] conn=18714 op=5 fd=166 closed - U1 >> [18/Jan/2016:09:28:07 -0800] conn=18715 fd=166 slot=166 connection from 10.21.0.98 to 10.178.0.98 >> [18/Jan/2016:09:28:07 -0800] conn=18715 op=-1 fd=166 closed - B1 >> [18/Jan/2016:09:28:07 -0800] conn=18716 fd=166 slot=166 SSL connection from 10.21.0.98 to 10.178.0.98 >> [18/Jan/2016:09:28:07 -0800] conn=18716 op=-1 fd=166 closed - Encountered end of file. >> [18/Jan/2016:09:28:07 -0800] conn=14994 op=9116 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:07 -0800] conn=14994 op=9116 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=14994 op=9117 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:07 -0800] conn=14994 op=9117 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:09 -0800] conn=18516 op=9 UNBIND >> [18/Jan/2016:09:28:09 -0800] conn=18516 op=9 fd=168 closed - U1 >> [18/Jan/2016:09:28:09 -0800] conn=18717 fd=166 slot=166 connection from 10.178.0.98 to 10.178.0.98 >> [18/Jan/2016:09:28:09 -0800] conn=13 op=56335 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:09 -0800] conn=13 op=56335 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:09 -0800] conn=13 op=56336 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:09 -0800] conn=13 op=56336 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:09 -0800] conn=13 op=56337 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:09 -0800] conn=13 op=56337 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:09 -0800] conn=13 op=56338 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:09 -0800] conn=13 op=56338 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:09 -0800] conn=13 op=56339 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:09 -0800] conn=13 op=56339 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:09 -0800] conn=13 op=56340 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" >> [18/Jan/2016:09:28:09 -0800] conn=13 op=56340 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:09 -0800] conn=13 op=56341 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:09 -0800] conn=13 op=56341 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:09 -0800] conn=13 op=56342 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:09 -0800] conn=13 op=56342 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:09 -0800] conn=13 op=56343 SRCH base="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:28:09 -0800] conn=13 op=56343 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:09 -0800] conn=18717 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:09 -0800] conn=18717 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:09 -0800] conn=18717 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:09 -0800] conn=18717 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:09 -0800] conn=18717 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:09 -0800] conn=18717 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:09 -0800] conn=18717 op=3 UNBIND >> [18/Jan/2016:09:28:09 -0800] conn=18717 op=3 fd=166 closed - U1 >> [18/Jan/2016:09:28:10 -0800] conn=18718 fd=166 slot=166 connection from 10.178.0.98 to 10.178.0.98 >> [18/Jan/2016:09:28:10 -0800] conn=13 op=56344 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:10 -0800] conn=13 op=56344 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=13 op=56345 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:10 -0800] conn=13 op=56345 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=13 op=56346 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:10 -0800] conn=13 op=56346 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=13 op=56347 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:10 -0800] conn=13 op=56347 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=13 op=56348 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:10 -0800] conn=13 op=56348 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=13 op=56349 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" >> [18/Jan/2016:09:28:10 -0800] conn=13 op=56349 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=13 op=56350 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:10 -0800] conn=13 op=56350 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=13 op=56351 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:10 -0800] conn=13 op=56351 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=13 op=56352 SRCH base="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:28:10 -0800] conn=13 op=56352 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=18718 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:10 -0800] conn=18718 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:10 -0800] conn=18718 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:10 -0800] conn=18718 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:10 -0800] conn=18718 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:10 -0800] conn=18718 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:10 -0800] conn=18718 op=3 UNBIND >> [18/Jan/2016:09:28:10 -0800] conn=18718 op=3 fd=166 closed - U1 >> [18/Jan/2016:09:28:10 -0800] conn=18719 fd=166 slot=166 connection from 10.178.0.98 to 10.178.0.98 >> [18/Jan/2016:09:28:10 -0800] conn=3 op=82521 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:10 -0800] conn=3 op=82521 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=3 op=82522 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:10 -0800] conn=3 op=82522 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=3 op=82523 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:10 -0800] conn=3 op=82523 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=3 op=82524 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:10 -0800] conn=3 op=82524 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=3 op=82525 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:10 -0800] conn=3 op=82525 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=3 op=82526 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" >> [18/Jan/2016:09:28:10 -0800] conn=3 op=82526 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=3 op=82527 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:10 -0800] conn=3 op=82527 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=3 op=82528 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:10 -0800] conn=3 op=82528 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=3 op=82529 SRCH base="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:28:10 -0800] conn=3 op=82529 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=18719 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:10 -0800] conn=18719 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:10 -0800] conn=18719 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:10 -0800] conn=18719 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:10 -0800] conn=18719 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:10 -0800] conn=18719 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:10 -0800] conn=18719 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:10 -0800] conn=18719 op=3 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=18719 op=4 SRCH base="cn=dc2-ipa-dev-nvan.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" >> [18/Jan/2016:09:28:10 -0800] conn=18719 op=4 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=18719 op=5 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(memberOf=cn=Replication Administrators,cn=privileges,cn=pbac,dc=mydomain,dc=net)(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs=ALL >> [18/Jan/2016:09:28:10 -0800] conn=18719 op=5 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:11 -0800] conn=18719 op=6 UNBIND >> [18/Jan/2016:09:28:11 -0800] conn=18719 op=6 fd=166 closed - U1 >> [18/Jan/2016:09:28:11 -0800] conn=17562 op=144423 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:11 -0800] conn=17562 op=144423 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:11 -0800] conn=17562 op=144424 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:11 -0800] conn=17562 op=144424 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:11 -0800] conn=17562 op=144425 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:11 -0800] conn=17562 op=144425 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:11 -0800] conn=17562 op=144426 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:11 -0800] conn=17562 op=144426 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:12 -0800] conn=18720 fd=166 slot=166 SSL connection from 10.21.0.98 to 10.178.0.98 >> [18/Jan/2016:09:28:12 -0800] conn=18720 TLS1.2 128-bit AES >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=3 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=3 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=4 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=4 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=5 MOD dn="cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=5 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22180003000f0000 >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=6 SRCH base="cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="cn memberOf memberofindirect member memberindirect description" >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=6 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=7 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" >> [18/Jan/2016:09:28:12 -0800] conn=14994 op=9118 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:12 -0800] conn=14994 op=9118 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:12 -0800] conn=14994 op=9119 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:12 -0800] conn=14994 op=9119 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:12 -0800] conn=14994 op=9120 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:12 -0800] conn=14994 op=9120 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:12 -0800] conn=14994 op=9121 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:12 -0800] conn=14994 op=9121 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:12 -0800] conn=17562 op=144427 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:12 -0800] conn=17562 op=144427 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:12 -0800] conn=17562 op=144428 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:12 -0800] conn=17562 op=144428 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:12 -0800] conn=17562 op=144429 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:12 -0800] conn=17562 op=144429 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:12 -0800] conn=17562 op=144430 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:12 -0800] conn=17562 op=144430 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=7 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=8 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(member=*)(memberOf=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net))" attrs="member" >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=8 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=9 SRCH base="dc=mydomain,dc=net" scope=2 filter="(|(member=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net)(memberUser=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net)(memberHost=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net))" attrs="" >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=9 RESULT err=0 tag=101 nentries=2 etime=0 >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=10 SRCH base="cn=ipaservers,cn=ng,cn=alt,dc=mydomain,dc=net" scope=0 filter="(objectClass=mepmanagedentry)" attrs="" >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=10 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=11 UNBIND >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=11 fd=166 closed - U1 >> [18/Jan/2016:09:28:13 -0800] conn=14994 op=9122 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:13 -0800] conn=14994 op=9122 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:13 -0800] conn=14994 op=9123 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:13 -0800] conn=14994 op=9123 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:13 -0800] conn=18721 fd=166 slot=166 connection from 10.21.0.98 to 10.178.0.98 >> [18/Jan/2016:09:28:13 -0800] conn=18721 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:13 -0800] conn=18721 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:13 -0800] conn=18721 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:13 -0800] conn=18721 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:13 -0800] conn=18721 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:13 -0800] conn=18721 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:13 -0800] conn=18721 op=3 SRCH base="cn=cacert,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(cacertificate;binary=*)" attrs="cacertificate;binary" >> [18/Jan/2016:09:28:13 -0800] conn=18721 op=3 RESULT err=0 tag=101 nentries=1 etime=0 notes=U >> [18/Jan/2016:09:28:13 -0800] conn=18721 op=-1 fd=166 closed - B1 >> [18/Jan/2016:09:28:15 -0800] conn=18722 fd=166 slot=166 connection from 10.21.31.31 to 10.178.0.98 >> [18/Jan/2016:09:28:15 -0800] conn=18722 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" >> [18/Jan/2016:09:28:15 -0800] conn=18722 op=0 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56353 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/fe1-gas-salqa1-van.login.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/fe1-gas-salqa1-van.login.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56353 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56354 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56354 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56355 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56355 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56356 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56356 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56357 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/fe1-gas-salqa1-van.login.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/fe1-gas-salqa1-van.login.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56357 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56358 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56358 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56359 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56359 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56360 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56360 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56361 SRCH base="fqdn=fe1-gas-salqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56361 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56362 SRCH base="cn=fe1-gas-salqa1-van.login.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56362 RESULT err=32 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56363 MOD dn="fqdn=fe1-gas-salqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56363 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d221b0000000f0000 >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56364 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56364 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56365 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56365 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56366 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56366 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56367 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/fe1-gas-salqa1-van.login.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56367 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56368 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56368 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:15 -0800] conn=18722 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:15 -0800] conn=18722 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:15 -0800] conn=18722 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:15 -0800] conn=18722 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:15 -0800] conn=18722 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:15 -0800] conn=18722 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=fe1-gas-salqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:15 -0800] conn=18722 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2842)(!(entryusn=2842)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=fe1-gas-salqa1-van.login.mydomain.net)(sudoHost=fe1-gas-salqa1-van)(sudoHost=10.21.31.31)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:3fd2)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" >> [18/Jan/2016:09:28:15 -0800] conn=18722 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 >> [18/Jan/2016:09:28:16 -0800] conn=18723 fd=168 slot=168 connection from 10.21.23.93 to 10.178.0.98 >> [18/Jan/2016:09:28:16 -0800] conn=18723 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" >> [18/Jan/2016:09:28:16 -0800] conn=18723 op=0 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82530 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/collector2-sal-cpqa1-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/collector2-sal-cpqa1-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82530 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82531 SRCH base="cn=ipaConfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaConfigString ipaKrbAuthzData ipaUserAuthType" >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82531 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82532 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82532 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82533 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82533 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82534 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82534 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:16 -0800] conn=13 op=56369 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/collector2-sal-cpqa1-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/collector2-sal-cpqa1-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:16 -0800] conn=13 op=56369 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:16 -0800] conn=13 op=56370 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:16 -0800] conn=13 op=56370 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:16 -0800] conn=13 op=56371 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:16 -0800] conn=13 op=56371 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:16 -0800] conn=13 op=56372 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >> [18/Jan/2016:09:28:16 -0800] conn=13 op=56372 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:16 -0800] conn=13 op=56373 SRCH base="fqdn=collector2-sal-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:28:16 -0800] conn=13 op=56373 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:16 -0800] conn=13 op=56374 SRCH base="cn=collector2-sal-cpqa1-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:16 -0800] conn=13 op=56374 RESULT err=32 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:28:16 -0800] conn=13 op=56375 MOD dn="fqdn=collector2-sal-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:16 -0800] conn=13 op=56375 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d221c0000000f0000 >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82535 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82535 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82536 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82536 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82537 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82537 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82538 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/collector2-sal-cpqa1-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82538 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82539 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82539 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:16 -0800] conn=18723 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:16 -0800] conn=18723 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:16 -0800] conn=18723 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:16 -0800] conn=18723 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:16 -0800] conn=18723 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:16 -0800] conn=18723 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=collector2-sal-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:16 -0800] conn=18723 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2842)(!(entryusn=2842)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=collector2-sal-cpqa1-van.mydomain.net)(sudoHost=collector2-sal-cpqa1-van)(sudoHost=10.21.23.93)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:6b78)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" >> [18/Jan/2016:09:28:16 -0800] conn=18723 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 >> [18/Jan/2016:09:28:17 -0800] conn=14994 op=9124 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:17 -0800] conn=14994 op=9124 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:17 -0800] conn=14994 op=9125 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:17 -0800] conn=14994 op=9125 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:17 -0800] conn=14994 op=9126 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:17 -0800] conn=14994 op=9126 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:17 -0800] conn=14994 op=9127 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:17 -0800] conn=14994 op=9127 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:17 -0800] conn=17562 op=144431 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:17 -0800] conn=17562 op=144431 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:17 -0800] conn=17562 op=144432 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:17 -0800] conn=17562 op=144432 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:17 -0800] conn=17562 op=144433 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:17 -0800] conn=17562 op=144433 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:17 -0800] conn=17562 op=144434 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:17 -0800] conn=17562 op=144434 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:17 -0800] conn=18724 fd=278 slot=278 connection from 10.21.5.241 to 10.178.0.98 >> [18/Jan/2016:09:28:17 -0800] conn=18724 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" >> [18/Jan/2016:09:28:17 -0800] conn=18724 op=0 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:17 -0800] conn=18724 op=1 UNBIND >> [18/Jan/2016:09:28:17 -0800] conn=18724 op=1 fd=278 closed - U1 >> [18/Jan/2016:09:28:17 -0800] conn=18725 fd=278 slot=278 connection from 10.21.5.241 to 10.178.0.98 >> [18/Jan/2016:09:28:17 -0800] conn=18725 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" >> [18/Jan/2016:09:28:17 -0800] conn=18725 op=0 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:18 -0800] conn=14994 op=9128 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:18 -0800] conn=14994 op=9128 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:18 -0800] conn=14994 op=9129 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:18 -0800] conn=14994 op=9129 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:18 -0800] conn=18725 op=1 UNBIND >> [18/Jan/2016:09:28:18 -0800] conn=18725 op=1 fd=278 closed - U1 >> [18/Jan/2016:09:28:18 -0800] conn=14994 op=9130 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:18 -0800] conn=14994 op=9130 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:18 -0800] conn=14994 op=9131 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:18 -0800] conn=14994 op=9131 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:21 -0800] conn=15599 op=565 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(gidNumber=10002)(objectClass=posixGroup)(cn=*)(&(gidNumber=*)(!(gidNumber=0))))" attrs="objectClass cn userPassword gidNumber member nsUniqueId modifyTimestamp entryusn" >> [18/Jan/2016:09:28:21 -0800] conn=15599 op=565 RESULT err=0 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:28:21 -0800] conn=17562 op=144435 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:21 -0800] conn=17562 op=144435 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:21 -0800] conn=17562 op=144436 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:21 -0800] conn=17562 op=144436 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:21 -0800] conn=17562 op=144437 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:21 -0800] conn=17562 op=144437 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:21 -0800] conn=17562 op=144438 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:21 -0800] conn=17562 op=144438 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9132 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9132 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9133 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9133 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9134 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9134 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9135 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9135 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=18726 fd=278 slot=278 connection from 10.178.0.98 to 10.178.0.98 >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56376 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56376 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56377 SRCH base="cn=ipaConfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaConfigString ipaKrbAuthzData ipaUserAuthType" >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56377 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56378 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56378 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56379 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56379 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56380 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56380 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56381 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56381 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56382 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56382 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56383 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56383 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56384 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56384 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56385 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56385 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56386 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56386 RESULT err=32 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=18726 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:22 -0800] conn=18726 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:22 -0800] conn=18726 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:22 -0800] conn=18726 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:22 -0800] conn=18726 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:22 -0800] conn=18726 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:22 -0800] conn=18726 op=3 UNBIND >> [18/Jan/2016:09:28:22 -0800] conn=18726 op=3 fd=278 closed - U1 >> [18/Jan/2016:09:28:22 -0800] conn=18727 fd=278 slot=278 connection from 10.178.0.98 to 10.178.0.98 >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82540 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82540 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82541 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82541 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82542 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82542 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82543 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82543 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82544 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82544 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82545 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82545 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82546 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82546 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82547 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82547 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82548 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82548 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82549 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82549 RESULT err=32 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=3 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=4 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=4 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=5 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="macAddress memberOf description nsHardwarePlatform ipaAllowedToPerform memberofindirect l nsOsVersion fqdn managedBy ipaAssignedIDView userCertificate krbPrincipalName nsHostLocation userClass" >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=5 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=6 SRCH base="dc=mydomain,dc=net" scope=2 filter="(|(member=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberUser=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberHost=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net))" attrs="" >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=6 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=7 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(userPassword=*)" attrs="userPassword" >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=7 RESULT err=0 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=8 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(krbPrincipalKey=*)" attrs="krbPrincipalKey" >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=8 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=9 SRCH base="cn=ipaservers,cn=ng,cn=alt,dc=mydomain,dc=net" scope=0 filter="(objectClass=mepmanagedentry)" attrs="" >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=9 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=10 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaSshPubKey" >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=10 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=11 ADD dn="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=11 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d22220006000f0000 >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=12 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="memberOf ipaKrbAuthzData objectClass userCertificate managedBy ipaUniqueID ipaAllowedToPerform krbPrincipalName" >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=12 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=13 UNBIND >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=13 fd=278 closed - U1 >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9136 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9136 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9137 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9137 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=17562 op=144439 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:22 -0800] conn=17562 op=144439 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=17562 op=144440 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:22 -0800] conn=17562 op=144440 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=18728 fd=278 slot=278 connection from 10.21.0.98 to 10.178.0.98 >> [18/Jan/2016:09:28:22 -0800] conn=18728 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:22 -0800] conn=18728 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:22 -0800] conn=18728 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:22 -0800] conn=18728 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:22 -0800] conn=18728 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:22 -0800] conn=18728 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:22 -0800] conn=18728 op=3 EXT oid="2.16.840.1.113730.3.8.10.5" name="IPA Password Manager" >> [18/Jan/2016:09:28:22 -0800] conn=18728 op=3 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=18728 op=4 UNBIND >> [18/Jan/2016:09:28:22 -0800] conn=18728 op=4 fd=278 closed - U1 >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9138 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9138 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9139 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9139 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9140 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9140 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9141 MOD dn="cn=repl keep alive 16,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9141 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2222000e00100000 >> [18/Jan/2016:09:28:23 -0800] conn=18729 fd=278 slot=278 connection from 10.178.0.98 to 10.178.0.98 >> [18/Jan/2016:09:28:23 -0800] conn=7 op=36519 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:23 -0800] conn=7 op=36519 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=7 op=36520 SRCH base="cn=ipaConfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaConfigString ipaKrbAuthzData ipaUserAuthType" >> [18/Jan/2016:09:28:23 -0800] conn=7 op=36520 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=7 op=36521 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:23 -0800] conn=7 op=36521 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=7 op=36522 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:23 -0800] conn=7 op=36522 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=7 op=36523 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:23 -0800] conn=7 op=36523 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=7 op=36524 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:23 -0800] conn=7 op=36524 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=3 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=4 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=CA))" attrs=ALL >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=4 RESULT err=0 tag=101 nentries=3 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=5 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=krbPrincipalAux)(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs=ALL >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=5 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=6 SRCH base="cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass" >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=6 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=7 SRCH base="cn=caacls,cn=ca,dc=mydomain,dc=net" scope=1 filter="(&(objectClass=ipaassociation)(objectClass=ipacaacl))" attrs="serviceCategory cn ipaMemberCertProfile ipaMemberCa ipaCertProfileCategory memberUser userCategory hostCategory memberHost ipaEnabledFlag ipaCaCategory memberService description" >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=7 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=8 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaKrbAuthzData userCertificate ipaAllowedToPerform * managedBy memberOf krbPrincipalName aci" >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=8 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=9 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(krbPrincipalKey=*)" attrs="krbPrincipalKey" >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=9 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=10 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=krbPrincipalAux)(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs=ALL >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=10 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=11 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="userCertificate" >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=11 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=67 op=539 SRCH base="cn=7,ou=certificateRepository,ou=ca,o=ipaca" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:23 -0800] conn=67 op=539 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=217 op=10 SRCH base="ou=People,o=ipaca" scope=2 filter="(description=2;7;CN=Certificate Authority,O=MYDOMAIN.NET;CN=IPA RA,O=MYDOMAIN.NET)" attrs=ALL >> [18/Jan/2016:09:28:23 -0800] conn=217 op=10 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=217 op=11 SRCH base="cn=Registration Manager Agents,ou=groups,o=ipaca" scope=0 filter="(uniqueMember=uid=ipara,ou=people,o=ipaca)" attrs="cn" >> [18/Jan/2016:09:28:23 -0800] conn=217 op=11 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=67 op=540 ADD dn="cn=99990009,ou=ca,ou=requests,o=ipaca" >> [18/Jan/2016:09:28:23 -0800] conn=67 op=540 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d2323000004470000 >> [18/Jan/2016:09:28:23 -0800] conn=67 op=541 ADD dn="cn=2684289033,ou=certificateRepository,ou=ca,o=ipaca" >> [18/Jan/2016:09:28:23 -0800] conn=67 op=541 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d2323000104470000 >> [18/Jan/2016:09:28:23 -0800] conn=67 op=542 MOD dn="cn=99990009,ou=ca,ou=requests,o=ipaca" >> [18/Jan/2016:09:28:23 -0800] conn=17562 op=144441 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:23 -0800] conn=17562 op=144441 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=67 op=542 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2323000304470000 >> [18/Jan/2016:09:28:23 -0800] conn=67 op=543 SRCH base="cn=99990009,ou=ca,ou=requests,o=ipaca" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:23 -0800] conn=67 op=543 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=67 op=544 MOD dn="ou=ca,ou=requests,o=ipaca" >> [18/Jan/2016:09:28:23 -0800] conn=18730 fd=281 slot=281 connection from 10.178.0.99 to 10.178.0.98 >> [18/Jan/2016:09:28:23 -0800] conn=67 op=544 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2323000504470000 >> [18/Jan/2016:09:28:23 -0800] conn=18730 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=12 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=CA))" attrs=ALL >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=12 RESULT err=0 tag=101 nentries=3 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18730 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=13 SRCH base="cn=caIPAserviceCert,cn=certprofiles,cn=ca,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="cn ipaCertProfileStoreIssued description" >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=13 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=14 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="userCertificate" >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=14 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18731 fd=282 slot=282 connection from 10.21.0.99 to 10.178.0.98 >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=15 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=CA))" attrs=ALL >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=15 RESULT err=0 tag=101 nentries=3 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18731 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=16 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=CA))" attrs=ALL >> [18/Jan/2016:09:28:23 -0800] conn=18731 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=16 RESULT err=0 tag=101 nentries=3 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=17 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="userCertificate" >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=17 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18731 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:23 -0800] conn=18731 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=18 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="userCertificate" >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=18 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=19 MOD dn="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:23 -0800] conn=18731 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:23 -0800] conn=18731 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="krbprincipalname=ldap/dc1-ipa-dev-van.mydomain.net at mydomain.net,cn=services,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=19 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22230001000f0000 >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=20 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaKrbAuthzData userCertificate ipaAllowedToPerform managedBy memberOf krbPrincipalName" >> [18/Jan/2016:09:28:23 -0800] conn=18731 op=3 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension" >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=20 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18731 op=3 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18731 op=4 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension" >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=21 UNBIND >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=21 fd=278 closed - U1 >> [18/Jan/2016:09:28:23 -0800] conn=18731 op=4 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18731 op=5 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:23 -0800] conn=18731 op=5 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18731 op=6 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:23 -0800] conn=18731 op=6 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:27 -0800] conn=17562 op=144442 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:27 -0800] conn=17562 op=144442 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:28 -0800] conn=18730 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:28 -0800] conn=18730 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:28 -0800] conn=18730 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:28 -0800] conn=18730 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="krbprincipalname=ldap/dc1-ipa-dev-nvan.mydomain.net at mydomain.net,cn=services,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:28 -0800] conn=18730 op=3 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension" >> [18/Jan/2016:09:28:28 -0800] conn=18730 op=3 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:28 -0800] conn=18730 op=4 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension" >> [18/Jan/2016:09:28:28 -0800] conn=18730 op=4 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:28 -0800] conn=18730 op=5 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:28 -0800] conn=18730 op=5 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:28 -0800] conn=18730 op=6 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:28 -0800] conn=18730 op=6 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:28 -0800] conn=14994 op=9142 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:28 -0800] conn=14994 op=9142 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:28 -0800] conn=14994 op=9143 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:28 -0800] conn=14994 op=9143 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:28 -0800] conn=14994 op=9144 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:28 -0800] conn=14994 op=9144 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:29 -0800] conn=17562 op=144443 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:29 -0800] conn=17562 op=144443 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:29 -0800] conn=17562 op=144444 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:29 -0800] conn=17562 op=144444 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:30 -0800] conn=18656 op=5 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2842)(!(entryusn=2842)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=spool1-googleapps-flex-van.mydomain.net)(sudoHost=spool1-googleapps-flex-van)(sudoHost=10.21.32.201)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:2c30)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" >> [18/Jan/2016:09:28:30 -0800] conn=18656 op=5 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 >> [18/Jan/2016:09:28:30 -0800] conn=18519 op=5 UNBIND >> [18/Jan/2016:09:28:30 -0800] conn=18519 op=5 fd=77 closed - U1 >> [18/Jan/2016:09:28:32 -0800] conn=18732 fd=77 slot=77 connection from 10.21.0.98 to 10.178.0.98 >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=3 SRCH base="cn=replication,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=3 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=4 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=4 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:32 -0800] conn=17562 op=144445 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:32 -0800] conn=17562 op=144445 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:32 -0800] conn=17562 op=144446 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:32 -0800] conn=17562 op=144446 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:32 -0800] conn=17562 op=144447 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:32 -0800] conn=17562 op=144447 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:32 -0800] conn=17562 op=144448 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:32 -0800] conn=17562 op=144448 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=5 MOD dn="cn=replication,cn=etc,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=5 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d222c0007000f0000 >> [18/Jan/2016:09:28:32 -0800] conn=14994 op=9145 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:32 -0800] conn=14994 op=9145 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:32 -0800] conn=14994 op=9146 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:32 -0800] conn=14994 op=9146 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:32 -0800] conn=17562 op=144449 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:32 -0800] conn=17562 op=144449 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:32 -0800] conn=17562 op=144450 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:32 -0800] conn=17562 op=144450 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:33 -0800] conn=18732 op=6 SRCH base="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:33 -0800] conn=18732 op=6 RESULT err=0 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:28:33 -0800] conn=18732 op=7 SRCH base="cn=replication,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:33 -0800] conn=18732 op=7 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:33 -0800] conn=18732 op=8 MOD dn="cn=replication,cn=etc,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:33 -0800] conn=18732 op=8 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d222d0000000f0000 >> [18/Jan/2016:09:28:33 -0800] conn=18732 op=9 SRCH base="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:33 -0800] conn=18732 op=9 RESULT err=0 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 ADD dn="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" >> [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 RESULT err=68 tag=105 nentries=0 etime=0 >> [18/Jan/2016:09:28:33 -0800] conn=18732 op=11 UNBIND >> [18/Jan/2016:09:28:33 -0800] conn=18732 op=11 fd=77 closed - U1 >> [18/Jan/2016:09:28:33 -0800] conn=18733 fd=77 slot=77 connection from 10.178.6.56 to 10.178.0.98 >> [18/Jan/2016:09:28:33 -0800] conn=18733 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" >> [18/Jan/2016:09:28:33 -0800] conn=18733 op=0 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:33 -0800] conn=3 op=82550 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:33 -0800] conn=3 op=82550 RESULT err=0 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:28:33 -0800] conn=18733 op=1 UNBIND >> [18/Jan/2016:09:28:33 -0800] conn=18733 op=1 fd=77 closed - U1 >> [18/Jan/2016:09:28:33 -0800] conn=18734 fd=77 slot=77 connection from 10.178.6.56 to 10.178.0.98 >> [18/Jan/2016:09:28:33 -0800] conn=18734 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" >> [18/Jan/2016:09:28:33 -0800] conn=18734 op=0 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:33 -0800] conn=7 op=36525 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:33 -0800] conn=7 op=36525 RESULT err=0 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:28:33 -0800] conn=18734 op=1 UNBIND >> [18/Jan/2016:09:28:33 -0800] conn=18734 op=1 fd=77 closed - U1 >> [18/Jan/2016:09:28:33 -0800] conn=7 op=36526 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:33 -0800] conn=7 op=36526 RESULT err=0 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:28:33 -0800] conn=18735 fd=77 slot=77 connection from 10.178.6.56 to 10.178.0.98 >> [18/Jan/2016:09:28:33 -0800] conn=18735 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" >> [18/Jan/2016:09:28:33 -0800] conn=18735 op=0 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:33 -0800] conn=7 op=36527 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:33 -0800] conn=7 op=36527 RESULT err=0 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:28:33 -0800] conn=18735 op=1 UNBIND >> [18/Jan/2016:09:28:33 -0800] conn=18735 op=1 fd=77 closed - U1 >> [18/Jan/2016:09:28:34 -0800] conn=14994 op=9147 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:34 -0800] conn=14994 op=9147 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:34 -0800] conn=14994 op=9148 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:34 -0800] conn=17562 op=144451 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:34 -0800] conn=17562 op=144451 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:34 -0800] conn=14994 op=9148 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:36 -0800] conn=18520 op=5 UNBIND >> >> -----Original Message----- >> From: Petr Vobornik [mailto:pvoborni at redhat.com] >> Sent: January-18-16 10:30 AM >> To: Nathan Peters; Rob Crittenden; freeipa-users at redhat.com >> Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists >> >> On 01/18/2016 07:10 PM, Nathan Peters wrote: >>> This is FreeIPA 4.3.0. There is no master generating the prepare file (unless its still handled in the background invisibly to the user). >> Right. But the replica installer picks some server as a master. >> >> Ipa-replica-install is run directly from an unjoined client (or joined >> client, I have tried both). >>> However, after tracking the logs of all 3 existing IPA servers during the attempted installation, the CA master appears to be the one doing something. Here are the logs for that time period. Note that there is no "err=68" anywhere in here: >> Are all 3 existing server functioning well, e.g with working replication? >> >> Could you check `ipa server-find` if there is no left-over server - e.g. >> failed installation. >> >> Could be check also in `ipa-replica-manage list` if there is some >> leftover, please remove it with `ipa-replica-manage del $FQDN` command. >> >> Wrt the logs. I did not meant that but Rob was right. The installer >> tries to update "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping >> tree,cn=config" entry on both master and the replica. If the entry does >> not exist, the installer also creates it. >> >> On replica it behaves correctly: >> >> [18/Jan/2016:09:28:32 -0800] conn=2 op=8 SRCH >> base="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" >> scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:32 -0800] conn=2 op=8 RESULT err=0 tag=101 nentries=1 >> etime=0 >> [18/Jan/2016:09:28:32 -0800] conn=2 op=9 MOD >> dn="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" >> [18/Jan/2016:09:28:32 -0800] conn=2 op=9 RESULT err=0 tag=103 nentries=0 >> etime=0 >> >> It would be good to see the same log from a master which it tries to use >> in installation. - In 4.3 the server is picked automatically. >> >> I don't see any searches for >> "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" in >> the logs below which makes me wonder, what server the installer tries to >> use as a master. >> >> Could be find out, e.g. by: >> $ cat /var/log/ipareplica-install.log | grep "Forwarding 'service_add'" >> >> From Nathan.Peters at globalrelay.net Tue Jan 19 20:11:02 2016 From: Nathan.Peters at globalrelay.net (Nathan Peters) Date: Tue, 19 Jan 2016 20:11:02 +0000 Subject: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists In-Reply-To: References: <569CB899.9040603@redhat.com> <569CCB5D.8040400@redhat.com> <569D27C4.10602@redhat.com> <569D2F2F.6080806@redhat.com> <569DF522.4090505@redhat.com> <569E687D.5040006@redhat.com> Message-ID: Ok, after rm-rf /etc/dirsrv I was able to re-install again, but back to the old issue with DuplicatEntry. Can anyone on this list tell me how to fix this issue ? This is a production domain with several hundred clients and servers attached, so I can't just blow it away and start over. I need to get this fixed. [root at dc2-ipa-dev-van etc]# ipa-replica-install --mkhomedir --setup-ca --setup-dns --no-forwarders Run connection check to master Connection check OK Configuring NTP daemon (ntpd) [1/4]: stopping ntpd [2/4]: writing configuration [3/4]: configuring ntpd to start on boot [4/4]: starting ntpd Done configuring NTP daemon (ntpd). Configuring directory server (dirsrv). Estimated time: 1 minute [1/43]: creating directory server user [2/43]: creating directory server instance [3/43]: restarting directory server [4/43]: adding default schema [5/43]: enabling memberof plugin [6/43]: enabling winsync plugin [7/43]: configuring replication version plugin [8/43]: enabling IPA enrollment plugin [9/43]: enabling ldapi [10/43]: configuring uniqueness plugin [11/43]: configuring uuid plugin [12/43]: configuring modrdn plugin [13/43]: configuring DNS plugin [14/43]: enabling entryUSN plugin [15/43]: configuring lockout plugin [16/43]: configuring topology plugin [17/43]: creating indices [18/43]: enabling referential integrity plugin [19/43]: configuring certmap.conf [20/43]: configure autobind for root [21/43]: configure new location for managed entries [22/43]: configure dirsrv ccache [23/43]: enabling SASL mapping fallback [24/43]: restarting directory server [25/43]: creating DS keytab [26/43]: retrieving DS Certificate [27/43]: restarting directory server [28/43]: setting up initial replication [error] DuplicateEntry: This entry already exists Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. ipa.ipapython.install.cli.install_tool(Replica): ERROR This entry already exists ipa.ipapython.install.cli.install_tool(Replica): ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information -----Original Message----- From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Nathan Peters Sent: January-19-16 11:30 AM To: Ludwig Krispenz Cc: freeipa-users at redhat.com Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists Yes, I uninstall and re-install the server and client every time the installation fails because it won't let me attempt a reinstall with them installed. Here is what that looks like. Now its not even getting to the part where I was getting the err=68 before... Nothing strange in /etc/openldap/ldap.conf ========================================== [root at dc2-ipa-dev-van etc]# cat /etc/openldap/ldap.conf # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. #BASE dc=example,dc=com #URI ldap://ldap.example.com ldap://ldap-master.example.com:666 #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never TLS_CACERTDIR /etc/openldap/certs # Turning this off breaks GSSAPI used with krb5 when rdns = false SASL_NOCANON on No IPA packages installed ========================= [root at dc2-ipa-dev-van etc]# yum list installed | grep "ipa" Yum command has been deprecated, redirecting to '/usr/bin/dnf list installed'. See 'man dnf' and 'man yum2dnf' for more information. To transfer transaction metadata from yum to DNF, run: 'dnf install python-dnf-plugins-extras-migrate && dnf-2 migrate' device-mapper-multipath.x86_64 0.4.9-80.fc23 @anaconda device-mapper-multipath-libs.x86_64 0.4.9-80.fc23 @anaconda python3-iniparse.noarch 0.4-16.fc23 @anaconda Now install IPA packages ======================== [root at dc2-ipa-dev-van etc]# yum reinstall freeipa-server Yum command has been deprecated, redirecting to '/usr/bin/dnf reinstall freeipa-server'. See 'man dnf' and 'man yum2dnf' for more information. To transfer transaction metadata from yum to DNF, run: 'dnf install python-dnf-plugins-extras-migrate && dnf-2 migrate' .... snipped for readability .... xmlstreambuffer.noarch 1.5.4-2.fc23 xsom.noarch 0-14.20110809svn.fc23 Complete! Install IPA replica fails ========================= [root at dc2-ipa-dev-van etc]# ipa-replica-install --mkhomedir --setup-ca --setup-dns --no-forwarders --principal nathan.peters -w Configuring client side components Discovery was successful! Client hostname: dc2-ipa-dev-van.dev-mydomain.net Realm: DEV-mydomain.NET DNS Domain: dev-mydomain.net IPA Server: dc2-ipa-dev-nvan.dev-mydomain.net BaseDN: dc=dev-mydomain,dc=net Synchronizing time with KDC... Attempting to sync time using ntpd. Will timeout after 15 seconds Successfully retrieved CA cert Subject: CN=Certificate Authority,O=DEV-mydomain.NET Issuer: CN=Certificate Authority,O=DEV-mydomain.NET Valid From: Wed Mar 25 18:48:27 2015 UTC Valid Until: Sun Mar 25 18:48:27 2035 UTC Subject: CN=Certificate Authority,O=DEV-mydomain.NET Issuer: CN=Certificate Authority,O=DEV-mydomain.NET Valid From: Wed Mar 25 18:48:27 2015 UTC Valid Until: Sun Mar 25 18:48:27 2035 UTC Joining realm failed: Host is already joined. Use --force-join option to override the host entry on the server and force client enrollment. Installation failed. Rolling back changes. IPA client is not configured on this system. Removing client side components IPA client is not configured on this system. ipa.ipapython.install.cli.install_tool(Replica): ERROR Configuration of client side components failed! ipa.ipapython.install.cli.install_tool(Replica): ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information IPA client install fails ======================== [root at dc2-ipa-dev-van etc]# ipa-client-install --mkhomedir --enable-dns-updates Using existing certificate '/etc/ipa/ca.crt'. Discovery was successful! Client hostname: dc2-ipa-dev-van.dev-mydomain.net Realm: DEV-mydomain.NET DNS Domain: dev-mydomain.net IPA Server: dc1-ipa-dev-nvan.dev-mydomain.net BaseDN: dc=dev-mydomain,dc=net Continue to configure the system with these values? [no]: yes Synchronizing time with KDC... Attempting to sync time using ntpd. Will timeout after 15 seconds User authorized to enroll computers: nathan.peters Password for nathan.peters at DEV-mydomain.NET: Joining realm failed: Host is already joined. Use --force-join option to override the host entry on the server and force client enrollment. Installation failed. Rolling back changes. IPA client is not configured on this system. IPA client install succeeds with --force-join ============================================= [root at dc2-ipa-dev-van etc]# ipa-client-install --mkhomedir --enable-dns-updates --force-join Using existing certificate '/etc/ipa/ca.crt'. Discovery was successful! Client hostname: dc2-ipa-dev-van.dev-mydomain.net Realm: DEV-mydomain.NET DNS Domain: dev-mydomain.net IPA Server: dc1-ipa-dev-van.dev-mydomain.net BaseDN: dc=dev-mydomain,dc=net Continue to configure the system with these values? [no]: yes Synchronizing time with KDC... Attempting to sync time using ntpd. Will timeout after 15 seconds User authorized to enroll computers: nathan.peters Password for nathan.peters at DEV-mydomain.NET: Enrolled in IPA realm DEV-mydomain.NET Created /etc/ipa/default.conf New SSSD config will be created Configured sudoers in /etc/nsswitch.conf Configured /etc/sssd/sssd.conf Configured /etc/krb5.conf for IPA realm DEV-mydomain.NET trying https://dc1-ipa-dev-van.dev-mydomain.net/ipa/json Forwarding 'ping' to json server 'https://dc1-ipa-dev-van.dev-mydomain.net/ipa/json' Forwarding 'ca_is_enabled' to json server 'https://dc1-ipa-dev-van.dev-mydomain.net/ipa/json' Systemwide CA database updated. Added CA certificates to the default NSS database. Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub Forwarding 'host_mod' to json server 'https://dc1-ipa-dev-van.dev-mydomain.net/ipa/json' SSSD enabled Configured /etc/openldap/ldap.conf NTP enabled Configured /etc/ssh/ssh_config Configured /etc/ssh/sshd_config Configuring dev-mydomain.net as NIS domain. Client configuration complete. Now we can finally try ipa-replica-install and it fails with CRITICAL failed to create ds instance ========================================== [root at dc2-ipa-dev-van etc]# ipa-replica-install --mkhomedir --setup-ca --setup-dns --no-forwarders Run connection check to master Connection check OK Configuring NTP daemon (ntpd) [1/4]: stopping ntpd [2/4]: writing configuration [3/4]: configuring ntpd to start on boot [4/4]: starting ntpd Done configuring NTP daemon (ntpd). Configuring directory server (dirsrv). Estimated time: 1 minute [1/43]: creating directory server user [2/43]: creating directory server instance ipa : CRITICAL failed to create ds instance Command '/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmprmHBYG' returned non-zero exit status 1 [3/43]: restarting directory server ipa : CRITICAL Failed to restart the directory server (Command '/bin/systemctl restart dirsrv at DEV-mydomain-NET.service' returned non-zero exit status 1). See the installation log for details. [4/43]: adding default schema [5/43]: enabling memberof plugin [error] timeout: Timeout exceeded Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. ipa.ipapython.install.cli.install_tool(Replica): ERROR Timeout exceeded ipa.ipapython.install.cli.install_tool(Replica): ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information since that failed, try removing the server ========================================== [root at dc2-ipa-dev-van etc]# ipa-server-install --uninstall This is a NON REVERSIBLE operation and will delete all data and configuration! Are you sure you want to continue with the uninstall procedure? [no]: yes WARNING: Failed to connect to Directory Server to find information about replication agreements. Uninstallation will continue despite the possible existing replication agreements. Shutting down all IPA services Unconfiguring ntpd Configuring certmonger to stop tracking system certificates for KRA Configuring certmonger to stop tracking system certificates for CA Unconfiguring directory server ipa : ERROR Instance removal failed. ipa : ERROR Failed to remove DS instance. You may need to remove instance data manually ipa : ERROR Unable to restart ds instance DEV-mydomain-NET: Command '/bin/systemctl restart dirsrv at DEV-mydomain-NET.service' returned non-zero exit status 1 Removing IPA client configuration Removing Kerberos service principals from /etc/krb5.keytab Disabling client Kerberos and LDAP configurations Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to /etc/sssd/sssd.conf.deleted Restoring client configuration files Unconfiguring the NIS domain. nscd daemon is not installed, skip configuration nslcd daemon is not installed, skip configuration Systemwide CA database updated. Client uninstall complete. [root at dc2-ipa-dev-van etc]# ipa-client-install --uninstall IPA client is not configured on this system. [root at dc2-ipa-dev-van etc]# cd dirsrv/ [root at dc2-ipa-dev-van dirsrv]# ls -al total 16 drwxr-xr-x 5 root root 67 Jan 19 11:11 . drwxr-xr-x. 116 root root 8192 Jan 19 11:18 .. drwxr-xr-x 2 root root 105 Jan 19 11:11 config drwxr-xr-x 2 root root 4096 Jan 19 11:11 schema drwxrwx--- 3 dirsrv dirsrv 61 Jan 19 08:57 slapd-DEV-mydomain-NET [root at dc2-ipa-dev-van dirsrv]# cd .. [root at dc2-ipa-dev-van etc]# rm -rf dirsrv re-join client ============== [root at dc2-ipa-dev-van etc]# ipa-client-install --mkhomedir --enable-dns-updates --force-join Discovery was successful! Client hostname: dc2-ipa-dev-van.dev-mydomain.net Realm: DEV-mydomain.NET DNS Domain: dev-mydomain.net IPA Server: dc2-ipa-dev-nvan.dev-mydomain.net BaseDN: dc=dev-mydomain,dc=net Continue to configure the system with these values? [no]: yes Synchronizing time with KDC... Attempting to sync time using ntpd. Will timeout after 15 seconds User authorized to enroll computers: nathan.peters Password for nathan.peters at DEV-mydomain.NET: Successfully retrieved CA cert Subject: CN=Certificate Authority,O=DEV-mydomain.NET Issuer: CN=Certificate Authority,O=DEV-mydomain.NET Valid From: Wed Mar 25 18:48:27 2015 UTC Valid Until: Sun Mar 25 18:48:27 2035 UTC Subject: CN=Certificate Authority,O=DEV-mydomain.NET Issuer: CN=Certificate Authority,O=DEV-mydomain.NET Valid From: Wed Mar 25 18:48:27 2015 UTC Valid Until: Sun Mar 25 18:48:27 2035 UTC Enrolled in IPA realm DEV-mydomain.NET Created /etc/ipa/default.conf New SSSD config will be created Configured sudoers in /etc/nsswitch.conf Configured /etc/sssd/sssd.conf Configured /etc/krb5.conf for IPA realm DEV-mydomain.NET trying https://dc2-ipa-dev-nvan.dev-mydomain.net/ipa/json Forwarding 'ping' to json server 'https://dc2-ipa-dev-nvan.dev-mydomain.net/ipa/json' Forwarding 'ca_is_enabled' to json server 'https://dc2-ipa-dev-nvan.dev-mydomain.net/ipa/json' Systemwide CA database updated. Added CA certificates to the default NSS database. Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub Forwarding 'host_mod' to json server 'https://dc2-ipa-dev-nvan.dev-mydomain.net/ipa/json' SSSD enabled Configured /etc/openldap/ldap.conf NTP enabled Configured /etc/ssh/ssh_config Configured /etc/ssh/sshd_config Configuring dev-mydomain.net as NIS domain. Client configuration complete. Attempt to install the replica again ==================================== [root at dc2-ipa-dev-van etc]# ipa-replica-install --mkhomedir --setup-ca --setup-dns --no-forwarders Run connection check to master Connection check OK Configuring NTP daemon (ntpd) [1/4]: stopping ntpd [2/4]: writing configuration [3/4]: configuring ntpd to start on boot [4/4]: starting ntpd Done configuring NTP daemon (ntpd). Configuring directory server (dirsrv). Estimated time: 1 minute [1/43]: creating directory server user [2/43]: creating directory server instance ipa : CRITICAL failed to create ds instance Command '/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmpCIlkrQ' returned non-zero exit status 1 [3/43]: restarting directory server ipa : CRITICAL Failed to restart the directory server (Command '/bin/systemctl restart dirsrv at DEV-mydomain-NET.service' returned non-zero exit status 1). See the installation log for details. [4/43]: adding default schema [5/43]: enabling memberof plugin [error] timeout: Timeout exceeded Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. ipa.ipapython.install.cli.install_tool(Replica): ERROR Timeout exceeded ipa.ipapython.install.cli.install_tool(Replica): ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information check log ========== [root at dc2-ipa-dev-van etc]# cat /var/log/ipareplica-install.log 2016-01-19T19:21:30Z DEBUG Logging to /var/log/ipareplica-install.log 2016-01-19T19:21:30Z DEBUG ipa-replica-install was invoked with arguments [] and options: {'no_dns_sshfp': None, 'skip_schema_check': None, 'setup_kra': None, 'ip_addresses': None, 'mkhomedir': True, 'no_pkinit': None, 'http_cert_files': None, 'no_ntp': None, 'verbose': False, 'no_forwarders': True, 'keytab': None, 'ssh_trust_dns': None, 'domain_name': None, 'http_cert_name': None, 'dirsrv_cert_files': None, 'no_dnssec_validation': None, 'no_reverse': None, 'pkinit_cert_files': None, 'unattended': False, 'auto_reverse': None, 'auto_forwarders': None, 'no_host_dns': None, 'no_sshd': None, 'no_ui_redirect': None, 'dirsrv_config_file': None, 'forwarders': None, 'pkinit_cert_name': None, 'setup_ca': True, 'realm_name': None, 'skip_conncheck': None, 'no_ssh': None, 'dirsrv_cert_name': None, 'quiet': False, 'server': None, 'setup_dns': True, 'host_name': None, 'log_file': None, 'reverse_zones': None, 'allow_zone_overlap': None} 2016-01-19T19:21:30Z DEBUG IPA version 4.3.0-1.fc23 2016-01-19T19:21:30Z DEBUG Starting external process 2016-01-19T19:21:30Z DEBUG args=/usr/sbin/selinuxenabled 2016-01-19T19:21:30Z DEBUG Process finished, return code=1 2016-01-19T19:21:30Z DEBUG stdout= 2016-01-19T19:21:30Z DEBUG stderr= 2016-01-19T19:21:30Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2016-01-19T19:21:30Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2016-01-19T19:21:30Z DEBUG httpd is not configured 2016-01-19T19:21:30Z DEBUG kadmin is not configured 2016-01-19T19:21:30Z DEBUG dirsrv is not configured 2016-01-19T19:21:30Z DEBUG pki-tomcatd is not configured 2016-01-19T19:21:30Z DEBUG install is not configured 2016-01-19T19:21:30Z DEBUG krb5kdc is not configured 2016-01-19T19:21:30Z DEBUG ntpd is not configured 2016-01-19T19:21:30Z DEBUG named is not configured 2016-01-19T19:21:30Z DEBUG ipa_memcached is not configured 2016-01-19T19:21:30Z DEBUG filestore is tracking no files 2016-01-19T19:21:30Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' 2016-01-19T19:21:30Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2016-01-19T19:21:30Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2016-01-19T19:21:30Z DEBUG Starting external process 2016-01-19T19:21:30Z DEBUG args=/usr/sbin/httpd -t -D DUMP_VHOSTS 2016-01-19T19:21:30Z DEBUG Process finished, return code=0 2016-01-19T19:21:30Z DEBUG stdout=VirtualHost configuration: *:8443 dc2-ipa-dev-van.dev-mydomain.net (/etc/httpd/conf.d/nss.conf:83) 2016-01-19T19:21:30Z DEBUG stderr= 2016-01-19T19:21:30Z DEBUG Starting external process 2016-01-19T19:21:30Z DEBUG args=/bin/systemctl is-enabled chronyd.service 2016-01-19T19:21:30Z DEBUG Process finished, return code=1 2016-01-19T19:21:30Z DEBUG stdout=disabled 2016-01-19T19:21:30Z DEBUG stderr= 2016-01-19T19:21:30Z DEBUG Starting external process 2016-01-19T19:21:30Z DEBUG args=/bin/systemctl is-active chronyd.service 2016-01-19T19:21:30Z DEBUG Process finished, return code=3 2016-01-19T19:21:30Z DEBUG stdout=inactive 2016-01-19T19:21:30Z DEBUG stderr= 2016-01-19T19:21:30Z DEBUG importing all plugin modules in ipalib.plugins... 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.aci 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.automember 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.automount 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.baseldap 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.baseuser 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.batch 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.caacl 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.cert 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.certprofile 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.config 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.delegation 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.dns 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.domainlevel 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.group 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.hbacrule 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.hbacsvc 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.hbacsvcgroup 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.hbactest 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.host 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.hostgroup 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.idrange 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.idviews 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.internal 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.krbtpolicy 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.migration 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.misc 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.netgroup 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.otpconfig 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.otptoken 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.otptoken_yubikey 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.passwd 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.permission 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.ping 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.pkinit 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.privilege 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.pwpolicy 2016-01-19T19:21:30Z DEBUG Starting external process 2016-01-19T19:21:30Z DEBUG args=klist -V 2016-01-19T19:21:30Z DEBUG Process finished, return code=0 2016-01-19T19:21:30Z DEBUG stdout=Kerberos 5 version 1.14 2016-01-19T19:21:30Z DEBUG stderr= 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.radiusproxy 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.realmdomains 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.role 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.rpcclient 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.selfservice 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.selinuxusermap 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.server 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.service 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.servicedelegation 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.session 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.stageuser 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.sudocmd 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.sudocmdgroup 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.sudorule 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.topology 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.trust 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.user 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.vault 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.virtual 2016-01-19T19:21:30Z DEBUG importing all plugin modules in ipaserver.install.plugins... 2016-01-19T19:21:30Z DEBUG importing plugin module ipaserver.install.plugins.adtrust 2016-01-19T19:21:30Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master 2016-01-19T19:21:30Z DEBUG importing plugin module ipaserver.install.plugins.dns 2016-01-19T19:21:30Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements 2016-01-19T19:21:30Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed 2016-01-19T19:21:30Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology 2016-01-19T19:21:30Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges 2016-01-19T19:21:30Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions 2016-01-19T19:21:30Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs 2016-01-19T19:21:30Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync 2016-01-19T19:21:30Z DEBUG importing plugin module ipaserver.install.plugins.update_referint 2016-01-19T19:21:30Z DEBUG importing plugin module ipaserver.install.plugins.update_services 2016-01-19T19:21:30Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness 2016-01-19T19:21:30Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt 2016-01-19T19:21:32Z DEBUG Check if dc2-ipa-dev-van.dev-mydomain.net is a primary hostname for localhost 2016-01-19T19:21:32Z DEBUG Primary hostname for localhost: dc2-ipa-dev-van.dev-mydomain.net 2016-01-19T19:21:32Z DEBUG Search DNS for dc2-ipa-dev-van.dev-mydomain.net 2016-01-19T19:21:32Z DEBUG Check if dc2-ipa-dev-van.dev-mydomain.net is not a CNAME 2016-01-19T19:21:32Z DEBUG Check reverse address of 10.21.0.98 2016-01-19T19:21:32Z DEBUG Found reverse name: dc2-ipa-dev-van.dev-mydomain.net 2016-01-19T19:21:32Z DEBUG Check if dc2-ipa-dev-nvan.dev-mydomain.net is a primary hostname for localhost 2016-01-19T19:21:32Z DEBUG Primary hostname for localhost: dc2-ipa-dev-nvan.dev-mydomain.net 2016-01-19T19:21:32Z DEBUG Search DNS for dc2-ipa-dev-nvan.dev-mydomain.net 2016-01-19T19:21:32Z DEBUG Check if dc2-ipa-dev-nvan.dev-mydomain.net is not a CNAME 2016-01-19T19:21:32Z DEBUG Check reverse address of 10.178.0.98 2016-01-19T19:21:32Z DEBUG Found reverse name: dc2-ipa-dev-nvan.dev-mydomain.net 2016-01-19T19:21:32Z DEBUG Initializing principal host/dc2-ipa-dev-van.dev-mydomain.net at DEV-mydomain.NET using keytab /etc/krb5.keytab 2016-01-19T19:21:32Z DEBUG using ccache /tmp/krbcc50gCM_/ccache 2016-01-19T19:21:32Z DEBUG Attempt 1/1: success 2016-01-19T19:21:32Z DEBUG importing all plugin modules in ipalib.plugins... 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.aci 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.automember 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.automount 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.baseldap 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.baseuser 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.batch 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.caacl 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.cert 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.certprofile 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.config 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.delegation 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.dns 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.domainlevel 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.group 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.hbacrule 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.hbacsvc 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.hbacsvcgroup 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.hbactest 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.host 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.hostgroup 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.idrange 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.idviews 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.internal 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.krbtpolicy 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.migration 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.misc 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.netgroup 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.otpconfig 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.otptoken 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.otptoken_yubikey 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.passwd 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.permission 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.ping 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.pkinit 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.privilege 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.pwpolicy 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.radiusproxy 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.realmdomains 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.role 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.rpcclient 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.selfservice 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.selinuxusermap 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.server 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.service 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.servicedelegation 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.session 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.stageuser 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.sudocmd 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.sudocmdgroup 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.sudorule 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.topology 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.trust 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.user 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.vault 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.virtual 2016-01-19T19:21:32Z DEBUG importing all plugin modules in ipaserver.plugins... 2016-01-19T19:21:32Z DEBUG importing plugin module ipaserver.plugins.dogtag 2016-01-19T19:21:32Z DEBUG skipping plugin module ipaserver.plugins.dogtag: dogtag not selected as RA plugin 2016-01-19T19:21:32Z DEBUG importing plugin module ipaserver.plugins.join 2016-01-19T19:21:32Z DEBUG importing plugin module ipaserver.plugins.ldap2 2016-01-19T19:21:32Z DEBUG importing plugin module ipaserver.plugins.rabase 2016-01-19T19:21:32Z DEBUG importing plugin module ipaserver.plugins.xmlserver 2016-01-19T19:21:32Z DEBUG importing all plugin modules in ipaserver.install.plugins... 2016-01-19T19:21:32Z DEBUG importing plugin module ipaserver.install.plugins.adtrust 2016-01-19T19:21:32Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master 2016-01-19T19:21:32Z DEBUG importing plugin module ipaserver.install.plugins.dns 2016-01-19T19:21:32Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements 2016-01-19T19:21:32Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed 2016-01-19T19:21:32Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology 2016-01-19T19:21:32Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges 2016-01-19T19:21:32Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions 2016-01-19T19:21:32Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs 2016-01-19T19:21:32Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync 2016-01-19T19:21:32Z DEBUG importing plugin module ipaserver.install.plugins.update_referint 2016-01-19T19:21:32Z DEBUG importing plugin module ipaserver.install.plugins.update_services 2016-01-19T19:21:32Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness 2016-01-19T19:21:32Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt 2016-01-19T19:21:34Z DEBUG Created connection context.ldap2_139983595969360 2016-01-19T19:21:34Z DEBUG raw: domainlevel_get(version=u'2.163') 2016-01-19T19:21:34Z DEBUG domainlevel_get(version=u'2.163') 2016-01-19T19:21:34Z DEBUG flushing ldaps://dc2-ipa-dev-nvan.dev-mydomain.net from SchemaCache 2016-01-19T19:21:34Z DEBUG retrieving schema for SchemaCache url=ldaps://dc2-ipa-dev-nvan.dev-mydomain.net conn= 2016-01-19T19:21:34Z DEBUG raw: hostgroup_find(None, cn=u'ipaservers', version=u'2.163', host=[u'dc2-ipa-dev-van.dev-mydomain.net']) 2016-01-19T19:21:34Z DEBUG hostgroup_find(None, cn=u'ipaservers', all=False, raw=False, version=u'2.163', no_members=False, pkey_only=False, host=(u'dc2-ipa-dev-van.dev-mydomain.net',)) 2016-01-19T19:21:34Z DEBUG Check forward/reverse DNS resolution 2016-01-19T19:21:34Z DEBUG Search DNS server dc2-ipa-dev-nvan.dev-mydomain.net (['10.178.0.98', '10.178.0.98', '10.178.0.98']) for dc2-ipa-dev-nvan.dev-mydomain.net 2016-01-19T19:21:34Z DEBUG Check reverse address 10.178.0.98 (dc2-ipa-dev-nvan.dev-mydomain.net) 2016-01-19T19:21:34Z DEBUG Address 10.178.0.98 resolves to: dc2-ipa-dev-nvan.dev-mydomain.net.. 2016-01-19T19:21:34Z DEBUG Search DNS server dc2-ipa-dev-nvan.dev-mydomain.net (['10.178.0.98', '10.178.0.98', '10.178.0.98']) for dc2-ipa-dev-van.dev-mydomain.net 2016-01-19T19:21:34Z DEBUG Check reverse address 10.21.0.98 (dc2-ipa-dev-van.dev-mydomain.net) 2016-01-19T19:21:34Z DEBUG Address 10.21.0.98 resolves to: dc2-ipa-dev-van.dev-mydomain.net.. 2016-01-19T19:21:34Z DEBUG Destroyed connection context.ldap2_139983595969360 2016-01-19T19:21:34Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2016-01-19T19:21:34Z DEBUG failed to find session_cookie in persistent storage for principal 'host/dc2-ipa-dev-van.dev-mydomain.net at DEV-mydomain.NET' 2016-01-19T19:21:34Z INFO trying https://dc2-ipa-dev-nvan.dev-mydomain.net/ipa/json 2016-01-19T19:21:35Z DEBUG NSSConnection init dc2-ipa-dev-nvan.dev-mydomain.net 2016-01-19T19:21:35Z DEBUG Connecting: 10.178.0.98:0 2016-01-19T19:21:35Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2016-01-19T19:21:35Z DEBUG cert valid True for "CN=dc2-ipa-dev-nvan.dev-mydomain.net,OU=pki-ipa,O=IPA" 2016-01-19T19:21:35Z DEBUG handshake complete, peer = 10.178.0.98:443 2016-01-19T19:21:35Z DEBUG Protocol: TLS1.2 2016-01-19T19:21:35Z DEBUG Cipher: TLS_RSA_WITH_AES_128_CBC_SHA 2016-01-19T19:21:35Z DEBUG received Set-Cookie 'ipa_session=b05ed6993a0efe3e174416e80f3ecb35; Domain=dc2-ipa-dev-nvan.dev-mydomain.net; Path=/ipa; Expires=Tue, 19 Jan 2016 19:41:35 GMT; Secure; HttpOnly' 2016-01-19T19:21:35Z DEBUG storing cookie 'ipa_session=b05ed6993a0efe3e174416e80f3ecb35; Domain=dc2-ipa-dev-nvan.dev-mydomain.net; Path=/ipa; Expires=Tue, 19 Jan 2016 19:41:35 GMT; Secure; HttpOnly' for principal host/dc2-ipa-dev-van.dev-mydomain.net at DEV-mydomain.NET 2016-01-19T19:21:35Z DEBUG Created connection context.rpcclient_139983628815056 2016-01-19T19:21:35Z INFO Forwarding 'dns_is_enabled' to json server 'https://dc2-ipa-dev-nvan.dev-mydomain.net/ipa/json' 2016-01-19T19:21:35Z DEBUG NSSConnection init dc2-ipa-dev-nvan.dev-mydomain.net 2016-01-19T19:21:35Z DEBUG Connecting: 10.178.0.98:0 2016-01-19T19:21:35Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2016-01-19T19:21:35Z DEBUG cert valid True for "CN=dc2-ipa-dev-nvan.dev-mydomain.net,OU=pki-ipa,O=IPA" 2016-01-19T19:21:35Z DEBUG handshake complete, peer = 10.178.0.98:443 2016-01-19T19:21:35Z DEBUG Protocol: TLS1.2 2016-01-19T19:21:35Z DEBUG Cipher: TLS_RSA_WITH_AES_128_CBC_SHA 2016-01-19T19:21:35Z DEBUG received Set-Cookie 'ipa_session=bbc3744aa455331ade1822b33addc72d; Domain=dc2-ipa-dev-nvan.dev-mydomain.net; Path=/ipa; Expires=Tue, 19 Jan 2016 19:41:35 GMT; Secure; HttpOnly' 2016-01-19T19:21:35Z DEBUG storing cookie 'ipa_session=bbc3744aa455331ade1822b33addc72d; Domain=dc2-ipa-dev-nvan.dev-mydomain.net; Path=/ipa; Expires=Tue, 19 Jan 2016 19:41:35 GMT; Secure; HttpOnly' for principal host/dc2-ipa-dev-van.dev-mydomain.net at DEV-mydomain.NET 2016-01-19T19:21:35Z DEBUG Destroyed connection context.rpcclient_139983628815056 2016-01-19T19:21:35Z DEBUG Starting external process 2016-01-19T19:21:35Z DEBUG args=/sbin/ip -family inet -oneline address show 2016-01-19T19:21:35Z DEBUG Process finished, return code=0 2016-01-19T19:21:35Z DEBUG stdout=1: lo inet 127.0.0.1/8 scope host lo\ valid_lft forever preferred_lft forever 2: eno16777728 inet 10.21.0.98/16 brd 10.21.255.255 scope global eno16777728\ valid_lft forever preferred_lft forever 2016-01-19T19:21:35Z DEBUG stderr= 2016-01-19T19:21:35Z DEBUG will use DNS forwarders: [] 2016-01-19T19:21:35Z DEBUG Starting external process 2016-01-19T19:21:35Z DEBUG args=/usr/sbin/ipa-replica-conncheck --master dc2-ipa-dev-nvan.dev-mydomain.net --auto-master-check --realm DEV-mydomain.NET --hostname dc2-ipa-dev-van.dev-mydomain.net --ca-cert-file /etc/ipa/ca.crt 2016-01-19T19:21:40Z DEBUG Process finished, return code=0 2016-01-19T19:21:40Z DEBUG stdout=Check connection from replica to remote master 'dc2-ipa-dev-nvan.dev-mydomain.net': Directory Service: Unsecure port (389): OK Directory Service: Secure port (636): OK Kerberos KDC: TCP (88): OK Kerberos Kpasswd: TCP (464): OK HTTP Server: Unsecure port (80): OK HTTP Server: Secure port (443): OK The following list of ports use UDP protocol and would need to be checked manually: Kerberos KDC: UDP (88): SKIPPED Kerberos Kpasswd: UDP (464): SKIPPED Connection from replica to master is OK. Start listening on required ports for remote master check Get credentials to log in to remote master Check RPC connection to remote master Execute check on remote master Check connection from master to remote replica 'dc2-ipa-dev-van.dev-mydomain.net': Directory Service: Unsecure port (389): OK Directory Service: Secure port (636): OK Kerberos KDC: TCP (88): OK Kerberos KDC: UDP (88): OK Kerberos Kpasswd: TCP (464): OK Kerberos Kpasswd: UDP (464): OK HTTP Server: Unsecure port (80): OK HTTP Server: Secure port (443): OK Connection from master to replica is OK. 2016-01-19T19:21:40Z DEBUG stderr= 2016-01-19T19:21:40Z DEBUG Backing up system configuration file '/etc/ipa/default.conf' 2016-01-19T19:21:40Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' 2016-01-19T19:21:40Z DEBUG Starting external process 2016-01-19T19:21:40Z DEBUG args=/bin/systemctl start messagebus.service 2016-01-19T19:21:40Z DEBUG Process finished, return code=0 2016-01-19T19:21:40Z DEBUG stdout= 2016-01-19T19:21:40Z DEBUG stderr= 2016-01-19T19:21:40Z DEBUG Starting external process 2016-01-19T19:21:40Z DEBUG args=/bin/systemctl is-active messagebus.service 2016-01-19T19:21:40Z DEBUG Process finished, return code=0 2016-01-19T19:21:40Z DEBUG stdout=active 2016-01-19T19:21:40Z DEBUG stderr= 2016-01-19T19:21:40Z DEBUG Starting external process 2016-01-19T19:21:40Z DEBUG args=/bin/systemctl restart certmonger.service 2016-01-19T19:21:40Z DEBUG Process finished, return code=0 2016-01-19T19:21:40Z DEBUG stdout= 2016-01-19T19:21:40Z DEBUG stderr= 2016-01-19T19:21:40Z DEBUG Starting external process 2016-01-19T19:21:40Z DEBUG args=/bin/systemctl is-active certmonger.service 2016-01-19T19:21:40Z DEBUG Process finished, return code=0 2016-01-19T19:21:40Z DEBUG stdout=active 2016-01-19T19:21:40Z DEBUG stderr= 2016-01-19T19:21:40Z DEBUG Starting external process 2016-01-19T19:21:40Z DEBUG args=/bin/systemctl enable certmonger.service 2016-01-19T19:21:40Z DEBUG Process finished, return code=0 2016-01-19T19:21:40Z DEBUG stdout= 2016-01-19T19:21:40Z DEBUG stderr=Created symlink from /etc/systemd/system/multi-user.target.wants/certmonger.service to /usr/lib/systemd/system/certmonger.service. 2016-01-19T19:21:40Z DEBUG group dirsrv exists 2016-01-19T19:21:40Z DEBUG user dirsrv exists 2016-01-19T19:21:40Z DEBUG Starting external process 2016-01-19T19:21:40Z DEBUG args=/bin/systemctl is-enabled chronyd.service 2016-01-19T19:21:40Z DEBUG Process finished, return code=1 2016-01-19T19:21:40Z DEBUG stdout=disabled 2016-01-19T19:21:40Z DEBUG stderr= 2016-01-19T19:21:40Z DEBUG Starting external process 2016-01-19T19:21:40Z DEBUG args=/bin/systemctl is-active chronyd.service 2016-01-19T19:21:40Z DEBUG Process finished, return code=3 2016-01-19T19:21:40Z DEBUG stdout=inactive 2016-01-19T19:21:40Z DEBUG stderr= 2016-01-19T19:21:40Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2016-01-19T19:21:40Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2016-01-19T19:21:40Z DEBUG Configuring NTP daemon (ntpd) 2016-01-19T19:21:40Z DEBUG [1/4]: stopping ntpd 2016-01-19T19:21:40Z DEBUG Starting external process 2016-01-19T19:21:40Z DEBUG args=/bin/systemctl is-active ntpd.service 2016-01-19T19:21:40Z DEBUG Process finished, return code=0 2016-01-19T19:21:40Z DEBUG stdout=active 2016-01-19T19:21:40Z DEBUG stderr= 2016-01-19T19:21:40Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2016-01-19T19:21:40Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2016-01-19T19:21:40Z DEBUG Starting external process 2016-01-19T19:21:40Z DEBUG args=/bin/systemctl stop ntpd.service 2016-01-19T19:21:40Z DEBUG Process finished, return code=0 2016-01-19T19:21:40Z DEBUG stdout= 2016-01-19T19:21:40Z DEBUG stderr= 2016-01-19T19:21:40Z DEBUG duration: 0 seconds 2016-01-19T19:21:40Z DEBUG [2/4]: writing configuration 2016-01-19T19:21:40Z DEBUG Backing up system configuration file '/etc/ntp.conf' 2016-01-19T19:21:40Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' 2016-01-19T19:21:40Z DEBUG Backing up system configuration file '/etc/sysconfig/ntpd' 2016-01-19T19:21:40Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' 2016-01-19T19:21:40Z DEBUG duration: 0 seconds 2016-01-19T19:21:40Z DEBUG [3/4]: configuring ntpd to start on boot 2016-01-19T19:21:40Z DEBUG Starting external process 2016-01-19T19:21:40Z DEBUG args=/bin/systemctl is-enabled ntpd.service 2016-01-19T19:21:40Z DEBUG Process finished, return code=0 2016-01-19T19:21:40Z DEBUG stdout=enabled 2016-01-19T19:21:40Z DEBUG stderr= 2016-01-19T19:21:40Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2016-01-19T19:21:40Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2016-01-19T19:21:40Z DEBUG Starting external process 2016-01-19T19:21:40Z DEBUG args=/bin/systemctl enable ntpd.service 2016-01-19T19:21:40Z DEBUG Process finished, return code=0 2016-01-19T19:21:40Z DEBUG stdout= 2016-01-19T19:21:40Z DEBUG stderr= 2016-01-19T19:21:40Z DEBUG duration: 0 seconds 2016-01-19T19:21:40Z DEBUG [4/4]: starting ntpd 2016-01-19T19:21:40Z DEBUG Starting external process 2016-01-19T19:21:40Z DEBUG args=/bin/systemctl start ntpd.service 2016-01-19T19:21:40Z DEBUG Process finished, return code=0 2016-01-19T19:21:40Z DEBUG stdout= 2016-01-19T19:21:40Z DEBUG stderr= 2016-01-19T19:21:40Z DEBUG Starting external process 2016-01-19T19:21:40Z DEBUG args=/bin/systemctl is-active ntpd.service 2016-01-19T19:21:40Z DEBUG Process finished, return code=0 2016-01-19T19:21:40Z DEBUG stdout=active 2016-01-19T19:21:40Z DEBUG stderr= 2016-01-19T19:21:40Z DEBUG duration: 0 seconds 2016-01-19T19:21:40Z DEBUG Done configuring NTP daemon (ntpd). 2016-01-19T19:21:40Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2016-01-19T19:21:40Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2016-01-19T19:21:40Z DEBUG Configuring directory server (dirsrv). Estimated time: 1 minute 2016-01-19T19:21:40Z DEBUG [1/43]: creating directory server user 2016-01-19T19:21:40Z DEBUG group dirsrv exists 2016-01-19T19:21:40Z DEBUG user dirsrv exists 2016-01-19T19:21:40Z DEBUG duration: 0 seconds 2016-01-19T19:21:40Z DEBUG [2/43]: creating directory server instance 2016-01-19T19:21:40Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2016-01-19T19:21:40Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2016-01-19T19:21:40Z DEBUG Backing up system configuration file '/etc/sysconfig/dirsrv' 2016-01-19T19:21:40Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' 2016-01-19T19:21:40Z DEBUG dn: dc=dev-mydomain,dc=net objectClass: top objectClass: domain objectClass: pilotObject dc: dev-mydomain info: IPA V2.0 2016-01-19T19:21:40Z DEBUG writing inf template 2016-01-19T19:21:40Z DEBUG [General] FullMachineName= dc2-ipa-dev-van.dev-mydomain.net SuiteSpotUserID= dirsrv SuiteSpotGroup= dirsrv ServerRoot= /usr/lib64/dirsrv [slapd] ServerPort= 389 ServerIdentifier= DEV-mydomain-NET Suffix= dc=dev-mydomain,dc=net RootDN= cn=Directory Manager InstallLdifFile= /var/lib/dirsrv/boot.ldif inst_dir= /var/lib/dirsrv/scripts-DEV-mydomain-NET 2016-01-19T19:21:40Z DEBUG calling setup-ds.pl 2016-01-19T19:21:40Z DEBUG Starting external process 2016-01-19T19:21:40Z DEBUG args=/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmpCIlkrQ 2016-01-19T19:21:41Z DEBUG Process finished, return code=1 2016-01-19T19:21:41Z DEBUG stdout=[16/01/19:11:21:41] - [Setup] Info Could not copy file '/etc/dirsrv/config/certmap.conf' to '/etc/dirsrv/slapd-DEV-mydomain-NET/certmap.conf'. Error: No such file or directory Could not copy file '/etc/dirsrv/config/certmap.conf' to '/etc/dirsrv/slapd-DEV-mydomain-NET/certmap.conf'. Error: No such file or directory [16/01/19:11:21:41] - [Setup] Fatal Error: Could not create directory server instance 'DEV-mydomain-NET'. Error: Could not create directory server instance 'DEV-mydomain-NET'. [16/01/19:11:21:41] - [Setup] Fatal Exiting . . . Log file is '-' Exiting . . . Log file is '-' 2016-01-19T19:21:41Z DEBUG stderr= 2016-01-19T19:21:41Z CRITICAL failed to create ds instance Command '/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmpCIlkrQ' returned non-zero exit status 1 2016-01-19T19:21:41Z DEBUG duration: 0 seconds 2016-01-19T19:21:41Z DEBUG [3/43]: restarting directory server 2016-01-19T19:21:41Z DEBUG Starting external process 2016-01-19T19:21:41Z DEBUG args=/bin/systemctl --system daemon-reload 2016-01-19T19:21:41Z DEBUG Process finished, return code=0 2016-01-19T19:21:41Z DEBUG stdout= 2016-01-19T19:21:41Z DEBUG stderr= 2016-01-19T19:21:41Z DEBUG Starting external process 2016-01-19T19:21:41Z DEBUG args=/bin/systemctl restart dirsrv at DEV-mydomain-NET.service 2016-01-19T19:21:41Z DEBUG Process finished, return code=1 2016-01-19T19:21:41Z DEBUG stdout= 2016-01-19T19:21:41Z DEBUG stderr=Job for dirsrv at DEV-mydomain-NET.service failed because a configured resource limit was exceeded. See "systemctl status dirsrv at DEV-mydomain-NET.service" and "journalctl -xe" for details. 2016-01-19T19:21:41Z CRITICAL Failed to restart the directory server (Command '/bin/systemctl restart dirsrv at DEV-mydomain-NET.service' returned non-zero exit status 1). See the installation log for details. 2016-01-19T19:21:41Z DEBUG duration: 0 seconds 2016-01-19T19:21:41Z DEBUG [4/43]: adding default schema 2016-01-19T19:21:41Z DEBUG duration: 0 seconds 2016-01-19T19:21:41Z DEBUG [5/43]: enabling memberof plugin 2016-01-19T19:21:41Z DEBUG wait_for_open_ports: dc2-ipa-dev-van.dev-mydomain.net [389] timeout 10 2016-01-19T19:21:51Z DEBUG Could not connect to the Directory Server on dc2-ipa-dev-van.dev-mydomain.net: Timeout exceeded 2016-01-19T19:21:51Z DEBUG Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 447, in start_creation run_step(full_msg, method) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 437, in run_step method() File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 630, in __add_memberof_module self._ldap_mod("memberof-conf.ldif") File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 209, in _ldap_mod self.ldap_connect() File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 176, in ldap_connect conn.do_bind(self.dm_password, autobind=self.autobind) File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1625, in do_bind self.do_simple_bind(bindpw=dm_password, timeout=timeout) File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1615, in do_simple_bind self.__bind_with_wait(self.simple_bind, timeout, binddn, bindpw) File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1610, in __bind_with_wait self.__wait_for_connection(timeout) File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1596, in __wait_for_connection wait_for_open_ports(host, int(port), timeout) File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 1392, in wait_for_open_ports raise socket.timeout("Timeout exceeded") timeout: Timeout exceeded 2016-01-19T19:21:51Z DEBUG [error] timeout: Timeout exceeded 2016-01-19T19:21:51Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in execute return_value = self.run() File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 318, in run cfgr.run() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 310, in run self.execute() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 332, in execute for nothing in self._executor(): File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 372, in __runner self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 362, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 359, in step = lambda: next(self.__gen) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 571, in _configure next(executor) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 372, in __runner self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 449, in _handle_exception self.__parent._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 446, in _handle_exception super(ComponentBase, self)._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 362, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 359, in step = lambda: next(self.__gen) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 63, in _install for nothing in self._installer(self.parent): File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 1553, in main promote(self) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 372, in decorated func(installer) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 1275, in promote promote=True, pkcs12_info=dirsrv_pkcs12_info) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 120, in install_replica_ds promote=promote, File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 398, in create_replica self.start_creation(runtime=60) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 447, in start_creation run_step(full_msg, method) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 437, in run_step method() File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 630, in __add_memberof_module self._ldap_mod("memberof-conf.ldif") File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 209, in _ldap_mod self.ldap_connect() File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 176, in ldap_connect conn.do_bind(self.dm_password, autobind=self.autobind) File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1625, in do_bind self.do_simple_bind(bindpw=dm_password, timeout=timeout) File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1615, in do_simple_bind self.__bind_with_wait(self.simple_bind, timeout, binddn, bindpw) File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1610, in __bind_with_wait self.__wait_for_connection(timeout) File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1596, in __wait_for_connection wait_for_open_ports(host, int(port), timeout) File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 1392, in wait_for_open_ports raise socket.timeout("Timeout exceeded") 2016-01-19T19:21:51Z DEBUG The ipa-replica-install command failed, exception: timeout: Timeout exceeded 2016-01-19T19:21:51Z ERROR Timeout exceeded 2016-01-19T19:21:51Z ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information [root at dc2-ipa-dev-van etc]# check status of dirsrv as suggested in log ========================================== [root at dc2-ipa-dev-van etc]# systemctl status dirsrv at DEV-mydomain-NET.service -l ? dirsrv at DEV-mydomain-NET.service - 389 Directory Server DEV-mydomain-NET. Loaded: loaded (/usr/lib/systemd/system/dirsrv at .service; enabled; vendor preset: disabled) Active: failed (Result: resources) Jan 19 11:18:46 dc2-ipa-dev-van.dev-mydomain.net systemd[1]: dirsrv at DEV-mydomain-NET.service: Failed to load environment files: No such file or directory Jan 19 11:18:46 dc2-ipa-dev-van.dev-mydomain.net systemd[1]: dirsrv at DEV-mydomain-NET.service: Failed to run 'start' task: No such file or directory Jan 19 11:18:46 dc2-ipa-dev-van.dev-mydomain.net systemd[1]: Failed to start 389 Directory Server DEV-mydomain-NET.. Jan 19 11:18:46 dc2-ipa-dev-van.dev-mydomain.net systemd[1]: dirsrv at DEV-mydomain-NET.service: Failed with result 'resources'. Jan 19 11:18:46 dc2-ipa-dev-van.dev-mydomain.net systemd[1]: Starting 389 Directory Server DEV-mydomain-NET.... Jan 19 11:21:41 dc2-ipa-dev-van.dev-mydomain.net systemd[1]: dirsrv at DEV-mydomain-NET.service: Failed to load environment files: No such file or directory Jan 19 11:21:41 dc2-ipa-dev-van.dev-mydomain.net systemd[1]: dirsrv at DEV-mydomain-NET.service: Failed to run 'start' task: No such file or directory Jan 19 11:21:41 dc2-ipa-dev-van.dev-mydomain.net systemd[1]: Failed to start 389 Directory Server DEV-mydomain-NET.. Jan 19 11:21:41 dc2-ipa-dev-van.dev-mydomain.net systemd[1]: dirsrv at DEV-mydomain-NET.service: Failed with result 'resources'. Jan 19 11:21:41 dc2-ipa-dev-van.dev-mydomain.net systemd[1]: Starting 389 Directory Server DEV-mydomain-NET.... -----Original Message----- From: Ludwig Krispenz [mailto:lkrispen at redhat.com] Sent: January-19-16 8:45 AM To: Nathan Peters Cc: freeipa-users at redhat.com Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists On 01/19/2016 05:24 PM, Nathan Peters wrote: > So if the obsolete replica ID should cause no harm, then what is the solution to get my replica re-installed ? > > This problem still exists and hasn't gone away so I am still stuck with a 4th replica unable to be re-joined ... > > [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 ADD dn="cn=replica,cn=dc\3Ddev-globalrelay\2Cdc\3Dnet,cn=mapping tree,cn=config" > [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 RESULT err=68 tag=105 nentries=0 etime=0 > [18/Jan/2016:09:28:33 -0800] conn=18732 op=11 UNBIND where do you see this ? The high connection number indicates it is not on the server you just install. If it is on the master then it is correct, the entry exists there already. Did you uninstall server and client before ? Do you still have an /etc/openldap/ldap.conf having an URI pointin to the master ? > > [27/43]: restarting directory server > [28/43]: setting up initial replication > [error] DuplicateEntry: This entry already exists Your system may be > partly configured. > Run /usr/sbin/ipa-server-install --uninstall to clean up. > > -----Original Message----- > From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Ludwig Krispenz > Sent: January-19-16 12:37 AM > To: freeipa-users at redhat.com > Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists > > > On 01/18/2016 09:55 PM, Nathan Peters wrote: >> Another follow-up : dirsrv logs get really strange when I attempt to add that cleanruv task. It apears the message logged to console that the task already exists is totally lying ? o.O > no, it is not totally lying, you just found another trace of a replica > ID which is probably not properly cleaned. The cleanallruv task looks > into the database and finally also into the changelog and remove all > traces for tee replica ID to be cleaned. > What you found is a ruv in the replication agreement, the replication > agreement keeps track of the consumer RUV it has seen, and there was at > one time replica 14. > > I'll open a ticket for 389-ds to handle this in the cleanallruv task. > But the obsolete replica ID in the agreement should do no harm. If you > want to get rid of it, you coud stop the server and remove it from the > /etc/dirsrv/slapd-/dse.ldif >> So the actual error is that it cannot modify a task because it does not exist? Why does it not exist ? According to the docs here : http://directory.fedoraproject.org/docs/389ds/FAQ/troubleshoot-cleanallruv.html >> >> It should always exist? There is no 'changetype : modify' in that ldap syntax... >> >> [18/Jan/2016:12:36:56 -0800] - ldbm_back_seq deadlock retry BAD 1601, err=0 BDB0062 Successful return: 0 >> [18/Jan/2016:12:39:56 -0800] - WARNING: can't modify task entry 'cn=clean 14,cn=cleanallruv,cn=tasks,cn=config'; No such object (32) >> [18/Jan/2016:12:39:58 -0800] - WARNING: can't modify task entry 'cn=clean 14,cn=cleanallruv,cn=tasks,cn=config'; No such object (32) >> [18/Jan/2016:12:40:00 -0800] - WARNING: can't modify task entry 'cn=clean 14,cn=cleanallruv,cn=tasks,cn=config'; No such object (32) >> [18/Jan/2016:12:40:00 -0800] NSMMReplicationPlugin - CleanAllRUV Task (rid 14): Replica id (14) is already being cleaned >> [18/Jan/2016:12:40:02 -0800] - WARNING: can't modify task entry 'cn=clean 14,cn=cleanallruv,cn=tasks,cn=config'; No such object (32) >> [18/Jan/2016:12:40:04 -0800] - WARNING: can't modify task entry 'cn=clean 14,cn=cleanallruv,cn=tasks,cn=config'; No such object (32) >> [18/Jan/2016:12:40:06 -0800] - WARNING: can't modify task entry 'cn=clean 14,cn=cleanallruv,cn=tasks,cn=config'; No such object (32) >> [18/Jan/2016:12:40:06 -0800] NSMMReplicationPlugin - CleanAllRUV Task (rid 14): Task failed...(-1) >> [18/Jan/2016:12:40:08 -0800] - WARNING: can't modify task entry 'cn=clean 14,cn=cleanallruv,cn=tasks,cn=config'; No such object (32) >> [18/Jan/2016:12:40:08 -0800] - WARNING: can't find task entry 'cn=clean 14,cn=cleanallruv,cn=tasks,cn=config' >> [18/Jan/2016:12:40:08 -0800] ipa_sidgen_add_post_op - [file ipa_sidgen.c, line 128]: Missing target entry. >> >> -----Original Message----- >> From: Nathan Peters >> Sent: January-18-16 12:13 PM >> To: Nathan Peters; Petr Vobornik; Rob Crittenden; freeipa-users at redhat.com >> Subject: RE: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists >> >> Follow-up : After finding the ghost ruvs below I tried to clean them. Apparently they are already being cleaned by some task that is clearly not working ... >> >> ==== attempts to clean ruv 14 ==== >> >> [[root at dc2-ipa-dev-nvan slapd-MYDOMAIN-NET]# ldapmodify -D "cn=directory manager" -W -a >> Enter LDAP Password: >> dn: cn=clean 14, cn=cleanallruv, cn=tasks, cn=config >> objectclass: top >> objectclass: extensibleObject >> replica-base-dn: cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config >> replica-id: 14 >> replica-force-cleaning: yes >> cn: clean 14 >> >> adding new entry "cn=clean 14, cn=cleanallruv, cn=tasks, cn=config" >> ldap_add: Server is unwilling to perform (53) >> additional info: Replica id (14) is already being cleaned >> >> [root at dc2-ipa-dev-nvan slapd-MYDOMAIN-NET]# ldapmodify -x -D "cn=directory manager" -W <>> dn: cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config >>> changetype: modify >>> replace: nsds5task >>> nsds5task: CLEANRUV14 >>> EOF >> Enter LDAP Password: >> modifying entry "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" >> >> This one adds the entry properly (I think - I have no idea how to check if one exists), but does not actually clean the ruv. >> >> >> -----Original Message----- >> From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Nathan Peters >> Sent: January-18-16 11:44 AM >> To: Petr Vobornik; Rob Crittenden; freeipa-users at redhat.com >> Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists >> >> Answers to questions : >> >> 1) All 3 servers are working fine. Error logs show only the expected replication keepalive entries and no other entries for the last 24 hours. Replication works. >> >> 2) ipa server-find output is identical on all 3 servers : >> >> [root at dc1-ipa-dev-nvan slapd-DEV-GLOBALRELAY-NET]# ipa server-find >> --------------------- >> 3 IPA servers matched >> --------------------- >> Server name: dc1-ipa-dev-nvan.dev-globalrelay.net >> Managed suffixes: domain, ca >> Min domain level: 0 >> Max domain level: 1 >> >> Server name: dc1-ipa-dev-van.dev-globalrelay.net >> Managed suffixes: domain, ca >> Min domain level: 0 >> Max domain level: 1 >> >> Server name: dc2-ipa-dev-nvan.dev-globalrelay.net >> Managed suffixes: domain, ca >> Min domain level: 0 >> Max domain level: 1 >> ---------------------------- >> Number of entries returned 3 >> ---------------------------- >> >> 3)ipa-replica-manage list is the same on all 3 servers : >> >> [root at dc1-ipa-dev-van slapd-DEV-GLOBALRELAY-NET]# ipa-replica-manage list >> dc2-ipa-dev-nvan.dev-globalrelay.net: master >> dc1-ipa-dev-nvan.dev-globalrelay.net: master >> dc1-ipa-dev-van.dev-globalrelay.net: master >> >> 3.5)I actually tried running the remove command anyway in case there were any type of lingering records and it came back with nothing found : >> >> [root at dc2-ipa-dev-nvan slapd-DEV-GLOBALRELAY-NET]# ipa-replica-manage del dc2-ipa-dev-van.dev-globalrelay.net >> dc2-ipa-dev-van.dev-globalrelay.net is not listed among IPA masters. >> Please specify an actual server or add the --cleanup option to force clean up. >> [root at dc2-ipa-dev-nvan slapd-DEV-GLOBALRELAY-NET]# ipa-replica-manage del dc2-ipa-dev-van.dev-globalrelay.net --cleanup >> Checking connectivity in topology suffix 'ca' >> 'dc2-ipa-dev-van.dev-globalrelay.net' is not a part of topology suffix 'ca' >> Not checking connectivity >> Checking connectivity in topology suffix 'domain' >> 'dc2-ipa-dev-van.dev-globalrelay.net' is not a part of topology suffix 'domain' >> Not checking connectivity >> No RUV records found. >> >> 4) The command revealed it went to a different master than I thought. It was not the CA master, but a differnet one. >> >> [root at dc2-ipa-dev-van slapd-DEV-GLOBALRELAY-NET]# cat /var/log/ipareplica-install.log | grep "Forwarding 'service_add'" >> 2016-01-18T17:28:22Z INFO Forwarding 'service_add' to json server 'https://dc2-ipa-dev-nvan.dev-globalrelay.net/ipa/json' >> >> For some reason, when I was monitoring the logs, nothing had been logged on the dc2-ipa-dev-nvan in the dirsrv log but it must have been buffering to disk, because when I checked the logs 5 minutes later, all the data was there. You can actually see the err=68 here : >> >> [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 ADD dn="cn=replica,cn=dc\3Ddev-globalrelay\2Cdc\3Dnet,cn=mapping tree,cn=config" >> [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 RESULT err=68 tag=105 nentries=0 etime=0 >> [18/Jan/2016:09:28:33 -0800] conn=18732 op=11 UNBIND >> >> I'm not sure why it would fail that call though... >> >> Here are the ldapsearch for that cn=replica branch performed on the master it was joining to, as well as the complete logs from that master with the err=68 in it. >> >> I'm not sure if this has anything to do with it, but inside the replica branch are already 2 sub branches for replication agreements. These agreements have what appears to be old ruvs for the server I am trying to join, however, because the ipa-replica-install clean-ruv command only applies to domain level 0, I cannot clean those ruvs... I also cannot lower my domain level back down to 0 so I can clean them. >> >> [root at dc2-ipa-dev-nvan slapd-DEV-GLOBALRELAY-NET]# ipa-replica-manage clean-ruv 14 >> No RUV records found. >> >> >> ==== LDAP SEARCH OF SECTION OF TREE THAT ADD FAILS ON ===== >> >> [root at dc2-ipa-dev-nvan slapd-MYDOMAIN-NET]# ldapsearch -D "cn=directory manager" -W -b "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" >> Enter LDAP Password: >> # extended LDIF >> # >> # LDAPv3 >> # base with scope subtree >> # filter: (objectclass=*) >> # requesting: ALL >> # >> >> # replica, dc\3Dmydomain\2Cdc\3Dnet, mapping tree, config >> dn: cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config >> cn: replica >> nsDS5Flags: 1 >> nsDS5ReplicaBindDN: cn=replication manager,cn=config >> nsDS5ReplicaBindDN: krbprincipalname=ldap/dc1-ipa-dev-nvan.mydomain.net >> @MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net >> nsDS5ReplicaBindDN: krbprincipalname=ldap/dc1-ipa-dev-van.mydomain.net@ >> MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net >> nsDS5ReplicaId: 15 >> nsDS5ReplicaName: 74d8b993-bcb911e5-ba5283c7-2a40cd64 >> nsDS5ReplicaRoot: dc=mydomain,dc=net >> nsDS5ReplicaType: 3 >> nsState:: DwAAAAAAAAC/OZ1WAAAAAAAAAAAAAAAAbAEAAAAAAAAAAAAAAAAAAA== >> nsds5ReplicaLegacyConsumer: off >> nsds5replicabinddngroup: cn=replication managers,cn=sysaccounts,cn=etc,dc=mydomain,dc=net >> nsds5replicabinddngroupcheckinterval: 60 >> objectClass: nsds5replica >> objectClass: top >> objectClass: extensibleobject >> nsds5ReplicaChangeCount: 37386 >> nsds5replicareapactive: 0 >> >> # meTodc1-ipa-dev-nvan.mydomain.net, replica, dc\3Dmydomain\2Cdc\ >> 3Dnet, mapping tree, config >> dn: cn=meTodc1-ipa-dev-nvan.mydomain.net,cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config >> cn: meTodc1-ipa-dev-nvan.mydomain.net >> description: me to dc1-ipa-dev-nvan.mydomain.net >> nsDS5ReplicaBindMethod: SASL/GSSAPI >> nsDS5ReplicaHost: dc1-ipa-dev-nvan.mydomain.net >> nsDS5ReplicaPort: 389 >> nsDS5ReplicaRoot: dc=mydomain,dc=net >> nsDS5ReplicaTransportInfo: LDAP >> nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial >> entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount >> nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts >> uccessfulauth krblastfailedauth krbloginfailedcount >> nsds50ruv: {replicageneration} 553fe9bb000000040000 >> nsds50ruv: {replica 16 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 569afd >> 26000000100000 569b9201002200100000 >> nsds50ruv: {replica 17 ldap://dc1-ipa-dev-van.mydomain.net:389} 569b124 >> b000000110000 569b91af000d00110000 >> nsds50ruv: {replica 15 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 569aee >> 040000000f0000 569b92010002000f0000 >> nsds50ruv: {replica 14 ldap://dc2-ipa-dev-van.mydomain.net:389} 569ae7b >> b0000000e0000 569b91320014000e0000 >> nsds5ReplicaEnabled: on >> nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in >> ternalModifyTimestamp >> nsds5replicaTimeout: 120 >> nsruvReplicaLastModified: {replica 16 ldap://dc1-ipa-dev-nvan.mydomain. >> net:389} 00000000 >> nsruvReplicaLastModified: {replica 17 ldap://dc1-ipa-dev-van.mydomain.n >> et:389} 00000000 >> nsruvReplicaLastModified: {replica 15 ldap://dc2-ipa-dev-nvan.mydomain. >> net:389} 00000000 >> nsruvReplicaLastModified: {replica 14 ldap://dc2-ipa-dev-van.mydomain.n >> et:389} 00000000 >> objectClass: nsds5replicationagreement >> objectClass: top >> objectClass: ipaReplTopoManagedAgreement >> ipaReplTopoManagedAgreementState: managed agreement - controlled by topology p >> lugin >> nsds5replicareapactive: 0 >> nsds5replicaLastUpdateStart: 20160118191523Z >> nsds5replicaLastUpdateEnd: 20160118191523Z >> nsds5replicaChangesSentSinceStartup:: MTU6Mjc0LzgyNzY5NiAxNDoxLzAgMTc6MTQvMCAx >> NjoyLzAg >> nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd >> ate succeeded >> nsds5replicaUpdateInProgress: FALSE >> nsds5replicaLastInitStart: 19700101000000Z >> nsds5replicaLastInitEnd: 19700101000000Z >> >> # meTodc1-ipa-dev-van.mydomain.net, replica, dc\3Dmydomain\2Cdc\3 >> Dnet, mapping tree, config >> dn: cn=meTodc1-ipa-dev-van.mydomain.net,cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config >> cn: meTodc1-ipa-dev-van.mydomain.net >> description: me to dc1-ipa-dev-van.mydomain.net >> nsDS5ReplicaBindMethod: SASL/GSSAPI >> nsDS5ReplicaHost: dc1-ipa-dev-van.mydomain.net >> nsDS5ReplicaPort: 389 >> nsDS5ReplicaRoot: dc=mydomain,dc=net >> nsDS5ReplicaTransportInfo: LDAP >> nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial >> entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount >> nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts >> uccessfulauth krblastfailedauth krbloginfailedcount >> nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in >> ternalModifyTimestamp >> nsds5replicaTimeout: 120 >> objectClass: nsds5replicationagreement >> objectClass: top >> objectClass: ipaReplTopoManagedAgreement >> ipaReplTopoManagedAgreementState: managed agreement - controlled by topology p >> lugin >> nsds50ruv: {replicageneration} 553fe9bb000000040000 >> nsds50ruv: {replica 17 ldap://dc1-ipa-dev-van.mydomain.net:389} 569b124 >> b000000110000 569b9201000500110000 >> nsds50ruv: {replica 16 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 569afd >> 26000000100000 569b918d004a00100000 >> nsds50ruv: {replica 15 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 569aee >> 040000000f0000 569b92010002000f0000 >> nsds50ruv: {replica 14 ldap://dc2-ipa-dev-van.mydomain.net:389} 569ae7b >> b0000000e0000 569b91320014000e0000 >> nsruvReplicaLastModified: {replica 17 ldap://dc1-ipa-dev-van.mydomain.n >> et:389} 00000000 >> nsruvReplicaLastModified: {replica 16 ldap://dc1-ipa-dev-nvan.mydomain. >> net:389} 00000000 >> nsruvReplicaLastModified: {replica 15 ldap://dc2-ipa-dev-nvan.mydomain. >> net:389} 00000000 >> nsruvReplicaLastModified: {replica 14 ldap://dc2-ipa-dev-van.mydomain.n >> et:389} 00000000 >> nsds5replicareapactive: 0 >> nsds5replicaLastUpdateStart: 20160118191523Z >> nsds5replicaLastUpdateEnd: 20160118191523Z >> nsds5replicaChangesSentSinceStartup:: MTU6MzY2LzE0MTg1NjkgMTY6OTYvMCAxNzoyLzAg >> nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd >> ate succeeded >> nsds5replicaUpdateInProgress: FALSE >> nsds5replicaLastInitStart: 19700101000000Z >> nsds5replicaLastInitEnd: 19700101000000Z >> >> # search result >> search: 2 >> result: 0 Success >> >> # numResponses: 4 >> # numEntries: 3 >> >> >> >> >> >> ===== LOGS FROM MASTER DURING REPLICA INSTALLATION ATTEMPT ==== >> >> [18/Jan/2016:09:27:54 -0800] conn=18695 fd=144 slot=144 connection from 10.21.0.98 to 10.178.0.98 >> [18/Jan/2016:09:27:54 -0800] conn=18695 op=0 BIND dn="" method=128 version=3 >> [18/Jan/2016:09:27:54 -0800] conn=18695 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="" >> [18/Jan/2016:09:27:54 -0800] conn=18695 op=1 SRCH base="" scope=0 filter="(objectClass=*)" attrs="namingContexts defaultnamingcontext" >> [18/Jan/2016:09:27:54 -0800] conn=18695 op=1 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=18695 op=2 SRCH base="dc=mydomain,dc=net" scope=0 filter="(info=IPA*)" attrs=ALL >> [18/Jan/2016:09:27:54 -0800] conn=18695 op=2 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=18695 op=3 SRCH base="cn=kerberos,dc=mydomain,dc=net" scope=2 filter="(objectClass=krbRealmContainer)" attrs=ALL >> [18/Jan/2016:09:27:54 -0800] conn=18695 op=3 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=14994 op=9086 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:27:54 -0800] conn=14994 op=9086 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=14994 op=9087 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:27:54 -0800] conn=14994 op=9087 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=14994 op=9088 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:27:54 -0800] conn=14994 op=9088 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=14994 op=9089 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:27:54 -0800] conn=14994 op=9089 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=7 op=36490 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:54 -0800] conn=7 op=36490 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=7 op=36491 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:54 -0800] conn=7 op=36491 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=7 op=36492 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:54 -0800] conn=7 op=36492 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=7 op=36493 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >> [18/Jan/2016:09:27:54 -0800] conn=7 op=36493 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38858 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38858 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38859 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38859 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38860 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38860 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38861 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38861 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38862 SRCH base="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38862 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38863 MOD dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38863 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22060000000f0000 >> [18/Jan/2016:09:27:54 -0800] conn=18696 fd=145 slot=145 connection from 10.21.0.98 to 10.178.0.98 >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38864 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38864 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38865 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38865 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38866 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38866 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38867 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38867 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38868 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38868 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=18696 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:54 -0800] conn=18696 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:54 -0800] conn=18696 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:54 -0800] conn=18696 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:54 -0800] conn=18696 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:54 -0800] conn=18696 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:54 -0800] conn=18696 op=3 SRCH base="cn=certificates,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaCertificate)(objectClass=pkiCA))" attrs="ipaKeyExtUsage cn ipaCertSubject ipaPublicKey cacertificate;binary ipaKeyTrust ipaCertIssuerSerial" >> [18/Jan/2016:09:27:54 -0800] conn=18696 op=3 RESULT err=0 tag=101 nentries=2 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=18696 op=4 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" >> [18/Jan/2016:09:27:54 -0800] conn=18696 op=4 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=18696 op=5 UNBIND >> [18/Jan/2016:09:27:54 -0800] conn=18696 op=5 fd=145 closed - U1 >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38869 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38869 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38870 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38870 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38871 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38871 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38872 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38872 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38873 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:54 -0800] conn=6 op=38873 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:54 -0800] conn=3 op=82445 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:54 -0800] conn=3 op=82446 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:54 -0800] conn=3 op=82445 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82447 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82446 RESULT err=0 tag=101 nentries=1 etime=1 >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82447 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82448 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82448 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=13 op=56316 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:55 -0800] conn=13 op=56316 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=13 op=56317 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:55 -0800] conn=13 op=56317 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=13 op=56318 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:55 -0800] conn=13 op=56318 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=13 op=56319 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >> [18/Jan/2016:09:27:55 -0800] conn=13 op=56319 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36494 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36494 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=18697 fd=145 slot=145 connection from 10.21.5.248 to 10.178.0.98 >> [18/Jan/2016:09:27:55 -0800] conn=18697 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" >> [18/Jan/2016:09:27:55 -0800] conn=18697 op=0 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36495 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36495 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36496 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36496 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36497 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36497 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36498 SRCH base="cn=ad,cn=trusts,dc=mydomain,dc=net" scope=2 filter="(objectClass=ipaNTTrustedDomain)" attrs=ALL >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36499 SRCH base="dc=mydomain,dc=net" scope=2 filter="(objectClass=ipaNTDomainAttrs)" attrs="ipaNTFlatName ipaNTFallbackPrimaryGroup ipaNTSecurityIdentifier" >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36498 RESULT err=0 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36499 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36500 SRCH base="cn=Default SMB Group,cn=groups,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=posixGroup)" attrs="ipaNTSecurityIdentifier" >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36501 SRCH base="cn=ad,cn=trusts,dc=mydomain,dc=net" scope=2 filter="(objectClass=ipaNTTrustedDomain)" attrs="cn ipaNTTrustPartner ipaNTFlatName ipaNTTrustedDomainSID ipaNTSIDBlacklistIncoming ipaNTSIDBlacklistOutgoing" >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36500 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36501 RESULT err=0 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36502 SRCH base="krbprincipalname=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36502 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36503 SRCH base="cn=dc2-ipa-dev-nvan.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36503 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36504 MOD dn="krbprincipalname=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:55 -0800] conn=7 op=36504 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22070000000f0000 >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82449 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/fe1-gas-gasqa3-van.login.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/fe1-gas-gasqa3-van.login.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:55 -0800] conn=18698 fd=278 slot=278 connection from 10.178.0.98 to 10.178.0.98 >> [18/Jan/2016:09:27:55 -0800] conn=13 op=56320 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82449 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82450 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82450 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82451 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:55 -0800] conn=13 op=56320 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=13 op=56321 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82451 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82452 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82452 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=13 op=56321 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=13 op=56322 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:55 -0800] conn=13 op=56322 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=13 op=56323 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38874 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/fe1-gas-gasqa3-van.login.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/fe1-gas-gasqa3-van.login.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:55 -0800] conn=13 op=56323 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=13 op=56324 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:55 -0800] conn=13 op=56324 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38874 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38875 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38875 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38876 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38876 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38877 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38877 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38878 SRCH base="fqdn=fe1-gas-gasqa3-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38878 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38879 SRCH base="cn=fe1-gas-gasqa3-van.login.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38879 RESULT err=32 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38880 MOD dn="fqdn=fe1-gas-gasqa3-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=3 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=4 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=4 RESULT err=32 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=5 SRCH base="cn=computers,cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=ipaobject)(objectClass=nshost)(objectClass=ipahost)(objectClass=pkiuser)(objectClass=ipaservice))(serverHostName=dc2-ipa-dev-van.mydomain.net))" attrs="" >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=5 RESULT err=0 tag=101 nentries=0 etime=0 notes=U >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=6 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="macAddress memberofindirect description nsHardwarePlatform userCertificate ipaAllowedToPerform * l nsOsVersion fqdn managedBy ipaAssignedIDView memberOf krbPrincipalName nsHostLocation userClass aci" >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=6 RESULT err=32 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=7 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=7 RESULT err=32 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=8 SRCH base="cn=computers,cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=ipaobject)(objectClass=nshost)(objectClass=ipahost)(objectClass=pkiuser)(objectClass=ipaservice))(serverHostName=dc2-ipa-dev-van.mydomain.net))" attrs="" >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=8 RESULT err=0 tag=101 nentries=0 etime=0 notes=U >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=9 ADD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38880 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22070004000f0000 >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38881 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=9 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d22070008000f0000 >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38881 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38882 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=10 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="macAddress memberOf description nsHardwarePlatform objectClass ipaAllowedToPerform memberofindirect l nsOsVersion fqdn managedBy ipaAssignedIDView ipaUniqueID userCertificate krbPrincipalName nsHostLocation userClass" >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=10 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=11 SRCH base="dc=mydomain,dc=net" scope=2 filter="(|(member=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberUser=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberHost=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net))" attrs="" >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=11 RESULT err=0 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=12 SRCH base="cn=dns,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=12 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38882 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38883 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38883 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=13 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(userPassword=*)" attrs="userPassword" >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=13 RESULT err=0 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38884 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/fe1-gas-gasqa3-van.login.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38884 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=14 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(krbPrincipalKey=*)" attrs="krbPrincipalKey" >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=14 RESULT err=0 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38885 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:55 -0800] conn=6 op=38885 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=15 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaSshPubKey" >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=15 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=16 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaDefaultLoginShell ipaCertificateSubjectBase ipaUserSearchFields ipaSELinuxUserMapDefault ipaUserAuthType ipaDefaultPrimaryGroup ipaPwdExpAdvNotify ipaGroupSearchFields ipaDefaultEmailDomain ipaHomesRootDir ipaSearchTimeLimit ipaKrbAuthzData ipaMigrationEnabled ipaSearchRecordsLimit ipaConfigString ipaMaxUsernameLength ipaSELinuxUserMapOrder" >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=16 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=14994 op=9090 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:27:55 -0800] conn=14994 op=9090 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=18697 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:55 -0800] conn=18697 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:55 -0800] conn=14994 op=9091 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:27:55 -0800] conn=14994 op=9091 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=17 UNBIND >> [18/Jan/2016:09:27:55 -0800] conn=18698 op=17 fd=278 closed - U1 >> [18/Jan/2016:09:27:55 -0800] conn=18697 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:55 -0800] conn=18697 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:55 -0800] conn=17562 op=144064 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:27:55 -0800] conn=17562 op=144064 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=18697 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:55 -0800] conn=18697 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=fe1-gas-gasqa3-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:55 -0800] conn=17562 op=144065 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:55 -0800] conn=18697 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2842)(!(entryusn=2842)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=fe1-gas-gasqa3-van.login.mydomain.net)(sudoHost=fe1-gas-gasqa3-van)(sudoHost=10.21.5.248)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:640b)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" >> [18/Jan/2016:09:27:55 -0800] conn=18697 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 >> [18/Jan/2016:09:27:55 -0800] conn=17562 op=144065 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7ac1000b00110000 >> [18/Jan/2016:09:27:55 -0800] conn=18699 fd=278 slot=278 connection from 10.21.0.98 to 10.178.0.98 >> [18/Jan/2016:09:27:55 -0800] conn=18699 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:55 -0800] conn=18699 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:55 -0800] conn=18699 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:55 -0800] conn=18699 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:55 -0800] conn=18699 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:55 -0800] conn=18699 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:55 -0800] conn=18699 op=3 EXT oid="2.16.840.1.113730.3.8.10.5" name="IPA Password Manager" >> [18/Jan/2016:09:27:55 -0800] conn=18699 op=3 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=18699 op=4 UNBIND >> [18/Jan/2016:09:27:55 -0800] conn=18699 op=4 fd=278 closed - U1 >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82453 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82453 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82454 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82454 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82455 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82455 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82456 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82456 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82457 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82457 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82458 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82458 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82459 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82459 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82460 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82460 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82461 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82461 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82462 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82462 RESULT err=32 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82463 MOD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:55 -0800] conn=3 op=82463 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22070012000f0000 >> [18/Jan/2016:09:27:55 -0800] conn=18695 op=4 UNBIND >> [18/Jan/2016:09:27:55 -0800] conn=18695 op=4 fd=144 closed - U1 >> [18/Jan/2016:09:27:56 -0800] conn=18683 op=7 UNBIND >> [18/Jan/2016:09:27:56 -0800] conn=18683 op=7 fd=277 closed - U1 >> [18/Jan/2016:09:27:56 -0800] conn=14994 op=9092 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:27:56 -0800] conn=14994 op=9092 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144066 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144066 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7c09001b00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144067 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144067 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7c09001c00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144068 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144068 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7da4000500110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144069 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144069 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7da4000600110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144070 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144070 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7ec8000e00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144071 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144071 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c804f000600110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144072 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144072 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c804f000700110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144073 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144073 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8169001900110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144074 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144074 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8169001a00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144075 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144075 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c82c6000600110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144076 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144076 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8416000800110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144077 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144077 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8416000900110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144078 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144078 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c854a000700110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144079 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144079 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c854a000800110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144080 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144080 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8696002500110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144081 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144081 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8696002600110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144082 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144082 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8833000d00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144083 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144083 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8833000e00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144084 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144084 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8964000f00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144085 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144085 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8ae4000600110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144086 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144086 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8c17000900110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144087 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144087 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8d72000500110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144088 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144088 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8ece000a00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144089 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144089 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9023001800110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144090 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144090 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9023001900110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144091 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144091 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9192001400110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144092 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144092 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9192001500110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144093 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144093 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c92e8000400110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144094 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144094 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9463000500110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144095 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144095 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c95c0000500110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144096 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144096 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c95c0000600110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144097 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144097 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c96de001100110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144098 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144098 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c989b000a00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144099 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144099 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c989b000b00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144100 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144100 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c99d4000c00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144101 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144101 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c99d4000d00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144102 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144102 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9b07000a00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144103 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144103 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9ca8000800110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144104 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144104 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9ca8000900110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144105 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144105 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9dca001500110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144106 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144106 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9f15001e00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144107 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144107 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9f15001f00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144108 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144108 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca0bf000a00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144109 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144109 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca0bf000b00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144110 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144110 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca21a000d00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144111 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144111 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca3a6001a00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144112 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144112 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca3a6001b00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144113 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144113 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca4f9000200110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144114 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144114 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca638001a00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144115 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144115 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca638001b00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144116 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144116 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca7b4000c00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144117 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144117 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca7b4000d00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144118 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144118 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca922000d00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144119 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144119 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca922000e00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144120 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144120 RESULT err=32 tag=103 nentries=0 etime=0 csn=569caa84000a00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144121 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144121 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cabf6000d00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144122 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144122 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cabf6000e00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144123 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144123 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cad23000800110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144124 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144124 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cae86001100110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144125 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144125 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cae86001200110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144126 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144126 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb02b000e00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144127 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144127 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb02b000f00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144128 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144128 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb19e000600110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144129 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144129 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb302000800110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144130 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144130 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb463000400110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144131 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144131 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb5b6002300110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144132 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144132 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb733000d00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144133 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144133 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb733000e00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144134 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144134 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb8a4000600110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144135 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144135 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cba11000900110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144136 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144136 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cba11000a00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144137 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144137 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbb52001a00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144138 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144138 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbcc4001c00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144139 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144139 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbcc4001d00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144140 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144140 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbe3a000f00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144141 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144141 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbfa9000500110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144142 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144142 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc10e001000110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144143 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144143 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc10e001100110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144144 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144144 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc240001e00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144145 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144145 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc3a0001000110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144146 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144146 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc3a0001100110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144147 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144147 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc543000d00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144148 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144148 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc6a5000f00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144149 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144149 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc6a5001000110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144150 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144150 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc80d001000110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144151 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144151 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc943000800110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144152 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144152 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cca94000e00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144153 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144153 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccc35001000110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144154 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144154 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccc35001100110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144155 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144155 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccd8a000600110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144156 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144156 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccec0000c00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144157 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144157 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccec0000d00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144158 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144158 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd040000700110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144159 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144159 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd040000800110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144160 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144160 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd185001200110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144161 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144161 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd33d000700110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144162 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144162 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd493000400110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144163 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144163 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd5ed000d00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144164 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144164 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd749000900110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144165 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144165 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd893000500110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144166 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144166 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cda30001600110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144167 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144167 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cda30001700110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144168 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144168 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdb92000a00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144169 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144169 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdcdc000500110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144170 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144170 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cde51000a00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144171 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144171 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdfab000f00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144172 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144172 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce157000700110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144173 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144173 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce2f5001000110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144174 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144174 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce2f5001100110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144175 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144175 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce42d000900110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144176 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144176 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce585000f00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144177 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144177 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce6cf003500110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144178 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144178 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce6cf003600110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144179 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144179 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce860000900110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144180 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144180 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce9ce000900110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144181 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144181 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ceaf9002400110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144182 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144182 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cec51002100110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144183 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144183 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cedb6000900110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144184 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144184 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cedb6000a00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144185 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144185 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cef2a000500110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144186 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144186 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf0af000800110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144187 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144187 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf1cc000c00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144188 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144188 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf1cc000d00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144189 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144189 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf359002000110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144190 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144190 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf4b4000700110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144191 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144191 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf4b4000800110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144192 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144192 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf625000a00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144193 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144193 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf625000b00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144194 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144194 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf7ba000500110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144195 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144195 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf8d4000a00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144196 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144196 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfa64001d00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144197 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144197 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfbb2000800110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144198 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144198 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfd39000700110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144199 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144199 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfed1000a00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144200 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144200 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cffea001000110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144201 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144201 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d018b000600110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144202 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144202 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d02cf001c00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144203 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144203 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d02cf001d00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144204 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144204 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0489001300110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144205 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144205 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d061e000a00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144206 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144206 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0792000200110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144207 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144207 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d092f001500110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144208 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144208 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d092f001600110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144209 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144209 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0a69000800110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144210 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144210 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0c05001200110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144211 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144211 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0d5b001600110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144212 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144212 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0f13000f00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144213 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144213 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0f13001000110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144214 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144214 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1087000b00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144215 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144215 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d121d000500110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144216 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144216 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d13a4001200110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144217 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144217 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d14d5000500110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144218 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144218 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1693000300110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144219 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144219 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d17c4000c00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144220 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144220 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d17c4000d00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144221 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144221 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d194d000900110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144222 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144222 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1add000400110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144223 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144223 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1bef000500110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144224 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144224 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1d9b000500110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144225 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144225 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1edb000900110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144226 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144226 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d206f000600110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144227 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144227 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d21f1000a00110000 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144228 MOD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144228 RESULT err=0 tag=103 nentries=0 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144229 MOD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144229 RESULT err=0 tag=103 nentries=0 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=18700 fd=144 slot=144 connection from 10.178.0.98 to 10.178.0.98 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82464 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82464 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82465 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82465 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82466 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82466 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82467 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82467 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82468 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82468 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82469 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82469 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82470 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82470 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82471 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82471 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82472 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82472 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82473 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82473 RESULT err=32 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=18700 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:57 -0800] conn=18700 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:57 -0800] conn=18700 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:57 -0800] conn=18700 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:57 -0800] conn=18700 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:57 -0800] conn=18700 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=18700 op=3 UNBIND >> [18/Jan/2016:09:27:57 -0800] conn=18700 op=3 fd=144 closed - U1 >> [18/Jan/2016:09:27:57 -0800] conn=18701 fd=144 slot=144 connection from 10.178.0.98 to 10.178.0.98 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82474 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82474 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82475 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82475 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82476 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82476 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82477 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82477 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82478 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82478 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82479 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82479 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82480 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82480 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82481 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82481 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82482 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82482 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82483 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82483 RESULT err=32 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=18701 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:57 -0800] conn=18701 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:57 -0800] conn=18701 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:57 -0800] conn=18701 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:57 -0800] conn=18701 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:57 -0800] conn=18701 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=18701 op=3 UNBIND >> [18/Jan/2016:09:27:57 -0800] conn=18701 op=3 fd=144 closed - U1 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144230 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144230 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144231 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144231 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=18702 fd=144 slot=144 connection from 10.178.0.98 to 10.178.0.98 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82484 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144232 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144232 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7ac1000b00110000 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82484 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82485 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82485 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82486 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82486 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82487 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82487 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82488 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82488 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82489 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82489 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82490 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82490 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82491 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82491 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82492 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82492 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82493 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:27:57 -0800] conn=3 op=82493 RESULT err=32 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=18702 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:57 -0800] conn=18702 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:57 -0800] conn=18702 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:57 -0800] conn=18702 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:57 -0800] conn=18702 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:57 -0800] conn=18702 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=18702 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:27:57 -0800] conn=18702 op=3 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=18702 op=4 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=CA))" attrs=ALL >> [18/Jan/2016:09:27:57 -0800] conn=18702 op=4 RESULT err=0 tag=101 nentries=3 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=18702 op=5 UNBIND >> [18/Jan/2016:09:27:57 -0800] conn=18702 op=5 fd=144 closed - U1 >> [18/Jan/2016:09:27:57 -0800] conn=18703 fd=144 slot=144 connection from 10.21.0.98 to 10.178.0.98 >> [18/Jan/2016:09:27:57 -0800] conn=18703 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:57 -0800] conn=18703 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:57 -0800] conn=18703 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:57 -0800] conn=18703 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:57 -0800] conn=18703 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:57 -0800] conn=18703 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=18703 op=3 SRCH base="cn=certificates,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaCertificate)(objectClass=pkiCA))" attrs="ipaKeyExtUsage cn ipaCertSubject ipaPublicKey cacertificate;binary ipaKeyTrust ipaCertIssuerSerial" >> [18/Jan/2016:09:27:57 -0800] conn=18703 op=3 RESULT err=0 tag=101 nentries=2 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=18703 op=4 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" >> [18/Jan/2016:09:27:57 -0800] conn=18703 op=4 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=18513 op=5 UNBIND >> [18/Jan/2016:09:27:57 -0800] conn=18513 op=5 fd=153 closed - U1 >> [18/Jan/2016:09:27:57 -0800] conn=18704 fd=153 slot=153 connection from 10.178.59.236 to 10.178.0.98 >> [18/Jan/2016:09:27:57 -0800] conn=18704 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" >> [18/Jan/2016:09:27:57 -0800] conn=18704 op=0 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38886 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/hadoop1-mc-mcci1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/hadoop1-mc-mcci1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38886 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38887 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38887 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38888 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38888 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38889 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38889 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38890 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/hadoop1-mc-mcci1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/hadoop1-mc-mcci1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:57 -0800] conn=18703 op=5 UNBIND >> [18/Jan/2016:09:27:57 -0800] conn=18703 op=5 fd=144 closed - U1 >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38890 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38891 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38891 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38892 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38892 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38893 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38893 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38894 SRCH base="fqdn=hadoop1-mc-mcci1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38894 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38895 SRCH base="cn=hadoop1-mc-mcci1-nvan.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38895 RESULT err=32 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38896 MOD dn="fqdn=hadoop1-mc-mcci1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38896 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2209000e000f0000 >> [18/Jan/2016:09:27:57 -0800] conn=6 op=38897 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:58 -0800] conn=6 op=38897 RESULT err=0 tag=101 nentries=1 etime=1 >> [18/Jan/2016:09:27:58 -0800] conn=6 op=38898 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:58 -0800] conn=6 op=38898 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:58 -0800] conn=6 op=38899 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:58 -0800] conn=6 op=38899 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:58 -0800] conn=6 op=38900 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/hadoop1-mc-mcci1-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:58 -0800] conn=6 op=38901 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:58 -0800] conn=6 op=38901 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:58 -0800] conn=6 op=38900 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:58 -0800] conn=18704 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:58 -0800] conn=18704 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:58 -0800] conn=18704 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:58 -0800] conn=18704 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:58 -0800] conn=18704 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:58 -0800] conn=18704 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=hadoop1-mc-mcci1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:58 -0800] conn=18704 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2)(!(entryusn=2)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=hadoop1-mc-mcci1-nvan.mydomain.net)(sudoHost=hadoop1-mc-mcci1-nvan)(sudoHost=10.178.59.236)(sudoHost=10.178.0.0/16)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" >> [18/Jan/2016:09:27:58 -0800] conn=18704 op=4 RESULT err=0 tag=101 nentries=7 etime=0 notes=P pr_idx=0 >> [18/Jan/2016:09:27:59 -0800] conn=18705 fd=144 slot=144 connection from 10.21.42.41 to 10.178.0.98 >> [18/Jan/2016:09:27:59 -0800] conn=18705 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" >> [18/Jan/2016:09:27:59 -0800] conn=18705 op=0 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38902 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/relay-sf-int-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/relay-sf-int-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38902 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38903 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38903 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38904 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38904 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38905 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38905 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=18706 fd=277 slot=277 connection from 10.21.0.98 to 10.178.0.98 >> [18/Jan/2016:09:27:59 -0800] conn=18706 op=-1 fd=277 closed - B1 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38906 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/relay-sf-int-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/relay-sf-int-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38906 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38907 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38907 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38908 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38908 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38909 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144233 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38909 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144233 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7c09001b00110000 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38910 SRCH base="fqdn=relay-sf-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38910 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38911 SRCH base="cn=relay-sf-int-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144234 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144234 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7c09001c00110000 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38911 RESULT err=32 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38912 MOD dn="fqdn=relay-sf-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144235 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38912 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b0000000f0000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144235 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7da4000500110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144236 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144236 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7da4000600110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144237 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144237 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7ec8000e00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144238 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144238 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c804f000600110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144239 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144239 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c804f000700110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144240 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144240 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8169001900110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144241 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144241 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8169001a00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144242 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144242 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c82c6000600110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144243 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144243 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8416000800110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144244 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144244 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8416000900110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144245 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144245 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c854a000700110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144246 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144246 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c854a000800110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144247 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144247 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8696002500110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144248 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144248 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8696002600110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144249 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144249 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8833000d00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144250 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144250 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8833000e00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144251 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144251 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8964000f00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144252 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144252 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8ae4000600110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144253 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144253 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8c17000900110000 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38913 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144254 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144254 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8d72000500110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144255 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144255 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8ece000a00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144256 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144256 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9023001800110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144257 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144257 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9023001900110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144258 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144258 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9192001400110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144259 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144259 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9192001500110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144260 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144260 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c92e8000400110000 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38913 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38914 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144261 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144261 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9463000500110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144262 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144262 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c95c0000500110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144263 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144263 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c95c0000600110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144264 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144264 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c96de001100110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144265 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144265 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c989b000a00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144266 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144266 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c989b000b00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144267 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144267 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c99d4000c00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144268 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144268 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c99d4000d00110000 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38914 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38915 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38915 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38916 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/relay-sf-int-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144269 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144269 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9b07000a00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144270 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144270 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9ca8000800110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144271 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144271 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9ca8000900110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144272 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144272 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9dca001500110000 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38916 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38917 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:59 -0800] conn=6 op=38917 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144273 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144273 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9f15001e00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144274 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144274 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9f15001f00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144275 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144275 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca0bf000a00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144276 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144276 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca0bf000b00110000 >> [18/Jan/2016:09:27:59 -0800] conn=18705 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144277 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144277 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca21a000d00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144278 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144278 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca3a6001a00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144279 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144279 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca3a6001b00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144280 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144280 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca4f9000200110000 >> [18/Jan/2016:09:27:59 -0800] conn=18705 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144281 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144281 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca638001a00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144282 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144282 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca638001b00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144283 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144283 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca7b4000c00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144284 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144284 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca7b4000d00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144285 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144285 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca922000d00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144286 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=3 op=82494 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:59 -0800] conn=18705 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:59 -0800] conn=18705 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144286 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca922000e00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144287 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144287 RESULT err=32 tag=103 nentries=0 etime=0 csn=569caa84000a00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144288 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144288 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cabf6000d00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144289 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144289 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cabf6000e00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144290 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144290 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cad23000800110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144291 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144291 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cae86001100110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144292 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144292 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cae86001200110000 >> [18/Jan/2016:09:27:59 -0800] conn=18705 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144293 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=3 op=82494 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144293 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb02b000e00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144294 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=18705 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=relay-sf-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144294 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb02b000f00110000 >> [18/Jan/2016:09:27:59 -0800] conn=3 op=82495 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=DNS/dc1-ipa-dev-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=DNS/dc1-ipa-dev-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144295 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=18705 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2842)(!(entryusn=2842)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=relay-sf-int-van.mydomain.net)(sudoHost=relay-sf-int-van)(sudoHost=10.21.42.41)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fea8:8002)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" >> [18/Jan/2016:09:27:59 -0800] conn=18705 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 >> [18/Jan/2016:09:27:59 -0800] conn=3 op=82495 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=3 op=82496 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:59 -0800] conn=3 op=82496 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=3 op=82497 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:59 -0800] conn=3 op=82497 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=3 op=82498 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:59 -0800] conn=3 op=82498 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144295 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb19e000600110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144296 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144296 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb302000800110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144297 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144297 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb463000400110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144298 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144298 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb5b6002300110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144299 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144299 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb733000d00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144300 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144300 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb733000e00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144301 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144301 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb8a4000600110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144302 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144302 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cba11000900110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144303 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144303 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cba11000a00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144304 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144304 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbb52001a00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144305 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144305 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbcc4001c00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144306 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144306 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbcc4001d00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144307 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144307 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbe3a000f00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144308 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144308 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbfa9000500110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144309 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144309 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc10e001000110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144310 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144310 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc10e001100110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144311 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144311 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc240001e00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144312 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144312 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc3a0001000110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144313 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144313 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc3a0001100110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144314 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144314 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc543000d00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144315 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144315 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc6a5000f00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144316 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144316 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc6a5001000110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144317 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144317 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc80d001000110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144318 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144318 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc943000800110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144319 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144319 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cca94000e00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144320 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144320 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccc35001000110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144321 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144321 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccc35001100110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144322 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144322 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccd8a000600110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144323 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144323 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccec0000c00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144324 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144324 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccec0000d00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144325 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144325 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd040000700110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144326 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144326 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd040000800110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144327 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144327 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd185001200110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144328 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144328 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd33d000700110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144329 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144329 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd493000400110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144330 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144330 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd5ed000d00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144331 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144331 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd749000900110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144332 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144332 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd893000500110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144333 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144333 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cda30001600110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144334 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144334 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cda30001700110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144335 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144335 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdb92000a00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144336 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144336 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdcdc000500110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144337 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144337 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cde51000a00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144338 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144338 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdfab000f00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144339 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144339 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce157000700110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144340 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144340 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce2f5001000110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144341 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144341 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce2f5001100110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144342 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144342 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce42d000900110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144343 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144343 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce585000f00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144344 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144344 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce6cf003500110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144345 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144345 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce6cf003600110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144346 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144346 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce860000900110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144347 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144347 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce9ce000900110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144348 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144348 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ceaf9002400110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144349 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144349 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cec51002100110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144350 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144350 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cedb6000900110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144351 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144351 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cedb6000a00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144352 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144352 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cef2a000500110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144353 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144353 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf0af000800110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144354 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144354 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf1cc000c00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144355 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144355 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf1cc000d00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144356 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144356 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf359002000110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144357 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144357 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf4b4000700110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144358 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144358 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf4b4000800110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144359 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144359 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf625000a00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144360 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144360 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf625000b00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144361 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144361 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf7ba000500110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144362 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144362 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf8d4000a00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144363 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144363 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfa64001d00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144364 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144364 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfbb2000800110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144365 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144365 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfd39000700110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144366 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144366 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfed1000a00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144367 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144367 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cffea001000110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144368 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144368 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d018b000600110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144369 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144369 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d02cf001c00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144370 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144370 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d02cf001d00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144371 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144371 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0489001300110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144372 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144372 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d061e000a00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144373 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144373 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0792000200110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144374 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144374 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d092f001500110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144375 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144375 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d092f001600110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144376 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144376 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0a69000800110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144377 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144377 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0c05001200110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144378 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144378 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0d5b001600110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144379 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144379 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0f13000f00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144380 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144380 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0f13001000110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144381 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144381 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1087000b00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144382 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144382 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d121d000500110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144383 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144383 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d13a4001200110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144384 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144384 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d14d5000500110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144385 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144385 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1693000300110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144386 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144386 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d17c4000c00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144387 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144387 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d17c4000d00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144388 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144388 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d194d000900110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144389 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144389 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1add000400110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144390 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144390 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1bef000500110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144391 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144391 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1d9b000500110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144392 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144392 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1edb000900110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144393 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144393 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d206f000600110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144394 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144394 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d21f1000a00110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144395 ADD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144395 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d220b000500110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144396 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144396 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000600110000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144397 MOD dn="idnsname=0.21.10.in-addr.arpa.,cn=dns,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144397 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000700110000 >> [18/Jan/2016:09:27:59 -0800] conn=18707 fd=277 slot=277 connection from 10.178.0.98 to 10.178.0.98 >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56325 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56325 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56326 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56326 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56327 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56327 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56328 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56328 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56329 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56329 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56330 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56330 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56331 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56331 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56332 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56332 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56333 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56333 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56334 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:27:59 -0800] conn=13 op=56334 RESULT err=32 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=3 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=4 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=4 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=5 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass" >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=5 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=6 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass ipaSshPubKey" >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=6 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=7 MOD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=7 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000c000f0000 >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=8 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="macAddress memberOf ipaSshPubKey description nsHardwarePlatform ipaAllowedToPerform memberofindirect l nsOsVersion fqdn managedBy ipaAssignedIDView userCertificate krbPrincipalName nsHostLocation userClass" >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=8 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=9 SRCH base="dc=mydomain,dc=net" scope=2 filter="(|(member=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberUser=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberHost=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net))" attrs="" >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=9 RESULT err=0 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=10 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(userPassword=*)" attrs="userPassword" >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=10 RESULT err=0 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=11 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(krbPrincipalKey=*)" attrs="krbPrincipalKey" >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=11 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=12 UNBIND >> [18/Jan/2016:09:27:59 -0800] conn=18707 op=12 fd=277 closed - U1 >> [18/Jan/2016:09:27:59 -0800] conn=14994 op=9093 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:27:59 -0800] conn=14994 op=9093 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144398 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144398 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=273 op=207 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144399 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144399 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:27:59 -0800] conn=273 op=207 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000e000f0000 >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144400 ADD dn="idnsName=98,idnsname=0.21.10.in-addr.arpa.,cn=dns,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144400 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d220b000800110000 >> [18/Jan/2016:09:27:59 -0800] conn=273 op=208 MOD dn="idnsname=0.21.10.in-addr.arpa.,cn=dns,dc=mydomain,dc=net" >> [18/Jan/2016:09:27:59 -0800] conn=273 op=208 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000f000f0000 >> [18/Jan/2016:09:28:01 -0800] conn=7882 op=1362 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf nsUniqueId modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock" >> [18/Jan/2016:09:28:01 -0800] conn=7882 op=1362 RESULT err=0 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:28:01 -0800] conn=7882 op=1363 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf nsUniqueId modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock" >> [18/Jan/2016:09:28:01 -0800] conn=7882 op=1363 RESULT err=0 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144401 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144401 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000f00110000 >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144402 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:01 -0800] conn=273 op=209 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144402 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001000110000 >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144403 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:01 -0800] conn=273 op=209 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d0002000f0000 >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144403 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001100110000 >> [18/Jan/2016:09:28:01 -0800] conn=273 op=210 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144404 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:01 -0800] conn=273 op=210 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d0004000f0000 >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144404 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001200110000 >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144405 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:01 -0800] conn=273 op=211 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144405 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001300110000 >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144406 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:01 -0800] conn=273 op=211 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d0006000f0000 >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144406 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001400110000 >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144407 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:01 -0800] conn=273 op=212 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144407 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001500110000 >> [18/Jan/2016:09:28:01 -0800] conn=273 op=212 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d0009000f0000 >> [18/Jan/2016:09:28:01 -0800] conn=273 op=213 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:01 -0800] conn=273 op=213 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d000b000f0000 >> [18/Jan/2016:09:28:01 -0800] conn=273 op=214 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:01 -0800] conn=273 op=214 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d000d000f0000 >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144408 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144408 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144409 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144409 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144410 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144410 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9094 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9094 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9095 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9095 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9096 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9096 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9097 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9097 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9098 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9098 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9099 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9099 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9100 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9100 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9101 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9101 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9102 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9102 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9103 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9103 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9104 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9104 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9105 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9105 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9106 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9106 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9107 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9107 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9108 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9108 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9109 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9109 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9110 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9110 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9111 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9111 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9112 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9112 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9113 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9113 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144411 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144411 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144412 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144412 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144413 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144413 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144414 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144414 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=18708 fd=277 slot=277 connection from 10.21.20.251 to 10.178.0.98 >> [18/Jan/2016:09:28:04 -0800] conn=18708 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" >> [18/Jan/2016:09:28:04 -0800] conn=18708 op=0 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=7 op=36505 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/spool2-ops-flex-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/spool2-ops-flex-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:04 -0800] conn=7 op=36505 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=7 op=36506 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:04 -0800] conn=7 op=36506 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=7 op=36507 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:04 -0800] conn=7 op=36507 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=7 op=36508 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >> [18/Jan/2016:09:28:04 -0800] conn=7 op=36508 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82499 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/spool2-ops-flex-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/spool2-ops-flex-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82499 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82500 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82500 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82501 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82501 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82502 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82502 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82503 SRCH base="fqdn=spool2-ops-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82503 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82504 SRCH base="cn=spool2-ops-flex-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82504 RESULT err=32 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82505 MOD dn="fqdn=spool2-ops-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82505 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22100000000f0000 >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82506 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82506 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82507 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82507 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82508 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82508 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82509 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/spool2-ops-flex-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82509 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82510 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:04 -0800] conn=3 op=82510 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=18708 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:04 -0800] conn=18708 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:04 -0800] conn=18708 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:04 -0800] conn=18708 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:04 -0800] conn=18708 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:04 -0800] conn=18708 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=spool2-ops-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:04 -0800] conn=18708 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2842)(!(entryusn=2842)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=spool2-ops-flex-van.mydomain.net)(sudoHost=spool2-ops-flex-van)(sudoHost=10.21.20.251)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:769c)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" >> [18/Jan/2016:09:28:04 -0800] conn=18708 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 >> [18/Jan/2016:09:28:04 -0800] conn=14994 op=9114 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:04 -0800] conn=14994 op=9114 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=14994 op=9115 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:04 -0800] conn=14994 op=9115 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144415 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144415 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144416 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144416 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144417 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144417 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144418 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144418 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:05 -0800] conn=17562 op=144419 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:05 -0800] conn=17562 op=144419 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:05 -0800] conn=17562 op=144420 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:05 -0800] conn=17562 op=144420 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:05 -0800] conn=17562 op=144421 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:05 -0800] conn=17562 op=144421 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:05 -0800] conn=17562 op=144422 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:05 -0800] conn=17562 op=144422 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:05 -0800] conn=18709 fd=278 slot=278 SSL connection from 10.21.0.98 to 10.178.0.98 >> [18/Jan/2016:09:28:05 -0800] conn=18709 TLS1.2 128-bit AES >> [18/Jan/2016:09:28:05 -0800] conn=18709 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:05 -0800] conn=18709 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:05 -0800] conn=18709 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:05 -0800] conn=18709 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:05 -0800] conn=18709 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:05 -0800] conn=18709 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:05 -0800] conn=18710 fd=279 slot=279 SSL connection from 10.21.0.98 to 10.178.0.98 >> [18/Jan/2016:09:28:05 -0800] conn=18710 TLS1.2 128-bit AES >> [18/Jan/2016:09:28:05 -0800] conn=18710 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:05 -0800] conn=18710 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:05 -0800] conn=18710 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:05 -0800] conn=18710 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:05 -0800] conn=18710 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:05 -0800] conn=18710 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:05 -0800] conn=18709 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:06 -0800] conn=18709 op=3 RESULT err=0 tag=101 nentries=1 etime=1 >> [18/Jan/2016:09:28:06 -0800] conn=18709 op=4 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" >> [18/Jan/2016:09:28:06 -0800] conn=18709 op=4 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:06 -0800] conn=18709 op=5 SRCH base="cn=Domain Level,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaDomainLevel" >> [18/Jan/2016:09:28:06 -0800] conn=18709 op=5 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:06 -0800] conn=18709 op=6 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" >> [18/Jan/2016:09:28:06 -0800] conn=18709 op=6 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:06 -0800] conn=18709 op=7 SRCH base="cn=hostgroups,cn=accounts,dc=mydomain,dc=net" scope=1 filter="(&(&(&(objectClass=ipaobject)(objectClass=ipahostgroup))(cn=ipaservers))(member=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net))" attrs="cn memberOf memberofindirect member memberindirect description" >> [18/Jan/2016:09:28:06 -0800] conn=18709 op=7 RESULT err=0 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:28:06 -0800] conn=18709 op=8 UNBIND >> [18/Jan/2016:09:28:06 -0800] conn=18709 op=8 fd=278 closed - U1 >> [18/Jan/2016:09:28:06 -0800] conn=18711 fd=278 slot=278 SSL connection from 10.21.0.98 to 10.178.0.98 >> [18/Jan/2016:09:28:06 -0800] conn=18711 TLS1.2 128-bit AES >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=3 SRCH base="cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="memberofindirect cn memberOf * member memberindirect description aci" >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=3 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=4 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=4 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=5 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(member=*)(memberOf=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net))" attrs="member" >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=5 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=6 SRCH base="dc=mydomain,dc=net" scope=2 filter="(|(member=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net)(memberUser=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net)(memberHost=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net))" attrs="" >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=6 RESULT err=0 tag=101 nentries=2 etime=0 >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=7 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=krbPrincipalAux)(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs=ALL >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=7 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=8 SRCH base="cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="cosPriority * nsAccountLock aci" >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=8 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=9 SRCH base="cn=ipaservers,cn=ng,cn=alt,dc=mydomain,dc=net" scope=0 filter="(objectClass=mepmanagedentry)" attrs="" >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=9 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=10 UNBIND >> [18/Jan/2016:09:28:06 -0800] conn=18711 op=10 fd=278 closed - U1 >> [18/Jan/2016:09:28:06 -0800] conn=18712 fd=278 slot=278 SSL connection from 10.21.0.98 to 10.178.0.98 >> [18/Jan/2016:09:28:06 -0800] conn=18712 TLS1.2 128-bit AES >> [18/Jan/2016:09:28:06 -0800] conn=18712 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:06 -0800] conn=18515 op=6 UNBIND >> [18/Jan/2016:09:28:06 -0800] conn=18515 op=6 fd=166 closed - U1 >> [18/Jan/2016:09:28:06 -0800] conn=18712 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:06 -0800] conn=18712 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:06 -0800] conn=18712 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:06 -0800] conn=18712 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:06 -0800] conn=18712 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:06 -0800] conn=18712 op=3 SRCH base="cn=meTodc2-ipa-dev-van.mydomain.net,cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" scope=0 filter="(objectClass=*)" attrs="* aci" >> [18/Jan/2016:09:28:06 -0800] conn=18712 op=3 RESULT err=32 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:28:06 -0800] conn=18712 op=4 SRCH base="cn=replication managers,cn=sysaccounts,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:06 -0800] conn=18712 op=4 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:06 -0800] conn=18712 op=5 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" >> [18/Jan/2016:09:28:06 -0800] conn=18712 op=5 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=18712 op=6 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=DNS))" attrs=ALL >> [18/Jan/2016:09:28:07 -0800] conn=18712 op=6 RESULT err=0 tag=101 nentries=3 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=18712 op=7 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(ipaConfigString=enabledService)(cn=CA))" attrs=ALL >> [18/Jan/2016:09:28:07 -0800] conn=18712 op=7 RESULT err=0 tag=101 nentries=3 etime=0 notes=U >> [18/Jan/2016:09:28:07 -0800] conn=18712 op=8 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(ipaConfigString=enabledService)(cn=KRA))" attrs=ALL >> [18/Jan/2016:09:28:07 -0800] conn=18712 op=8 RESULT err=0 tag=101 nentries=0 etime=0 notes=U >> [18/Jan/2016:09:28:07 -0800] conn=18710 op=3 UNBIND >> [18/Jan/2016:09:28:07 -0800] conn=18710 op=3 fd=279 closed - U1 >> [18/Jan/2016:09:28:07 -0800] conn=18712 op=9 UNBIND >> [18/Jan/2016:09:28:07 -0800] conn=18712 op=9 fd=278 closed - U1 >> [18/Jan/2016:09:28:07 -0800] conn=18713 fd=166 slot=166 connection from 10.178.0.98 to 10.178.0.98 >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82511 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82511 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82512 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82512 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82513 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82513 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82514 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82514 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82515 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82515 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82516 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82516 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82517 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82517 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82518 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82518 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82519 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82519 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82520 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:07 -0800] conn=3 op=82520 RESULT err=32 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=18713 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:07 -0800] conn=18713 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:07 -0800] conn=18713 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:07 -0800] conn=18713 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:07 -0800] conn=18713 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:07 -0800] conn=18713 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:07 -0800] conn=18713 op=3 UNBIND >> [18/Jan/2016:09:28:07 -0800] conn=18713 op=3 fd=166 closed - U1 >> [18/Jan/2016:09:28:07 -0800] conn=18714 fd=166 slot=166 connection from 10.178.0.98 to 10.178.0.98 >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36509 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36509 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36510 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36510 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36511 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36511 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36512 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36512 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36513 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36513 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36514 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36514 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36515 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36515 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36516 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36516 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36517 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36517 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36518 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:07 -0800] conn=7 op=36518 RESULT err=32 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=18714 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:07 -0800] conn=18714 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:07 -0800] conn=18714 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:07 -0800] conn=18714 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:07 -0800] conn=18714 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:07 -0800] conn=18714 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:07 -0800] conn=18714 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:07 -0800] conn=18714 op=3 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=18714 op=4 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=DNS))" attrs=ALL >> [18/Jan/2016:09:28:07 -0800] conn=18714 op=4 RESULT err=0 tag=101 nentries=3 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=18714 op=5 UNBIND >> [18/Jan/2016:09:28:07 -0800] conn=18714 op=5 fd=166 closed - U1 >> [18/Jan/2016:09:28:07 -0800] conn=18715 fd=166 slot=166 connection from 10.21.0.98 to 10.178.0.98 >> [18/Jan/2016:09:28:07 -0800] conn=18715 op=-1 fd=166 closed - B1 >> [18/Jan/2016:09:28:07 -0800] conn=18716 fd=166 slot=166 SSL connection from 10.21.0.98 to 10.178.0.98 >> [18/Jan/2016:09:28:07 -0800] conn=18716 op=-1 fd=166 closed - Encountered end of file. >> [18/Jan/2016:09:28:07 -0800] conn=14994 op=9116 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:07 -0800] conn=14994 op=9116 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:07 -0800] conn=14994 op=9117 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:07 -0800] conn=14994 op=9117 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:09 -0800] conn=18516 op=9 UNBIND >> [18/Jan/2016:09:28:09 -0800] conn=18516 op=9 fd=168 closed - U1 >> [18/Jan/2016:09:28:09 -0800] conn=18717 fd=166 slot=166 connection from 10.178.0.98 to 10.178.0.98 >> [18/Jan/2016:09:28:09 -0800] conn=13 op=56335 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:09 -0800] conn=13 op=56335 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:09 -0800] conn=13 op=56336 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:09 -0800] conn=13 op=56336 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:09 -0800] conn=13 op=56337 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:09 -0800] conn=13 op=56337 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:09 -0800] conn=13 op=56338 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:09 -0800] conn=13 op=56338 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:09 -0800] conn=13 op=56339 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:09 -0800] conn=13 op=56339 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:09 -0800] conn=13 op=56340 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" >> [18/Jan/2016:09:28:09 -0800] conn=13 op=56340 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:09 -0800] conn=13 op=56341 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:09 -0800] conn=13 op=56341 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:09 -0800] conn=13 op=56342 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:09 -0800] conn=13 op=56342 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:09 -0800] conn=13 op=56343 SRCH base="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:28:09 -0800] conn=13 op=56343 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:09 -0800] conn=18717 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:09 -0800] conn=18717 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:09 -0800] conn=18717 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:09 -0800] conn=18717 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:09 -0800] conn=18717 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:09 -0800] conn=18717 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:09 -0800] conn=18717 op=3 UNBIND >> [18/Jan/2016:09:28:09 -0800] conn=18717 op=3 fd=166 closed - U1 >> [18/Jan/2016:09:28:10 -0800] conn=18718 fd=166 slot=166 connection from 10.178.0.98 to 10.178.0.98 >> [18/Jan/2016:09:28:10 -0800] conn=13 op=56344 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:10 -0800] conn=13 op=56344 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=13 op=56345 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:10 -0800] conn=13 op=56345 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=13 op=56346 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:10 -0800] conn=13 op=56346 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=13 op=56347 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:10 -0800] conn=13 op=56347 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=13 op=56348 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:10 -0800] conn=13 op=56348 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=13 op=56349 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" >> [18/Jan/2016:09:28:10 -0800] conn=13 op=56349 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=13 op=56350 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:10 -0800] conn=13 op=56350 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=13 op=56351 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:10 -0800] conn=13 op=56351 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=13 op=56352 SRCH base="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:28:10 -0800] conn=13 op=56352 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=18718 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:10 -0800] conn=18718 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:10 -0800] conn=18718 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:10 -0800] conn=18718 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:10 -0800] conn=18718 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:10 -0800] conn=18718 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:10 -0800] conn=18718 op=3 UNBIND >> [18/Jan/2016:09:28:10 -0800] conn=18718 op=3 fd=166 closed - U1 >> [18/Jan/2016:09:28:10 -0800] conn=18719 fd=166 slot=166 connection from 10.178.0.98 to 10.178.0.98 >> [18/Jan/2016:09:28:10 -0800] conn=3 op=82521 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:10 -0800] conn=3 op=82521 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=3 op=82522 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:10 -0800] conn=3 op=82522 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=3 op=82523 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:10 -0800] conn=3 op=82523 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=3 op=82524 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:10 -0800] conn=3 op=82524 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=3 op=82525 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:10 -0800] conn=3 op=82525 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=3 op=82526 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" >> [18/Jan/2016:09:28:10 -0800] conn=3 op=82526 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=3 op=82527 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:10 -0800] conn=3 op=82527 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=3 op=82528 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:10 -0800] conn=3 op=82528 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=3 op=82529 SRCH base="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:28:10 -0800] conn=3 op=82529 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=18719 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:10 -0800] conn=18719 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:10 -0800] conn=18719 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:10 -0800] conn=18719 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:10 -0800] conn=18719 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:10 -0800] conn=18719 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:10 -0800] conn=18719 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:10 -0800] conn=18719 op=3 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=18719 op=4 SRCH base="cn=dc2-ipa-dev-nvan.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" >> [18/Jan/2016:09:28:10 -0800] conn=18719 op=4 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:10 -0800] conn=18719 op=5 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(memberOf=cn=Replication Administrators,cn=privileges,cn=pbac,dc=mydomain,dc=net)(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs=ALL >> [18/Jan/2016:09:28:10 -0800] conn=18719 op=5 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:11 -0800] conn=18719 op=6 UNBIND >> [18/Jan/2016:09:28:11 -0800] conn=18719 op=6 fd=166 closed - U1 >> [18/Jan/2016:09:28:11 -0800] conn=17562 op=144423 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:11 -0800] conn=17562 op=144423 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:11 -0800] conn=17562 op=144424 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:11 -0800] conn=17562 op=144424 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:11 -0800] conn=17562 op=144425 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:11 -0800] conn=17562 op=144425 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:11 -0800] conn=17562 op=144426 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:11 -0800] conn=17562 op=144426 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:12 -0800] conn=18720 fd=166 slot=166 SSL connection from 10.21.0.98 to 10.178.0.98 >> [18/Jan/2016:09:28:12 -0800] conn=18720 TLS1.2 128-bit AES >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=3 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=3 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=4 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=4 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=5 MOD dn="cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=5 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22180003000f0000 >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=6 SRCH base="cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="cn memberOf memberofindirect member memberindirect description" >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=6 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=7 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" >> [18/Jan/2016:09:28:12 -0800] conn=14994 op=9118 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:12 -0800] conn=14994 op=9118 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:12 -0800] conn=14994 op=9119 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:12 -0800] conn=14994 op=9119 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:12 -0800] conn=14994 op=9120 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:12 -0800] conn=14994 op=9120 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:12 -0800] conn=14994 op=9121 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:12 -0800] conn=14994 op=9121 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:12 -0800] conn=17562 op=144427 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:12 -0800] conn=17562 op=144427 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:12 -0800] conn=17562 op=144428 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:12 -0800] conn=17562 op=144428 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:12 -0800] conn=17562 op=144429 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:12 -0800] conn=17562 op=144429 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:12 -0800] conn=17562 op=144430 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:12 -0800] conn=17562 op=144430 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=7 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=8 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(member=*)(memberOf=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net))" attrs="member" >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=8 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=9 SRCH base="dc=mydomain,dc=net" scope=2 filter="(|(member=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net)(memberUser=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net)(memberHost=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net))" attrs="" >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=9 RESULT err=0 tag=101 nentries=2 etime=0 >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=10 SRCH base="cn=ipaservers,cn=ng,cn=alt,dc=mydomain,dc=net" scope=0 filter="(objectClass=mepmanagedentry)" attrs="" >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=10 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=11 UNBIND >> [18/Jan/2016:09:28:12 -0800] conn=18720 op=11 fd=166 closed - U1 >> [18/Jan/2016:09:28:13 -0800] conn=14994 op=9122 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:13 -0800] conn=14994 op=9122 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:13 -0800] conn=14994 op=9123 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:13 -0800] conn=14994 op=9123 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:13 -0800] conn=18721 fd=166 slot=166 connection from 10.21.0.98 to 10.178.0.98 >> [18/Jan/2016:09:28:13 -0800] conn=18721 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:13 -0800] conn=18721 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:13 -0800] conn=18721 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:13 -0800] conn=18721 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:13 -0800] conn=18721 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:13 -0800] conn=18721 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:13 -0800] conn=18721 op=3 SRCH base="cn=cacert,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(cacertificate;binary=*)" attrs="cacertificate;binary" >> [18/Jan/2016:09:28:13 -0800] conn=18721 op=3 RESULT err=0 tag=101 nentries=1 etime=0 notes=U >> [18/Jan/2016:09:28:13 -0800] conn=18721 op=-1 fd=166 closed - B1 >> [18/Jan/2016:09:28:15 -0800] conn=18722 fd=166 slot=166 connection from 10.21.31.31 to 10.178.0.98 >> [18/Jan/2016:09:28:15 -0800] conn=18722 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" >> [18/Jan/2016:09:28:15 -0800] conn=18722 op=0 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56353 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/fe1-gas-salqa1-van.login.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/fe1-gas-salqa1-van.login.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56353 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56354 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56354 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56355 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56355 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56356 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56356 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56357 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/fe1-gas-salqa1-van.login.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/fe1-gas-salqa1-van.login.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56357 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56358 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56358 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56359 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56359 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56360 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56360 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56361 SRCH base="fqdn=fe1-gas-salqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56361 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56362 SRCH base="cn=fe1-gas-salqa1-van.login.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56362 RESULT err=32 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56363 MOD dn="fqdn=fe1-gas-salqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56363 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d221b0000000f0000 >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56364 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56364 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56365 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56365 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56366 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56366 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56367 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/fe1-gas-salqa1-van.login.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56367 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56368 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:15 -0800] conn=13 op=56368 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:15 -0800] conn=18722 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:15 -0800] conn=18722 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:15 -0800] conn=18722 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:15 -0800] conn=18722 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:15 -0800] conn=18722 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:15 -0800] conn=18722 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=fe1-gas-salqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:15 -0800] conn=18722 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2842)(!(entryusn=2842)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=fe1-gas-salqa1-van.login.mydomain.net)(sudoHost=fe1-gas-salqa1-van)(sudoHost=10.21.31.31)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:3fd2)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" >> [18/Jan/2016:09:28:15 -0800] conn=18722 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 >> [18/Jan/2016:09:28:16 -0800] conn=18723 fd=168 slot=168 connection from 10.21.23.93 to 10.178.0.98 >> [18/Jan/2016:09:28:16 -0800] conn=18723 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" >> [18/Jan/2016:09:28:16 -0800] conn=18723 op=0 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82530 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/collector2-sal-cpqa1-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/collector2-sal-cpqa1-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82530 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82531 SRCH base="cn=ipaConfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaConfigString ipaKrbAuthzData ipaUserAuthType" >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82531 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82532 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82532 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82533 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82533 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82534 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82534 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:16 -0800] conn=13 op=56369 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/collector2-sal-cpqa1-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/collector2-sal-cpqa1-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:16 -0800] conn=13 op=56369 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:16 -0800] conn=13 op=56370 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:16 -0800] conn=13 op=56370 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:16 -0800] conn=13 op=56371 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:16 -0800] conn=13 op=56371 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:16 -0800] conn=13 op=56372 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >> [18/Jan/2016:09:28:16 -0800] conn=13 op=56372 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:16 -0800] conn=13 op=56373 SRCH base="fqdn=collector2-sal-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:28:16 -0800] conn=13 op=56373 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:16 -0800] conn=13 op=56374 SRCH base="cn=collector2-sal-cpqa1-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:16 -0800] conn=13 op=56374 RESULT err=32 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:28:16 -0800] conn=13 op=56375 MOD dn="fqdn=collector2-sal-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:16 -0800] conn=13 op=56375 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d221c0000000f0000 >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82535 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82535 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82536 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82536 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82537 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82537 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82538 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/collector2-sal-cpqa1-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82538 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82539 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:16 -0800] conn=3 op=82539 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:16 -0800] conn=18723 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:16 -0800] conn=18723 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:16 -0800] conn=18723 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:16 -0800] conn=18723 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:16 -0800] conn=18723 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:16 -0800] conn=18723 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=collector2-sal-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:16 -0800] conn=18723 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2842)(!(entryusn=2842)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=collector2-sal-cpqa1-van.mydomain.net)(sudoHost=collector2-sal-cpqa1-van)(sudoHost=10.21.23.93)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:6b78)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" >> [18/Jan/2016:09:28:16 -0800] conn=18723 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 >> [18/Jan/2016:09:28:17 -0800] conn=14994 op=9124 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:17 -0800] conn=14994 op=9124 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:17 -0800] conn=14994 op=9125 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:17 -0800] conn=14994 op=9125 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:17 -0800] conn=14994 op=9126 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:17 -0800] conn=14994 op=9126 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:17 -0800] conn=14994 op=9127 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:17 -0800] conn=14994 op=9127 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:17 -0800] conn=17562 op=144431 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:17 -0800] conn=17562 op=144431 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:17 -0800] conn=17562 op=144432 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:17 -0800] conn=17562 op=144432 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:17 -0800] conn=17562 op=144433 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:17 -0800] conn=17562 op=144433 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:17 -0800] conn=17562 op=144434 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:17 -0800] conn=17562 op=144434 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:17 -0800] conn=18724 fd=278 slot=278 connection from 10.21.5.241 to 10.178.0.98 >> [18/Jan/2016:09:28:17 -0800] conn=18724 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" >> [18/Jan/2016:09:28:17 -0800] conn=18724 op=0 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:17 -0800] conn=18724 op=1 UNBIND >> [18/Jan/2016:09:28:17 -0800] conn=18724 op=1 fd=278 closed - U1 >> [18/Jan/2016:09:28:17 -0800] conn=18725 fd=278 slot=278 connection from 10.21.5.241 to 10.178.0.98 >> [18/Jan/2016:09:28:17 -0800] conn=18725 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" >> [18/Jan/2016:09:28:17 -0800] conn=18725 op=0 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:18 -0800] conn=14994 op=9128 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:18 -0800] conn=14994 op=9128 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:18 -0800] conn=14994 op=9129 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:18 -0800] conn=14994 op=9129 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:18 -0800] conn=18725 op=1 UNBIND >> [18/Jan/2016:09:28:18 -0800] conn=18725 op=1 fd=278 closed - U1 >> [18/Jan/2016:09:28:18 -0800] conn=14994 op=9130 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:18 -0800] conn=14994 op=9130 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:18 -0800] conn=14994 op=9131 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:18 -0800] conn=14994 op=9131 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:21 -0800] conn=15599 op=565 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(gidNumber=10002)(objectClass=posixGroup)(cn=*)(&(gidNumber=*)(!(gidNumber=0))))" attrs="objectClass cn userPassword gidNumber member nsUniqueId modifyTimestamp entryusn" >> [18/Jan/2016:09:28:21 -0800] conn=15599 op=565 RESULT err=0 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:28:21 -0800] conn=17562 op=144435 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:21 -0800] conn=17562 op=144435 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:21 -0800] conn=17562 op=144436 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:21 -0800] conn=17562 op=144436 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:21 -0800] conn=17562 op=144437 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:21 -0800] conn=17562 op=144437 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:21 -0800] conn=17562 op=144438 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:21 -0800] conn=17562 op=144438 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9132 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9132 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9133 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9133 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9134 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9134 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9135 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9135 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=18726 fd=278 slot=278 connection from 10.178.0.98 to 10.178.0.98 >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56376 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56376 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56377 SRCH base="cn=ipaConfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaConfigString ipaKrbAuthzData ipaUserAuthType" >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56377 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56378 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56378 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56379 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56379 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56380 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56380 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56381 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56381 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56382 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56382 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56383 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56383 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56384 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56384 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56385 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56385 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56386 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:22 -0800] conn=13 op=56386 RESULT err=32 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=18726 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:22 -0800] conn=18726 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:22 -0800] conn=18726 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:22 -0800] conn=18726 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:22 -0800] conn=18726 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:22 -0800] conn=18726 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:22 -0800] conn=18726 op=3 UNBIND >> [18/Jan/2016:09:28:22 -0800] conn=18726 op=3 fd=278 closed - U1 >> [18/Jan/2016:09:28:22 -0800] conn=18727 fd=278 slot=278 connection from 10.178.0.98 to 10.178.0.98 >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82540 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82540 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82541 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82541 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82542 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82542 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82543 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82543 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82544 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82544 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82545 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82545 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82546 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82546 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82547 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82547 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82548 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82548 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82549 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:22 -0800] conn=3 op=82549 RESULT err=32 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=3 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=4 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=4 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=5 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="macAddress memberOf description nsHardwarePlatform ipaAllowedToPerform memberofindirect l nsOsVersion fqdn managedBy ipaAssignedIDView userCertificate krbPrincipalName nsHostLocation userClass" >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=5 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=6 SRCH base="dc=mydomain,dc=net" scope=2 filter="(|(member=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberUser=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberHost=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net))" attrs="" >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=6 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=7 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(userPassword=*)" attrs="userPassword" >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=7 RESULT err=0 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=8 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(krbPrincipalKey=*)" attrs="krbPrincipalKey" >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=8 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=9 SRCH base="cn=ipaservers,cn=ng,cn=alt,dc=mydomain,dc=net" scope=0 filter="(objectClass=mepmanagedentry)" attrs="" >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=9 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=10 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaSshPubKey" >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=10 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=11 ADD dn="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=11 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d22220006000f0000 >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=12 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="memberOf ipaKrbAuthzData objectClass userCertificate managedBy ipaUniqueID ipaAllowedToPerform krbPrincipalName" >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=12 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=13 UNBIND >> [18/Jan/2016:09:28:22 -0800] conn=18727 op=13 fd=278 closed - U1 >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9136 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9136 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9137 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9137 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=17562 op=144439 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:22 -0800] conn=17562 op=144439 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=17562 op=144440 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:22 -0800] conn=17562 op=144440 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=18728 fd=278 slot=278 connection from 10.21.0.98 to 10.178.0.98 >> [18/Jan/2016:09:28:22 -0800] conn=18728 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:22 -0800] conn=18728 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:22 -0800] conn=18728 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:22 -0800] conn=18728 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:22 -0800] conn=18728 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:22 -0800] conn=18728 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:22 -0800] conn=18728 op=3 EXT oid="2.16.840.1.113730.3.8.10.5" name="IPA Password Manager" >> [18/Jan/2016:09:28:22 -0800] conn=18728 op=3 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=18728 op=4 UNBIND >> [18/Jan/2016:09:28:22 -0800] conn=18728 op=4 fd=278 closed - U1 >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9138 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9138 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9139 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9139 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9140 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9140 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9141 MOD dn="cn=repl keep alive 16,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9141 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2222000e00100000 >> [18/Jan/2016:09:28:23 -0800] conn=18729 fd=278 slot=278 connection from 10.178.0.98 to 10.178.0.98 >> [18/Jan/2016:09:28:23 -0800] conn=7 op=36519 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:23 -0800] conn=7 op=36519 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=7 op=36520 SRCH base="cn=ipaConfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaConfigString ipaKrbAuthzData ipaUserAuthType" >> [18/Jan/2016:09:28:23 -0800] conn=7 op=36520 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=7 op=36521 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:23 -0800] conn=7 op=36521 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=7 op=36522 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:23 -0800] conn=7 op=36522 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=7 op=36523 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:23 -0800] conn=7 op=36523 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=7 op=36524 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >> [18/Jan/2016:09:28:23 -0800] conn=7 op=36524 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=3 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=4 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=CA))" attrs=ALL >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=4 RESULT err=0 tag=101 nentries=3 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=5 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=krbPrincipalAux)(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs=ALL >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=5 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=6 SRCH base="cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass" >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=6 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=7 SRCH base="cn=caacls,cn=ca,dc=mydomain,dc=net" scope=1 filter="(&(objectClass=ipaassociation)(objectClass=ipacaacl))" attrs="serviceCategory cn ipaMemberCertProfile ipaMemberCa ipaCertProfileCategory memberUser userCategory hostCategory memberHost ipaEnabledFlag ipaCaCategory memberService description" >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=7 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=8 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaKrbAuthzData userCertificate ipaAllowedToPerform * managedBy memberOf krbPrincipalName aci" >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=8 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=9 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(krbPrincipalKey=*)" attrs="krbPrincipalKey" >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=9 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=10 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=krbPrincipalAux)(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs=ALL >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=10 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=11 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="userCertificate" >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=11 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=67 op=539 SRCH base="cn=7,ou=certificateRepository,ou=ca,o=ipaca" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:23 -0800] conn=67 op=539 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=217 op=10 SRCH base="ou=People,o=ipaca" scope=2 filter="(description=2;7;CN=Certificate Authority,O=MYDOMAIN.NET;CN=IPA RA,O=MYDOMAIN.NET)" attrs=ALL >> [18/Jan/2016:09:28:23 -0800] conn=217 op=10 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=217 op=11 SRCH base="cn=Registration Manager Agents,ou=groups,o=ipaca" scope=0 filter="(uniqueMember=uid=ipara,ou=people,o=ipaca)" attrs="cn" >> [18/Jan/2016:09:28:23 -0800] conn=217 op=11 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=67 op=540 ADD dn="cn=99990009,ou=ca,ou=requests,o=ipaca" >> [18/Jan/2016:09:28:23 -0800] conn=67 op=540 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d2323000004470000 >> [18/Jan/2016:09:28:23 -0800] conn=67 op=541 ADD dn="cn=2684289033,ou=certificateRepository,ou=ca,o=ipaca" >> [18/Jan/2016:09:28:23 -0800] conn=67 op=541 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d2323000104470000 >> [18/Jan/2016:09:28:23 -0800] conn=67 op=542 MOD dn="cn=99990009,ou=ca,ou=requests,o=ipaca" >> [18/Jan/2016:09:28:23 -0800] conn=17562 op=144441 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:23 -0800] conn=17562 op=144441 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=67 op=542 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2323000304470000 >> [18/Jan/2016:09:28:23 -0800] conn=67 op=543 SRCH base="cn=99990009,ou=ca,ou=requests,o=ipaca" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:23 -0800] conn=67 op=543 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=67 op=544 MOD dn="ou=ca,ou=requests,o=ipaca" >> [18/Jan/2016:09:28:23 -0800] conn=18730 fd=281 slot=281 connection from 10.178.0.99 to 10.178.0.98 >> [18/Jan/2016:09:28:23 -0800] conn=67 op=544 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2323000504470000 >> [18/Jan/2016:09:28:23 -0800] conn=18730 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=12 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=CA))" attrs=ALL >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=12 RESULT err=0 tag=101 nentries=3 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18730 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=13 SRCH base="cn=caIPAserviceCert,cn=certprofiles,cn=ca,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="cn ipaCertProfileStoreIssued description" >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=13 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=14 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="userCertificate" >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=14 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18731 fd=282 slot=282 connection from 10.21.0.99 to 10.178.0.98 >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=15 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=CA))" attrs=ALL >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=15 RESULT err=0 tag=101 nentries=3 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18731 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=16 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=CA))" attrs=ALL >> [18/Jan/2016:09:28:23 -0800] conn=18731 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=16 RESULT err=0 tag=101 nentries=3 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=17 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="userCertificate" >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=17 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18731 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:23 -0800] conn=18731 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=18 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="userCertificate" >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=18 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=19 MOD dn="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:23 -0800] conn=18731 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:23 -0800] conn=18731 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="krbprincipalname=ldap/dc1-ipa-dev-van.mydomain.net at mydomain.net,cn=services,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=19 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22230001000f0000 >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=20 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaKrbAuthzData userCertificate ipaAllowedToPerform managedBy memberOf krbPrincipalName" >> [18/Jan/2016:09:28:23 -0800] conn=18731 op=3 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension" >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=20 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18731 op=3 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18731 op=4 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension" >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=21 UNBIND >> [18/Jan/2016:09:28:23 -0800] conn=18729 op=21 fd=278 closed - U1 >> [18/Jan/2016:09:28:23 -0800] conn=18731 op=4 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18731 op=5 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:23 -0800] conn=18731 op=5 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:23 -0800] conn=18731 op=6 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:23 -0800] conn=18731 op=6 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:27 -0800] conn=17562 op=144442 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:27 -0800] conn=17562 op=144442 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:28 -0800] conn=18730 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:28 -0800] conn=18730 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:28 -0800] conn=18730 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:28 -0800] conn=18730 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="krbprincipalname=ldap/dc1-ipa-dev-nvan.mydomain.net at mydomain.net,cn=services,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:28 -0800] conn=18730 op=3 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension" >> [18/Jan/2016:09:28:28 -0800] conn=18730 op=3 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:28 -0800] conn=18730 op=4 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension" >> [18/Jan/2016:09:28:28 -0800] conn=18730 op=4 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:28 -0800] conn=18730 op=5 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:28 -0800] conn=18730 op=5 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:28 -0800] conn=18730 op=6 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:28 -0800] conn=18730 op=6 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:28 -0800] conn=14994 op=9142 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:28 -0800] conn=14994 op=9142 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:28 -0800] conn=14994 op=9143 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:28 -0800] conn=14994 op=9143 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:28 -0800] conn=14994 op=9144 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:28 -0800] conn=14994 op=9144 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:29 -0800] conn=17562 op=144443 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:29 -0800] conn=17562 op=144443 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:29 -0800] conn=17562 op=144444 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:29 -0800] conn=17562 op=144444 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:30 -0800] conn=18656 op=5 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2842)(!(entryusn=2842)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=spool1-googleapps-flex-van.mydomain.net)(sudoHost=spool1-googleapps-flex-van)(sudoHost=10.21.32.201)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:2c30)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" >> [18/Jan/2016:09:28:30 -0800] conn=18656 op=5 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 >> [18/Jan/2016:09:28:30 -0800] conn=18519 op=5 UNBIND >> [18/Jan/2016:09:28:30 -0800] conn=18519 op=5 fd=77 closed - U1 >> [18/Jan/2016:09:28:32 -0800] conn=18732 fd=77 slot=77 connection from 10.21.0.98 to 10.178.0.98 >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=3 SRCH base="cn=replication,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=3 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=4 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=4 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:32 -0800] conn=17562 op=144445 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:32 -0800] conn=17562 op=144445 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:32 -0800] conn=17562 op=144446 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:32 -0800] conn=17562 op=144446 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:32 -0800] conn=17562 op=144447 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:32 -0800] conn=17562 op=144447 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:32 -0800] conn=17562 op=144448 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:32 -0800] conn=17562 op=144448 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=5 MOD dn="cn=replication,cn=etc,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=5 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d222c0007000f0000 >> [18/Jan/2016:09:28:32 -0800] conn=14994 op=9145 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:32 -0800] conn=14994 op=9145 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:32 -0800] conn=14994 op=9146 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:32 -0800] conn=14994 op=9146 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:32 -0800] conn=17562 op=144449 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:32 -0800] conn=17562 op=144449 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:32 -0800] conn=17562 op=144450 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:32 -0800] conn=17562 op=144450 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:33 -0800] conn=18732 op=6 SRCH base="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:33 -0800] conn=18732 op=6 RESULT err=0 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:28:33 -0800] conn=18732 op=7 SRCH base="cn=replication,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:33 -0800] conn=18732 op=7 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:33 -0800] conn=18732 op=8 MOD dn="cn=replication,cn=etc,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:33 -0800] conn=18732 op=8 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d222d0000000f0000 >> [18/Jan/2016:09:28:33 -0800] conn=18732 op=9 SRCH base="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:33 -0800] conn=18732 op=9 RESULT err=0 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 ADD dn="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" >> [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 RESULT err=68 tag=105 nentries=0 etime=0 >> [18/Jan/2016:09:28:33 -0800] conn=18732 op=11 UNBIND >> [18/Jan/2016:09:28:33 -0800] conn=18732 op=11 fd=77 closed - U1 >> [18/Jan/2016:09:28:33 -0800] conn=18733 fd=77 slot=77 connection from 10.178.6.56 to 10.178.0.98 >> [18/Jan/2016:09:28:33 -0800] conn=18733 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" >> [18/Jan/2016:09:28:33 -0800] conn=18733 op=0 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:33 -0800] conn=3 op=82550 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:33 -0800] conn=3 op=82550 RESULT err=0 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:28:33 -0800] conn=18733 op=1 UNBIND >> [18/Jan/2016:09:28:33 -0800] conn=18733 op=1 fd=77 closed - U1 >> [18/Jan/2016:09:28:33 -0800] conn=18734 fd=77 slot=77 connection from 10.178.6.56 to 10.178.0.98 >> [18/Jan/2016:09:28:33 -0800] conn=18734 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" >> [18/Jan/2016:09:28:33 -0800] conn=18734 op=0 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:33 -0800] conn=7 op=36525 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:33 -0800] conn=7 op=36525 RESULT err=0 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:28:33 -0800] conn=18734 op=1 UNBIND >> [18/Jan/2016:09:28:33 -0800] conn=18734 op=1 fd=77 closed - U1 >> [18/Jan/2016:09:28:33 -0800] conn=7 op=36526 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:33 -0800] conn=7 op=36526 RESULT err=0 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:28:33 -0800] conn=18735 fd=77 slot=77 connection from 10.178.6.56 to 10.178.0.98 >> [18/Jan/2016:09:28:33 -0800] conn=18735 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" >> [18/Jan/2016:09:28:33 -0800] conn=18735 op=0 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:33 -0800] conn=7 op=36527 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >> [18/Jan/2016:09:28:33 -0800] conn=7 op=36527 RESULT err=0 tag=101 nentries=0 etime=0 >> [18/Jan/2016:09:28:33 -0800] conn=18735 op=1 UNBIND >> [18/Jan/2016:09:28:33 -0800] conn=18735 op=1 fd=77 closed - U1 >> [18/Jan/2016:09:28:34 -0800] conn=14994 op=9147 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:34 -0800] conn=14994 op=9147 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:34 -0800] conn=14994 op=9148 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >> [18/Jan/2016:09:28:34 -0800] conn=17562 op=144451 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >> [18/Jan/2016:09:28:34 -0800] conn=17562 op=144451 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:34 -0800] conn=14994 op=9148 RESULT err=0 tag=120 nentries=0 etime=0 >> [18/Jan/2016:09:28:36 -0800] conn=18520 op=5 UNBIND >> >> -----Original Message----- >> From: Petr Vobornik [mailto:pvoborni at redhat.com] >> Sent: January-18-16 10:30 AM >> To: Nathan Peters; Rob Crittenden; freeipa-users at redhat.com >> Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists >> >> On 01/18/2016 07:10 PM, Nathan Peters wrote: >>> This is FreeIPA 4.3.0. There is no master generating the prepare file (unless its still handled in the background invisibly to the user). >> Right. But the replica installer picks some server as a master. >> >> Ipa-replica-install is run directly from an unjoined client (or joined >> client, I have tried both). >>> However, after tracking the logs of all 3 existing IPA servers during the attempted installation, the CA master appears to be the one doing something. Here are the logs for that time period. Note that there is no "err=68" anywhere in here: >> Are all 3 existing server functioning well, e.g with working replication? >> >> Could you check `ipa server-find` if there is no left-over server - e.g. >> failed installation. >> >> Could be check also in `ipa-replica-manage list` if there is some >> leftover, please remove it with `ipa-replica-manage del $FQDN` command. >> >> Wrt the logs. I did not meant that but Rob was right. The installer >> tries to update "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping >> tree,cn=config" entry on both master and the replica. If the entry does >> not exist, the installer also creates it. >> >> On replica it behaves correctly: >> >> [18/Jan/2016:09:28:32 -0800] conn=2 op=8 SRCH >> base="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" >> scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:32 -0800] conn=2 op=8 RESULT err=0 tag=101 nentries=1 >> etime=0 >> [18/Jan/2016:09:28:32 -0800] conn=2 op=9 MOD >> dn="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" >> [18/Jan/2016:09:28:32 -0800] conn=2 op=9 RESULT err=0 tag=103 nentries=0 >> etime=0 >> >> It would be good to see the same log from a master which it tries to use >> in installation. - In 4.3 the server is picked automatically. >> >> I don't see any searches for >> "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" in >> the logs below which makes me wonder, what server the installer tries to >> use as a master. >> >> Could be find out, e.g. by: >> $ cat /var/log/ipareplica-install.log | grep "Forwarding 'service_add'" >> >> -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project From rcritten at redhat.com Tue Jan 19 20:32:31 2016 From: rcritten at redhat.com (Rob Crittenden) Date: Tue, 19 Jan 2016 15:32:31 -0500 Subject: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists In-Reply-To: References: <569CB899.9040603@redhat.com> <569CCB5D.8040400@redhat.com> <569D27C4.10602@redhat.com> <569D2F2F.6080806@redhat.com> <569DF522.4090505@redhat.com> <569E687D.5040006@redhat.com> Message-ID: <569E9D5F.9070801@redhat.com> Nathan Peters wrote: > Ok, after rm-rf /etc/dirsrv I was able to re-install again, but back to the old issue with DuplicatEntry. > > Can anyone on this list tell me how to fix this issue ? This is a production domain with several hundred clients and servers attached, so I can't just blow it away and start over. You've had several people trying. > I need to get this fixed. I think Ludwig's question still stands: on what host are you seeing the duplicate entry logged (err=68)? I presume on the master it is trying to create the agreement against. Have you looked to see if this entry exists on your current masters? rob > > [root at dc2-ipa-dev-van etc]# ipa-replica-install --mkhomedir --setup-ca --setup-dns --no-forwarders > Run connection check to master > Connection check OK > Configuring NTP daemon (ntpd) > [1/4]: stopping ntpd > [2/4]: writing configuration > [3/4]: configuring ntpd to start on boot > [4/4]: starting ntpd > Done configuring NTP daemon (ntpd). > Configuring directory server (dirsrv). Estimated time: 1 minute > [1/43]: creating directory server user > [2/43]: creating directory server instance > [3/43]: restarting directory server > [4/43]: adding default schema > [5/43]: enabling memberof plugin > [6/43]: enabling winsync plugin > [7/43]: configuring replication version plugin > [8/43]: enabling IPA enrollment plugin > [9/43]: enabling ldapi > [10/43]: configuring uniqueness plugin > [11/43]: configuring uuid plugin > [12/43]: configuring modrdn plugin > [13/43]: configuring DNS plugin > [14/43]: enabling entryUSN plugin > [15/43]: configuring lockout plugin > [16/43]: configuring topology plugin > [17/43]: creating indices > [18/43]: enabling referential integrity plugin > [19/43]: configuring certmap.conf > [20/43]: configure autobind for root > [21/43]: configure new location for managed entries > [22/43]: configure dirsrv ccache > [23/43]: enabling SASL mapping fallback > [24/43]: restarting directory server > [25/43]: creating DS keytab > [26/43]: retrieving DS Certificate > [27/43]: restarting directory server > [28/43]: setting up initial replication > [error] DuplicateEntry: This entry already exists > Your system may be partly configured. > Run /usr/sbin/ipa-server-install --uninstall to clean up. > > ipa.ipapython.install.cli.install_tool(Replica): ERROR This entry already exists > ipa.ipapython.install.cli.install_tool(Replica): ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information > > > -----Original Message----- > From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Nathan Peters > Sent: January-19-16 11:30 AM > To: Ludwig Krispenz > Cc: freeipa-users at redhat.com > Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists > > Yes, I uninstall and re-install the server and client every time the installation fails because it won't let me attempt a reinstall with them installed. > > Here is what that looks like. Now its not even getting to the part where I was getting the err=68 before... > > Nothing strange in /etc/openldap/ldap.conf > ========================================== > > [root at dc2-ipa-dev-van etc]# cat /etc/openldap/ldap.conf > # > # LDAP Defaults > # > > # See ldap.conf(5) for details > # This file should be world readable but not world writable. > > #BASE dc=example,dc=com > #URI ldap://ldap.example.com ldap://ldap-master.example.com:666 > > #SIZELIMIT 12 > #TIMELIMIT 15 > #DEREF never > > TLS_CACERTDIR /etc/openldap/certs > > # Turning this off breaks GSSAPI used with krb5 when rdns = false > SASL_NOCANON on > > No IPA packages installed > ========================= > [root at dc2-ipa-dev-van etc]# yum list installed | grep "ipa" > Yum command has been deprecated, redirecting to '/usr/bin/dnf list installed'. > See 'man dnf' and 'man yum2dnf' for more information. > To transfer transaction metadata from yum to DNF, run: > 'dnf install python-dnf-plugins-extras-migrate && dnf-2 migrate' > > device-mapper-multipath.x86_64 0.4.9-80.fc23 @anaconda > device-mapper-multipath-libs.x86_64 0.4.9-80.fc23 @anaconda > python3-iniparse.noarch 0.4-16.fc23 @anaconda > > Now install IPA packages > ======================== > [root at dc2-ipa-dev-van etc]# yum reinstall freeipa-server > Yum command has been deprecated, redirecting to '/usr/bin/dnf reinstall freeipa-server'. > See 'man dnf' and 'man yum2dnf' for more information. > To transfer transaction metadata from yum to DNF, run: > 'dnf install python-dnf-plugins-extras-migrate && dnf-2 migrate' > .... snipped for readability .... > xmlstreambuffer.noarch 1.5.4-2.fc23 xsom.noarch 0-14.20110809svn.fc23 > > Complete! > > Install IPA replica fails > ========================= > [root at dc2-ipa-dev-van etc]# ipa-replica-install --mkhomedir --setup-ca --setup-dns --no-forwarders --principal nathan.peters -w > Configuring client side components > Discovery was successful! > Client hostname: dc2-ipa-dev-van.dev-mydomain.net > Realm: DEV-mydomain.NET > DNS Domain: dev-mydomain.net > IPA Server: dc2-ipa-dev-nvan.dev-mydomain.net > BaseDN: dc=dev-mydomain,dc=net > > Synchronizing time with KDC... > Attempting to sync time using ntpd. Will timeout after 15 seconds > Successfully retrieved CA cert > Subject: CN=Certificate Authority,O=DEV-mydomain.NET > Issuer: CN=Certificate Authority,O=DEV-mydomain.NET > Valid From: Wed Mar 25 18:48:27 2015 UTC > Valid Until: Sun Mar 25 18:48:27 2035 UTC > > Subject: CN=Certificate Authority,O=DEV-mydomain.NET > Issuer: CN=Certificate Authority,O=DEV-mydomain.NET > Valid From: Wed Mar 25 18:48:27 2015 UTC > Valid Until: Sun Mar 25 18:48:27 2035 UTC > > Joining realm failed: Host is already joined. > > Use --force-join option to override the host entry on the server and force client enrollment. > Installation failed. Rolling back changes. > IPA client is not configured on this system. > Removing client side components > IPA client is not configured on this system. > > ipa.ipapython.install.cli.install_tool(Replica): ERROR Configuration of client side components failed! > ipa.ipapython.install.cli.install_tool(Replica): ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information > > IPA client install fails > ======================== > [root at dc2-ipa-dev-van etc]# ipa-client-install --mkhomedir --enable-dns-updates > Using existing certificate '/etc/ipa/ca.crt'. > Discovery was successful! > Client hostname: dc2-ipa-dev-van.dev-mydomain.net > Realm: DEV-mydomain.NET > DNS Domain: dev-mydomain.net > IPA Server: dc1-ipa-dev-nvan.dev-mydomain.net > BaseDN: dc=dev-mydomain,dc=net > > Continue to configure the system with these values? [no]: yes > Synchronizing time with KDC... > Attempting to sync time using ntpd. Will timeout after 15 seconds > User authorized to enroll computers: nathan.peters > Password for nathan.peters at DEV-mydomain.NET: > Joining realm failed: Host is already joined. > > Use --force-join option to override the host entry on the server and force client enrollment. > Installation failed. Rolling back changes. > IPA client is not configured on this system. > > IPA client install succeeds with --force-join > ============================================= > [root at dc2-ipa-dev-van etc]# ipa-client-install --mkhomedir --enable-dns-updates --force-join > Using existing certificate '/etc/ipa/ca.crt'. > Discovery was successful! > Client hostname: dc2-ipa-dev-van.dev-mydomain.net > Realm: DEV-mydomain.NET > DNS Domain: dev-mydomain.net > IPA Server: dc1-ipa-dev-van.dev-mydomain.net > BaseDN: dc=dev-mydomain,dc=net > > Continue to configure the system with these values? [no]: yes > Synchronizing time with KDC... > Attempting to sync time using ntpd. Will timeout after 15 seconds > User authorized to enroll computers: nathan.peters > Password for nathan.peters at DEV-mydomain.NET: > Enrolled in IPA realm DEV-mydomain.NET > Created /etc/ipa/default.conf > New SSSD config will be created > Configured sudoers in /etc/nsswitch.conf > Configured /etc/sssd/sssd.conf > Configured /etc/krb5.conf for IPA realm DEV-mydomain.NET > trying https://dc1-ipa-dev-van.dev-mydomain.net/ipa/json > Forwarding 'ping' to json server 'https://dc1-ipa-dev-van.dev-mydomain.net/ipa/json' > Forwarding 'ca_is_enabled' to json server 'https://dc1-ipa-dev-van.dev-mydomain.net/ipa/json' > Systemwide CA database updated. > Added CA certificates to the default NSS database. > Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub > Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub > Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub > Forwarding 'host_mod' to json server 'https://dc1-ipa-dev-van.dev-mydomain.net/ipa/json' > > SSSD enabled > Configured /etc/openldap/ldap.conf > NTP enabled > Configured /etc/ssh/ssh_config > Configured /etc/ssh/sshd_config > Configuring dev-mydomain.net as NIS domain. > Client configuration complete. > > > Now we can finally try ipa-replica-install and it fails with CRITICAL failed to create ds instance > ========================================== > [root at dc2-ipa-dev-van etc]# ipa-replica-install --mkhomedir --setup-ca --setup-dns --no-forwarders > Run connection check to master > Connection check OK > Configuring NTP daemon (ntpd) > [1/4]: stopping ntpd > [2/4]: writing configuration > [3/4]: configuring ntpd to start on boot > [4/4]: starting ntpd > Done configuring NTP daemon (ntpd). > Configuring directory server (dirsrv). Estimated time: 1 minute > [1/43]: creating directory server user > [2/43]: creating directory server instance > ipa : CRITICAL failed to create ds instance Command '/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmprmHBYG' returned non-zero exit status 1 > [3/43]: restarting directory server > ipa : CRITICAL Failed to restart the directory server (Command '/bin/systemctl restart dirsrv at DEV-mydomain-NET.service' returned non-zero exit status 1). See the installation log for details. > [4/43]: adding default schema > [5/43]: enabling memberof plugin > [error] timeout: Timeout exceeded > Your system may be partly configured. > Run /usr/sbin/ipa-server-install --uninstall to clean up. > > ipa.ipapython.install.cli.install_tool(Replica): ERROR Timeout exceeded > ipa.ipapython.install.cli.install_tool(Replica): ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information > > since that failed, try removing the server > ========================================== > [root at dc2-ipa-dev-van etc]# ipa-server-install --uninstall > > This is a NON REVERSIBLE operation and will delete all data and configuration! > > Are you sure you want to continue with the uninstall procedure? [no]: yes > > WARNING: Failed to connect to Directory Server to find information about > replication agreements. Uninstallation will continue despite the possible > existing replication agreements. > Shutting down all IPA services > Unconfiguring ntpd > Configuring certmonger to stop tracking system certificates for KRA > Configuring certmonger to stop tracking system certificates for CA > Unconfiguring directory server > ipa : ERROR Instance removal failed. > ipa : ERROR Failed to remove DS instance. You may need to remove instance data manually > ipa : ERROR Unable to restart ds instance DEV-mydomain-NET: Command '/bin/systemctl restart dirsrv at DEV-mydomain-NET.service' returned non-zero exit status 1 > Removing IPA client configuration > Removing Kerberos service principals from /etc/krb5.keytab > Disabling client Kerberos and LDAP configurations > Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to /etc/sssd/sssd.conf.deleted > Restoring client configuration files > Unconfiguring the NIS domain. > nscd daemon is not installed, skip configuration > nslcd daemon is not installed, skip configuration > Systemwide CA database updated. > Client uninstall complete. > [root at dc2-ipa-dev-van etc]# ipa-client-install --uninstall > IPA client is not configured on this system. > [root at dc2-ipa-dev-van etc]# cd dirsrv/ > [root at dc2-ipa-dev-van dirsrv]# ls -al > total 16 > drwxr-xr-x 5 root root 67 Jan 19 11:11 . > drwxr-xr-x. 116 root root 8192 Jan 19 11:18 .. > drwxr-xr-x 2 root root 105 Jan 19 11:11 config > drwxr-xr-x 2 root root 4096 Jan 19 11:11 schema > drwxrwx--- 3 dirsrv dirsrv 61 Jan 19 08:57 slapd-DEV-mydomain-NET > [root at dc2-ipa-dev-van dirsrv]# cd .. > [root at dc2-ipa-dev-van etc]# rm -rf dirsrv > > re-join client > ============== > [root at dc2-ipa-dev-van etc]# ipa-client-install --mkhomedir --enable-dns-updates --force-join > Discovery was successful! > Client hostname: dc2-ipa-dev-van.dev-mydomain.net > Realm: DEV-mydomain.NET > DNS Domain: dev-mydomain.net > IPA Server: dc2-ipa-dev-nvan.dev-mydomain.net > BaseDN: dc=dev-mydomain,dc=net > > Continue to configure the system with these values? [no]: yes > Synchronizing time with KDC... > Attempting to sync time using ntpd. Will timeout after 15 seconds > User authorized to enroll computers: nathan.peters > Password for nathan.peters at DEV-mydomain.NET: > Successfully retrieved CA cert > Subject: CN=Certificate Authority,O=DEV-mydomain.NET > Issuer: CN=Certificate Authority,O=DEV-mydomain.NET > Valid From: Wed Mar 25 18:48:27 2015 UTC > Valid Until: Sun Mar 25 18:48:27 2035 UTC > > Subject: CN=Certificate Authority,O=DEV-mydomain.NET > Issuer: CN=Certificate Authority,O=DEV-mydomain.NET > Valid From: Wed Mar 25 18:48:27 2015 UTC > Valid Until: Sun Mar 25 18:48:27 2035 UTC > > Enrolled in IPA realm DEV-mydomain.NET > Created /etc/ipa/default.conf > New SSSD config will be created > Configured sudoers in /etc/nsswitch.conf > Configured /etc/sssd/sssd.conf > Configured /etc/krb5.conf for IPA realm DEV-mydomain.NET > trying https://dc2-ipa-dev-nvan.dev-mydomain.net/ipa/json > Forwarding 'ping' to json server 'https://dc2-ipa-dev-nvan.dev-mydomain.net/ipa/json' > Forwarding 'ca_is_enabled' to json server 'https://dc2-ipa-dev-nvan.dev-mydomain.net/ipa/json' > Systemwide CA database updated. > Added CA certificates to the default NSS database. > Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub > Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub > Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub > Forwarding 'host_mod' to json server 'https://dc2-ipa-dev-nvan.dev-mydomain.net/ipa/json' > SSSD enabled > Configured /etc/openldap/ldap.conf > NTP enabled > Configured /etc/ssh/ssh_config > Configured /etc/ssh/sshd_config > Configuring dev-mydomain.net as NIS domain. > Client configuration complete. > > Attempt to install the replica again > ==================================== > [root at dc2-ipa-dev-van etc]# ipa-replica-install --mkhomedir --setup-ca --setup-dns --no-forwarders > Run connection check to master > Connection check OK > Configuring NTP daemon (ntpd) > [1/4]: stopping ntpd > [2/4]: writing configuration > [3/4]: configuring ntpd to start on boot > [4/4]: starting ntpd > Done configuring NTP daemon (ntpd). > Configuring directory server (dirsrv). Estimated time: 1 minute > [1/43]: creating directory server user > [2/43]: creating directory server instance > ipa : CRITICAL failed to create ds instance Command '/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmpCIlkrQ' returned non-zero exit status 1 > [3/43]: restarting directory server > ipa : CRITICAL Failed to restart the directory server (Command '/bin/systemctl restart dirsrv at DEV-mydomain-NET.service' returned non-zero exit status 1). See the installation log for details. > [4/43]: adding default schema > [5/43]: enabling memberof plugin > [error] timeout: Timeout exceeded > Your system may be partly configured. > Run /usr/sbin/ipa-server-install --uninstall to clean up. > > ipa.ipapython.install.cli.install_tool(Replica): ERROR Timeout exceeded > ipa.ipapython.install.cli.install_tool(Replica): ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information > > > check log > ========== > [root at dc2-ipa-dev-van etc]# cat /var/log/ipareplica-install.log > 2016-01-19T19:21:30Z DEBUG Logging to /var/log/ipareplica-install.log > 2016-01-19T19:21:30Z DEBUG ipa-replica-install was invoked with arguments [] and options: {'no_dns_sshfp': None, 'skip_schema_check': None, 'setup_kra': None, 'ip_addresses': None, 'mkhomedir': True, 'no_pkinit': None, 'http_cert_files': None, 'no_ntp': None, 'verbose': False, 'no_forwarders': True, 'keytab': None, 'ssh_trust_dns': None, 'domain_name': None, 'http_cert_name': None, 'dirsrv_cert_files': None, 'no_dnssec_validation': None, 'no_reverse': None, 'pkinit_cert_files': None, 'unattended': False, 'auto_reverse': None, 'auto_forwarders': None, 'no_host_dns': None, 'no_sshd': None, 'no_ui_redirect': None, 'dirsrv_config_file': None, 'forwarders': None, 'pkinit_cert_name': None, 'setup_ca': True, 'realm_name': None, 'skip_conncheck': None, 'no_ssh': None, 'dirsrv_cert_name': None, 'quiet': False, 'server': None, 'setup_dns': True, 'host_name': None, 'log_file': None, 'reverse_zones': None, 'allow_zone_overlap': None} > 2016-01-19T19:21:30Z DEBUG IPA version 4.3.0-1.fc23 > 2016-01-19T19:21:30Z DEBUG Starting external process > 2016-01-19T19:21:30Z DEBUG args=/usr/sbin/selinuxenabled > 2016-01-19T19:21:30Z DEBUG Process finished, return code=1 > 2016-01-19T19:21:30Z DEBUG stdout= > 2016-01-19T19:21:30Z DEBUG stderr= > 2016-01-19T19:21:30Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' > 2016-01-19T19:21:30Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' > 2016-01-19T19:21:30Z DEBUG httpd is not configured > 2016-01-19T19:21:30Z DEBUG kadmin is not configured > 2016-01-19T19:21:30Z DEBUG dirsrv is not configured > 2016-01-19T19:21:30Z DEBUG pki-tomcatd is not configured > 2016-01-19T19:21:30Z DEBUG install is not configured > 2016-01-19T19:21:30Z DEBUG krb5kdc is not configured > 2016-01-19T19:21:30Z DEBUG ntpd is not configured > 2016-01-19T19:21:30Z DEBUG named is not configured > 2016-01-19T19:21:30Z DEBUG ipa_memcached is not configured > 2016-01-19T19:21:30Z DEBUG filestore is tracking no files > 2016-01-19T19:21:30Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' > 2016-01-19T19:21:30Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' > 2016-01-19T19:21:30Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' > 2016-01-19T19:21:30Z DEBUG Starting external process > 2016-01-19T19:21:30Z DEBUG args=/usr/sbin/httpd -t -D DUMP_VHOSTS > 2016-01-19T19:21:30Z DEBUG Process finished, return code=0 > 2016-01-19T19:21:30Z DEBUG stdout=VirtualHost configuration: > *:8443 dc2-ipa-dev-van.dev-mydomain.net (/etc/httpd/conf.d/nss.conf:83) > > 2016-01-19T19:21:30Z DEBUG stderr= > 2016-01-19T19:21:30Z DEBUG Starting external process > 2016-01-19T19:21:30Z DEBUG args=/bin/systemctl is-enabled chronyd.service > 2016-01-19T19:21:30Z DEBUG Process finished, return code=1 > 2016-01-19T19:21:30Z DEBUG stdout=disabled > > 2016-01-19T19:21:30Z DEBUG stderr= > 2016-01-19T19:21:30Z DEBUG Starting external process > 2016-01-19T19:21:30Z DEBUG args=/bin/systemctl is-active chronyd.service > 2016-01-19T19:21:30Z DEBUG Process finished, return code=3 > 2016-01-19T19:21:30Z DEBUG stdout=inactive > > 2016-01-19T19:21:30Z DEBUG stderr= > 2016-01-19T19:21:30Z DEBUG importing all plugin modules in ipalib.plugins... > 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.aci > 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.automember > 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.automount > 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.baseldap > 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.baseuser > 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.batch > 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.caacl > 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.cert > 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.certprofile > 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.config > 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.delegation > 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.dns > 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.domainlevel > 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.group > 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.hbacrule > 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.hbacsvc > 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.hbacsvcgroup > 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.hbactest > 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.host > 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.hostgroup > 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.idrange > 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.idviews > 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.internal > 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.krbtpolicy > 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.migration > 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.misc > 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.netgroup > 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.otpconfig > 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.otptoken > 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.otptoken_yubikey > 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.passwd > 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.permission > 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.ping > 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.pkinit > 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.privilege > 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.pwpolicy > 2016-01-19T19:21:30Z DEBUG Starting external process > 2016-01-19T19:21:30Z DEBUG args=klist -V > 2016-01-19T19:21:30Z DEBUG Process finished, return code=0 > 2016-01-19T19:21:30Z DEBUG stdout=Kerberos 5 version 1.14 > > 2016-01-19T19:21:30Z DEBUG stderr= > 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.radiusproxy > 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.realmdomains > 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.role > 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.rpcclient > 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.selfservice > 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.selinuxusermap > 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.server > 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.service > 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.servicedelegation > 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.session > 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.stageuser > 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.sudocmd > 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.sudocmdgroup > 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.sudorule > 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.topology > 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.trust > 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.user > 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.vault > 2016-01-19T19:21:30Z DEBUG importing plugin module ipalib.plugins.virtual > 2016-01-19T19:21:30Z DEBUG importing all plugin modules in ipaserver.install.plugins... > 2016-01-19T19:21:30Z DEBUG importing plugin module ipaserver.install.plugins.adtrust > 2016-01-19T19:21:30Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master > 2016-01-19T19:21:30Z DEBUG importing plugin module ipaserver.install.plugins.dns > 2016-01-19T19:21:30Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements > 2016-01-19T19:21:30Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed > 2016-01-19T19:21:30Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology > 2016-01-19T19:21:30Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges > 2016-01-19T19:21:30Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions > 2016-01-19T19:21:30Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs > 2016-01-19T19:21:30Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync > 2016-01-19T19:21:30Z DEBUG importing plugin module ipaserver.install.plugins.update_referint > 2016-01-19T19:21:30Z DEBUG importing plugin module ipaserver.install.plugins.update_services > 2016-01-19T19:21:30Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness > 2016-01-19T19:21:30Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt > 2016-01-19T19:21:32Z DEBUG Check if dc2-ipa-dev-van.dev-mydomain.net is a primary hostname for localhost > 2016-01-19T19:21:32Z DEBUG Primary hostname for localhost: dc2-ipa-dev-van.dev-mydomain.net > 2016-01-19T19:21:32Z DEBUG Search DNS for dc2-ipa-dev-van.dev-mydomain.net > 2016-01-19T19:21:32Z DEBUG Check if dc2-ipa-dev-van.dev-mydomain.net is not a CNAME > 2016-01-19T19:21:32Z DEBUG Check reverse address of 10.21.0.98 > 2016-01-19T19:21:32Z DEBUG Found reverse name: dc2-ipa-dev-van.dev-mydomain.net > 2016-01-19T19:21:32Z DEBUG Check if dc2-ipa-dev-nvan.dev-mydomain.net is a primary hostname for localhost > 2016-01-19T19:21:32Z DEBUG Primary hostname for localhost: dc2-ipa-dev-nvan.dev-mydomain.net > 2016-01-19T19:21:32Z DEBUG Search DNS for dc2-ipa-dev-nvan.dev-mydomain.net > 2016-01-19T19:21:32Z DEBUG Check if dc2-ipa-dev-nvan.dev-mydomain.net is not a CNAME > 2016-01-19T19:21:32Z DEBUG Check reverse address of 10.178.0.98 > 2016-01-19T19:21:32Z DEBUG Found reverse name: dc2-ipa-dev-nvan.dev-mydomain.net > 2016-01-19T19:21:32Z DEBUG Initializing principal host/dc2-ipa-dev-van.dev-mydomain.net at DEV-mydomain.NET using keytab /etc/krb5.keytab > 2016-01-19T19:21:32Z DEBUG using ccache /tmp/krbcc50gCM_/ccache > 2016-01-19T19:21:32Z DEBUG Attempt 1/1: success > 2016-01-19T19:21:32Z DEBUG importing all plugin modules in ipalib.plugins... > 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.aci > 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.automember > 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.automount > 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.baseldap > 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.baseuser > 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.batch > 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.caacl > 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.cert > 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.certprofile > 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.config > 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.delegation > 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.dns > 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.domainlevel > 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.group > 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.hbacrule > 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.hbacsvc > 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.hbacsvcgroup > 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.hbactest > 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.host > 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.hostgroup > 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.idrange > 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.idviews > 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.internal > 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.krbtpolicy > 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.migration > 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.misc > 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.netgroup > 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.otpconfig > 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.otptoken > 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.otptoken_yubikey > 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.passwd > 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.permission > 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.ping > 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.pkinit > 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.privilege > 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.pwpolicy > 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.radiusproxy > 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.realmdomains > 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.role > 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.rpcclient > 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.selfservice > 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.selinuxusermap > 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.server > 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.service > 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.servicedelegation > 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.session > 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.stageuser > 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.sudocmd > 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.sudocmdgroup > 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.sudorule > 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.topology > 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.trust > 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.user > 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.vault > 2016-01-19T19:21:32Z DEBUG importing plugin module ipalib.plugins.virtual > 2016-01-19T19:21:32Z DEBUG importing all plugin modules in ipaserver.plugins... > 2016-01-19T19:21:32Z DEBUG importing plugin module ipaserver.plugins.dogtag > 2016-01-19T19:21:32Z DEBUG skipping plugin module ipaserver.plugins.dogtag: dogtag not selected as RA plugin > 2016-01-19T19:21:32Z DEBUG importing plugin module ipaserver.plugins.join > 2016-01-19T19:21:32Z DEBUG importing plugin module ipaserver.plugins.ldap2 > 2016-01-19T19:21:32Z DEBUG importing plugin module ipaserver.plugins.rabase > 2016-01-19T19:21:32Z DEBUG importing plugin module ipaserver.plugins.xmlserver > 2016-01-19T19:21:32Z DEBUG importing all plugin modules in ipaserver.install.plugins... > 2016-01-19T19:21:32Z DEBUG importing plugin module ipaserver.install.plugins.adtrust > 2016-01-19T19:21:32Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master > 2016-01-19T19:21:32Z DEBUG importing plugin module ipaserver.install.plugins.dns > 2016-01-19T19:21:32Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements > 2016-01-19T19:21:32Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed > 2016-01-19T19:21:32Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology > 2016-01-19T19:21:32Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges > 2016-01-19T19:21:32Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions > 2016-01-19T19:21:32Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs > 2016-01-19T19:21:32Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync > 2016-01-19T19:21:32Z DEBUG importing plugin module ipaserver.install.plugins.update_referint > 2016-01-19T19:21:32Z DEBUG importing plugin module ipaserver.install.plugins.update_services > 2016-01-19T19:21:32Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness > 2016-01-19T19:21:32Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt > 2016-01-19T19:21:34Z DEBUG Created connection context.ldap2_139983595969360 > 2016-01-19T19:21:34Z DEBUG raw: domainlevel_get(version=u'2.163') > 2016-01-19T19:21:34Z DEBUG domainlevel_get(version=u'2.163') > 2016-01-19T19:21:34Z DEBUG flushing ldaps://dc2-ipa-dev-nvan.dev-mydomain.net from SchemaCache > 2016-01-19T19:21:34Z DEBUG retrieving schema for SchemaCache url=ldaps://dc2-ipa-dev-nvan.dev-mydomain.net conn= > 2016-01-19T19:21:34Z DEBUG raw: hostgroup_find(None, cn=u'ipaservers', version=u'2.163', host=[u'dc2-ipa-dev-van.dev-mydomain.net']) > 2016-01-19T19:21:34Z DEBUG hostgroup_find(None, cn=u'ipaservers', all=False, raw=False, version=u'2.163', no_members=False, pkey_only=False, host=(u'dc2-ipa-dev-van.dev-mydomain.net',)) > 2016-01-19T19:21:34Z DEBUG Check forward/reverse DNS resolution > 2016-01-19T19:21:34Z DEBUG Search DNS server dc2-ipa-dev-nvan.dev-mydomain.net (['10.178.0.98', '10.178.0.98', '10.178.0.98']) for dc2-ipa-dev-nvan.dev-mydomain.net > 2016-01-19T19:21:34Z DEBUG Check reverse address 10.178.0.98 (dc2-ipa-dev-nvan.dev-mydomain.net) > 2016-01-19T19:21:34Z DEBUG Address 10.178.0.98 resolves to: dc2-ipa-dev-nvan.dev-mydomain.net.. > 2016-01-19T19:21:34Z DEBUG Search DNS server dc2-ipa-dev-nvan.dev-mydomain.net (['10.178.0.98', '10.178.0.98', '10.178.0.98']) for dc2-ipa-dev-van.dev-mydomain.net > 2016-01-19T19:21:34Z DEBUG Check reverse address 10.21.0.98 (dc2-ipa-dev-van.dev-mydomain.net) > 2016-01-19T19:21:34Z DEBUG Address 10.21.0.98 resolves to: dc2-ipa-dev-van.dev-mydomain.net.. > 2016-01-19T19:21:34Z DEBUG Destroyed connection context.ldap2_139983595969360 > 2016-01-19T19:21:34Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' > 2016-01-19T19:21:34Z DEBUG failed to find session_cookie in persistent storage for principal 'host/dc2-ipa-dev-van.dev-mydomain.net at DEV-mydomain.NET' > 2016-01-19T19:21:34Z INFO trying https://dc2-ipa-dev-nvan.dev-mydomain.net/ipa/json > 2016-01-19T19:21:35Z DEBUG NSSConnection init dc2-ipa-dev-nvan.dev-mydomain.net > 2016-01-19T19:21:35Z DEBUG Connecting: 10.178.0.98:0 > 2016-01-19T19:21:35Z DEBUG approved_usage = SSL Server intended_usage = SSL Server > 2016-01-19T19:21:35Z DEBUG cert valid True for "CN=dc2-ipa-dev-nvan.dev-mydomain.net,OU=pki-ipa,O=IPA" > 2016-01-19T19:21:35Z DEBUG handshake complete, peer = 10.178.0.98:443 > 2016-01-19T19:21:35Z DEBUG Protocol: TLS1.2 > 2016-01-19T19:21:35Z DEBUG Cipher: TLS_RSA_WITH_AES_128_CBC_SHA > 2016-01-19T19:21:35Z DEBUG received Set-Cookie 'ipa_session=b05ed6993a0efe3e174416e80f3ecb35; Domain=dc2-ipa-dev-nvan.dev-mydomain.net; Path=/ipa; Expires=Tue, 19 Jan 2016 19:41:35 GMT; Secure; HttpOnly' > 2016-01-19T19:21:35Z DEBUG storing cookie 'ipa_session=b05ed6993a0efe3e174416e80f3ecb35; Domain=dc2-ipa-dev-nvan.dev-mydomain.net; Path=/ipa; Expires=Tue, 19 Jan 2016 19:41:35 GMT; Secure; HttpOnly' for principal host/dc2-ipa-dev-van.dev-mydomain.net at DEV-mydomain.NET > 2016-01-19T19:21:35Z DEBUG Created connection context.rpcclient_139983628815056 > 2016-01-19T19:21:35Z INFO Forwarding 'dns_is_enabled' to json server 'https://dc2-ipa-dev-nvan.dev-mydomain.net/ipa/json' > 2016-01-19T19:21:35Z DEBUG NSSConnection init dc2-ipa-dev-nvan.dev-mydomain.net > 2016-01-19T19:21:35Z DEBUG Connecting: 10.178.0.98:0 > 2016-01-19T19:21:35Z DEBUG approved_usage = SSL Server intended_usage = SSL Server > 2016-01-19T19:21:35Z DEBUG cert valid True for "CN=dc2-ipa-dev-nvan.dev-mydomain.net,OU=pki-ipa,O=IPA" > 2016-01-19T19:21:35Z DEBUG handshake complete, peer = 10.178.0.98:443 > 2016-01-19T19:21:35Z DEBUG Protocol: TLS1.2 > 2016-01-19T19:21:35Z DEBUG Cipher: TLS_RSA_WITH_AES_128_CBC_SHA > 2016-01-19T19:21:35Z DEBUG received Set-Cookie 'ipa_session=bbc3744aa455331ade1822b33addc72d; Domain=dc2-ipa-dev-nvan.dev-mydomain.net; Path=/ipa; Expires=Tue, 19 Jan 2016 19:41:35 GMT; Secure; HttpOnly' > 2016-01-19T19:21:35Z DEBUG storing cookie 'ipa_session=bbc3744aa455331ade1822b33addc72d; Domain=dc2-ipa-dev-nvan.dev-mydomain.net; Path=/ipa; Expires=Tue, 19 Jan 2016 19:41:35 GMT; Secure; HttpOnly' for principal host/dc2-ipa-dev-van.dev-mydomain.net at DEV-mydomain.NET > 2016-01-19T19:21:35Z DEBUG Destroyed connection context.rpcclient_139983628815056 > 2016-01-19T19:21:35Z DEBUG Starting external process > 2016-01-19T19:21:35Z DEBUG args=/sbin/ip -family inet -oneline address show > 2016-01-19T19:21:35Z DEBUG Process finished, return code=0 > 2016-01-19T19:21:35Z DEBUG stdout=1: lo inet 127.0.0.1/8 scope host lo\ valid_lft forever preferred_lft forever > 2: eno16777728 inet 10.21.0.98/16 brd 10.21.255.255 scope global eno16777728\ valid_lft forever preferred_lft forever > > 2016-01-19T19:21:35Z DEBUG stderr= > 2016-01-19T19:21:35Z DEBUG will use DNS forwarders: [] > > 2016-01-19T19:21:35Z DEBUG Starting external process > 2016-01-19T19:21:35Z DEBUG args=/usr/sbin/ipa-replica-conncheck --master dc2-ipa-dev-nvan.dev-mydomain.net --auto-master-check --realm DEV-mydomain.NET --hostname dc2-ipa-dev-van.dev-mydomain.net --ca-cert-file /etc/ipa/ca.crt > 2016-01-19T19:21:40Z DEBUG Process finished, return code=0 > 2016-01-19T19:21:40Z DEBUG stdout=Check connection from replica to remote master 'dc2-ipa-dev-nvan.dev-mydomain.net': > Directory Service: Unsecure port (389): OK > Directory Service: Secure port (636): OK > Kerberos KDC: TCP (88): OK > Kerberos Kpasswd: TCP (464): OK > HTTP Server: Unsecure port (80): OK > HTTP Server: Secure port (443): OK > > The following list of ports use UDP protocol and would need to be > checked manually: > Kerberos KDC: UDP (88): SKIPPED > Kerberos Kpasswd: UDP (464): SKIPPED > > Connection from replica to master is OK. > Start listening on required ports for remote master check > Get credentials to log in to remote master > Check RPC connection to remote master > Execute check on remote master > Check connection from master to remote replica 'dc2-ipa-dev-van.dev-mydomain.net': > Directory Service: Unsecure port (389): OK > Directory Service: Secure port (636): OK > Kerberos KDC: TCP (88): OK > Kerberos KDC: UDP (88): OK > Kerberos Kpasswd: TCP (464): OK > Kerberos Kpasswd: UDP (464): OK > HTTP Server: Unsecure port (80): OK > HTTP Server: Secure port (443): OK > > Connection from master to replica is OK. > > 2016-01-19T19:21:40Z DEBUG stderr= > 2016-01-19T19:21:40Z DEBUG Backing up system configuration file '/etc/ipa/default.conf' > 2016-01-19T19:21:40Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' > 2016-01-19T19:21:40Z DEBUG Starting external process > 2016-01-19T19:21:40Z DEBUG args=/bin/systemctl start messagebus.service > 2016-01-19T19:21:40Z DEBUG Process finished, return code=0 > 2016-01-19T19:21:40Z DEBUG stdout= > 2016-01-19T19:21:40Z DEBUG stderr= > 2016-01-19T19:21:40Z DEBUG Starting external process > 2016-01-19T19:21:40Z DEBUG args=/bin/systemctl is-active messagebus.service > 2016-01-19T19:21:40Z DEBUG Process finished, return code=0 > 2016-01-19T19:21:40Z DEBUG stdout=active > > 2016-01-19T19:21:40Z DEBUG stderr= > 2016-01-19T19:21:40Z DEBUG Starting external process > 2016-01-19T19:21:40Z DEBUG args=/bin/systemctl restart certmonger.service > 2016-01-19T19:21:40Z DEBUG Process finished, return code=0 > 2016-01-19T19:21:40Z DEBUG stdout= > 2016-01-19T19:21:40Z DEBUG stderr= > 2016-01-19T19:21:40Z DEBUG Starting external process > 2016-01-19T19:21:40Z DEBUG args=/bin/systemctl is-active certmonger.service > 2016-01-19T19:21:40Z DEBUG Process finished, return code=0 > 2016-01-19T19:21:40Z DEBUG stdout=active > > 2016-01-19T19:21:40Z DEBUG stderr= > 2016-01-19T19:21:40Z DEBUG Starting external process > 2016-01-19T19:21:40Z DEBUG args=/bin/systemctl enable certmonger.service > 2016-01-19T19:21:40Z DEBUG Process finished, return code=0 > 2016-01-19T19:21:40Z DEBUG stdout= > 2016-01-19T19:21:40Z DEBUG stderr=Created symlink from /etc/systemd/system/multi-user.target.wants/certmonger.service to /usr/lib/systemd/system/certmonger.service. > > 2016-01-19T19:21:40Z DEBUG group dirsrv exists > 2016-01-19T19:21:40Z DEBUG user dirsrv exists > 2016-01-19T19:21:40Z DEBUG Starting external process > 2016-01-19T19:21:40Z DEBUG args=/bin/systemctl is-enabled chronyd.service > 2016-01-19T19:21:40Z DEBUG Process finished, return code=1 > 2016-01-19T19:21:40Z DEBUG stdout=disabled > > 2016-01-19T19:21:40Z DEBUG stderr= > 2016-01-19T19:21:40Z DEBUG Starting external process > 2016-01-19T19:21:40Z DEBUG args=/bin/systemctl is-active chronyd.service > 2016-01-19T19:21:40Z DEBUG Process finished, return code=3 > 2016-01-19T19:21:40Z DEBUG stdout=inactive > > 2016-01-19T19:21:40Z DEBUG stderr= > 2016-01-19T19:21:40Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' > 2016-01-19T19:21:40Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' > 2016-01-19T19:21:40Z DEBUG Configuring NTP daemon (ntpd) > 2016-01-19T19:21:40Z DEBUG [1/4]: stopping ntpd > 2016-01-19T19:21:40Z DEBUG Starting external process > 2016-01-19T19:21:40Z DEBUG args=/bin/systemctl is-active ntpd.service > 2016-01-19T19:21:40Z DEBUG Process finished, return code=0 > 2016-01-19T19:21:40Z DEBUG stdout=active > > 2016-01-19T19:21:40Z DEBUG stderr= > 2016-01-19T19:21:40Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' > 2016-01-19T19:21:40Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' > 2016-01-19T19:21:40Z DEBUG Starting external process > 2016-01-19T19:21:40Z DEBUG args=/bin/systemctl stop ntpd.service > 2016-01-19T19:21:40Z DEBUG Process finished, return code=0 > 2016-01-19T19:21:40Z DEBUG stdout= > 2016-01-19T19:21:40Z DEBUG stderr= > 2016-01-19T19:21:40Z DEBUG duration: 0 seconds > 2016-01-19T19:21:40Z DEBUG [2/4]: writing configuration > 2016-01-19T19:21:40Z DEBUG Backing up system configuration file '/etc/ntp.conf' > 2016-01-19T19:21:40Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' > 2016-01-19T19:21:40Z DEBUG Backing up system configuration file '/etc/sysconfig/ntpd' > 2016-01-19T19:21:40Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' > 2016-01-19T19:21:40Z DEBUG duration: 0 seconds > 2016-01-19T19:21:40Z DEBUG [3/4]: configuring ntpd to start on boot > 2016-01-19T19:21:40Z DEBUG Starting external process > 2016-01-19T19:21:40Z DEBUG args=/bin/systemctl is-enabled ntpd.service > 2016-01-19T19:21:40Z DEBUG Process finished, return code=0 > 2016-01-19T19:21:40Z DEBUG stdout=enabled > > 2016-01-19T19:21:40Z DEBUG stderr= > 2016-01-19T19:21:40Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' > 2016-01-19T19:21:40Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' > 2016-01-19T19:21:40Z DEBUG Starting external process > 2016-01-19T19:21:40Z DEBUG args=/bin/systemctl enable ntpd.service > 2016-01-19T19:21:40Z DEBUG Process finished, return code=0 > 2016-01-19T19:21:40Z DEBUG stdout= > 2016-01-19T19:21:40Z DEBUG stderr= > 2016-01-19T19:21:40Z DEBUG duration: 0 seconds > 2016-01-19T19:21:40Z DEBUG [4/4]: starting ntpd > 2016-01-19T19:21:40Z DEBUG Starting external process > 2016-01-19T19:21:40Z DEBUG args=/bin/systemctl start ntpd.service > 2016-01-19T19:21:40Z DEBUG Process finished, return code=0 > 2016-01-19T19:21:40Z DEBUG stdout= > 2016-01-19T19:21:40Z DEBUG stderr= > 2016-01-19T19:21:40Z DEBUG Starting external process > 2016-01-19T19:21:40Z DEBUG args=/bin/systemctl is-active ntpd.service > 2016-01-19T19:21:40Z DEBUG Process finished, return code=0 > 2016-01-19T19:21:40Z DEBUG stdout=active > > 2016-01-19T19:21:40Z DEBUG stderr= > 2016-01-19T19:21:40Z DEBUG duration: 0 seconds > 2016-01-19T19:21:40Z DEBUG Done configuring NTP daemon (ntpd). > 2016-01-19T19:21:40Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' > 2016-01-19T19:21:40Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' > 2016-01-19T19:21:40Z DEBUG Configuring directory server (dirsrv). Estimated time: 1 minute > 2016-01-19T19:21:40Z DEBUG [1/43]: creating directory server user > 2016-01-19T19:21:40Z DEBUG group dirsrv exists > 2016-01-19T19:21:40Z DEBUG user dirsrv exists > 2016-01-19T19:21:40Z DEBUG duration: 0 seconds > 2016-01-19T19:21:40Z DEBUG [2/43]: creating directory server instance > 2016-01-19T19:21:40Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' > 2016-01-19T19:21:40Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' > 2016-01-19T19:21:40Z DEBUG Backing up system configuration file '/etc/sysconfig/dirsrv' > 2016-01-19T19:21:40Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' > 2016-01-19T19:21:40Z DEBUG > dn: dc=dev-mydomain,dc=net > objectClass: top > objectClass: domain > objectClass: pilotObject > dc: dev-mydomain > info: IPA V2.0 > > 2016-01-19T19:21:40Z DEBUG writing inf template > 2016-01-19T19:21:40Z DEBUG > [General] > FullMachineName= dc2-ipa-dev-van.dev-mydomain.net > SuiteSpotUserID= dirsrv > SuiteSpotGroup= dirsrv > ServerRoot= /usr/lib64/dirsrv > [slapd] > ServerPort= 389 > ServerIdentifier= DEV-mydomain-NET > Suffix= dc=dev-mydomain,dc=net > RootDN= cn=Directory Manager > InstallLdifFile= /var/lib/dirsrv/boot.ldif > inst_dir= /var/lib/dirsrv/scripts-DEV-mydomain-NET > > 2016-01-19T19:21:40Z DEBUG calling setup-ds.pl > 2016-01-19T19:21:40Z DEBUG Starting external process > 2016-01-19T19:21:40Z DEBUG args=/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmpCIlkrQ > 2016-01-19T19:21:41Z DEBUG Process finished, return code=1 > 2016-01-19T19:21:41Z DEBUG stdout=[16/01/19:11:21:41] - [Setup] Info Could not copy file '/etc/dirsrv/config/certmap.conf' to '/etc/dirsrv/slapd-DEV-mydomain-NET/certmap.conf'. Error: No such file or directory > Could not copy file '/etc/dirsrv/config/certmap.conf' to '/etc/dirsrv/slapd-DEV-mydomain-NET/certmap.conf'. Error: No such file or directory > [16/01/19:11:21:41] - [Setup] Fatal Error: Could not create directory server instance 'DEV-mydomain-NET'. > Error: Could not create directory server instance 'DEV-mydomain-NET'. > [16/01/19:11:21:41] - [Setup] Fatal Exiting . . . > Log file is '-' > > Exiting . . . > Log file is '-' > > > 2016-01-19T19:21:41Z DEBUG stderr= > 2016-01-19T19:21:41Z CRITICAL failed to create ds instance Command '/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmpCIlkrQ' returned non-zero exit status 1 > 2016-01-19T19:21:41Z DEBUG duration: 0 seconds > 2016-01-19T19:21:41Z DEBUG [3/43]: restarting directory server > 2016-01-19T19:21:41Z DEBUG Starting external process > 2016-01-19T19:21:41Z DEBUG args=/bin/systemctl --system daemon-reload > 2016-01-19T19:21:41Z DEBUG Process finished, return code=0 > 2016-01-19T19:21:41Z DEBUG stdout= > 2016-01-19T19:21:41Z DEBUG stderr= > 2016-01-19T19:21:41Z DEBUG Starting external process > 2016-01-19T19:21:41Z DEBUG args=/bin/systemctl restart dirsrv at DEV-mydomain-NET.service > 2016-01-19T19:21:41Z DEBUG Process finished, return code=1 > 2016-01-19T19:21:41Z DEBUG stdout= > 2016-01-19T19:21:41Z DEBUG stderr=Job for dirsrv at DEV-mydomain-NET.service failed because a configured resource limit was exceeded. See "systemctl status dirsrv at DEV-mydomain-NET.service" and "journalctl -xe" for details. > > 2016-01-19T19:21:41Z CRITICAL Failed to restart the directory server (Command '/bin/systemctl restart dirsrv at DEV-mydomain-NET.service' returned non-zero exit status 1). See the installation log for details. > 2016-01-19T19:21:41Z DEBUG duration: 0 seconds > 2016-01-19T19:21:41Z DEBUG [4/43]: adding default schema > 2016-01-19T19:21:41Z DEBUG duration: 0 seconds > 2016-01-19T19:21:41Z DEBUG [5/43]: enabling memberof plugin > 2016-01-19T19:21:41Z DEBUG wait_for_open_ports: dc2-ipa-dev-van.dev-mydomain.net [389] timeout 10 > 2016-01-19T19:21:51Z DEBUG Could not connect to the Directory Server on dc2-ipa-dev-van.dev-mydomain.net: Timeout exceeded > 2016-01-19T19:21:51Z DEBUG Traceback (most recent call last): > File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 447, in start_creation > run_step(full_msg, method) > File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 437, in run_step > method() > File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 630, in __add_memberof_module > self._ldap_mod("memberof-conf.ldif") > File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 209, in _ldap_mod > self.ldap_connect() > File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 176, in ldap_connect > conn.do_bind(self.dm_password, autobind=self.autobind) > File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1625, in do_bind > self.do_simple_bind(bindpw=dm_password, timeout=timeout) > File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1615, in do_simple_bind > self.__bind_with_wait(self.simple_bind, timeout, binddn, bindpw) > File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1610, in __bind_with_wait > self.__wait_for_connection(timeout) > File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1596, in __wait_for_connection > wait_for_open_ports(host, int(port), timeout) > File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 1392, in wait_for_open_ports > raise socket.timeout("Timeout exceeded") > timeout: Timeout exceeded > > 2016-01-19T19:21:51Z DEBUG [error] timeout: Timeout exceeded > 2016-01-19T19:21:51Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in execute > return_value = self.run() > File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 318, in run > cfgr.run() > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 310, in run > self.execute() > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 332, in execute > for nothing in self._executor(): > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 372, in __runner > self._handle_exception(exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception > six.reraise(*exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 362, in __runner > step() > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 359, in > step = lambda: next(self.__gen) > File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from > six.reraise(*exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from > value = gen.send(prev_value) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 571, in _configure > next(executor) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 372, in __runner > self._handle_exception(exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 449, in _handle_exception > self.__parent._handle_exception(exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception > six.reraise(*exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 446, in _handle_exception > super(ComponentBase, self)._handle_exception(exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception > six.reraise(*exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 362, in __runner > step() > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 359, in > step = lambda: next(self.__gen) > File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from > six.reraise(*exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from > value = gen.send(prev_value) > File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 63, in _install > for nothing in self._installer(self.parent): > File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 1553, in main > promote(self) > File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 372, in decorated > func(installer) > File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 1275, in promote > promote=True, pkcs12_info=dirsrv_pkcs12_info) > File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 120, in install_replica_ds > promote=promote, > File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 398, in create_replica > self.start_creation(runtime=60) > File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 447, in start_creation > run_step(full_msg, method) > File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 437, in run_step > method() > File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 630, in __add_memberof_module > self._ldap_mod("memberof-conf.ldif") > File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 209, in _ldap_mod > self.ldap_connect() > File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 176, in ldap_connect > conn.do_bind(self.dm_password, autobind=self.autobind) > File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1625, in do_bind > self.do_simple_bind(bindpw=dm_password, timeout=timeout) > File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1615, in do_simple_bind > self.__bind_with_wait(self.simple_bind, timeout, binddn, bindpw) > File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1610, in __bind_with_wait > self.__wait_for_connection(timeout) > File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1596, in __wait_for_connection > wait_for_open_ports(host, int(port), timeout) > File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 1392, in wait_for_open_ports > raise socket.timeout("Timeout exceeded") > > 2016-01-19T19:21:51Z DEBUG The ipa-replica-install command failed, exception: timeout: Timeout exceeded > 2016-01-19T19:21:51Z ERROR Timeout exceeded > 2016-01-19T19:21:51Z ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information > [root at dc2-ipa-dev-van etc]# > > > check status of dirsrv as suggested in log > ========================================== > [root at dc2-ipa-dev-van etc]# systemctl status dirsrv at DEV-mydomain-NET.service -l > ? dirsrv at DEV-mydomain-NET.service - 389 Directory Server DEV-mydomain-NET. > Loaded: loaded (/usr/lib/systemd/system/dirsrv at .service; enabled; vendor preset: disabled) > Active: failed (Result: resources) > > Jan 19 11:18:46 dc2-ipa-dev-van.dev-mydomain.net systemd[1]: dirsrv at DEV-mydomain-NET.service: Failed to load environment files: No such file or directory > Jan 19 11:18:46 dc2-ipa-dev-van.dev-mydomain.net systemd[1]: dirsrv at DEV-mydomain-NET.service: Failed to run 'start' task: No such file or directory > Jan 19 11:18:46 dc2-ipa-dev-van.dev-mydomain.net systemd[1]: Failed to start 389 Directory Server DEV-mydomain-NET.. > Jan 19 11:18:46 dc2-ipa-dev-van.dev-mydomain.net systemd[1]: dirsrv at DEV-mydomain-NET.service: Failed with result 'resources'. > Jan 19 11:18:46 dc2-ipa-dev-van.dev-mydomain.net systemd[1]: Starting 389 Directory Server DEV-mydomain-NET.... > Jan 19 11:21:41 dc2-ipa-dev-van.dev-mydomain.net systemd[1]: dirsrv at DEV-mydomain-NET.service: Failed to load environment files: No such file or directory > Jan 19 11:21:41 dc2-ipa-dev-van.dev-mydomain.net systemd[1]: dirsrv at DEV-mydomain-NET.service: Failed to run 'start' task: No such file or directory > Jan 19 11:21:41 dc2-ipa-dev-van.dev-mydomain.net systemd[1]: Failed to start 389 Directory Server DEV-mydomain-NET.. > Jan 19 11:21:41 dc2-ipa-dev-van.dev-mydomain.net systemd[1]: dirsrv at DEV-mydomain-NET.service: Failed with result 'resources'. > Jan 19 11:21:41 dc2-ipa-dev-van.dev-mydomain.net systemd[1]: Starting 389 Directory Server DEV-mydomain-NET.... > > > -----Original Message----- > From: Ludwig Krispenz [mailto:lkrispen at redhat.com] > Sent: January-19-16 8:45 AM > To: Nathan Peters > Cc: freeipa-users at redhat.com > Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists > > > On 01/19/2016 05:24 PM, Nathan Peters wrote: >> So if the obsolete replica ID should cause no harm, then what is the solution to get my replica re-installed ? >> >> This problem still exists and hasn't gone away so I am still stuck with a 4th replica unable to be re-joined ... >> >> [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 ADD dn="cn=replica,cn=dc\3Ddev-globalrelay\2Cdc\3Dnet,cn=mapping tree,cn=config" >> [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 RESULT err=68 tag=105 nentries=0 etime=0 >> [18/Jan/2016:09:28:33 -0800] conn=18732 op=11 UNBIND > where do you see this ? The high connection number indicates it is not > on the server you just install. If it is on the master then it is > correct, the entry exists there already. > > Did you uninstall server and client before ? Do you still have an > /etc/openldap/ldap.conf having an URI pointin to the master ? >> >> [27/43]: restarting directory server >> [28/43]: setting up initial replication >> [error] DuplicateEntry: This entry already exists Your system may be >> partly configured. >> Run /usr/sbin/ipa-server-install --uninstall to clean up. >> >> -----Original Message----- >> From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Ludwig Krispenz >> Sent: January-19-16 12:37 AM >> To: freeipa-users at redhat.com >> Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists >> >> >> On 01/18/2016 09:55 PM, Nathan Peters wrote: >>> Another follow-up : dirsrv logs get really strange when I attempt to add that cleanruv task. It apears the message logged to console that the task already exists is totally lying ? o.O >> no, it is not totally lying, you just found another trace of a replica >> ID which is probably not properly cleaned. The cleanallruv task looks >> into the database and finally also into the changelog and remove all >> traces for tee replica ID to be cleaned. >> What you found is a ruv in the replication agreement, the replication >> agreement keeps track of the consumer RUV it has seen, and there was at >> one time replica 14. >> >> I'll open a ticket for 389-ds to handle this in the cleanallruv task. >> But the obsolete replica ID in the agreement should do no harm. If you >> want to get rid of it, you coud stop the server and remove it from the >> /etc/dirsrv/slapd-/dse.ldif >>> So the actual error is that it cannot modify a task because it does not exist? Why does it not exist ? According to the docs here : http://directory.fedoraproject.org/docs/389ds/FAQ/troubleshoot-cleanallruv.html >>> >>> It should always exist? There is no 'changetype : modify' in that ldap syntax... >>> >>> [18/Jan/2016:12:36:56 -0800] - ldbm_back_seq deadlock retry BAD 1601, err=0 BDB0062 Successful return: 0 >>> [18/Jan/2016:12:39:56 -0800] - WARNING: can't modify task entry 'cn=clean 14,cn=cleanallruv,cn=tasks,cn=config'; No such object (32) >>> [18/Jan/2016:12:39:58 -0800] - WARNING: can't modify task entry 'cn=clean 14,cn=cleanallruv,cn=tasks,cn=config'; No such object (32) >>> [18/Jan/2016:12:40:00 -0800] - WARNING: can't modify task entry 'cn=clean 14,cn=cleanallruv,cn=tasks,cn=config'; No such object (32) >>> [18/Jan/2016:12:40:00 -0800] NSMMReplicationPlugin - CleanAllRUV Task (rid 14): Replica id (14) is already being cleaned >>> [18/Jan/2016:12:40:02 -0800] - WARNING: can't modify task entry 'cn=clean 14,cn=cleanallruv,cn=tasks,cn=config'; No such object (32) >>> [18/Jan/2016:12:40:04 -0800] - WARNING: can't modify task entry 'cn=clean 14,cn=cleanallruv,cn=tasks,cn=config'; No such object (32) >>> [18/Jan/2016:12:40:06 -0800] - WARNING: can't modify task entry 'cn=clean 14,cn=cleanallruv,cn=tasks,cn=config'; No such object (32) >>> [18/Jan/2016:12:40:06 -0800] NSMMReplicationPlugin - CleanAllRUV Task (rid 14): Task failed...(-1) >>> [18/Jan/2016:12:40:08 -0800] - WARNING: can't modify task entry 'cn=clean 14,cn=cleanallruv,cn=tasks,cn=config'; No such object (32) >>> [18/Jan/2016:12:40:08 -0800] - WARNING: can't find task entry 'cn=clean 14,cn=cleanallruv,cn=tasks,cn=config' >>> [18/Jan/2016:12:40:08 -0800] ipa_sidgen_add_post_op - [file ipa_sidgen.c, line 128]: Missing target entry. >>> >>> -----Original Message----- >>> From: Nathan Peters >>> Sent: January-18-16 12:13 PM >>> To: Nathan Peters; Petr Vobornik; Rob Crittenden; freeipa-users at redhat.com >>> Subject: RE: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists >>> >>> Follow-up : After finding the ghost ruvs below I tried to clean them. Apparently they are already being cleaned by some task that is clearly not working ... >>> >>> ==== attempts to clean ruv 14 ==== >>> >>> [[root at dc2-ipa-dev-nvan slapd-MYDOMAIN-NET]# ldapmodify -D "cn=directory manager" -W -a >>> Enter LDAP Password: >>> dn: cn=clean 14, cn=cleanallruv, cn=tasks, cn=config >>> objectclass: top >>> objectclass: extensibleObject >>> replica-base-dn: cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config >>> replica-id: 14 >>> replica-force-cleaning: yes >>> cn: clean 14 >>> >>> adding new entry "cn=clean 14, cn=cleanallruv, cn=tasks, cn=config" >>> ldap_add: Server is unwilling to perform (53) >>> additional info: Replica id (14) is already being cleaned >>> >>> [root at dc2-ipa-dev-nvan slapd-MYDOMAIN-NET]# ldapmodify -x -D "cn=directory manager" -W <>>> dn: cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config >>>> changetype: modify >>>> replace: nsds5task >>>> nsds5task: CLEANRUV14 >>>> EOF >>> Enter LDAP Password: >>> modifying entry "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" >>> >>> This one adds the entry properly (I think - I have no idea how to check if one exists), but does not actually clean the ruv. >>> >>> >>> -----Original Message----- >>> From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Nathan Peters >>> Sent: January-18-16 11:44 AM >>> To: Petr Vobornik; Rob Crittenden; freeipa-users at redhat.com >>> Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists >>> >>> Answers to questions : >>> >>> 1) All 3 servers are working fine. Error logs show only the expected replication keepalive entries and no other entries for the last 24 hours. Replication works. >>> >>> 2) ipa server-find output is identical on all 3 servers : >>> >>> [root at dc1-ipa-dev-nvan slapd-DEV-GLOBALRELAY-NET]# ipa server-find >>> --------------------- >>> 3 IPA servers matched >>> --------------------- >>> Server name: dc1-ipa-dev-nvan.dev-globalrelay.net >>> Managed suffixes: domain, ca >>> Min domain level: 0 >>> Max domain level: 1 >>> >>> Server name: dc1-ipa-dev-van.dev-globalrelay.net >>> Managed suffixes: domain, ca >>> Min domain level: 0 >>> Max domain level: 1 >>> >>> Server name: dc2-ipa-dev-nvan.dev-globalrelay.net >>> Managed suffixes: domain, ca >>> Min domain level: 0 >>> Max domain level: 1 >>> ---------------------------- >>> Number of entries returned 3 >>> ---------------------------- >>> >>> 3)ipa-replica-manage list is the same on all 3 servers : >>> >>> [root at dc1-ipa-dev-van slapd-DEV-GLOBALRELAY-NET]# ipa-replica-manage list >>> dc2-ipa-dev-nvan.dev-globalrelay.net: master >>> dc1-ipa-dev-nvan.dev-globalrelay.net: master >>> dc1-ipa-dev-van.dev-globalrelay.net: master >>> >>> 3.5)I actually tried running the remove command anyway in case there were any type of lingering records and it came back with nothing found : >>> >>> [root at dc2-ipa-dev-nvan slapd-DEV-GLOBALRELAY-NET]# ipa-replica-manage del dc2-ipa-dev-van.dev-globalrelay.net >>> dc2-ipa-dev-van.dev-globalrelay.net is not listed among IPA masters. >>> Please specify an actual server or add the --cleanup option to force clean up. >>> [root at dc2-ipa-dev-nvan slapd-DEV-GLOBALRELAY-NET]# ipa-replica-manage del dc2-ipa-dev-van.dev-globalrelay.net --cleanup >>> Checking connectivity in topology suffix 'ca' >>> 'dc2-ipa-dev-van.dev-globalrelay.net' is not a part of topology suffix 'ca' >>> Not checking connectivity >>> Checking connectivity in topology suffix 'domain' >>> 'dc2-ipa-dev-van.dev-globalrelay.net' is not a part of topology suffix 'domain' >>> Not checking connectivity >>> No RUV records found. >>> >>> 4) The command revealed it went to a different master than I thought. It was not the CA master, but a differnet one. >>> >>> [root at dc2-ipa-dev-van slapd-DEV-GLOBALRELAY-NET]# cat /var/log/ipareplica-install.log | grep "Forwarding 'service_add'" >>> 2016-01-18T17:28:22Z INFO Forwarding 'service_add' to json server 'https://dc2-ipa-dev-nvan.dev-globalrelay.net/ipa/json' >>> >>> For some reason, when I was monitoring the logs, nothing had been logged on the dc2-ipa-dev-nvan in the dirsrv log but it must have been buffering to disk, because when I checked the logs 5 minutes later, all the data was there. You can actually see the err=68 here : >>> >>> [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 ADD dn="cn=replica,cn=dc\3Ddev-globalrelay\2Cdc\3Dnet,cn=mapping tree,cn=config" >>> [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 RESULT err=68 tag=105 nentries=0 etime=0 >>> [18/Jan/2016:09:28:33 -0800] conn=18732 op=11 UNBIND >>> >>> I'm not sure why it would fail that call though... >>> >>> Here are the ldapsearch for that cn=replica branch performed on the master it was joining to, as well as the complete logs from that master with the err=68 in it. >>> >>> I'm not sure if this has anything to do with it, but inside the replica branch are already 2 sub branches for replication agreements. These agreements have what appears to be old ruvs for the server I am trying to join, however, because the ipa-replica-install clean-ruv command only applies to domain level 0, I cannot clean those ruvs... I also cannot lower my domain level back down to 0 so I can clean them. >>> >>> [root at dc2-ipa-dev-nvan slapd-DEV-GLOBALRELAY-NET]# ipa-replica-manage clean-ruv 14 >>> No RUV records found. >>> >>> >>> ==== LDAP SEARCH OF SECTION OF TREE THAT ADD FAILS ON ===== >>> >>> [root at dc2-ipa-dev-nvan slapd-MYDOMAIN-NET]# ldapsearch -D "cn=directory manager" -W -b "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" >>> Enter LDAP Password: >>> # extended LDIF >>> # >>> # LDAPv3 >>> # base with scope subtree >>> # filter: (objectclass=*) >>> # requesting: ALL >>> # >>> >>> # replica, dc\3Dmydomain\2Cdc\3Dnet, mapping tree, config >>> dn: cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config >>> cn: replica >>> nsDS5Flags: 1 >>> nsDS5ReplicaBindDN: cn=replication manager,cn=config >>> nsDS5ReplicaBindDN: krbprincipalname=ldap/dc1-ipa-dev-nvan.mydomain.net >>> @MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net >>> nsDS5ReplicaBindDN: krbprincipalname=ldap/dc1-ipa-dev-van.mydomain.net@ >>> MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net >>> nsDS5ReplicaId: 15 >>> nsDS5ReplicaName: 74d8b993-bcb911e5-ba5283c7-2a40cd64 >>> nsDS5ReplicaRoot: dc=mydomain,dc=net >>> nsDS5ReplicaType: 3 >>> nsState:: DwAAAAAAAAC/OZ1WAAAAAAAAAAAAAAAAbAEAAAAAAAAAAAAAAAAAAA== >>> nsds5ReplicaLegacyConsumer: off >>> nsds5replicabinddngroup: cn=replication managers,cn=sysaccounts,cn=etc,dc=mydomain,dc=net >>> nsds5replicabinddngroupcheckinterval: 60 >>> objectClass: nsds5replica >>> objectClass: top >>> objectClass: extensibleobject >>> nsds5ReplicaChangeCount: 37386 >>> nsds5replicareapactive: 0 >>> >>> # meTodc1-ipa-dev-nvan.mydomain.net, replica, dc\3Dmydomain\2Cdc\ >>> 3Dnet, mapping tree, config >>> dn: cn=meTodc1-ipa-dev-nvan.mydomain.net,cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config >>> cn: meTodc1-ipa-dev-nvan.mydomain.net >>> description: me to dc1-ipa-dev-nvan.mydomain.net >>> nsDS5ReplicaBindMethod: SASL/GSSAPI >>> nsDS5ReplicaHost: dc1-ipa-dev-nvan.mydomain.net >>> nsDS5ReplicaPort: 389 >>> nsDS5ReplicaRoot: dc=mydomain,dc=net >>> nsDS5ReplicaTransportInfo: LDAP >>> nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial >>> entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount >>> nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts >>> uccessfulauth krblastfailedauth krbloginfailedcount >>> nsds50ruv: {replicageneration} 553fe9bb000000040000 >>> nsds50ruv: {replica 16 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 569afd >>> 26000000100000 569b9201002200100000 >>> nsds50ruv: {replica 17 ldap://dc1-ipa-dev-van.mydomain.net:389} 569b124 >>> b000000110000 569b91af000d00110000 >>> nsds50ruv: {replica 15 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 569aee >>> 040000000f0000 569b92010002000f0000 >>> nsds50ruv: {replica 14 ldap://dc2-ipa-dev-van.mydomain.net:389} 569ae7b >>> b0000000e0000 569b91320014000e0000 >>> nsds5ReplicaEnabled: on >>> nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in >>> ternalModifyTimestamp >>> nsds5replicaTimeout: 120 >>> nsruvReplicaLastModified: {replica 16 ldap://dc1-ipa-dev-nvan.mydomain. >>> net:389} 00000000 >>> nsruvReplicaLastModified: {replica 17 ldap://dc1-ipa-dev-van.mydomain.n >>> et:389} 00000000 >>> nsruvReplicaLastModified: {replica 15 ldap://dc2-ipa-dev-nvan.mydomain. >>> net:389} 00000000 >>> nsruvReplicaLastModified: {replica 14 ldap://dc2-ipa-dev-van.mydomain.n >>> et:389} 00000000 >>> objectClass: nsds5replicationagreement >>> objectClass: top >>> objectClass: ipaReplTopoManagedAgreement >>> ipaReplTopoManagedAgreementState: managed agreement - controlled by topology p >>> lugin >>> nsds5replicareapactive: 0 >>> nsds5replicaLastUpdateStart: 20160118191523Z >>> nsds5replicaLastUpdateEnd: 20160118191523Z >>> nsds5replicaChangesSentSinceStartup:: MTU6Mjc0LzgyNzY5NiAxNDoxLzAgMTc6MTQvMCAx >>> NjoyLzAg >>> nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd >>> ate succeeded >>> nsds5replicaUpdateInProgress: FALSE >>> nsds5replicaLastInitStart: 19700101000000Z >>> nsds5replicaLastInitEnd: 19700101000000Z >>> >>> # meTodc1-ipa-dev-van.mydomain.net, replica, dc\3Dmydomain\2Cdc\3 >>> Dnet, mapping tree, config >>> dn: cn=meTodc1-ipa-dev-van.mydomain.net,cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config >>> cn: meTodc1-ipa-dev-van.mydomain.net >>> description: me to dc1-ipa-dev-van.mydomain.net >>> nsDS5ReplicaBindMethod: SASL/GSSAPI >>> nsDS5ReplicaHost: dc1-ipa-dev-van.mydomain.net >>> nsDS5ReplicaPort: 389 >>> nsDS5ReplicaRoot: dc=mydomain,dc=net >>> nsDS5ReplicaTransportInfo: LDAP >>> nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial >>> entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount >>> nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts >>> uccessfulauth krblastfailedauth krbloginfailedcount >>> nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in >>> ternalModifyTimestamp >>> nsds5replicaTimeout: 120 >>> objectClass: nsds5replicationagreement >>> objectClass: top >>> objectClass: ipaReplTopoManagedAgreement >>> ipaReplTopoManagedAgreementState: managed agreement - controlled by topology p >>> lugin >>> nsds50ruv: {replicageneration} 553fe9bb000000040000 >>> nsds50ruv: {replica 17 ldap://dc1-ipa-dev-van.mydomain.net:389} 569b124 >>> b000000110000 569b9201000500110000 >>> nsds50ruv: {replica 16 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 569afd >>> 26000000100000 569b918d004a00100000 >>> nsds50ruv: {replica 15 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 569aee >>> 040000000f0000 569b92010002000f0000 >>> nsds50ruv: {replica 14 ldap://dc2-ipa-dev-van.mydomain.net:389} 569ae7b >>> b0000000e0000 569b91320014000e0000 >>> nsruvReplicaLastModified: {replica 17 ldap://dc1-ipa-dev-van.mydomain.n >>> et:389} 00000000 >>> nsruvReplicaLastModified: {replica 16 ldap://dc1-ipa-dev-nvan.mydomain. >>> net:389} 00000000 >>> nsruvReplicaLastModified: {replica 15 ldap://dc2-ipa-dev-nvan.mydomain. >>> net:389} 00000000 >>> nsruvReplicaLastModified: {replica 14 ldap://dc2-ipa-dev-van.mydomain.n >>> et:389} 00000000 >>> nsds5replicareapactive: 0 >>> nsds5replicaLastUpdateStart: 20160118191523Z >>> nsds5replicaLastUpdateEnd: 20160118191523Z >>> nsds5replicaChangesSentSinceStartup:: MTU6MzY2LzE0MTg1NjkgMTY6OTYvMCAxNzoyLzAg >>> nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd >>> ate succeeded >>> nsds5replicaUpdateInProgress: FALSE >>> nsds5replicaLastInitStart: 19700101000000Z >>> nsds5replicaLastInitEnd: 19700101000000Z >>> >>> # search result >>> search: 2 >>> result: 0 Success >>> >>> # numResponses: 4 >>> # numEntries: 3 >>> >>> >>> >>> >>> >>> ===== LOGS FROM MASTER DURING REPLICA INSTALLATION ATTEMPT ==== >>> >>> [18/Jan/2016:09:27:54 -0800] conn=18695 fd=144 slot=144 connection from 10.21.0.98 to 10.178.0.98 >>> [18/Jan/2016:09:27:54 -0800] conn=18695 op=0 BIND dn="" method=128 version=3 >>> [18/Jan/2016:09:27:54 -0800] conn=18695 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="" >>> [18/Jan/2016:09:27:54 -0800] conn=18695 op=1 SRCH base="" scope=0 filter="(objectClass=*)" attrs="namingContexts defaultnamingcontext" >>> [18/Jan/2016:09:27:54 -0800] conn=18695 op=1 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:54 -0800] conn=18695 op=2 SRCH base="dc=mydomain,dc=net" scope=0 filter="(info=IPA*)" attrs=ALL >>> [18/Jan/2016:09:27:54 -0800] conn=18695 op=2 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:54 -0800] conn=18695 op=3 SRCH base="cn=kerberos,dc=mydomain,dc=net" scope=2 filter="(objectClass=krbRealmContainer)" attrs=ALL >>> [18/Jan/2016:09:27:54 -0800] conn=18695 op=3 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:54 -0800] conn=14994 op=9086 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:27:54 -0800] conn=14994 op=9086 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:27:54 -0800] conn=14994 op=9087 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >>> [18/Jan/2016:09:27:54 -0800] conn=14994 op=9087 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:27:54 -0800] conn=14994 op=9088 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:27:54 -0800] conn=14994 op=9088 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:27:54 -0800] conn=14994 op=9089 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >>> [18/Jan/2016:09:27:54 -0800] conn=14994 op=9089 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:27:54 -0800] conn=7 op=36490 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:54 -0800] conn=7 op=36490 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:54 -0800] conn=7 op=36491 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:27:54 -0800] conn=7 op=36491 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:54 -0800] conn=7 op=36492 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:54 -0800] conn=7 op=36492 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:54 -0800] conn=7 op=36493 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >>> [18/Jan/2016:09:27:54 -0800] conn=7 op=36493 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:54 -0800] conn=6 op=38858 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:54 -0800] conn=6 op=38858 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:54 -0800] conn=6 op=38859 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:27:54 -0800] conn=6 op=38859 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:54 -0800] conn=6 op=38860 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:54 -0800] conn=6 op=38860 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:54 -0800] conn=6 op=38861 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >>> [18/Jan/2016:09:27:54 -0800] conn=6 op=38861 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:54 -0800] conn=6 op=38862 SRCH base="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >>> [18/Jan/2016:09:27:54 -0800] conn=6 op=38862 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:54 -0800] conn=6 op=38863 MOD dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:54 -0800] conn=6 op=38863 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22060000000f0000 >>> [18/Jan/2016:09:27:54 -0800] conn=18696 fd=145 slot=145 connection from 10.21.0.98 to 10.178.0.98 >>> [18/Jan/2016:09:27:54 -0800] conn=6 op=38864 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:54 -0800] conn=6 op=38864 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:54 -0800] conn=6 op=38865 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:54 -0800] conn=6 op=38865 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:54 -0800] conn=6 op=38866 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:27:54 -0800] conn=6 op=38866 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:54 -0800] conn=6 op=38867 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:54 -0800] conn=6 op=38867 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:54 -0800] conn=6 op=38868 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:27:54 -0800] conn=6 op=38868 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:54 -0800] conn=18696 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:27:54 -0800] conn=18696 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:27:54 -0800] conn=18696 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:27:54 -0800] conn=18696 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:27:54 -0800] conn=18696 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:27:54 -0800] conn=18696 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:54 -0800] conn=18696 op=3 SRCH base="cn=certificates,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaCertificate)(objectClass=pkiCA))" attrs="ipaKeyExtUsage cn ipaCertSubject ipaPublicKey cacertificate;binary ipaKeyTrust ipaCertIssuerSerial" >>> [18/Jan/2016:09:27:54 -0800] conn=18696 op=3 RESULT err=0 tag=101 nentries=2 etime=0 >>> [18/Jan/2016:09:27:54 -0800] conn=18696 op=4 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" >>> [18/Jan/2016:09:27:54 -0800] conn=18696 op=4 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:54 -0800] conn=18696 op=5 UNBIND >>> [18/Jan/2016:09:27:54 -0800] conn=18696 op=5 fd=145 closed - U1 >>> [18/Jan/2016:09:27:54 -0800] conn=6 op=38869 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:54 -0800] conn=6 op=38869 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:54 -0800] conn=6 op=38870 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:54 -0800] conn=6 op=38870 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:54 -0800] conn=6 op=38871 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:27:54 -0800] conn=6 op=38871 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:54 -0800] conn=6 op=38872 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:54 -0800] conn=6 op=38872 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:54 -0800] conn=6 op=38873 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:27:54 -0800] conn=6 op=38873 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:54 -0800] conn=3 op=82445 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:54 -0800] conn=3 op=82446 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:54 -0800] conn=3 op=82445 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=3 op=82447 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:55 -0800] conn=3 op=82446 RESULT err=0 tag=101 nentries=1 etime=1 >>> [18/Jan/2016:09:27:55 -0800] conn=3 op=82447 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=3 op=82448 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:27:55 -0800] conn=3 op=82448 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=13 op=56316 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:55 -0800] conn=13 op=56316 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=13 op=56317 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:27:55 -0800] conn=13 op=56317 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=13 op=56318 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:55 -0800] conn=13 op=56318 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=13 op=56319 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >>> [18/Jan/2016:09:27:55 -0800] conn=13 op=56319 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=7 op=36494 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:55 -0800] conn=7 op=36494 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=18697 fd=145 slot=145 connection from 10.21.5.248 to 10.178.0.98 >>> [18/Jan/2016:09:27:55 -0800] conn=18697 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" >>> [18/Jan/2016:09:27:55 -0800] conn=18697 op=0 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=7 op=36495 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:27:55 -0800] conn=7 op=36495 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=7 op=36496 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:55 -0800] conn=7 op=36496 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=7 op=36497 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >>> [18/Jan/2016:09:27:55 -0800] conn=7 op=36497 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=7 op=36498 SRCH base="cn=ad,cn=trusts,dc=mydomain,dc=net" scope=2 filter="(objectClass=ipaNTTrustedDomain)" attrs=ALL >>> [18/Jan/2016:09:27:55 -0800] conn=7 op=36499 SRCH base="dc=mydomain,dc=net" scope=2 filter="(objectClass=ipaNTDomainAttrs)" attrs="ipaNTFlatName ipaNTFallbackPrimaryGroup ipaNTSecurityIdentifier" >>> [18/Jan/2016:09:27:55 -0800] conn=7 op=36498 RESULT err=0 tag=101 nentries=0 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=7 op=36499 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=7 op=36500 SRCH base="cn=Default SMB Group,cn=groups,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=posixGroup)" attrs="ipaNTSecurityIdentifier" >>> [18/Jan/2016:09:27:55 -0800] conn=7 op=36501 SRCH base="cn=ad,cn=trusts,dc=mydomain,dc=net" scope=2 filter="(objectClass=ipaNTTrustedDomain)" attrs="cn ipaNTTrustPartner ipaNTFlatName ipaNTTrustedDomainSID ipaNTSIDBlacklistIncoming ipaNTSIDBlacklistOutgoing" >>> [18/Jan/2016:09:27:55 -0800] conn=7 op=36500 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=7 op=36501 RESULT err=0 tag=101 nentries=0 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=7 op=36502 SRCH base="krbprincipalname=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >>> [18/Jan/2016:09:27:55 -0800] conn=7 op=36502 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=7 op=36503 SRCH base="cn=dc2-ipa-dev-nvan.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >>> [18/Jan/2016:09:27:55 -0800] conn=7 op=36503 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=7 op=36504 MOD dn="krbprincipalname=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:55 -0800] conn=7 op=36504 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22070000000f0000 >>> [18/Jan/2016:09:27:55 -0800] conn=3 op=82449 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/fe1-gas-gasqa3-van.login.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/fe1-gas-gasqa3-van.login.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:55 -0800] conn=18698 fd=278 slot=278 connection from 10.178.0.98 to 10.178.0.98 >>> [18/Jan/2016:09:27:55 -0800] conn=13 op=56320 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:55 -0800] conn=3 op=82449 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=3 op=82450 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:27:55 -0800] conn=3 op=82450 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=3 op=82451 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:55 -0800] conn=13 op=56320 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=13 op=56321 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:55 -0800] conn=3 op=82451 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=3 op=82452 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >>> [18/Jan/2016:09:27:55 -0800] conn=3 op=82452 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=13 op=56321 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=13 op=56322 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:27:55 -0800] conn=13 op=56322 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=13 op=56323 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:55 -0800] conn=6 op=38874 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/fe1-gas-gasqa3-van.login.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/fe1-gas-gasqa3-van.login.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:55 -0800] conn=13 op=56323 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=13 op=56324 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:27:55 -0800] conn=13 op=56324 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=18698 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:27:55 -0800] conn=6 op=38874 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=6 op=38875 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:27:55 -0800] conn=6 op=38875 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=6 op=38876 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:55 -0800] conn=18698 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:27:55 -0800] conn=18698 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:27:55 -0800] conn=18698 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:27:55 -0800] conn=18698 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:27:55 -0800] conn=6 op=38876 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=6 op=38877 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >>> [18/Jan/2016:09:27:55 -0800] conn=6 op=38877 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=18698 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:55 -0800] conn=6 op=38878 SRCH base="fqdn=fe1-gas-gasqa3-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >>> [18/Jan/2016:09:27:55 -0800] conn=6 op=38878 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=18698 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >>> [18/Jan/2016:09:27:55 -0800] conn=6 op=38879 SRCH base="cn=fe1-gas-gasqa3-van.login.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >>> [18/Jan/2016:09:27:55 -0800] conn=6 op=38879 RESULT err=32 tag=101 nentries=0 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=6 op=38880 MOD dn="fqdn=fe1-gas-gasqa3-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:55 -0800] conn=18698 op=3 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=18698 op=4 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" >>> [18/Jan/2016:09:27:55 -0800] conn=18698 op=4 RESULT err=32 tag=101 nentries=0 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=18698 op=5 SRCH base="cn=computers,cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=ipaobject)(objectClass=nshost)(objectClass=ipahost)(objectClass=pkiuser)(objectClass=ipaservice))(serverHostName=dc2-ipa-dev-van.mydomain.net))" attrs="" >>> [18/Jan/2016:09:27:55 -0800] conn=18698 op=5 RESULT err=0 tag=101 nentries=0 etime=0 notes=U >>> [18/Jan/2016:09:27:55 -0800] conn=18698 op=6 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="macAddress memberofindirect description nsHardwarePlatform userCertificate ipaAllowedToPerform * l nsOsVersion fqdn managedBy ipaAssignedIDView memberOf krbPrincipalName nsHostLocation userClass aci" >>> [18/Jan/2016:09:27:55 -0800] conn=18698 op=6 RESULT err=32 tag=101 nentries=0 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=18698 op=7 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" >>> [18/Jan/2016:09:27:55 -0800] conn=18698 op=7 RESULT err=32 tag=101 nentries=0 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=18698 op=8 SRCH base="cn=computers,cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=ipaobject)(objectClass=nshost)(objectClass=ipahost)(objectClass=pkiuser)(objectClass=ipaservice))(serverHostName=dc2-ipa-dev-van.mydomain.net))" attrs="" >>> [18/Jan/2016:09:27:55 -0800] conn=18698 op=8 RESULT err=0 tag=101 nentries=0 etime=0 notes=U >>> [18/Jan/2016:09:27:55 -0800] conn=18698 op=9 ADD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:55 -0800] conn=6 op=38880 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22070004000f0000 >>> [18/Jan/2016:09:27:55 -0800] conn=6 op=38881 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:55 -0800] conn=18698 op=9 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d22070008000f0000 >>> [18/Jan/2016:09:27:55 -0800] conn=6 op=38881 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=6 op=38882 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:55 -0800] conn=18698 op=10 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="macAddress memberOf description nsHardwarePlatform objectClass ipaAllowedToPerform memberofindirect l nsOsVersion fqdn managedBy ipaAssignedIDView ipaUniqueID userCertificate krbPrincipalName nsHostLocation userClass" >>> [18/Jan/2016:09:27:55 -0800] conn=18698 op=10 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=18698 op=11 SRCH base="dc=mydomain,dc=net" scope=2 filter="(|(member=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberUser=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberHost=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net))" attrs="" >>> [18/Jan/2016:09:27:55 -0800] conn=18698 op=11 RESULT err=0 tag=101 nentries=0 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=18698 op=12 SRCH base="cn=dns,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >>> [18/Jan/2016:09:27:55 -0800] conn=18698 op=12 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=6 op=38882 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=6 op=38883 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:27:55 -0800] conn=6 op=38883 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=18698 op=13 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(userPassword=*)" attrs="userPassword" >>> [18/Jan/2016:09:27:55 -0800] conn=18698 op=13 RESULT err=0 tag=101 nentries=0 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=6 op=38884 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/fe1-gas-gasqa3-van.login.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:55 -0800] conn=6 op=38884 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=18698 op=14 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(krbPrincipalKey=*)" attrs="krbPrincipalKey" >>> [18/Jan/2016:09:27:55 -0800] conn=18698 op=14 RESULT err=0 tag=101 nentries=0 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=6 op=38885 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:27:55 -0800] conn=6 op=38885 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=18698 op=15 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaSshPubKey" >>> [18/Jan/2016:09:27:55 -0800] conn=18698 op=15 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=18698 op=16 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaDefaultLoginShell ipaCertificateSubjectBase ipaUserSearchFields ipaSELinuxUserMapDefault ipaUserAuthType ipaDefaultPrimaryGroup ipaPwdExpAdvNotify ipaGroupSearchFields ipaDefaultEmailDomain ipaHomesRootDir ipaSearchTimeLimit ipaKrbAuthzData ipaMigrationEnabled ipaSearchRecordsLimit ipaConfigString ipaMaxUsernameLength ipaSELinuxUserMapOrder" >>> [18/Jan/2016:09:27:55 -0800] conn=18698 op=16 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=14994 op=9090 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:27:55 -0800] conn=14994 op=9090 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=18697 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:27:55 -0800] conn=18697 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:27:55 -0800] conn=14994 op=9091 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >>> [18/Jan/2016:09:27:55 -0800] conn=14994 op=9091 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=18698 op=17 UNBIND >>> [18/Jan/2016:09:27:55 -0800] conn=18698 op=17 fd=278 closed - U1 >>> [18/Jan/2016:09:27:55 -0800] conn=18697 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:27:55 -0800] conn=18697 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:27:55 -0800] conn=17562 op=144064 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:27:55 -0800] conn=17562 op=144064 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=18697 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:27:55 -0800] conn=18697 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=fe1-gas-gasqa3-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:55 -0800] conn=17562 op=144065 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:55 -0800] conn=18697 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2842)(!(entryusn=2842)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=fe1-gas-gasqa3-van.login.mydomain.net)(sudoHost=fe1-gas-gasqa3-van)(sudoHost=10.21.5.248)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:640b)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" >>> [18/Jan/2016:09:27:55 -0800] conn=18697 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 >>> [18/Jan/2016:09:27:55 -0800] conn=17562 op=144065 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7ac1000b00110000 >>> [18/Jan/2016:09:27:55 -0800] conn=18699 fd=278 slot=278 connection from 10.21.0.98 to 10.178.0.98 >>> [18/Jan/2016:09:27:55 -0800] conn=18699 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:27:55 -0800] conn=18699 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:27:55 -0800] conn=18699 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:27:55 -0800] conn=18699 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:27:55 -0800] conn=18699 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:27:55 -0800] conn=18699 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:55 -0800] conn=18699 op=3 EXT oid="2.16.840.1.113730.3.8.10.5" name="IPA Password Manager" >>> [18/Jan/2016:09:27:55 -0800] conn=18699 op=3 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=18699 op=4 UNBIND >>> [18/Jan/2016:09:27:55 -0800] conn=18699 op=4 fd=278 closed - U1 >>> [18/Jan/2016:09:27:55 -0800] conn=3 op=82453 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:55 -0800] conn=3 op=82453 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=3 op=82454 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:27:55 -0800] conn=3 op=82454 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=3 op=82455 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:55 -0800] conn=3 op=82455 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=3 op=82456 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >>> [18/Jan/2016:09:27:55 -0800] conn=3 op=82456 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=3 op=82457 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:55 -0800] conn=3 op=82457 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=3 op=82458 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:27:55 -0800] conn=3 op=82458 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=3 op=82459 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:55 -0800] conn=3 op=82459 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=3 op=82460 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >>> [18/Jan/2016:09:27:55 -0800] conn=3 op=82460 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=3 op=82461 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >>> [18/Jan/2016:09:27:55 -0800] conn=3 op=82461 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=3 op=82462 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >>> [18/Jan/2016:09:27:55 -0800] conn=3 op=82462 RESULT err=32 tag=101 nentries=0 etime=0 >>> [18/Jan/2016:09:27:55 -0800] conn=3 op=82463 MOD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:55 -0800] conn=3 op=82463 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22070012000f0000 >>> [18/Jan/2016:09:27:55 -0800] conn=18695 op=4 UNBIND >>> [18/Jan/2016:09:27:55 -0800] conn=18695 op=4 fd=144 closed - U1 >>> [18/Jan/2016:09:27:56 -0800] conn=18683 op=7 UNBIND >>> [18/Jan/2016:09:27:56 -0800] conn=18683 op=7 fd=277 closed - U1 >>> [18/Jan/2016:09:27:56 -0800] conn=14994 op=9092 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:27:56 -0800] conn=14994 op=9092 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144066 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144066 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7c09001b00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144067 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144067 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7c09001c00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144068 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144068 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7da4000500110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144069 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144069 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7da4000600110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144070 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144070 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7ec8000e00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144071 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144071 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c804f000600110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144072 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144072 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c804f000700110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144073 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144073 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8169001900110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144074 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144074 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8169001a00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144075 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144075 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c82c6000600110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144076 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144076 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8416000800110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144077 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144077 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8416000900110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144078 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144078 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c854a000700110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144079 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144079 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c854a000800110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144080 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144080 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8696002500110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144081 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144081 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8696002600110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144082 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144082 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8833000d00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144083 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144083 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8833000e00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144084 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144084 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8964000f00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144085 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144085 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8ae4000600110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144086 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144086 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8c17000900110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144087 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144087 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8d72000500110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144088 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144088 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8ece000a00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144089 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144089 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9023001800110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144090 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144090 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9023001900110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144091 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144091 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9192001400110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144092 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144092 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9192001500110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144093 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144093 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c92e8000400110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144094 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144094 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9463000500110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144095 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144095 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c95c0000500110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144096 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144096 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c95c0000600110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144097 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144097 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c96de001100110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144098 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144098 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c989b000a00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144099 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144099 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c989b000b00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144100 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144100 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c99d4000c00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144101 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144101 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c99d4000d00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144102 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144102 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9b07000a00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144103 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144103 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9ca8000800110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144104 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144104 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9ca8000900110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144105 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144105 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9dca001500110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144106 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144106 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9f15001e00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144107 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144107 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9f15001f00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144108 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144108 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca0bf000a00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144109 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144109 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca0bf000b00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144110 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144110 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca21a000d00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144111 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144111 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca3a6001a00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144112 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144112 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca3a6001b00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144113 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144113 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca4f9000200110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144114 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144114 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca638001a00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144115 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144115 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca638001b00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144116 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144116 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca7b4000c00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144117 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144117 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca7b4000d00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144118 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144118 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca922000d00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144119 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144119 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca922000e00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144120 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144120 RESULT err=32 tag=103 nentries=0 etime=0 csn=569caa84000a00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144121 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144121 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cabf6000d00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144122 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144122 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cabf6000e00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144123 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144123 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cad23000800110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144124 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144124 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cae86001100110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144125 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144125 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cae86001200110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144126 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144126 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb02b000e00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144127 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144127 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb02b000f00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144128 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144128 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb19e000600110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144129 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144129 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb302000800110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144130 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144130 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb463000400110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144131 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144131 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb5b6002300110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144132 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144132 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb733000d00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144133 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144133 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb733000e00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144134 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144134 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb8a4000600110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144135 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144135 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cba11000900110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144136 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144136 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cba11000a00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144137 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144137 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbb52001a00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144138 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144138 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbcc4001c00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144139 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144139 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbcc4001d00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144140 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144140 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbe3a000f00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144141 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144141 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbfa9000500110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144142 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144142 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc10e001000110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144143 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144143 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc10e001100110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144144 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144144 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc240001e00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144145 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144145 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc3a0001000110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144146 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144146 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc3a0001100110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144147 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144147 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc543000d00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144148 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144148 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc6a5000f00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144149 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144149 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc6a5001000110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144150 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144150 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc80d001000110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144151 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144151 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc943000800110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144152 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144152 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cca94000e00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144153 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144153 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccc35001000110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144154 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144154 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccc35001100110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144155 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144155 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccd8a000600110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144156 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144156 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccec0000c00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144157 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144157 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccec0000d00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144158 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144158 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd040000700110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144159 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144159 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd040000800110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144160 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144160 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd185001200110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144161 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144161 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd33d000700110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144162 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144162 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd493000400110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144163 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144163 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd5ed000d00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144164 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144164 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd749000900110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144165 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144165 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd893000500110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144166 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144166 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cda30001600110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144167 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144167 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cda30001700110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144168 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144168 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdb92000a00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144169 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144169 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdcdc000500110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144170 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144170 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cde51000a00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144171 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144171 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdfab000f00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144172 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144172 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce157000700110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144173 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144173 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce2f5001000110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144174 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144174 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce2f5001100110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144175 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144175 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce42d000900110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144176 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144176 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce585000f00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144177 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144177 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce6cf003500110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144178 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144178 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce6cf003600110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144179 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144179 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce860000900110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144180 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144180 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce9ce000900110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144181 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144181 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ceaf9002400110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144182 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144182 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cec51002100110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144183 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144183 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cedb6000900110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144184 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144184 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cedb6000a00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144185 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144185 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cef2a000500110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144186 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144186 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf0af000800110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144187 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144187 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf1cc000c00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144188 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144188 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf1cc000d00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144189 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144189 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf359002000110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144190 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144190 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf4b4000700110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144191 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144191 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf4b4000800110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144192 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144192 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf625000a00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144193 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144193 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf625000b00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144194 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144194 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf7ba000500110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144195 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144195 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf8d4000a00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144196 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144196 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfa64001d00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144197 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144197 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfbb2000800110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144198 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144198 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfd39000700110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144199 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144199 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfed1000a00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144200 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144200 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cffea001000110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144201 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144201 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d018b000600110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144202 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144202 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d02cf001c00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144203 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144203 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d02cf001d00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144204 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144204 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0489001300110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144205 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144205 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d061e000a00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144206 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144206 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0792000200110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144207 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144207 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d092f001500110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144208 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144208 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d092f001600110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144209 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144209 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0a69000800110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144210 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144210 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0c05001200110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144211 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144211 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0d5b001600110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144212 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144212 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0f13000f00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144213 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144213 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0f13001000110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144214 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144214 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1087000b00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144215 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144215 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d121d000500110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144216 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144216 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d13a4001200110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144217 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144217 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d14d5000500110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144218 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144218 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1693000300110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144219 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144219 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d17c4000c00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144220 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144220 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d17c4000d00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144221 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144221 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d194d000900110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144222 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144222 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1add000400110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144223 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144223 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1bef000500110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144224 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144224 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1d9b000500110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144225 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144225 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1edb000900110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144226 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144226 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d206f000600110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144227 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144227 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d21f1000a00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144228 MOD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144228 RESULT err=0 tag=103 nentries=0 etime=0 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144229 MOD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144229 RESULT err=0 tag=103 nentries=0 etime=0 >>> [18/Jan/2016:09:27:57 -0800] conn=18700 fd=144 slot=144 connection from 10.178.0.98 to 10.178.0.98 >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82464 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82464 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82465 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82465 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82466 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82466 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82467 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82467 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82468 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82468 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82469 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82469 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82470 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82470 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82471 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82471 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82472 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82472 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82473 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82473 RESULT err=32 tag=101 nentries=0 etime=0 >>> [18/Jan/2016:09:27:57 -0800] conn=18700 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:27:57 -0800] conn=18700 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:27:57 -0800] conn=18700 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:27:57 -0800] conn=18700 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:27:57 -0800] conn=18700 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:27:57 -0800] conn=18700 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=18700 op=3 UNBIND >>> [18/Jan/2016:09:27:57 -0800] conn=18700 op=3 fd=144 closed - U1 >>> [18/Jan/2016:09:27:57 -0800] conn=18701 fd=144 slot=144 connection from 10.178.0.98 to 10.178.0.98 >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82474 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82474 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82475 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82475 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82476 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82476 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82477 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82477 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82478 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82478 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82479 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82479 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82480 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82480 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82481 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82481 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82482 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82482 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82483 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82483 RESULT err=32 tag=101 nentries=0 etime=0 >>> [18/Jan/2016:09:27:57 -0800] conn=18701 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:27:57 -0800] conn=18701 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:27:57 -0800] conn=18701 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:27:57 -0800] conn=18701 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:27:57 -0800] conn=18701 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:27:57 -0800] conn=18701 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=18701 op=3 UNBIND >>> [18/Jan/2016:09:27:57 -0800] conn=18701 op=3 fd=144 closed - U1 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144230 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144230 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144231 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144231 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:27:57 -0800] conn=18702 fd=144 slot=144 connection from 10.178.0.98 to 10.178.0.98 >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82484 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144232 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=17562 op=144232 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7ac1000b00110000 >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82484 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82485 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82485 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82486 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82486 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82487 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82487 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82488 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82488 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82489 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82489 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82490 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82490 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82491 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82491 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82492 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82492 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82493 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >>> [18/Jan/2016:09:27:57 -0800] conn=3 op=82493 RESULT err=32 tag=101 nentries=0 etime=0 >>> [18/Jan/2016:09:27:57 -0800] conn=18702 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:27:57 -0800] conn=18702 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:27:57 -0800] conn=18702 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:27:57 -0800] conn=18702 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:27:57 -0800] conn=18702 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:27:57 -0800] conn=18702 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=18702 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >>> [18/Jan/2016:09:27:57 -0800] conn=18702 op=3 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:57 -0800] conn=18702 op=4 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=CA))" attrs=ALL >>> [18/Jan/2016:09:27:57 -0800] conn=18702 op=4 RESULT err=0 tag=101 nentries=3 etime=0 >>> [18/Jan/2016:09:27:57 -0800] conn=18702 op=5 UNBIND >>> [18/Jan/2016:09:27:57 -0800] conn=18702 op=5 fd=144 closed - U1 >>> [18/Jan/2016:09:27:57 -0800] conn=18703 fd=144 slot=144 connection from 10.21.0.98 to 10.178.0.98 >>> [18/Jan/2016:09:27:57 -0800] conn=18703 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:27:57 -0800] conn=18703 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:27:57 -0800] conn=18703 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:27:57 -0800] conn=18703 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:27:57 -0800] conn=18703 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:27:57 -0800] conn=18703 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=18703 op=3 SRCH base="cn=certificates,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaCertificate)(objectClass=pkiCA))" attrs="ipaKeyExtUsage cn ipaCertSubject ipaPublicKey cacertificate;binary ipaKeyTrust ipaCertIssuerSerial" >>> [18/Jan/2016:09:27:57 -0800] conn=18703 op=3 RESULT err=0 tag=101 nentries=2 etime=0 >>> [18/Jan/2016:09:27:57 -0800] conn=18703 op=4 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" >>> [18/Jan/2016:09:27:57 -0800] conn=18703 op=4 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:57 -0800] conn=18513 op=5 UNBIND >>> [18/Jan/2016:09:27:57 -0800] conn=18513 op=5 fd=153 closed - U1 >>> [18/Jan/2016:09:27:57 -0800] conn=18704 fd=153 slot=153 connection from 10.178.59.236 to 10.178.0.98 >>> [18/Jan/2016:09:27:57 -0800] conn=18704 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" >>> [18/Jan/2016:09:27:57 -0800] conn=18704 op=0 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:57 -0800] conn=6 op=38886 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/hadoop1-mc-mcci1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/hadoop1-mc-mcci1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:57 -0800] conn=6 op=38886 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:57 -0800] conn=6 op=38887 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:27:57 -0800] conn=6 op=38887 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:57 -0800] conn=6 op=38888 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:57 -0800] conn=6 op=38888 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:57 -0800] conn=6 op=38889 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >>> [18/Jan/2016:09:27:57 -0800] conn=6 op=38889 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:57 -0800] conn=6 op=38890 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/hadoop1-mc-mcci1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/hadoop1-mc-mcci1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:57 -0800] conn=18703 op=5 UNBIND >>> [18/Jan/2016:09:27:57 -0800] conn=18703 op=5 fd=144 closed - U1 >>> [18/Jan/2016:09:27:57 -0800] conn=6 op=38890 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:57 -0800] conn=6 op=38891 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:27:57 -0800] conn=6 op=38891 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:57 -0800] conn=6 op=38892 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:57 -0800] conn=6 op=38892 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:57 -0800] conn=6 op=38893 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >>> [18/Jan/2016:09:27:57 -0800] conn=6 op=38893 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:57 -0800] conn=6 op=38894 SRCH base="fqdn=hadoop1-mc-mcci1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >>> [18/Jan/2016:09:27:57 -0800] conn=6 op=38894 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:57 -0800] conn=6 op=38895 SRCH base="cn=hadoop1-mc-mcci1-nvan.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >>> [18/Jan/2016:09:27:57 -0800] conn=6 op=38895 RESULT err=32 tag=101 nentries=0 etime=0 >>> [18/Jan/2016:09:27:57 -0800] conn=6 op=38896 MOD dn="fqdn=hadoop1-mc-mcci1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:57 -0800] conn=6 op=38896 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2209000e000f0000 >>> [18/Jan/2016:09:27:57 -0800] conn=6 op=38897 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:58 -0800] conn=6 op=38897 RESULT err=0 tag=101 nentries=1 etime=1 >>> [18/Jan/2016:09:27:58 -0800] conn=6 op=38898 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:58 -0800] conn=6 op=38898 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:58 -0800] conn=6 op=38899 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:27:58 -0800] conn=6 op=38899 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:58 -0800] conn=6 op=38900 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/hadoop1-mc-mcci1-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:58 -0800] conn=6 op=38901 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:27:58 -0800] conn=6 op=38901 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:58 -0800] conn=6 op=38900 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:58 -0800] conn=18704 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:27:58 -0800] conn=18704 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:27:58 -0800] conn=18704 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:27:58 -0800] conn=18704 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:27:58 -0800] conn=18704 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:27:58 -0800] conn=18704 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=hadoop1-mc-mcci1-nvan.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:58 -0800] conn=18704 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2)(!(entryusn=2)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=hadoop1-mc-mcci1-nvan.mydomain.net)(sudoHost=hadoop1-mc-mcci1-nvan)(sudoHost=10.178.59.236)(sudoHost=10.178.0.0/16)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" >>> [18/Jan/2016:09:27:58 -0800] conn=18704 op=4 RESULT err=0 tag=101 nentries=7 etime=0 notes=P pr_idx=0 >>> [18/Jan/2016:09:27:59 -0800] conn=18705 fd=144 slot=144 connection from 10.21.42.41 to 10.178.0.98 >>> [18/Jan/2016:09:27:59 -0800] conn=18705 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" >>> [18/Jan/2016:09:27:59 -0800] conn=18705 op=0 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:59 -0800] conn=6 op=38902 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/relay-sf-int-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/relay-sf-int-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:59 -0800] conn=6 op=38902 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:59 -0800] conn=6 op=38903 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:27:59 -0800] conn=6 op=38903 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:59 -0800] conn=6 op=38904 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:59 -0800] conn=6 op=38904 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:59 -0800] conn=6 op=38905 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >>> [18/Jan/2016:09:27:59 -0800] conn=6 op=38905 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:59 -0800] conn=18706 fd=277 slot=277 connection from 10.21.0.98 to 10.178.0.98 >>> [18/Jan/2016:09:27:59 -0800] conn=18706 op=-1 fd=277 closed - B1 >>> [18/Jan/2016:09:27:59 -0800] conn=6 op=38906 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/relay-sf-int-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/relay-sf-int-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:59 -0800] conn=6 op=38906 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:59 -0800] conn=6 op=38907 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:27:59 -0800] conn=6 op=38907 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:59 -0800] conn=6 op=38908 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:59 -0800] conn=6 op=38908 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:59 -0800] conn=6 op=38909 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144233 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=6 op=38909 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144233 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7c09001b00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=6 op=38910 SRCH base="fqdn=relay-sf-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >>> [18/Jan/2016:09:27:59 -0800] conn=6 op=38910 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:59 -0800] conn=6 op=38911 SRCH base="cn=relay-sf-int-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144234 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144234 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7c09001c00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=6 op=38911 RESULT err=32 tag=101 nentries=0 etime=0 >>> [18/Jan/2016:09:27:59 -0800] conn=6 op=38912 MOD dn="fqdn=relay-sf-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144235 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=6 op=38912 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b0000000f0000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144235 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7da4000500110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144236 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144236 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7da4000600110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144237 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144237 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c7ec8000e00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144238 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144238 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c804f000600110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144239 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144239 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c804f000700110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144240 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144240 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8169001900110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144241 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144241 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8169001a00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144242 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144242 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c82c6000600110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144243 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144243 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8416000800110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144244 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144244 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8416000900110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144245 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144245 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c854a000700110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144246 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144246 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c854a000800110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144247 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144247 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8696002500110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144248 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144248 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8696002600110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144249 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144249 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8833000d00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144250 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144250 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8833000e00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144251 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144251 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8964000f00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144252 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144252 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8ae4000600110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144253 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144253 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8c17000900110000 >>> [18/Jan/2016:09:27:59 -0800] conn=6 op=38913 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144254 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144254 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8d72000500110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144255 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144255 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c8ece000a00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144256 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144256 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9023001800110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144257 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144257 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9023001900110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144258 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144258 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9192001400110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144259 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144259 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9192001500110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144260 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144260 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c92e8000400110000 >>> [18/Jan/2016:09:27:59 -0800] conn=6 op=38913 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:59 -0800] conn=6 op=38914 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144261 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144261 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9463000500110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144262 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144262 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c95c0000500110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144263 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144263 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c95c0000600110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144264 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144264 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c96de001100110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144265 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144265 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c989b000a00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144266 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144266 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c989b000b00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144267 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144267 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c99d4000c00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144268 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144268 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c99d4000d00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=6 op=38914 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:59 -0800] conn=6 op=38915 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:27:59 -0800] conn=6 op=38915 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:59 -0800] conn=6 op=38916 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/relay-sf-int-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144269 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144269 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9b07000a00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144270 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144270 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9ca8000800110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144271 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144271 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9ca8000900110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144272 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144272 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9dca001500110000 >>> [18/Jan/2016:09:27:59 -0800] conn=6 op=38916 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:59 -0800] conn=6 op=38917 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:27:59 -0800] conn=6 op=38917 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144273 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144273 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9f15001e00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144274 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144274 RESULT err=32 tag=103 nentries=0 etime=0 csn=569c9f15001f00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144275 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144275 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca0bf000a00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144276 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144276 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca0bf000b00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=18705 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144277 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144277 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca21a000d00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144278 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144278 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca3a6001a00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144279 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144279 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca3a6001b00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144280 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144280 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca4f9000200110000 >>> [18/Jan/2016:09:27:59 -0800] conn=18705 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144281 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144281 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca638001a00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144282 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144282 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca638001b00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144283 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144283 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca7b4000c00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144284 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144284 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca7b4000d00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144285 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144285 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca922000d00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144286 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=3 op=82494 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:59 -0800] conn=18705 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:27:59 -0800] conn=18705 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144286 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ca922000e00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144287 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144287 RESULT err=32 tag=103 nentries=0 etime=0 csn=569caa84000a00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144288 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144288 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cabf6000d00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144289 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144289 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cabf6000e00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144290 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144290 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cad23000800110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144291 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144291 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cae86001100110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144292 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144292 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cae86001200110000 >>> [18/Jan/2016:09:27:59 -0800] conn=18705 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144293 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=3 op=82494 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144293 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb02b000e00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144294 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=18705 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=relay-sf-int-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144294 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb02b000f00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=3 op=82495 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=DNS/dc1-ipa-dev-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=DNS/dc1-ipa-dev-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144295 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=18705 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2842)(!(entryusn=2842)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=relay-sf-int-van.mydomain.net)(sudoHost=relay-sf-int-van)(sudoHost=10.21.42.41)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fea8:8002)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" >>> [18/Jan/2016:09:27:59 -0800] conn=18705 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 >>> [18/Jan/2016:09:27:59 -0800] conn=3 op=82495 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:59 -0800] conn=3 op=82496 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:27:59 -0800] conn=3 op=82496 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:59 -0800] conn=3 op=82497 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:59 -0800] conn=3 op=82497 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:59 -0800] conn=3 op=82498 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:27:59 -0800] conn=3 op=82498 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144295 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb19e000600110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144296 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144296 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb302000800110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144297 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144297 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb463000400110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144298 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144298 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb5b6002300110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144299 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144299 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb733000d00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144300 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144300 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb733000e00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144301 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144301 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cb8a4000600110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144302 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144302 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cba11000900110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144303 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144303 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cba11000a00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144304 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144304 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbb52001a00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144305 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144305 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbcc4001c00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144306 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144306 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbcc4001d00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144307 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144307 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbe3a000f00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144308 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144308 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cbfa9000500110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144309 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144309 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc10e001000110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144310 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144310 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc10e001100110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144311 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144311 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc240001e00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144312 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144312 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc3a0001000110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144313 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144313 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc3a0001100110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144314 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144314 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc543000d00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144315 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144315 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc6a5000f00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144316 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144316 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc6a5001000110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144317 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144317 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc80d001000110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144318 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144318 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cc943000800110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144319 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144319 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cca94000e00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144320 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144320 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccc35001000110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144321 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144321 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccc35001100110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144322 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144322 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccd8a000600110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144323 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144323 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccec0000c00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144324 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144324 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ccec0000d00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144325 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144325 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd040000700110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144326 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144326 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd040000800110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144327 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144327 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd185001200110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144328 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144328 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd33d000700110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144329 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144329 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd493000400110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144330 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144330 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd5ed000d00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144331 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144331 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd749000900110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144332 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144332 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cd893000500110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144333 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144333 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cda30001600110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144334 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144334 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cda30001700110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144335 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144335 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdb92000a00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144336 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144336 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdcdc000500110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144337 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144337 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cde51000a00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144338 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144338 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cdfab000f00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144339 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144339 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce157000700110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144340 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144340 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce2f5001000110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144341 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144341 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce2f5001100110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144342 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144342 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce42d000900110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144343 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144343 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce585000f00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144344 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144344 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce6cf003500110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144345 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144345 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce6cf003600110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144346 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144346 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce860000900110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144347 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144347 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ce9ce000900110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144348 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144348 RESULT err=32 tag=103 nentries=0 etime=0 csn=569ceaf9002400110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144349 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144349 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cec51002100110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144350 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144350 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cedb6000900110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144351 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144351 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cedb6000a00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144352 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144352 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cef2a000500110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144353 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144353 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf0af000800110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144354 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144354 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf1cc000c00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144355 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144355 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf1cc000d00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144356 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144356 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf359002000110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144357 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144357 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf4b4000700110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144358 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144358 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf4b4000800110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144359 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144359 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf625000a00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144360 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144360 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf625000b00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144361 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144361 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf7ba000500110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144362 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144362 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cf8d4000a00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144363 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144363 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfa64001d00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144364 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144364 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfbb2000800110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144365 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144365 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfd39000700110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144366 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144366 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cfed1000a00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144367 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144367 RESULT err=32 tag=103 nentries=0 etime=0 csn=569cffea001000110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144368 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144368 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d018b000600110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144369 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144369 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d02cf001c00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144370 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144370 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d02cf001d00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144371 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144371 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0489001300110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144372 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144372 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d061e000a00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144373 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144373 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0792000200110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144374 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144374 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d092f001500110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144375 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144375 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d092f001600110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144376 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144376 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0a69000800110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144377 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144377 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0c05001200110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144378 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144378 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0d5b001600110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144379 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144379 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0f13000f00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144380 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144380 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d0f13001000110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144381 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144381 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1087000b00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144382 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144382 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d121d000500110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144383 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144383 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d13a4001200110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144384 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144384 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d14d5000500110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144385 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144385 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1693000300110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144386 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144386 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d17c4000c00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144387 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144387 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d17c4000d00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144388 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144388 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d194d000900110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144389 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144389 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1add000400110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144390 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144390 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1bef000500110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144391 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144391 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1d9b000500110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144392 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144392 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d1edb000900110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144393 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144393 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d206f000600110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144394 MOD dn="cn=repl keep alive 17,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144394 RESULT err=32 tag=103 nentries=0 etime=0 csn=569d21f1000a00110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144395 ADD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144395 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d220b000500110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144396 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144396 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000600110000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144397 MOD dn="idnsname=0.21.10.in-addr.arpa.,cn=dns,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144397 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000700110000 >>> [18/Jan/2016:09:27:59 -0800] conn=18707 fd=277 slot=277 connection from 10.178.0.98 to 10.178.0.98 >>> [18/Jan/2016:09:27:59 -0800] conn=13 op=56325 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:59 -0800] conn=13 op=56325 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:59 -0800] conn=13 op=56326 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:59 -0800] conn=13 op=56326 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:59 -0800] conn=13 op=56327 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:27:59 -0800] conn=13 op=56327 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:59 -0800] conn=13 op=56328 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:59 -0800] conn=13 op=56328 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:59 -0800] conn=13 op=56329 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:27:59 -0800] conn=13 op=56329 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:59 -0800] conn=13 op=56330 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" >>> [18/Jan/2016:09:27:59 -0800] conn=13 op=56330 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:59 -0800] conn=13 op=56331 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:27:59 -0800] conn=13 op=56331 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:59 -0800] conn=13 op=56332 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:27:59 -0800] conn=13 op=56332 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:59 -0800] conn=13 op=56333 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >>> [18/Jan/2016:09:27:59 -0800] conn=13 op=56333 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:59 -0800] conn=13 op=56334 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >>> [18/Jan/2016:09:27:59 -0800] conn=13 op=56334 RESULT err=32 tag=101 nentries=0 etime=0 >>> [18/Jan/2016:09:27:59 -0800] conn=18707 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:27:59 -0800] conn=18707 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:27:59 -0800] conn=18707 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:27:59 -0800] conn=18707 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:27:59 -0800] conn=18707 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:27:59 -0800] conn=18707 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=18707 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >>> [18/Jan/2016:09:27:59 -0800] conn=18707 op=3 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:59 -0800] conn=18707 op=4 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" >>> [18/Jan/2016:09:27:59 -0800] conn=18707 op=4 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:59 -0800] conn=18707 op=5 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass" >>> [18/Jan/2016:09:27:59 -0800] conn=18707 op=5 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:59 -0800] conn=18707 op=6 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass ipaSshPubKey" >>> [18/Jan/2016:09:27:59 -0800] conn=18707 op=6 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:59 -0800] conn=18707 op=7 MOD dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=18707 op=7 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000c000f0000 >>> [18/Jan/2016:09:27:59 -0800] conn=18707 op=8 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="macAddress memberOf ipaSshPubKey description nsHardwarePlatform ipaAllowedToPerform memberofindirect l nsOsVersion fqdn managedBy ipaAssignedIDView userCertificate krbPrincipalName nsHostLocation userClass" >>> [18/Jan/2016:09:27:59 -0800] conn=18707 op=8 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:59 -0800] conn=18707 op=9 SRCH base="dc=mydomain,dc=net" scope=2 filter="(|(member=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberUser=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberHost=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net))" attrs="" >>> [18/Jan/2016:09:27:59 -0800] conn=18707 op=9 RESULT err=0 tag=101 nentries=0 etime=0 >>> [18/Jan/2016:09:27:59 -0800] conn=18707 op=10 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(userPassword=*)" attrs="userPassword" >>> [18/Jan/2016:09:27:59 -0800] conn=18707 op=10 RESULT err=0 tag=101 nentries=0 etime=0 >>> [18/Jan/2016:09:27:59 -0800] conn=18707 op=11 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(krbPrincipalKey=*)" attrs="krbPrincipalKey" >>> [18/Jan/2016:09:27:59 -0800] conn=18707 op=11 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:27:59 -0800] conn=18707 op=12 UNBIND >>> [18/Jan/2016:09:27:59 -0800] conn=18707 op=12 fd=277 closed - U1 >>> [18/Jan/2016:09:27:59 -0800] conn=14994 op=9093 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:27:59 -0800] conn=14994 op=9093 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144398 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144398 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:27:59 -0800] conn=273 op=207 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144399 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144399 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:27:59 -0800] conn=273 op=207 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000e000f0000 >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144400 ADD dn="idnsName=98,idnsname=0.21.10.in-addr.arpa.,cn=dns,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=17562 op=144400 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d220b000800110000 >>> [18/Jan/2016:09:27:59 -0800] conn=273 op=208 MOD dn="idnsname=0.21.10.in-addr.arpa.,cn=dns,dc=mydomain,dc=net" >>> [18/Jan/2016:09:27:59 -0800] conn=273 op=208 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000f000f0000 >>> [18/Jan/2016:09:28:01 -0800] conn=7882 op=1362 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf nsUniqueId modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock" >>> [18/Jan/2016:09:28:01 -0800] conn=7882 op=1362 RESULT err=0 tag=101 nentries=0 etime=0 >>> [18/Jan/2016:09:28:01 -0800] conn=7882 op=1363 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(uid=zimbra)(objectClass=posixAccount))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf nsUniqueId modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock" >>> [18/Jan/2016:09:28:01 -0800] conn=7882 op=1363 RESULT err=0 tag=101 nentries=0 etime=0 >>> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144401 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >>> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144401 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b000f00110000 >>> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144402 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >>> [18/Jan/2016:09:28:01 -0800] conn=273 op=209 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >>> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144402 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001000110000 >>> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144403 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >>> [18/Jan/2016:09:28:01 -0800] conn=273 op=209 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d0002000f0000 >>> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144403 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001100110000 >>> [18/Jan/2016:09:28:01 -0800] conn=273 op=210 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >>> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144404 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >>> [18/Jan/2016:09:28:01 -0800] conn=273 op=210 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d0004000f0000 >>> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144404 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001200110000 >>> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144405 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >>> [18/Jan/2016:09:28:01 -0800] conn=273 op=211 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >>> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144405 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001300110000 >>> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144406 MOD dn="idnsName=dc2-ipa-dev-van,idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >>> [18/Jan/2016:09:28:01 -0800] conn=273 op=211 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d0006000f0000 >>> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144406 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001400110000 >>> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144407 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >>> [18/Jan/2016:09:28:01 -0800] conn=273 op=212 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >>> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144407 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220b001500110000 >>> [18/Jan/2016:09:28:01 -0800] conn=273 op=212 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d0009000f0000 >>> [18/Jan/2016:09:28:01 -0800] conn=273 op=213 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >>> [18/Jan/2016:09:28:01 -0800] conn=273 op=213 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d000b000f0000 >>> [18/Jan/2016:09:28:01 -0800] conn=273 op=214 MOD dn="idnsname=mydomain.net.,cn=dns,dc=mydomain,dc=net" >>> [18/Jan/2016:09:28:01 -0800] conn=273 op=214 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d220d000d000f0000 >>> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144408 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >>> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144408 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144409 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144409 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144410 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >>> [18/Jan/2016:09:28:01 -0800] conn=17562 op=144410 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9094 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9094 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9095 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >>> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9095 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9096 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9096 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9097 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >>> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9097 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9098 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9098 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9099 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >>> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9099 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9100 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9100 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9101 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >>> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9101 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9102 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9102 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9103 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >>> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9103 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9104 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9104 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9105 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >>> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9105 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9106 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9106 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9107 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >>> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9107 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9108 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9108 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9109 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >>> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9109 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9110 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9110 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9111 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >>> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9111 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9112 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9112 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9113 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >>> [18/Jan/2016:09:28:02 -0800] conn=14994 op=9113 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144411 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144411 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144412 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >>> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144412 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144413 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144413 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144414 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >>> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144414 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:04 -0800] conn=18708 fd=277 slot=277 connection from 10.21.20.251 to 10.178.0.98 >>> [18/Jan/2016:09:28:04 -0800] conn=18708 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" >>> [18/Jan/2016:09:28:04 -0800] conn=18708 op=0 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:04 -0800] conn=7 op=36505 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/spool2-ops-flex-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/spool2-ops-flex-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:28:04 -0800] conn=7 op=36505 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:04 -0800] conn=7 op=36506 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:28:04 -0800] conn=7 op=36506 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:04 -0800] conn=7 op=36507 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:28:04 -0800] conn=7 op=36507 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:04 -0800] conn=7 op=36508 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >>> [18/Jan/2016:09:28:04 -0800] conn=7 op=36508 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:04 -0800] conn=3 op=82499 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/spool2-ops-flex-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/spool2-ops-flex-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:28:04 -0800] conn=3 op=82499 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:04 -0800] conn=3 op=82500 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:28:04 -0800] conn=3 op=82500 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:04 -0800] conn=3 op=82501 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:28:04 -0800] conn=3 op=82501 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:04 -0800] conn=3 op=82502 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >>> [18/Jan/2016:09:28:04 -0800] conn=3 op=82502 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:04 -0800] conn=3 op=82503 SRCH base="fqdn=spool2-ops-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >>> [18/Jan/2016:09:28:04 -0800] conn=3 op=82503 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:04 -0800] conn=3 op=82504 SRCH base="cn=spool2-ops-flex-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >>> [18/Jan/2016:09:28:04 -0800] conn=3 op=82504 RESULT err=32 tag=101 nentries=0 etime=0 >>> [18/Jan/2016:09:28:04 -0800] conn=3 op=82505 MOD dn="fqdn=spool2-ops-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >>> [18/Jan/2016:09:28:04 -0800] conn=3 op=82505 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22100000000f0000 >>> [18/Jan/2016:09:28:04 -0800] conn=3 op=82506 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:28:04 -0800] conn=3 op=82506 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:04 -0800] conn=3 op=82507 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:28:04 -0800] conn=3 op=82507 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:04 -0800] conn=3 op=82508 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:28:04 -0800] conn=3 op=82508 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:04 -0800] conn=3 op=82509 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/spool2-ops-flex-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:28:04 -0800] conn=3 op=82509 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:04 -0800] conn=3 op=82510 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:28:04 -0800] conn=3 op=82510 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:04 -0800] conn=18708 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:04 -0800] conn=18708 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:28:04 -0800] conn=18708 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:04 -0800] conn=18708 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:28:04 -0800] conn=18708 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:04 -0800] conn=18708 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=spool2-ops-flex-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >>> [18/Jan/2016:09:28:04 -0800] conn=18708 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2842)(!(entryusn=2842)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=spool2-ops-flex-van.mydomain.net)(sudoHost=spool2-ops-flex-van)(sudoHost=10.21.20.251)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:769c)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" >>> [18/Jan/2016:09:28:04 -0800] conn=18708 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 >>> [18/Jan/2016:09:28:04 -0800] conn=14994 op=9114 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:28:04 -0800] conn=14994 op=9114 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:04 -0800] conn=14994 op=9115 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >>> [18/Jan/2016:09:28:04 -0800] conn=14994 op=9115 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144415 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144415 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144416 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >>> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144416 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144417 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144417 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144418 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >>> [18/Jan/2016:09:28:04 -0800] conn=17562 op=144418 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:05 -0800] conn=17562 op=144419 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:28:05 -0800] conn=17562 op=144419 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:05 -0800] conn=17562 op=144420 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >>> [18/Jan/2016:09:28:05 -0800] conn=17562 op=144420 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:05 -0800] conn=17562 op=144421 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:28:05 -0800] conn=17562 op=144421 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:05 -0800] conn=17562 op=144422 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >>> [18/Jan/2016:09:28:05 -0800] conn=17562 op=144422 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:05 -0800] conn=18709 fd=278 slot=278 SSL connection from 10.21.0.98 to 10.178.0.98 >>> [18/Jan/2016:09:28:05 -0800] conn=18709 TLS1.2 128-bit AES >>> [18/Jan/2016:09:28:05 -0800] conn=18709 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:05 -0800] conn=18709 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:28:05 -0800] conn=18709 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:05 -0800] conn=18709 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:28:05 -0800] conn=18709 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:05 -0800] conn=18709 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >>> [18/Jan/2016:09:28:05 -0800] conn=18710 fd=279 slot=279 SSL connection from 10.21.0.98 to 10.178.0.98 >>> [18/Jan/2016:09:28:05 -0800] conn=18710 TLS1.2 128-bit AES >>> [18/Jan/2016:09:28:05 -0800] conn=18710 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:05 -0800] conn=18710 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:28:05 -0800] conn=18710 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:05 -0800] conn=18710 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:28:05 -0800] conn=18710 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:05 -0800] conn=18710 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >>> [18/Jan/2016:09:28:05 -0800] conn=18709 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >>> [18/Jan/2016:09:28:06 -0800] conn=18709 op=3 RESULT err=0 tag=101 nentries=1 etime=1 >>> [18/Jan/2016:09:28:06 -0800] conn=18709 op=4 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" >>> [18/Jan/2016:09:28:06 -0800] conn=18709 op=4 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:06 -0800] conn=18709 op=5 SRCH base="cn=Domain Level,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaDomainLevel" >>> [18/Jan/2016:09:28:06 -0800] conn=18709 op=5 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:06 -0800] conn=18709 op=6 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" >>> [18/Jan/2016:09:28:06 -0800] conn=18709 op=6 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:06 -0800] conn=18709 op=7 SRCH base="cn=hostgroups,cn=accounts,dc=mydomain,dc=net" scope=1 filter="(&(&(&(objectClass=ipaobject)(objectClass=ipahostgroup))(cn=ipaservers))(member=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net))" attrs="cn memberOf memberofindirect member memberindirect description" >>> [18/Jan/2016:09:28:06 -0800] conn=18709 op=7 RESULT err=0 tag=101 nentries=0 etime=0 >>> [18/Jan/2016:09:28:06 -0800] conn=18709 op=8 UNBIND >>> [18/Jan/2016:09:28:06 -0800] conn=18709 op=8 fd=278 closed - U1 >>> [18/Jan/2016:09:28:06 -0800] conn=18711 fd=278 slot=278 SSL connection from 10.21.0.98 to 10.178.0.98 >>> [18/Jan/2016:09:28:06 -0800] conn=18711 TLS1.2 128-bit AES >>> [18/Jan/2016:09:28:06 -0800] conn=18711 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:06 -0800] conn=18711 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:28:06 -0800] conn=18711 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:06 -0800] conn=18711 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:28:06 -0800] conn=18711 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:06 -0800] conn=18711 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" >>> [18/Jan/2016:09:28:06 -0800] conn=18711 op=3 SRCH base="cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="memberofindirect cn memberOf * member memberindirect description aci" >>> [18/Jan/2016:09:28:06 -0800] conn=18711 op=3 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:06 -0800] conn=18711 op=4 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" >>> [18/Jan/2016:09:28:06 -0800] conn=18711 op=4 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:06 -0800] conn=18711 op=5 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(member=*)(memberOf=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net))" attrs="member" >>> [18/Jan/2016:09:28:06 -0800] conn=18711 op=5 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 >>> [18/Jan/2016:09:28:06 -0800] conn=18711 op=6 SRCH base="dc=mydomain,dc=net" scope=2 filter="(|(member=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net)(memberUser=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net)(memberHost=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net))" attrs="" >>> [18/Jan/2016:09:28:06 -0800] conn=18711 op=6 RESULT err=0 tag=101 nentries=2 etime=0 >>> [18/Jan/2016:09:28:06 -0800] conn=18711 op=7 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=krbPrincipalAux)(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs=ALL >>> [18/Jan/2016:09:28:06 -0800] conn=18711 op=7 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:06 -0800] conn=18711 op=8 SRCH base="cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="cosPriority * nsAccountLock aci" >>> [18/Jan/2016:09:28:06 -0800] conn=18711 op=8 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:06 -0800] conn=18711 op=9 SRCH base="cn=ipaservers,cn=ng,cn=alt,dc=mydomain,dc=net" scope=0 filter="(objectClass=mepmanagedentry)" attrs="" >>> [18/Jan/2016:09:28:06 -0800] conn=18711 op=9 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:06 -0800] conn=18711 op=10 UNBIND >>> [18/Jan/2016:09:28:06 -0800] conn=18711 op=10 fd=278 closed - U1 >>> [18/Jan/2016:09:28:06 -0800] conn=18712 fd=278 slot=278 SSL connection from 10.21.0.98 to 10.178.0.98 >>> [18/Jan/2016:09:28:06 -0800] conn=18712 TLS1.2 128-bit AES >>> [18/Jan/2016:09:28:06 -0800] conn=18712 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:06 -0800] conn=18515 op=6 UNBIND >>> [18/Jan/2016:09:28:06 -0800] conn=18515 op=6 fd=166 closed - U1 >>> [18/Jan/2016:09:28:06 -0800] conn=18712 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:28:06 -0800] conn=18712 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:06 -0800] conn=18712 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:28:06 -0800] conn=18712 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:06 -0800] conn=18712 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >>> [18/Jan/2016:09:28:06 -0800] conn=18712 op=3 SRCH base="cn=meTodc2-ipa-dev-van.mydomain.net,cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" scope=0 filter="(objectClass=*)" attrs="* aci" >>> [18/Jan/2016:09:28:06 -0800] conn=18712 op=3 RESULT err=32 tag=101 nentries=0 etime=0 >>> [18/Jan/2016:09:28:06 -0800] conn=18712 op=4 SRCH base="cn=replication managers,cn=sysaccounts,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >>> [18/Jan/2016:09:28:06 -0800] conn=18712 op=4 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:06 -0800] conn=18712 op=5 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" >>> [18/Jan/2016:09:28:06 -0800] conn=18712 op=5 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:07 -0800] conn=18712 op=6 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=DNS))" attrs=ALL >>> [18/Jan/2016:09:28:07 -0800] conn=18712 op=6 RESULT err=0 tag=101 nentries=3 etime=0 >>> [18/Jan/2016:09:28:07 -0800] conn=18712 op=7 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(ipaConfigString=enabledService)(cn=CA))" attrs=ALL >>> [18/Jan/2016:09:28:07 -0800] conn=18712 op=7 RESULT err=0 tag=101 nentries=3 etime=0 notes=U >>> [18/Jan/2016:09:28:07 -0800] conn=18712 op=8 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(ipaConfigString=enabledService)(cn=KRA))" attrs=ALL >>> [18/Jan/2016:09:28:07 -0800] conn=18712 op=8 RESULT err=0 tag=101 nentries=0 etime=0 notes=U >>> [18/Jan/2016:09:28:07 -0800] conn=18710 op=3 UNBIND >>> [18/Jan/2016:09:28:07 -0800] conn=18710 op=3 fd=279 closed - U1 >>> [18/Jan/2016:09:28:07 -0800] conn=18712 op=9 UNBIND >>> [18/Jan/2016:09:28:07 -0800] conn=18712 op=9 fd=278 closed - U1 >>> [18/Jan/2016:09:28:07 -0800] conn=18713 fd=166 slot=166 connection from 10.178.0.98 to 10.178.0.98 >>> [18/Jan/2016:09:28:07 -0800] conn=3 op=82511 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:28:07 -0800] conn=3 op=82511 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:07 -0800] conn=3 op=82512 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:28:07 -0800] conn=3 op=82512 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:07 -0800] conn=3 op=82513 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:28:07 -0800] conn=3 op=82513 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:07 -0800] conn=3 op=82514 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:28:07 -0800] conn=3 op=82514 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:07 -0800] conn=3 op=82515 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:28:07 -0800] conn=3 op=82515 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:07 -0800] conn=3 op=82516 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" >>> [18/Jan/2016:09:28:07 -0800] conn=3 op=82516 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:07 -0800] conn=3 op=82517 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:28:07 -0800] conn=3 op=82517 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:07 -0800] conn=3 op=82518 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:28:07 -0800] conn=3 op=82518 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:07 -0800] conn=3 op=82519 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >>> [18/Jan/2016:09:28:07 -0800] conn=3 op=82519 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:07 -0800] conn=3 op=82520 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >>> [18/Jan/2016:09:28:07 -0800] conn=3 op=82520 RESULT err=32 tag=101 nentries=0 etime=0 >>> [18/Jan/2016:09:28:07 -0800] conn=18713 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:07 -0800] conn=18713 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:28:07 -0800] conn=18713 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:07 -0800] conn=18713 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:28:07 -0800] conn=18713 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:07 -0800] conn=18713 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >>> [18/Jan/2016:09:28:07 -0800] conn=18713 op=3 UNBIND >>> [18/Jan/2016:09:28:07 -0800] conn=18713 op=3 fd=166 closed - U1 >>> [18/Jan/2016:09:28:07 -0800] conn=18714 fd=166 slot=166 connection from 10.178.0.98 to 10.178.0.98 >>> [18/Jan/2016:09:28:07 -0800] conn=7 op=36509 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:28:07 -0800] conn=7 op=36509 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:07 -0800] conn=7 op=36510 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:28:07 -0800] conn=7 op=36510 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:07 -0800] conn=7 op=36511 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:28:07 -0800] conn=7 op=36511 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:07 -0800] conn=7 op=36512 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:28:07 -0800] conn=7 op=36512 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:07 -0800] conn=7 op=36513 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:28:07 -0800] conn=7 op=36513 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:07 -0800] conn=7 op=36514 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" >>> [18/Jan/2016:09:28:07 -0800] conn=7 op=36514 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:07 -0800] conn=7 op=36515 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:28:07 -0800] conn=7 op=36515 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:07 -0800] conn=7 op=36516 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:28:07 -0800] conn=7 op=36516 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:07 -0800] conn=7 op=36517 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >>> [18/Jan/2016:09:28:07 -0800] conn=7 op=36517 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:07 -0800] conn=7 op=36518 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >>> [18/Jan/2016:09:28:07 -0800] conn=7 op=36518 RESULT err=32 tag=101 nentries=0 etime=0 >>> [18/Jan/2016:09:28:07 -0800] conn=18714 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:07 -0800] conn=18714 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:28:07 -0800] conn=18714 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:07 -0800] conn=18714 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:28:07 -0800] conn=18714 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:07 -0800] conn=18714 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >>> [18/Jan/2016:09:28:07 -0800] conn=18714 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >>> [18/Jan/2016:09:28:07 -0800] conn=18714 op=3 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:07 -0800] conn=18714 op=4 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=DNS))" attrs=ALL >>> [18/Jan/2016:09:28:07 -0800] conn=18714 op=4 RESULT err=0 tag=101 nentries=3 etime=0 >>> [18/Jan/2016:09:28:07 -0800] conn=18714 op=5 UNBIND >>> [18/Jan/2016:09:28:07 -0800] conn=18714 op=5 fd=166 closed - U1 >>> [18/Jan/2016:09:28:07 -0800] conn=18715 fd=166 slot=166 connection from 10.21.0.98 to 10.178.0.98 >>> [18/Jan/2016:09:28:07 -0800] conn=18715 op=-1 fd=166 closed - B1 >>> [18/Jan/2016:09:28:07 -0800] conn=18716 fd=166 slot=166 SSL connection from 10.21.0.98 to 10.178.0.98 >>> [18/Jan/2016:09:28:07 -0800] conn=18716 op=-1 fd=166 closed - Encountered end of file. >>> [18/Jan/2016:09:28:07 -0800] conn=14994 op=9116 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:28:07 -0800] conn=14994 op=9116 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:07 -0800] conn=14994 op=9117 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >>> [18/Jan/2016:09:28:07 -0800] conn=14994 op=9117 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:09 -0800] conn=18516 op=9 UNBIND >>> [18/Jan/2016:09:28:09 -0800] conn=18516 op=9 fd=168 closed - U1 >>> [18/Jan/2016:09:28:09 -0800] conn=18717 fd=166 slot=166 connection from 10.178.0.98 to 10.178.0.98 >>> [18/Jan/2016:09:28:09 -0800] conn=13 op=56335 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:28:09 -0800] conn=13 op=56335 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:09 -0800] conn=13 op=56336 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:28:09 -0800] conn=13 op=56336 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:09 -0800] conn=13 op=56337 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:28:09 -0800] conn=13 op=56337 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:09 -0800] conn=13 op=56338 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:28:09 -0800] conn=13 op=56338 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:09 -0800] conn=13 op=56339 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:28:09 -0800] conn=13 op=56339 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:09 -0800] conn=13 op=56340 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" >>> [18/Jan/2016:09:28:09 -0800] conn=13 op=56340 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:09 -0800] conn=13 op=56341 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:28:09 -0800] conn=13 op=56341 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:09 -0800] conn=13 op=56342 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:28:09 -0800] conn=13 op=56342 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:09 -0800] conn=13 op=56343 SRCH base="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >>> [18/Jan/2016:09:28:09 -0800] conn=13 op=56343 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:09 -0800] conn=18717 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:09 -0800] conn=18717 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:28:09 -0800] conn=18717 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:09 -0800] conn=18717 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:28:09 -0800] conn=18717 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:09 -0800] conn=18717 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" >>> [18/Jan/2016:09:28:09 -0800] conn=18717 op=3 UNBIND >>> [18/Jan/2016:09:28:09 -0800] conn=18717 op=3 fd=166 closed - U1 >>> [18/Jan/2016:09:28:10 -0800] conn=18718 fd=166 slot=166 connection from 10.178.0.98 to 10.178.0.98 >>> [18/Jan/2016:09:28:10 -0800] conn=13 op=56344 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:28:10 -0800] conn=13 op=56344 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:10 -0800] conn=13 op=56345 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:28:10 -0800] conn=13 op=56345 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:10 -0800] conn=13 op=56346 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:28:10 -0800] conn=13 op=56346 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:10 -0800] conn=13 op=56347 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:28:10 -0800] conn=13 op=56347 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:10 -0800] conn=13 op=56348 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:28:10 -0800] conn=13 op=56348 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:10 -0800] conn=13 op=56349 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" >>> [18/Jan/2016:09:28:10 -0800] conn=13 op=56349 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:10 -0800] conn=13 op=56350 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:28:10 -0800] conn=13 op=56350 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:10 -0800] conn=13 op=56351 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:28:10 -0800] conn=13 op=56351 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:10 -0800] conn=13 op=56352 SRCH base="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >>> [18/Jan/2016:09:28:10 -0800] conn=13 op=56352 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:10 -0800] conn=18718 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:10 -0800] conn=18718 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:28:10 -0800] conn=18718 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:10 -0800] conn=18718 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:28:10 -0800] conn=18718 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:10 -0800] conn=18718 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" >>> [18/Jan/2016:09:28:10 -0800] conn=18718 op=3 UNBIND >>> [18/Jan/2016:09:28:10 -0800] conn=18718 op=3 fd=166 closed - U1 >>> [18/Jan/2016:09:28:10 -0800] conn=18719 fd=166 slot=166 connection from 10.178.0.98 to 10.178.0.98 >>> [18/Jan/2016:09:28:10 -0800] conn=3 op=82521 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:28:10 -0800] conn=3 op=82521 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:10 -0800] conn=3 op=82522 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:28:10 -0800] conn=3 op=82522 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:10 -0800] conn=3 op=82523 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:28:10 -0800] conn=3 op=82523 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:10 -0800] conn=3 op=82524 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:28:10 -0800] conn=3 op=82524 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:10 -0800] conn=3 op=82525 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:28:10 -0800] conn=3 op=82525 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:10 -0800] conn=3 op=82526 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" >>> [18/Jan/2016:09:28:10 -0800] conn=3 op=82526 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:10 -0800] conn=3 op=82527 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:28:10 -0800] conn=3 op=82527 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:10 -0800] conn=3 op=82528 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:28:10 -0800] conn=3 op=82528 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:10 -0800] conn=3 op=82529 SRCH base="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >>> [18/Jan/2016:09:28:10 -0800] conn=3 op=82529 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:10 -0800] conn=18719 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:10 -0800] conn=18719 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:28:10 -0800] conn=18719 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:10 -0800] conn=18719 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:28:10 -0800] conn=18719 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:10 -0800] conn=18719 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" >>> [18/Jan/2016:09:28:10 -0800] conn=18719 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >>> [18/Jan/2016:09:28:10 -0800] conn=18719 op=3 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:10 -0800] conn=18719 op=4 SRCH base="cn=dc2-ipa-dev-nvan.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" >>> [18/Jan/2016:09:28:10 -0800] conn=18719 op=4 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:10 -0800] conn=18719 op=5 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(memberOf=cn=Replication Administrators,cn=privileges,cn=pbac,dc=mydomain,dc=net)(krbPrincipalName=nathan.peters at MYDOMAIN.NET))" attrs=ALL >>> [18/Jan/2016:09:28:10 -0800] conn=18719 op=5 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:11 -0800] conn=18719 op=6 UNBIND >>> [18/Jan/2016:09:28:11 -0800] conn=18719 op=6 fd=166 closed - U1 >>> [18/Jan/2016:09:28:11 -0800] conn=17562 op=144423 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:28:11 -0800] conn=17562 op=144423 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:11 -0800] conn=17562 op=144424 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >>> [18/Jan/2016:09:28:11 -0800] conn=17562 op=144424 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:11 -0800] conn=17562 op=144425 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:28:11 -0800] conn=17562 op=144425 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:11 -0800] conn=17562 op=144426 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >>> [18/Jan/2016:09:28:11 -0800] conn=17562 op=144426 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:12 -0800] conn=18720 fd=166 slot=166 SSL connection from 10.21.0.98 to 10.178.0.98 >>> [18/Jan/2016:09:28:12 -0800] conn=18720 TLS1.2 128-bit AES >>> [18/Jan/2016:09:28:12 -0800] conn=18720 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:12 -0800] conn=18720 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:28:12 -0800] conn=18720 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:12 -0800] conn=18720 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:28:12 -0800] conn=18720 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:12 -0800] conn=18720 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" >>> [18/Jan/2016:09:28:12 -0800] conn=18720 op=3 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" >>> [18/Jan/2016:09:28:12 -0800] conn=18720 op=3 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:12 -0800] conn=18720 op=4 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" >>> [18/Jan/2016:09:28:12 -0800] conn=18720 op=4 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:12 -0800] conn=18720 op=5 MOD dn="cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net" >>> [18/Jan/2016:09:28:12 -0800] conn=18720 op=5 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22180003000f0000 >>> [18/Jan/2016:09:28:12 -0800] conn=18720 op=6 SRCH base="cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="cn memberOf memberofindirect member memberindirect description" >>> [18/Jan/2016:09:28:12 -0800] conn=18720 op=6 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:12 -0800] conn=18720 op=7 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" >>> [18/Jan/2016:09:28:12 -0800] conn=14994 op=9118 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:28:12 -0800] conn=14994 op=9118 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:12 -0800] conn=14994 op=9119 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >>> [18/Jan/2016:09:28:12 -0800] conn=14994 op=9119 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:12 -0800] conn=14994 op=9120 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:28:12 -0800] conn=14994 op=9120 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:12 -0800] conn=14994 op=9121 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >>> [18/Jan/2016:09:28:12 -0800] conn=14994 op=9121 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:12 -0800] conn=17562 op=144427 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:28:12 -0800] conn=17562 op=144427 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:12 -0800] conn=17562 op=144428 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >>> [18/Jan/2016:09:28:12 -0800] conn=17562 op=144428 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:12 -0800] conn=17562 op=144429 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:28:12 -0800] conn=17562 op=144429 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:12 -0800] conn=17562 op=144430 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >>> [18/Jan/2016:09:28:12 -0800] conn=17562 op=144430 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:12 -0800] conn=18720 op=7 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:12 -0800] conn=18720 op=8 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(member=*)(memberOf=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net))" attrs="member" >>> [18/Jan/2016:09:28:12 -0800] conn=18720 op=8 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 >>> [18/Jan/2016:09:28:12 -0800] conn=18720 op=9 SRCH base="dc=mydomain,dc=net" scope=2 filter="(|(member=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net)(memberUser=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net)(memberHost=cn=ipaservers,cn=hostgroups,cn=accounts,dc=mydomain,dc=net))" attrs="" >>> [18/Jan/2016:09:28:12 -0800] conn=18720 op=9 RESULT err=0 tag=101 nentries=2 etime=0 >>> [18/Jan/2016:09:28:12 -0800] conn=18720 op=10 SRCH base="cn=ipaservers,cn=ng,cn=alt,dc=mydomain,dc=net" scope=0 filter="(objectClass=mepmanagedentry)" attrs="" >>> [18/Jan/2016:09:28:12 -0800] conn=18720 op=10 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:12 -0800] conn=18720 op=11 UNBIND >>> [18/Jan/2016:09:28:12 -0800] conn=18720 op=11 fd=166 closed - U1 >>> [18/Jan/2016:09:28:13 -0800] conn=14994 op=9122 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:28:13 -0800] conn=14994 op=9122 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:13 -0800] conn=14994 op=9123 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >>> [18/Jan/2016:09:28:13 -0800] conn=14994 op=9123 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:13 -0800] conn=18721 fd=166 slot=166 connection from 10.21.0.98 to 10.178.0.98 >>> [18/Jan/2016:09:28:13 -0800] conn=18721 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:13 -0800] conn=18721 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:28:13 -0800] conn=18721 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:13 -0800] conn=18721 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:28:13 -0800] conn=18721 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:13 -0800] conn=18721 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >>> [18/Jan/2016:09:28:13 -0800] conn=18721 op=3 SRCH base="cn=cacert,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(cacertificate;binary=*)" attrs="cacertificate;binary" >>> [18/Jan/2016:09:28:13 -0800] conn=18721 op=3 RESULT err=0 tag=101 nentries=1 etime=0 notes=U >>> [18/Jan/2016:09:28:13 -0800] conn=18721 op=-1 fd=166 closed - B1 >>> [18/Jan/2016:09:28:15 -0800] conn=18722 fd=166 slot=166 connection from 10.21.31.31 to 10.178.0.98 >>> [18/Jan/2016:09:28:15 -0800] conn=18722 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" >>> [18/Jan/2016:09:28:15 -0800] conn=18722 op=0 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:15 -0800] conn=13 op=56353 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/fe1-gas-salqa1-van.login.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/fe1-gas-salqa1-van.login.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:28:15 -0800] conn=13 op=56353 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:15 -0800] conn=13 op=56354 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:28:15 -0800] conn=13 op=56354 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:15 -0800] conn=13 op=56355 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:28:15 -0800] conn=13 op=56355 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:15 -0800] conn=13 op=56356 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >>> [18/Jan/2016:09:28:15 -0800] conn=13 op=56356 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:15 -0800] conn=13 op=56357 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/fe1-gas-salqa1-van.login.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/fe1-gas-salqa1-van.login.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:28:15 -0800] conn=13 op=56357 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:15 -0800] conn=13 op=56358 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:28:15 -0800] conn=13 op=56358 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:15 -0800] conn=13 op=56359 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:28:15 -0800] conn=13 op=56359 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:15 -0800] conn=13 op=56360 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >>> [18/Jan/2016:09:28:15 -0800] conn=13 op=56360 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:15 -0800] conn=13 op=56361 SRCH base="fqdn=fe1-gas-salqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >>> [18/Jan/2016:09:28:15 -0800] conn=13 op=56361 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:15 -0800] conn=13 op=56362 SRCH base="cn=fe1-gas-salqa1-van.login.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >>> [18/Jan/2016:09:28:15 -0800] conn=13 op=56362 RESULT err=32 tag=101 nentries=0 etime=0 >>> [18/Jan/2016:09:28:15 -0800] conn=13 op=56363 MOD dn="fqdn=fe1-gas-salqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >>> [18/Jan/2016:09:28:15 -0800] conn=13 op=56363 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d221b0000000f0000 >>> [18/Jan/2016:09:28:15 -0800] conn=13 op=56364 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:28:15 -0800] conn=13 op=56364 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:15 -0800] conn=13 op=56365 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:28:15 -0800] conn=13 op=56365 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:15 -0800] conn=13 op=56366 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:28:15 -0800] conn=13 op=56366 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:15 -0800] conn=13 op=56367 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/fe1-gas-salqa1-van.login.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:28:15 -0800] conn=13 op=56367 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:15 -0800] conn=13 op=56368 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:28:15 -0800] conn=13 op=56368 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:15 -0800] conn=18722 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:15 -0800] conn=18722 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:28:15 -0800] conn=18722 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:15 -0800] conn=18722 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:28:15 -0800] conn=18722 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:15 -0800] conn=18722 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=fe1-gas-salqa1-van.login.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >>> [18/Jan/2016:09:28:15 -0800] conn=18722 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2842)(!(entryusn=2842)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=fe1-gas-salqa1-van.login.mydomain.net)(sudoHost=fe1-gas-salqa1-van)(sudoHost=10.21.31.31)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:3fd2)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" >>> [18/Jan/2016:09:28:15 -0800] conn=18722 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 >>> [18/Jan/2016:09:28:16 -0800] conn=18723 fd=168 slot=168 connection from 10.21.23.93 to 10.178.0.98 >>> [18/Jan/2016:09:28:16 -0800] conn=18723 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" >>> [18/Jan/2016:09:28:16 -0800] conn=18723 op=0 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:16 -0800] conn=3 op=82530 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/collector2-sal-cpqa1-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/collector2-sal-cpqa1-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:28:16 -0800] conn=3 op=82530 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:16 -0800] conn=3 op=82531 SRCH base="cn=ipaConfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaConfigString ipaKrbAuthzData ipaUserAuthType" >>> [18/Jan/2016:09:28:16 -0800] conn=3 op=82531 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:16 -0800] conn=3 op=82532 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:28:16 -0800] conn=3 op=82532 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:16 -0800] conn=3 op=82533 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:28:16 -0800] conn=3 op=82533 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:16 -0800] conn=3 op=82534 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >>> [18/Jan/2016:09:28:16 -0800] conn=3 op=82534 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:16 -0800] conn=13 op=56369 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/collector2-sal-cpqa1-van.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/collector2-sal-cpqa1-van.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:28:16 -0800] conn=13 op=56369 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:16 -0800] conn=13 op=56370 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:28:16 -0800] conn=13 op=56370 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:16 -0800] conn=13 op=56371 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:28:16 -0800] conn=13 op=56371 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:16 -0800] conn=13 op=56372 SRCH base="cn=global_policy,cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration" >>> [18/Jan/2016:09:28:16 -0800] conn=13 op=56372 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:16 -0800] conn=13 op=56373 SRCH base="fqdn=collector2-sal-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >>> [18/Jan/2016:09:28:16 -0800] conn=13 op=56373 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:16 -0800] conn=13 op=56374 SRCH base="cn=collector2-sal-cpqa1-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >>> [18/Jan/2016:09:28:16 -0800] conn=13 op=56374 RESULT err=32 tag=101 nentries=0 etime=0 >>> [18/Jan/2016:09:28:16 -0800] conn=13 op=56375 MOD dn="fqdn=collector2-sal-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >>> [18/Jan/2016:09:28:16 -0800] conn=13 op=56375 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d221c0000000f0000 >>> [18/Jan/2016:09:28:16 -0800] conn=3 op=82535 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:28:16 -0800] conn=3 op=82535 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:16 -0800] conn=3 op=82536 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:28:16 -0800] conn=3 op=82536 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:16 -0800] conn=3 op=82537 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:28:16 -0800] conn=3 op=82537 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:16 -0800] conn=3 op=82538 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/collector2-sal-cpqa1-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:28:16 -0800] conn=3 op=82538 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:16 -0800] conn=3 op=82539 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:28:16 -0800] conn=3 op=82539 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:16 -0800] conn=18723 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:16 -0800] conn=18723 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:28:16 -0800] conn=18723 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:16 -0800] conn=18723 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:28:16 -0800] conn=18723 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:16 -0800] conn=18723 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=collector2-sal-cpqa1-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >>> [18/Jan/2016:09:28:16 -0800] conn=18723 op=4 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2842)(!(entryusn=2842)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=collector2-sal-cpqa1-van.mydomain.net)(sudoHost=collector2-sal-cpqa1-van)(sudoHost=10.21.23.93)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:6b78)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" >>> [18/Jan/2016:09:28:16 -0800] conn=18723 op=4 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 >>> [18/Jan/2016:09:28:17 -0800] conn=14994 op=9124 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:28:17 -0800] conn=14994 op=9124 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:17 -0800] conn=14994 op=9125 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >>> [18/Jan/2016:09:28:17 -0800] conn=14994 op=9125 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:17 -0800] conn=14994 op=9126 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:28:17 -0800] conn=14994 op=9126 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:17 -0800] conn=14994 op=9127 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >>> [18/Jan/2016:09:28:17 -0800] conn=14994 op=9127 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:17 -0800] conn=17562 op=144431 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:28:17 -0800] conn=17562 op=144431 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:17 -0800] conn=17562 op=144432 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >>> [18/Jan/2016:09:28:17 -0800] conn=17562 op=144432 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:17 -0800] conn=17562 op=144433 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:28:17 -0800] conn=17562 op=144433 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:17 -0800] conn=17562 op=144434 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >>> [18/Jan/2016:09:28:17 -0800] conn=17562 op=144434 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:17 -0800] conn=18724 fd=278 slot=278 connection from 10.21.5.241 to 10.178.0.98 >>> [18/Jan/2016:09:28:17 -0800] conn=18724 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" >>> [18/Jan/2016:09:28:17 -0800] conn=18724 op=0 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:17 -0800] conn=18724 op=1 UNBIND >>> [18/Jan/2016:09:28:17 -0800] conn=18724 op=1 fd=278 closed - U1 >>> [18/Jan/2016:09:28:17 -0800] conn=18725 fd=278 slot=278 connection from 10.21.5.241 to 10.178.0.98 >>> [18/Jan/2016:09:28:17 -0800] conn=18725 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" >>> [18/Jan/2016:09:28:17 -0800] conn=18725 op=0 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:18 -0800] conn=14994 op=9128 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:28:18 -0800] conn=14994 op=9128 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:18 -0800] conn=14994 op=9129 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >>> [18/Jan/2016:09:28:18 -0800] conn=14994 op=9129 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:18 -0800] conn=18725 op=1 UNBIND >>> [18/Jan/2016:09:28:18 -0800] conn=18725 op=1 fd=278 closed - U1 >>> [18/Jan/2016:09:28:18 -0800] conn=14994 op=9130 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:28:18 -0800] conn=14994 op=9130 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:18 -0800] conn=14994 op=9131 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >>> [18/Jan/2016:09:28:18 -0800] conn=14994 op=9131 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:21 -0800] conn=15599 op=565 SRCH base="cn=accounts,dc=mydomain,dc=net" scope=2 filter="(&(gidNumber=10002)(objectClass=posixGroup)(cn=*)(&(gidNumber=*)(!(gidNumber=0))))" attrs="objectClass cn userPassword gidNumber member nsUniqueId modifyTimestamp entryusn" >>> [18/Jan/2016:09:28:21 -0800] conn=15599 op=565 RESULT err=0 tag=101 nentries=0 etime=0 >>> [18/Jan/2016:09:28:21 -0800] conn=17562 op=144435 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:28:21 -0800] conn=17562 op=144435 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:21 -0800] conn=17562 op=144436 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >>> [18/Jan/2016:09:28:21 -0800] conn=17562 op=144436 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:21 -0800] conn=17562 op=144437 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:28:21 -0800] conn=17562 op=144437 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:21 -0800] conn=17562 op=144438 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >>> [18/Jan/2016:09:28:21 -0800] conn=17562 op=144438 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9132 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9132 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9133 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >>> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9133 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9134 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9134 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9135 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >>> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9135 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:22 -0800] conn=18726 fd=278 slot=278 connection from 10.178.0.98 to 10.178.0.98 >>> [18/Jan/2016:09:28:22 -0800] conn=13 op=56376 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:28:22 -0800] conn=13 op=56376 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:22 -0800] conn=13 op=56377 SRCH base="cn=ipaConfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaConfigString ipaKrbAuthzData ipaUserAuthType" >>> [18/Jan/2016:09:28:22 -0800] conn=13 op=56377 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:22 -0800] conn=13 op=56378 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:28:22 -0800] conn=13 op=56378 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:22 -0800] conn=13 op=56379 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:28:22 -0800] conn=13 op=56379 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:22 -0800] conn=13 op=56380 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:28:22 -0800] conn=13 op=56380 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:22 -0800] conn=13 op=56381 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:28:22 -0800] conn=13 op=56381 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:22 -0800] conn=13 op=56382 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" >>> [18/Jan/2016:09:28:22 -0800] conn=13 op=56382 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:22 -0800] conn=13 op=56383 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:28:22 -0800] conn=13 op=56383 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:22 -0800] conn=13 op=56384 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:28:22 -0800] conn=13 op=56384 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:22 -0800] conn=13 op=56385 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >>> [18/Jan/2016:09:28:22 -0800] conn=13 op=56385 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:22 -0800] conn=13 op=56386 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >>> [18/Jan/2016:09:28:22 -0800] conn=13 op=56386 RESULT err=32 tag=101 nentries=0 etime=0 >>> [18/Jan/2016:09:28:22 -0800] conn=18726 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:22 -0800] conn=18726 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:28:22 -0800] conn=18726 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:22 -0800] conn=18726 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:28:22 -0800] conn=18726 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:22 -0800] conn=18726 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >>> [18/Jan/2016:09:28:22 -0800] conn=18726 op=3 UNBIND >>> [18/Jan/2016:09:28:22 -0800] conn=18726 op=3 fd=278 closed - U1 >>> [18/Jan/2016:09:28:22 -0800] conn=18727 fd=278 slot=278 connection from 10.178.0.98 to 10.178.0.98 >>> [18/Jan/2016:09:28:22 -0800] conn=3 op=82540 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:28:22 -0800] conn=3 op=82540 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:22 -0800] conn=3 op=82541 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:28:22 -0800] conn=3 op=82541 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:22 -0800] conn=3 op=82542 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:28:22 -0800] conn=3 op=82542 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:22 -0800] conn=3 op=82543 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:28:22 -0800] conn=3 op=82543 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:22 -0800] conn=3 op=82544 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:28:22 -0800] conn=3 op=82544 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:22 -0800] conn=3 op=82545 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET))" attrs="objectClass memberPrincipal" >>> [18/Jan/2016:09:28:22 -0800] conn=3 op=82545 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:22 -0800] conn=3 op=82546 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:28:22 -0800] conn=3 op=82546 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:22 -0800] conn=3 op=82547 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:28:22 -0800] conn=3 op=82547 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:22 -0800] conn=3 op=82548 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive" >>> [18/Jan/2016:09:28:22 -0800] conn=3 op=82548 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:22 -0800] conn=3 op=82549 SRCH base="cn=dc2-ipa-dev-van.mydomain.net,cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >>> [18/Jan/2016:09:28:22 -0800] conn=3 op=82549 RESULT err=32 tag=101 nentries=0 etime=0 >>> [18/Jan/2016:09:28:22 -0800] conn=18727 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:22 -0800] conn=18727 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:28:22 -0800] conn=18727 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:22 -0800] conn=18727 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:28:22 -0800] conn=18727 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:22 -0800] conn=18727 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >>> [18/Jan/2016:09:28:22 -0800] conn=18727 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >>> [18/Jan/2016:09:28:22 -0800] conn=18727 op=3 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:22 -0800] conn=18727 op=4 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="" >>> [18/Jan/2016:09:28:22 -0800] conn=18727 op=4 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:22 -0800] conn=18727 op=5 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="macAddress memberOf description nsHardwarePlatform ipaAllowedToPerform memberofindirect l nsOsVersion fqdn managedBy ipaAssignedIDView userCertificate krbPrincipalName nsHostLocation userClass" >>> [18/Jan/2016:09:28:22 -0800] conn=18727 op=5 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:22 -0800] conn=18727 op=6 SRCH base="dc=mydomain,dc=net" scope=2 filter="(|(member=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberUser=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net)(memberHost=fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net))" attrs="" >>> [18/Jan/2016:09:28:22 -0800] conn=18727 op=6 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:22 -0800] conn=18727 op=7 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(userPassword=*)" attrs="userPassword" >>> [18/Jan/2016:09:28:22 -0800] conn=18727 op=7 RESULT err=0 tag=101 nentries=0 etime=0 >>> [18/Jan/2016:09:28:22 -0800] conn=18727 op=8 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(krbPrincipalKey=*)" attrs="krbPrincipalKey" >>> [18/Jan/2016:09:28:22 -0800] conn=18727 op=8 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:22 -0800] conn=18727 op=9 SRCH base="cn=ipaservers,cn=ng,cn=alt,dc=mydomain,dc=net" scope=0 filter="(objectClass=mepmanagedentry)" attrs="" >>> [18/Jan/2016:09:28:22 -0800] conn=18727 op=9 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:22 -0800] conn=18727 op=10 SRCH base="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaSshPubKey" >>> [18/Jan/2016:09:28:22 -0800] conn=18727 op=10 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:22 -0800] conn=18727 op=11 ADD dn="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" >>> [18/Jan/2016:09:28:22 -0800] conn=18727 op=11 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d22220006000f0000 >>> [18/Jan/2016:09:28:22 -0800] conn=18727 op=12 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="memberOf ipaKrbAuthzData objectClass userCertificate managedBy ipaUniqueID ipaAllowedToPerform krbPrincipalName" >>> [18/Jan/2016:09:28:22 -0800] conn=18727 op=12 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:22 -0800] conn=18727 op=13 UNBIND >>> [18/Jan/2016:09:28:22 -0800] conn=18727 op=13 fd=278 closed - U1 >>> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9136 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9136 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9137 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >>> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9137 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:22 -0800] conn=17562 op=144439 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:28:22 -0800] conn=17562 op=144439 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:22 -0800] conn=17562 op=144440 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >>> [18/Jan/2016:09:28:22 -0800] conn=17562 op=144440 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:22 -0800] conn=18728 fd=278 slot=278 connection from 10.21.0.98 to 10.178.0.98 >>> [18/Jan/2016:09:28:22 -0800] conn=18728 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:22 -0800] conn=18728 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:28:22 -0800] conn=18728 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:22 -0800] conn=18728 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:28:22 -0800] conn=18728 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:22 -0800] conn=18728 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >>> [18/Jan/2016:09:28:22 -0800] conn=18728 op=3 EXT oid="2.16.840.1.113730.3.8.10.5" name="IPA Password Manager" >>> [18/Jan/2016:09:28:22 -0800] conn=18728 op=3 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:22 -0800] conn=18728 op=4 UNBIND >>> [18/Jan/2016:09:28:22 -0800] conn=18728 op=4 fd=278 closed - U1 >>> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9138 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9138 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9139 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >>> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9139 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9140 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9140 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9141 MOD dn="cn=repl keep alive 16,dc=mydomain,dc=net" >>> [18/Jan/2016:09:28:22 -0800] conn=14994 op=9141 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2222000e00100000 >>> [18/Jan/2016:09:28:23 -0800] conn=18729 fd=278 slot=278 connection from 10.178.0.98 to 10.178.0.98 >>> [18/Jan/2016:09:28:23 -0800] conn=7 op=36519 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)(krbPrincipalName=krbtgt/MYDOMAIN.NET at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:28:23 -0800] conn=7 op=36519 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:23 -0800] conn=7 op=36520 SRCH base="cn=ipaConfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaConfigString ipaKrbAuthzData ipaUserAuthType" >>> [18/Jan/2016:09:28:23 -0800] conn=7 op=36520 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:23 -0800] conn=7 op=36521 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=ldap/dc2-ipa-dev-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:28:23 -0800] conn=7 op=36521 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:23 -0800] conn=7 op=36522 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:28:23 -0800] conn=7 op=36522 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:23 -0800] conn=7 op=36523 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:28:23 -0800] conn=7 op=36523 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:23 -0800] conn=7 op=36524 SRCH base="cn=MYDOMAIN.NET,cn=kerberos,dc=mydomain,dc=net" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" >>> [18/Jan/2016:09:28:23 -0800] conn=7 op=36524 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:23 -0800] conn=18729 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:23 -0800] conn=18729 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:28:23 -0800] conn=18729 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:23 -0800] conn=18729 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:28:23 -0800] conn=18729 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:23 -0800] conn=18729 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >>> [18/Jan/2016:09:28:23 -0800] conn=18729 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >>> [18/Jan/2016:09:28:23 -0800] conn=18729 op=3 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:23 -0800] conn=18729 op=4 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=CA))" attrs=ALL >>> [18/Jan/2016:09:28:23 -0800] conn=18729 op=4 RESULT err=0 tag=101 nentries=3 etime=0 >>> [18/Jan/2016:09:28:23 -0800] conn=18729 op=5 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=krbPrincipalAux)(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs=ALL >>> [18/Jan/2016:09:28:23 -0800] conn=18729 op=5 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:23 -0800] conn=18729 op=6 SRCH base="cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="objectClass" >>> [18/Jan/2016:09:28:23 -0800] conn=18729 op=6 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:23 -0800] conn=18729 op=7 SRCH base="cn=caacls,cn=ca,dc=mydomain,dc=net" scope=1 filter="(&(objectClass=ipaassociation)(objectClass=ipacaacl))" attrs="serviceCategory cn ipaMemberCertProfile ipaMemberCa ipaCertProfileCategory memberUser userCategory hostCategory memberHost ipaEnabledFlag ipaCaCategory memberService description" >>> [18/Jan/2016:09:28:23 -0800] conn=18729 op=7 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:23 -0800] conn=18729 op=8 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaKrbAuthzData userCertificate ipaAllowedToPerform * managedBy memberOf krbPrincipalName aci" >>> [18/Jan/2016:09:28:23 -0800] conn=18729 op=8 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:23 -0800] conn=18729 op=9 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(krbPrincipalKey=*)" attrs="krbPrincipalKey" >>> [18/Jan/2016:09:28:23 -0800] conn=18729 op=9 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:23 -0800] conn=18729 op=10 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(objectClass=krbPrincipalAux)(krbPrincipalName=host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET))" attrs=ALL >>> [18/Jan/2016:09:28:23 -0800] conn=18729 op=10 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:23 -0800] conn=18729 op=11 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="userCertificate" >>> [18/Jan/2016:09:28:23 -0800] conn=18729 op=11 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:23 -0800] conn=67 op=539 SRCH base="cn=7,ou=certificateRepository,ou=ca,o=ipaca" scope=0 filter="(objectClass=*)" attrs=ALL >>> [18/Jan/2016:09:28:23 -0800] conn=67 op=539 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:23 -0800] conn=217 op=10 SRCH base="ou=People,o=ipaca" scope=2 filter="(description=2;7;CN=Certificate Authority,O=MYDOMAIN.NET;CN=IPA RA,O=MYDOMAIN.NET)" attrs=ALL >>> [18/Jan/2016:09:28:23 -0800] conn=217 op=10 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:23 -0800] conn=217 op=11 SRCH base="cn=Registration Manager Agents,ou=groups,o=ipaca" scope=0 filter="(uniqueMember=uid=ipara,ou=people,o=ipaca)" attrs="cn" >>> [18/Jan/2016:09:28:23 -0800] conn=217 op=11 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:23 -0800] conn=67 op=540 ADD dn="cn=99990009,ou=ca,ou=requests,o=ipaca" >>> [18/Jan/2016:09:28:23 -0800] conn=67 op=540 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d2323000004470000 >>> [18/Jan/2016:09:28:23 -0800] conn=67 op=541 ADD dn="cn=2684289033,ou=certificateRepository,ou=ca,o=ipaca" >>> [18/Jan/2016:09:28:23 -0800] conn=67 op=541 RESULT err=0 tag=105 nentries=0 etime=0 csn=569d2323000104470000 >>> [18/Jan/2016:09:28:23 -0800] conn=67 op=542 MOD dn="cn=99990009,ou=ca,ou=requests,o=ipaca" >>> [18/Jan/2016:09:28:23 -0800] conn=17562 op=144441 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:28:23 -0800] conn=17562 op=144441 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:23 -0800] conn=67 op=542 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2323000304470000 >>> [18/Jan/2016:09:28:23 -0800] conn=67 op=543 SRCH base="cn=99990009,ou=ca,ou=requests,o=ipaca" scope=0 filter="(objectClass=*)" attrs=ALL >>> [18/Jan/2016:09:28:23 -0800] conn=67 op=543 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:23 -0800] conn=67 op=544 MOD dn="ou=ca,ou=requests,o=ipaca" >>> [18/Jan/2016:09:28:23 -0800] conn=18730 fd=281 slot=281 connection from 10.178.0.99 to 10.178.0.98 >>> [18/Jan/2016:09:28:23 -0800] conn=67 op=544 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d2323000504470000 >>> [18/Jan/2016:09:28:23 -0800] conn=18730 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:23 -0800] conn=18729 op=12 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=CA))" attrs=ALL >>> [18/Jan/2016:09:28:23 -0800] conn=18729 op=12 RESULT err=0 tag=101 nentries=3 etime=0 >>> [18/Jan/2016:09:28:23 -0800] conn=18730 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:28:23 -0800] conn=18729 op=13 SRCH base="cn=caIPAserviceCert,cn=certprofiles,cn=ca,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="cn ipaCertProfileStoreIssued description" >>> [18/Jan/2016:09:28:23 -0800] conn=18729 op=13 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:23 -0800] conn=18729 op=14 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="userCertificate" >>> [18/Jan/2016:09:28:23 -0800] conn=18729 op=14 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:23 -0800] conn=18731 fd=282 slot=282 connection from 10.21.0.99 to 10.178.0.98 >>> [18/Jan/2016:09:28:23 -0800] conn=18729 op=15 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=CA))" attrs=ALL >>> [18/Jan/2016:09:28:23 -0800] conn=18729 op=15 RESULT err=0 tag=101 nentries=3 etime=0 >>> [18/Jan/2016:09:28:23 -0800] conn=18731 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:23 -0800] conn=18729 op=16 SRCH base="cn=masters,cn=ipa,cn=etc,dc=mydomain,dc=net" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=CA))" attrs=ALL >>> [18/Jan/2016:09:28:23 -0800] conn=18731 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:28:23 -0800] conn=18729 op=16 RESULT err=0 tag=101 nentries=3 etime=0 >>> [18/Jan/2016:09:28:23 -0800] conn=18729 op=17 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="userCertificate" >>> [18/Jan/2016:09:28:23 -0800] conn=18729 op=17 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:23 -0800] conn=18731 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:23 -0800] conn=18731 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:28:23 -0800] conn=18729 op=18 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="userCertificate" >>> [18/Jan/2016:09:28:23 -0800] conn=18729 op=18 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:23 -0800] conn=18729 op=19 MOD dn="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" >>> [18/Jan/2016:09:28:23 -0800] conn=18731 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:23 -0800] conn=18731 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="krbprincipalname=ldap/dc1-ipa-dev-van.mydomain.net at mydomain.net,cn=services,cn=accounts,dc=mydomain,dc=net" >>> [18/Jan/2016:09:28:23 -0800] conn=18729 op=19 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d22230001000f0000 >>> [18/Jan/2016:09:28:23 -0800] conn=18729 op=20 SRCH base="krbprincipalname=ldap/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET,cn=services,cn=accounts,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs="ipaKrbAuthzData userCertificate ipaAllowedToPerform managedBy memberOf krbPrincipalName" >>> [18/Jan/2016:09:28:23 -0800] conn=18731 op=3 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension" >>> [18/Jan/2016:09:28:23 -0800] conn=18729 op=20 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:23 -0800] conn=18731 op=3 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:23 -0800] conn=18731 op=4 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension" >>> [18/Jan/2016:09:28:23 -0800] conn=18729 op=21 UNBIND >>> [18/Jan/2016:09:28:23 -0800] conn=18729 op=21 fd=278 closed - U1 >>> [18/Jan/2016:09:28:23 -0800] conn=18731 op=4 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:23 -0800] conn=18731 op=5 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:28:23 -0800] conn=18731 op=5 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:23 -0800] conn=18731 op=6 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >>> [18/Jan/2016:09:28:23 -0800] conn=18731 op=6 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:27 -0800] conn=17562 op=144442 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:28:27 -0800] conn=17562 op=144442 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:28 -0800] conn=18730 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:28 -0800] conn=18730 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:28:28 -0800] conn=18730 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:28 -0800] conn=18730 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="krbprincipalname=ldap/dc1-ipa-dev-nvan.mydomain.net at mydomain.net,cn=services,cn=accounts,dc=mydomain,dc=net" >>> [18/Jan/2016:09:28:28 -0800] conn=18730 op=3 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension" >>> [18/Jan/2016:09:28:28 -0800] conn=18730 op=3 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:28 -0800] conn=18730 op=4 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension" >>> [18/Jan/2016:09:28:28 -0800] conn=18730 op=4 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:28 -0800] conn=18730 op=5 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:28:28 -0800] conn=18730 op=5 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:28 -0800] conn=18730 op=6 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >>> [18/Jan/2016:09:28:28 -0800] conn=18730 op=6 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:28 -0800] conn=14994 op=9142 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >>> [18/Jan/2016:09:28:28 -0800] conn=14994 op=9142 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:28 -0800] conn=14994 op=9143 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:28:28 -0800] conn=14994 op=9143 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:28 -0800] conn=14994 op=9144 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >>> [18/Jan/2016:09:28:28 -0800] conn=14994 op=9144 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:29 -0800] conn=17562 op=144443 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:28:29 -0800] conn=17562 op=144443 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:29 -0800] conn=17562 op=144444 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >>> [18/Jan/2016:09:28:29 -0800] conn=17562 op=144444 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:30 -0800] conn=18656 op=5 SRCH base="ou=SUDOers,dc=mydomain,dc=net" scope=2 filter="(&(&(objectClass=sudoRole)(entryusn>=2842)(!(entryusn=2842)))(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=spool1-googleapps-flex-van.mydomain.net)(sudoHost=spool1-googleapps-flex-van)(sudoHost=10.21.32.201)(sudoHost=10.21.0.0/16)(sudoHost=fe80::250:56ff:fe8d:2c30)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))" attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn" >>> [18/Jan/2016:09:28:30 -0800] conn=18656 op=5 RESULT err=0 tag=101 nentries=0 etime=0 notes=P pr_idx=0 >>> [18/Jan/2016:09:28:30 -0800] conn=18519 op=5 UNBIND >>> [18/Jan/2016:09:28:30 -0800] conn=18519 op=5 fd=77 closed - U1 >>> [18/Jan/2016:09:28:32 -0800] conn=18732 fd=77 slot=77 connection from 10.21.0.98 to 10.178.0.98 >>> [18/Jan/2016:09:28:32 -0800] conn=18732 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:32 -0800] conn=18732 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:28:32 -0800] conn=18732 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:32 -0800] conn=18732 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:28:32 -0800] conn=18732 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:32 -0800] conn=18732 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >>> [18/Jan/2016:09:28:32 -0800] conn=18732 op=3 SRCH base="cn=replication,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >>> [18/Jan/2016:09:28:32 -0800] conn=18732 op=3 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:32 -0800] conn=18732 op=4 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" >>> [18/Jan/2016:09:28:32 -0800] conn=18732 op=4 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:32 -0800] conn=17562 op=144445 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:28:32 -0800] conn=17562 op=144445 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:32 -0800] conn=17562 op=144446 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >>> [18/Jan/2016:09:28:32 -0800] conn=17562 op=144446 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:32 -0800] conn=17562 op=144447 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:28:32 -0800] conn=17562 op=144447 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:32 -0800] conn=17562 op=144448 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >>> [18/Jan/2016:09:28:32 -0800] conn=17562 op=144448 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:32 -0800] conn=18732 op=5 MOD dn="cn=replication,cn=etc,dc=mydomain,dc=net" >>> [18/Jan/2016:09:28:32 -0800] conn=18732 op=5 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d222c0007000f0000 >>> [18/Jan/2016:09:28:32 -0800] conn=14994 op=9145 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:28:32 -0800] conn=14994 op=9145 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:32 -0800] conn=14994 op=9146 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >>> [18/Jan/2016:09:28:32 -0800] conn=14994 op=9146 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:32 -0800] conn=17562 op=144449 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:28:32 -0800] conn=17562 op=144449 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:32 -0800] conn=17562 op=144450 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >>> [18/Jan/2016:09:28:32 -0800] conn=17562 op=144450 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:33 -0800] conn=18732 op=6 SRCH base="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL >>> [18/Jan/2016:09:28:33 -0800] conn=18732 op=6 RESULT err=0 tag=101 nentries=0 etime=0 >>> [18/Jan/2016:09:28:33 -0800] conn=18732 op=7 SRCH base="cn=replication,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >>> [18/Jan/2016:09:28:33 -0800] conn=18732 op=7 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:33 -0800] conn=18732 op=8 MOD dn="cn=replication,cn=etc,dc=mydomain,dc=net" >>> [18/Jan/2016:09:28:33 -0800] conn=18732 op=8 RESULT err=0 tag=103 nentries=0 etime=0 csn=569d222d0000000f0000 >>> [18/Jan/2016:09:28:33 -0800] conn=18732 op=9 SRCH base="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL >>> [18/Jan/2016:09:28:33 -0800] conn=18732 op=9 RESULT err=0 tag=101 nentries=0 etime=0 >>> [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 ADD dn="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" >>> [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 RESULT err=68 tag=105 nentries=0 etime=0 >>> [18/Jan/2016:09:28:33 -0800] conn=18732 op=11 UNBIND >>> [18/Jan/2016:09:28:33 -0800] conn=18732 op=11 fd=77 closed - U1 >>> [18/Jan/2016:09:28:33 -0800] conn=18733 fd=77 slot=77 connection from 10.178.6.56 to 10.178.0.98 >>> [18/Jan/2016:09:28:33 -0800] conn=18733 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" >>> [18/Jan/2016:09:28:33 -0800] conn=18733 op=0 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:33 -0800] conn=3 op=82550 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:28:33 -0800] conn=3 op=82550 RESULT err=0 tag=101 nentries=0 etime=0 >>> [18/Jan/2016:09:28:33 -0800] conn=18733 op=1 UNBIND >>> [18/Jan/2016:09:28:33 -0800] conn=18733 op=1 fd=77 closed - U1 >>> [18/Jan/2016:09:28:33 -0800] conn=18734 fd=77 slot=77 connection from 10.178.6.56 to 10.178.0.98 >>> [18/Jan/2016:09:28:33 -0800] conn=18734 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" >>> [18/Jan/2016:09:28:33 -0800] conn=18734 op=0 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:33 -0800] conn=7 op=36525 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:28:33 -0800] conn=7 op=36525 RESULT err=0 tag=101 nentries=0 etime=0 >>> [18/Jan/2016:09:28:33 -0800] conn=18734 op=1 UNBIND >>> [18/Jan/2016:09:28:33 -0800] conn=18734 op=1 fd=77 closed - U1 >>> [18/Jan/2016:09:28:33 -0800] conn=7 op=36526 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:28:33 -0800] conn=7 op=36526 RESULT err=0 tag=101 nentries=0 etime=0 >>> [18/Jan/2016:09:28:33 -0800] conn=18735 fd=77 slot=77 connection from 10.178.6.56 to 10.178.0.98 >>> [18/Jan/2016:09:28:33 -0800] conn=18735 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci" >>> [18/Jan/2016:09:28:33 -0800] conn=18735 op=0 RESULT err=0 tag=101 nentries=1 etime=0 >>> [18/Jan/2016:09:28:33 -0800] conn=7 op=36527 SRCH base="dc=mydomain,dc=net" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)(krbPrincipalName=host/indexer2-arch-perf1-nvan.mydomain.net at MYDOMAIN.NET)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass" >>> [18/Jan/2016:09:28:33 -0800] conn=7 op=36527 RESULT err=0 tag=101 nentries=0 etime=0 >>> [18/Jan/2016:09:28:33 -0800] conn=18735 op=1 UNBIND >>> [18/Jan/2016:09:28:33 -0800] conn=18735 op=1 fd=77 closed - U1 >>> [18/Jan/2016:09:28:34 -0800] conn=14994 op=9147 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:28:34 -0800] conn=14994 op=9147 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:34 -0800] conn=14994 op=9148 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" >>> [18/Jan/2016:09:28:34 -0800] conn=17562 op=144451 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop" >>> [18/Jan/2016:09:28:34 -0800] conn=17562 op=144451 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:34 -0800] conn=14994 op=9148 RESULT err=0 tag=120 nentries=0 etime=0 >>> [18/Jan/2016:09:28:36 -0800] conn=18520 op=5 UNBIND >>> >>> -----Original Message----- >>> From: Petr Vobornik [mailto:pvoborni at redhat.com] >>> Sent: January-18-16 10:30 AM >>> To: Nathan Peters; Rob Crittenden; freeipa-users at redhat.com >>> Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists >>> >>> On 01/18/2016 07:10 PM, Nathan Peters wrote: >>>> This is FreeIPA 4.3.0. There is no master generating the prepare file (unless its still handled in the background invisibly to the user). >>> Right. But the replica installer picks some server as a master. >>> >>> Ipa-replica-install is run directly from an unjoined client (or joined >>> client, I have tried both). >>>> However, after tracking the logs of all 3 existing IPA servers during the attempted installation, the CA master appears to be the one doing something. Here are the logs for that time period. Note that there is no "err=68" anywhere in here: >>> Are all 3 existing server functioning well, e.g with working replication? >>> >>> Could you check `ipa server-find` if there is no left-over server - e.g. >>> failed installation. >>> >>> Could be check also in `ipa-replica-manage list` if there is some >>> leftover, please remove it with `ipa-replica-manage del $FQDN` command. >>> >>> Wrt the logs. I did not meant that but Rob was right. The installer >>> tries to update "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping >>> tree,cn=config" entry on both master and the replica. If the entry does >>> not exist, the installer also creates it. >>> >>> On replica it behaves correctly: >>> >>> [18/Jan/2016:09:28:32 -0800] conn=2 op=8 SRCH >>> base="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" >>> scope=0 filter="(objectClass=*)" attrs=ALL >>> [18/Jan/2016:09:28:32 -0800] conn=2 op=8 RESULT err=0 tag=101 nentries=1 >>> etime=0 >>> [18/Jan/2016:09:28:32 -0800] conn=2 op=9 MOD >>> dn="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" >>> [18/Jan/2016:09:28:32 -0800] conn=2 op=9 RESULT err=0 tag=103 nentries=0 >>> etime=0 >>> >>> It would be good to see the same log from a master which it tries to use >>> in installation. - In 4.3 the server is picked automatically. >>> >>> I don't see any searches for >>> "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" in >>> the logs below which makes me wonder, what server the installer tries to >>> use as a master. >>> >>> Could be find out, e.g. by: >>> $ cat /var/log/ipareplica-install.log | grep "Forwarding 'service_add'" >>> >>> > > From Nathan.Peters at globalrelay.net Tue Jan 19 21:47:38 2016 From: Nathan.Peters at globalrelay.net (Nathan Peters) Date: Tue, 19 Jan 2016 21:47:38 +0000 Subject: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists In-Reply-To: <569E9D5F.9070801@redhat.com> References: <569CB899.9040603@redhat.com> <569CCB5D.8040400@redhat.com> <569D27C4.10602@redhat.com> <569D2F2F.6080806@redhat.com> <569DF522.4090505@redhat.com> <569E687D.5040006@redhat.com> <569E9D5F.9070801@redhat.com> Message-ID: [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 ADD dn="cn=replica,cn=dc\3Ddev-globalrelay\2Cdc\3Dnet,cn=mapping tree,cn=config" [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 RESULT err=68 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:33 -0800] conn=18732 op=11 UNBIND Do you mean that log entry ^? I am seeing that entry on dc2-ipa-dev-nvan, the host that dc1-ipa-dev-van is contacting as its master when we attempt the ipa-replica-install. Look through my earlier posts in this thread for a full log. Yes, of course that DN exists on all my masters. With a 3 way replication it would have to exist because the current master is replicating to 2 other masters. Here is the ldapsearch for all 3 existing hosts showing that DN (dn="cn=replica,cn=dc\3Ddev-globalrelay\2Cdc\3Dnet,cn=mapping tree,cn=config") which is apparently failing to be added because it already exists on all my hosts. Entry on dc1-ipa-dev-van ======================== [nathan.peters at dc1-ipa-dev-van ~]$ ldapsearch -D "cn=directory manager" -W -b "cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" Enter LDAP Password: # extended LDIF # # LDAPv3 # base with scope subtree # filter: (objectclass=*) # requesting: ALL # # replica, dc\3Ddev-mydomain\2Cdc\3Dnet, mapping tree, config dn: cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config cn: replica nsDS5Flags: 1 nsDS5ReplicaBindDN: cn=replication manager,cn=config nsDS5ReplicaBindDN: krbprincipalname=ldap/dc1-ipa-dev-nvan.dev-mydomain.net @DEV-mydomain.NET,cn=services,cn=accounts,dc=dev-mydomain,dc=net nsDS5ReplicaBindDN: krbprincipalname=ldap/dc2-ipa-dev-nvan.dev-mydomain.net @DEV-mydomain.NET,cn=services,cn=accounts,dc=dev-mydomain,dc=net nsDS5ReplicaId: 17 nsDS5ReplicaName: 11f21d13-bccf11e5-a49095ab-7f963284 nsDS5ReplicaRoot: dc=dev-mydomain,dc=net nsDS5ReplicaType: 3 nsState:: EQAAAAAAAADQrJ5WAAAAANkAAAAAAAAAkwAAAAAAAAAJAAAAAAAAAA== nsds5ReplicaLegacyConsumer: off nsds5replicabinddngroup: cn=replication managers,cn=sysaccounts,cn=etc,dc=dev- mydomain,dc=net nsds5replicabinddngroupcheckinterval: 60 objectClass: nsds5replica objectClass: top objectClass: extensibleobject nsds5ReplicaChangeCount: 71685 nsds5replicareapactive: 0 # meTodc1-ipa-dev-nvan.dev-mydomain.net, replica, dc\3Ddev-mydomain\2Cdc\ 3Dnet, mapping tree, config dn: cn=meTodc1-ipa-dev-nvan.dev-mydomain.net,cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config cn: meTodc1-ipa-dev-nvan.dev-mydomain.net description: me to dc1-ipa-dev-nvan.dev-mydomain.net nsDS5ReplicaBindMethod: SASL/GSSAPI nsDS5ReplicaHost: dc1-ipa-dev-nvan.dev-mydomain.net nsDS5ReplicaPort: 389 nsDS5ReplicaRoot: dc=dev-mydomain,dc=net nsDS5ReplicaTransportInfo: LDAP nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts uccessfulauth krblastfailedauth krbloginfailedcount nsds50ruv: {replicageneration} 553fe9bb000000040000 nsds50ruv: {replica 16 ldap://dc1-ipa-dev-nvan.dev-mydomain.net:389} 569afd 26000000100000 569b918f001400100000 nsds50ruv: {replica 17 ldap://dc1-ipa-dev-van.dev-mydomain.net:389} 569b124 b000000110000 569b918f000f00110000 nsds50ruv: {replica 15 ldap://dc2-ipa-dev-nvan.dev-mydomain.net:389} 569aee 040000000f0000 569b91750005000f0000 nsds50ruv: {replica 14 ldap://dc2-ipa-dev-van.dev-mydomain.net:389} 569ae7b b0000000e0000 569b91320014000e0000 nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in ternalModifyTimestamp nsds5replicaTimeout: 120 nsruvReplicaLastModified: {replica 16 ldap://dc1-ipa-dev-nvan.dev-mydomain. net:389} 00000000 nsruvReplicaLastModified: {replica 17 ldap://dc1-ipa-dev-van.dev-mydomain.n et:389} 00000000 nsruvReplicaLastModified: {replica 15 ldap://dc2-ipa-dev-nvan.dev-mydomain. net:389} 00000000 nsruvReplicaLastModified: {replica 14 ldap://dc2-ipa-dev-van.dev-mydomain.n et:389} 00000000 objectClass: nsds5replicationagreement objectClass: top objectClass: ipaReplTopoManagedAgreement ipaReplTopoManagedAgreementState: managed agreement - controlled by topology p lugin nsds5replicareapactive: 0 nsds5replicaLastUpdateStart: 20160119213851Z nsds5replicaLastUpdateEnd: 19700101000000Z nsds5replicaChangesSentSinceStartup:: MTc6NTMxLzEzMTg4MzYzMSAxNTozNTAvMCAxNDo1 MC8wIDE2OjMyMi8wIDA6Ni8xMTUg nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd ate started nsds5replicaUpdateInProgress: TRUE nsds5replicaLastInitStart: 19700101000000Z nsds5replicaLastInitEnd: 19700101000000Z # meTodc2-ipa-dev-nvan.dev-mydomain.net, replica, dc\3Ddev-mydomain\2Cdc\ 3Dnet, mapping tree, config dn: cn=meTodc2-ipa-dev-nvan.dev-mydomain.net,cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config cn: meTodc2-ipa-dev-nvan.dev-mydomain.net description: me to dc2-ipa-dev-nvan.dev-mydomain.net nsDS5ReplicaBindMethod: SASL/GSSAPI nsDS5ReplicaHost: dc2-ipa-dev-nvan.dev-mydomain.net nsDS5ReplicaPort: 389 nsDS5ReplicaRoot: dc=dev-mydomain,dc=net nsDS5ReplicaTransportInfo: LDAP nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts uccessfulauth krblastfailedauth krbloginfailedcount nsds50ruv: {replicageneration} 553fe9bb000000040000 nsds50ruv: {replica 15 ldap://dc2-ipa-dev-nvan.dev-mydomain.net:389} 569aee 040000000f0000 569b91900002000f0000 nsds50ruv: {replica 16 ldap://dc1-ipa-dev-nvan.dev-mydomain.net:389} 569afd 26000000100000 569b918d004a00100000 nsds50ruv: {replica 14 ldap://dc2-ipa-dev-van.dev-mydomain.net:389} 569ae7b b0000000e0000 569b91320014000e0000 nsds50ruv: {replica 17 ldap://dc1-ipa-dev-van.dev-mydomain.net:389} 569b124 b000000110000 569b918f000f00110000 nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in ternalModifyTimestamp nsds5replicaTimeout: 120 nsruvReplicaLastModified: {replica 15 ldap://dc2-ipa-dev-nvan.dev-mydomain. net:389} 00000000 nsruvReplicaLastModified: {replica 16 ldap://dc1-ipa-dev-nvan.dev-mydomain. net:389} 00000000 nsruvReplicaLastModified: {replica 14 ldap://dc2-ipa-dev-van.dev-mydomain.n et:389} 00000000 nsruvReplicaLastModified: {replica 17 ldap://dc1-ipa-dev-van.dev-mydomain.n et:389} 00000000 objectClass: nsds5replicationagreement objectClass: top objectClass: ipaReplTopoManagedAgreement ipaReplTopoManagedAgreementState: managed agreement - controlled by topology p lugin nsds5replicareapactive: 0 nsds5replicaLastUpdateStart: 20160119213851Z nsds5replicaLastUpdateEnd: 19700101000000Z nsds5replicaChangesSentSinceStartup:: MTc6NTQyLzEzMDIxNDkwNSAxNDoxNjkvMCAxNjo0 NDUvMCAxNToyOTQvMCAwOjEvMTExIA== nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd ate started nsds5replicaUpdateInProgress: TRUE nsds5replicaLastInitStart: 19700101000000Z nsds5replicaLastInitEnd: 19700101000000Z # search result search: 2 result: 0 Success # numResponses: 4 # numEntries: 3 Entry on dc1-ipa-dev-nvan ========================= [nathan.peters at dc1-ipa-dev-nvan ~]$ ldapsearch -D "cn=directory manager" -W -b "cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" Enter LDAP Password: # extended LDIF # # LDAPv3 # base with scope subtree # filter: (objectclass=*) # requesting: ALL # # replica, dc\3Ddev-mydomain\2Cdc\3Dnet, mapping tree, config dn: cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config cn: replica nsDS5Flags: 1 nsDS5ReplicaBindDN: cn=replication manager,cn=config nsDS5ReplicaBindDN: krbprincipalname=ldap/dc2-ipa-dev-nvan.dev-mydomain.net @DEV-mydomain.NET,cn=services,cn=accounts,dc=dev-mydomain,dc=net nsDS5ReplicaBindDN: krbprincipalname=ldap/dc1-ipa-dev-van.dev-mydomain.net@ DEV-mydomain.NET,cn=services,cn=accounts,dc=dev-mydomain,dc=net nsDS5ReplicaId: 16 nsDS5ReplicaName: 79ee3693-bcc211e5-bfa4b538-a3d71f3c nsDS5ReplicaRoot: dc=dev-mydomain,dc=net nsDS5ReplicaType: 3 nsState:: EAAAAAAAAACrrZ5WAAAAAHgAAAAAAAAA8wAAAAAAAAACAAAAAAAAAA== nsds5ReplicaLegacyConsumer: off nsds5replicabinddngroup: cn=replication managers,cn=sysaccounts,cn=etc,dc=dev- mydomain,dc=net nsds5replicabinddngroupcheckinterval: 60 objectClass: nsds5replica objectClass: top objectClass: extensibleobject nsds5ReplicaChangeCount: 89267 nsds5replicareapactive: 0 # meTodc1-ipa-dev-van.dev-mydomain.net, replica, dc\3Ddev-mydomain\2Cdc\3 Dnet, mapping tree, config dn: cn=meTodc1-ipa-dev-van.dev-mydomain.net,cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config cn: meTodc1-ipa-dev-van.dev-mydomain.net description: me to dc1-ipa-dev-van.dev-mydomain.net nsDS5ReplicaBindMethod: SASL/GSSAPI nsDS5ReplicaHost: dc1-ipa-dev-van.dev-mydomain.net nsDS5ReplicaPort: 389 nsDS5ReplicaRoot: dc=dev-mydomain,dc=net nsDS5ReplicaTransportInfo: LDAP nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts uccessfulauth krblastfailedauth krbloginfailedcount nsds50ruv: {replicageneration} 553fe9bb000000040000 nsds50ruv: {replica 17 ldap://dc1-ipa-dev-van.dev-mydomain.net:389} 569b124 b000000110000 569b90c7001a00110000 nsds50ruv: {replica 16 ldap://dc1-ipa-dev-nvan.dev-mydomain.net:389} 569afd 26000000100000 569b90c7001600100000 nsds50ruv: {replica 15 ldap://dc2-ipa-dev-nvan.dev-mydomain.net:389} 569aee 040000000f0000 569b8f900005000f0000 nsds50ruv: {replica 14 ldap://dc2-ipa-dev-van.dev-mydomain.net:389} 569ae7b b0000000e0000 569b8f99001c000e0000 nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in ternalModifyTimestamp nsds5replicaTimeout: 120 nsruvReplicaLastModified: {replica 17 ldap://dc1-ipa-dev-van.dev-mydomain.n et:389} 00000000 nsruvReplicaLastModified: {replica 16 ldap://dc1-ipa-dev-nvan.dev-mydomain. net:389} 00000000 nsruvReplicaLastModified: {replica 15 ldap://dc2-ipa-dev-nvan.dev-mydomain. net:389} 00000000 nsruvReplicaLastModified: {replica 14 ldap://dc2-ipa-dev-van.dev-mydomain.n et:389} 00000000 objectClass: nsds5replicationagreement objectClass: top objectClass: ipaReplTopoManagedAgreement ipaReplTopoManagedAgreementState: managed agreement - controlled by topology p lugin nsds5replicareapactive: 0 nsds5replicaLastUpdateStart: 20160119214152Z nsds5replicaLastUpdateEnd: 20160119214152Z nsds5replicaChangesSentSinceStartup:: MTY6ODg3LzM1NTUxNDQgMTU6MTgyLzAgMTQ6OC8w IDE3OjMvMCAwOjEvMCA= nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd ate succeeded nsds5replicaUpdateInProgress: FALSE nsds5replicaLastInitStart: 19700101000000Z nsds5replicaLastInitEnd: 19700101000000Z # meTodc2-ipa-dev-nvan.dev-mydomain.net, replica, dc\3Ddev-mydomain\2Cdc\ 3Dnet, mapping tree, config dn: cn=meTodc2-ipa-dev-nvan.dev-mydomain.net,cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config cn: meTodc2-ipa-dev-nvan.dev-mydomain.net description: me to dc2-ipa-dev-nvan.dev-mydomain.net nsDS5ReplicaBindMethod: SASL/GSSAPI nsDS5ReplicaHost: dc2-ipa-dev-nvan.dev-mydomain.net nsDS5ReplicaPort: 389 nsDS5ReplicaRoot: dc=dev-mydomain,dc=net nsDS5ReplicaTransportInfo: LDAP nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts uccessfulauth krblastfailedauth krbloginfailedcount nsds50ruv: {replicageneration} 553fe9bb000000040000 nsds50ruv: {replica 15 ldap://dc2-ipa-dev-nvan.dev-mydomain.net:389} 569aee 040000000f0000 569b90b10003000f0000 nsds50ruv: {replica 16 ldap://dc1-ipa-dev-nvan.dev-mydomain.net:389} 569afd 26000000100000 569b90c1000a00100000 nsds50ruv: {replica 14 ldap://dc2-ipa-dev-van.dev-mydomain.net:389} 569ae7b b0000000e0000 569b8f99001c000e0000 nsds50ruv: {replica 17 ldap://dc1-ipa-dev-van.dev-mydomain.net:389} 569b124 b000000110000 569b8e0e000700110000 nsds5ReplicaEnabled: on nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in ternalModifyTimestamp nsds5replicaTimeout: 120 nsruvReplicaLastModified: {replica 15 ldap://dc2-ipa-dev-nvan.dev-mydomain. net:389} 00000000 nsruvReplicaLastModified: {replica 16 ldap://dc1-ipa-dev-nvan.dev-mydomain. net:389} 00000000 nsruvReplicaLastModified: {replica 14 ldap://dc2-ipa-dev-van.dev-mydomain.n et:389} 00000000 nsruvReplicaLastModified: {replica 17 ldap://dc1-ipa-dev-van.dev-mydomain.n et:389} 00000000 objectClass: nsds5replicationagreement objectClass: top objectClass: ipaReplTopoManagedAgreement ipaReplTopoManagedAgreementState: managed agreement - controlled by topology p lugin nsds5replicareapactive: 0 nsds5replicaLastUpdateStart: 20160119214206Z nsds5replicaLastUpdateEnd: 20160119214206Z nsds5replicaChangesSentSinceStartup:: MTY6NjQyLzE4OTQ5ODAgMTQ6NzEvMCAxNzoxNC8w IDE1OjIvMCA= nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd ate succeeded nsds5replicaUpdateInProgress: FALSE nsds5replicaLastInitStart: 19700101000000Z nsds5replicaLastInitEnd: 19700101000000Z # search result search: 2 result: 0 Success # numResponses: 4 # numEntries: 3 Entry on dc2-ipa-dev-nvan ========================= [nathan.peters at dc2-ipa-dev-nvan ~]$ ldapsearch -D "cn=directory manager" -b "cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" -W Enter LDAP Password: # extended LDIF # # LDAPv3 # base with scope subtree # filter: (objectclass=*) # requesting: ALL # # replica, dc\3Ddev-mydomain\2Cdc\3Dnet, mapping tree, config dn: cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config cn: replica nsDS5Flags: 1 nsDS5ReplicaBindDN: cn=replication manager,cn=config nsDS5ReplicaBindDN: krbprincipalname=ldap/dc1-ipa-dev-nvan.dev-mydomain.net @DEV-mydomain.NET,cn=services,cn=accounts,dc=dev-mydomain,dc=net nsDS5ReplicaBindDN: krbprincipalname=ldap/dc1-ipa-dev-van.dev-mydomain.net@ DEV-mydomain.NET,cn=services,cn=accounts,dc=dev-mydomain,dc=net nsDS5ReplicaId: 15 nsDS5ReplicaName: 74d8b993-bcb911e5-ba5283c7-2a40cd64 nsDS5ReplicaRoot: dc=dev-mydomain,dc=net nsDS5ReplicaType: 3 nsState:: DwAAAAAAAADWrZ5WAAAAAAAAAAAAAAAAbAEAAAAAAAABAAAAAAAAAA== nsds5ReplicaLegacyConsumer: off nsds5replicabinddngroup: cn=replication managers,cn=sysaccounts,cn=etc,dc=dev- mydomain,dc=net nsds5replicabinddngroupcheckinterval: 60 objectClass: nsds5replica objectClass: top objectClass: extensibleobject nsds5ReplicaChangeCount: 66837 nsds5replicareapactive: 0 # meTodc1-ipa-dev-nvan.dev-mydomain.net, replica, dc\3Ddev-mydomain\2Cdc\ 3Dnet, mapping tree, config dn: cn=meTodc1-ipa-dev-nvan.dev-mydomain.net,cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config cn: meTodc1-ipa-dev-nvan.dev-mydomain.net description: me to dc1-ipa-dev-nvan.dev-mydomain.net nsDS5ReplicaBindMethod: SASL/GSSAPI nsDS5ReplicaHost: dc1-ipa-dev-nvan.dev-mydomain.net nsDS5ReplicaPort: 389 nsDS5ReplicaRoot: dc=dev-mydomain,dc=net nsDS5ReplicaTransportInfo: LDAP nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts uccessfulauth krblastfailedauth krbloginfailedcount nsds50ruv: {replicageneration} 553fe9bb000000040000 nsds50ruv: {replica 16 ldap://dc1-ipa-dev-nvan.dev-mydomain.net:389} 569afd 26000000100000 569b9201002200100000 nsds50ruv: {replica 17 ldap://dc1-ipa-dev-van.dev-mydomain.net:389} 569b124 b000000110000 569b91af000d00110000 nsds50ruv: {replica 15 ldap://dc2-ipa-dev-nvan.dev-mydomain.net:389} 569aee 040000000f0000 569b92010002000f0000 nsds50ruv: {replica 14 ldap://dc2-ipa-dev-van.dev-mydomain.net:389} 569ae7b b0000000e0000 569b91320014000e0000 nsds5ReplicaEnabled: on nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in ternalModifyTimestamp nsds5replicaTimeout: 120 nsruvReplicaLastModified: {replica 16 ldap://dc1-ipa-dev-nvan.dev-mydomain. net:389} 00000000 nsruvReplicaLastModified: {replica 17 ldap://dc1-ipa-dev-van.dev-mydomain.n et:389} 00000000 nsruvReplicaLastModified: {replica 15 ldap://dc2-ipa-dev-nvan.dev-mydomain. net:389} 00000000 nsruvReplicaLastModified: {replica 14 ldap://dc2-ipa-dev-van.dev-mydomain.n et:389} 00000000 objectClass: nsds5replicationagreement objectClass: top objectClass: ipaReplTopoManagedAgreement ipaReplTopoManagedAgreementState: managed agreement - controlled by topology p lugin nsds5replicareapactive: 0 nsds5replicaLastUpdateStart: 20160119214250Z nsds5replicaLastUpdateEnd: 20160119214250Z nsds5replicaChangesSentSinceStartup:: MTU6NDk2LzE2MjI3NzggMTQ6MS8wIDE3OjIyLzAg MTY6Mi8wIA== nsds5replicaLastUpdateStatus: 1 Can't acquire busy replica nsds5replicaUpdateInProgress: FALSE nsds5replicaLastInitStart: 19700101000000Z nsds5replicaLastInitEnd: 19700101000000Z # meTodc1-ipa-dev-van.dev-mydomain.net, replica, dc\3Ddev-mydomain\2Cdc\3 Dnet, mapping tree, config dn: cn=meTodc1-ipa-dev-van.dev-mydomain.net,cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config cn: meTodc1-ipa-dev-van.dev-mydomain.net description: me to dc1-ipa-dev-van.dev-mydomain.net nsDS5ReplicaBindMethod: SASL/GSSAPI nsDS5ReplicaHost: dc1-ipa-dev-van.dev-mydomain.net nsDS5ReplicaPort: 389 nsDS5ReplicaRoot: dc=dev-mydomain,dc=net nsDS5ReplicaTransportInfo: LDAP nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts uccessfulauth krblastfailedauth krbloginfailedcount nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in ternalModifyTimestamp nsds5replicaTimeout: 120 objectClass: nsds5replicationagreement objectClass: top objectClass: ipaReplTopoManagedAgreement ipaReplTopoManagedAgreementState: managed agreement - controlled by topology p lugin nsds50ruv: {replicageneration} 553fe9bb000000040000 nsds50ruv: {replica 17 ldap://dc1-ipa-dev-van.dev-mydomain.net:389} 569b124 b000000110000 569b9201000500110000 nsds50ruv: {replica 16 ldap://dc1-ipa-dev-nvan.dev-mydomain.net:389} 569afd 26000000100000 569b918d004a00100000 nsds50ruv: {replica 15 ldap://dc2-ipa-dev-nvan.dev-mydomain.net:389} 569aee 040000000f0000 569b92010002000f0000 nsds50ruv: {replica 14 ldap://dc2-ipa-dev-van.dev-mydomain.net:389} 569ae7b b0000000e0000 569b91320014000e0000 nsruvReplicaLastModified: {replica 17 ldap://dc1-ipa-dev-van.dev-mydomain.n et:389} 00000000 nsruvReplicaLastModified: {replica 16 ldap://dc1-ipa-dev-nvan.dev-mydomain. net:389} 00000000 nsruvReplicaLastModified: {replica 15 ldap://dc2-ipa-dev-nvan.dev-mydomain. net:389} 00000000 nsruvReplicaLastModified: {replica 14 ldap://dc2-ipa-dev-van.dev-mydomain.n et:389} 00000000 nsds5replicareapactive: 0 nsds5replicaLastUpdateStart: 20160119214305Z nsds5replicaLastUpdateEnd: 20160119214305Z nsds5replicaChangesSentSinceStartup:: MTU6NjQ0LzI4NDc1OTggMTY6MTc2LzAgMTc6Mi8w IDA6MS8wIA== nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd ate succeeded nsds5replicaUpdateInProgress: FALSE nsds5replicaLastInitStart: 19700101000000Z nsds5replicaLastInitEnd: 19700101000000Z # search result search: 2 result: 0 Success # numResponses: 4 # numEntries: 3 -----Original Message----- From: Rob Crittenden [mailto:rcritten at redhat.com] Sent: January-19-16 12:33 PM To: Nathan Peters; Ludwig Krispenz Cc: freeipa-users at redhat.com Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists Nathan Peters wrote: > Ok, after rm-rf /etc/dirsrv I was able to re-install again, but back to the old issue with DuplicatEntry. > > Can anyone on this list tell me how to fix this issue ? This is a production domain with several hundred clients and servers attached, so I can't just blow it away and start over. You've had several people trying. > I need to get this fixed. I think Ludwig's question still stands: on what host are you seeing the duplicate entry logged (err=68)? I presume on the master it is trying to create the agreement against. Have you looked to see if this entry exists on your current masters? rob From Lachlan.Simpson at petermac.org Tue Jan 19 22:26:41 2016 From: Lachlan.Simpson at petermac.org (Simpson Lachlan) Date: Tue, 19 Jan 2016 22:26:41 +0000 Subject: [Freeipa-users] IPA wont start, all services fail In-Reply-To: <20160119063310.GI4316@redhat.com> References: <0137003026EBE54FBEC540C5600C03C432D414@PMC-EXMBX02.petermac.org.au> <20160115065847.GC4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432D71C@PMC-EXMBX02.petermac.org.au> <20160118072748.GO4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432DA09@PMC-EXMBX02.petermac.org.au> <20160118223643.GG4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432DA31@PMC-EXMBX02.petermac.org.au> <0137003026EBE54FBEC540C5600C03C432DC31@PMC-EXMBX02.petermac.org.au> <20160119063310.GI4316@redhat.com> Message-ID: <0137003026EBE54FBEC540C5600C03C432DE7C@PMC-EXMBX02.petermac.org.au> > -----Original Message----- > From: Alexander Bokovoy [mailto:abokovoy at redhat.com] > Let's start from the beginning: > > - What distribution you are running? Centos, Linux release 7.2.1511 (Core) > - What IPA packages are installed? [root at vmts-linuxidm ~]# yum list installed | grep ipa ipa-admintools.x86_64 4.2.0-15.el7.centos.3 @updates ipa-client.x86_64 4.2.0-15.el7.centos.3 @updates ipa-python.x86_64 4.2.0-15.el7.centos.3 @updates ipa-server.x86_64 4.2.0-15.el7.centos.3 @updates ipa-server-dns.x86_64 4.2.0-15.el7.centos.3 @updates ipa-server-trust-ad.x86_64 4.2.0-15.el7.centos.3 @updates libipa_hbac.x86_64 1.13.0-40.el7_2.1 @updates python-iniparse.noarch 0.4-9.el7 @anaconda python-libipa_hbac.x86_64 1.13.0-40.el7_2.1 @updates sssd-ipa.x86_64 1.13.0-40.el7_2.1 @updates > - What 389-ds-base package is installed? [root at vmts-linuxidm ~]# yum list installed | grep 389 389-admin.x86_64 1.1.38-1.el7 @epel 389-adminutil.x86_64 1.1.21-2.el7 @epel 389-adminutil-devel.x86_64 1.1.21-2.el7 @epel 389-ds-base.x86_64 1.3.4.0-21.el7_2 @updates 389-ds-base-debuginfo.x86_64 1.3.4.0-21.el7_2 @base-debuginfo 389-ds-base-libs.x86_64 1.3.4.0-21.el7_2 @updates > - What slapi-nis package is installed? slapi-nis.x86_64 0.54-6.el7_2 @updates > It looks like if things are working for "few hours" and then stop, this means 389-ds > did crash somehow. There were several cases where it might crash but they were > fixed and latest releases have no known crashes, either with RHEL 6.7 or RHEL > 7.2 and their off-springs. Cheers L. This email (including any attachments or links) may contain confidential and/or legally privileged information and is intended only to be read or used by the addressee. If you are not the intended addressee, any use, distribution, disclosure or copying of this email is strictly prohibited. Confidentiality and legal privilege attached to this email (including any attachments) are not waived or lost by reason of its mistaken delivery to you. If you have received this email in error, please delete it and notify us immediately by telephone or email. Peter MacCallum Cancer Centre provides no guarantee that this transmission is free of virus or that it has not been intercepted or altered and will not be liable for any delay in its receipt. From datakid at gmail.com Tue Jan 19 22:15:47 2016 From: datakid at gmail.com (Lachlan Musicman) Date: Wed, 20 Jan 2016 09:15:47 +1100 Subject: [Freeipa-users] idoverride-add gives incorrect, inconsistant results? In-Reply-To: <20160119074936.GD3391@hendrix> References: <0137003026EBE54FBEC540C5600C03C432DB61@PMC-EXMBX02.petermac.org.au> <20160119074936.GD3391@hendrix> Message-ID: 1.13.0 ------ The most dangerous phrase in the language is, "We've always done it this way." - Grace Hopper On 19 January 2016 at 18:49, Jakub Hrozek wrote: > On Tue, Jan 19, 2016 at 12:23:39AM +0000, Simpson Lachlan wrote: > > Since I got the service back up and running, I was continuing my > tests/learning by following the steps on the V4 Migrating existing > environments to Trust page: > > > > > http://www.freeipa.org/page/V4/Migrating_existing_environments_to_Trust#How_to_Test > > > > > > > > [root at vmts-linuxidm ~]# id TestUser at co.org.au > > uid=1750693931(testuser at co.org.au) gid=1750693931(testuser at co.org.au) > groups=1750693931(testuser at co.org.au),1750687326(bioinf-staff at co.org.au) > > > > > > Success and joy. > > > > > > [root at vmts-linuxidm ~]# ipa idoverrideuser-add 'Default Trust View' > testuser at co.org.au --uid 1506 > > ------------------------------------------------------- > > Added User ID override "testuser at co.org.au" > > ------------------------------------------------------- > > Anchor to override: testuser at co.org.au > > UID: 1506 > > > > > > > > Great. > > > > > > [root at vmts-linuxidm ~]# sudo systemctl restart sssd > > > > [root at vmts-linuxidm ~]# id testuser at co.org.au > > uid=1750693931(testuser at co.org.au) gid=1750693931(testuser at co.org.au) > groups=1750693931(testuser at co.org.au),1750687326(bioinf-staff at co.org.au) > > > > > > Huh? The documentation linked to above says that uid should now be 1506? > > What sssd version? > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rcritten at redhat.com Tue Jan 19 23:31:45 2016 From: rcritten at redhat.com (Rob Crittenden) Date: Tue, 19 Jan 2016 18:31:45 -0500 Subject: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists In-Reply-To: References: <569CCB5D.8040400@redhat.com> <569D27C4.10602@redhat.com> <569D2F2F.6080806@redhat.com> <569DF522.4090505@redhat.com> <569E687D.5040006@redhat.com> <569E9D5F.9070801@redhat.com> Message-ID: <569EC761.9090306@redhat.com> Nathan Peters wrote: > [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 ADD dn="cn=replica,cn=dc\3Ddev-globalrelay\2Cdc\3Dnet,cn=mapping tree,cn=config" > [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 RESULT err=68 tag=105 nentries=0 etime=0 > [18/Jan/2016:09:28:33 -0800] conn=18732 op=11 UNBIND > > Do you mean that log entry ^? I am seeing that entry on dc2-ipa-dev-nvan, the host that dc1-ipa-dev-van is contacting as its master when we attempt the ipa-replica-install. Look through my earlier posts in this thread for a full log. Don't assume we have any idea what your hostnames mean, especially when they differ only by a few characters. It is good to list them but I'd also suggest you use terms like existing master and new server or something so we can distinguish the players without having to slowly parse every name. > Yes, of course that DN exists on all my masters. With a 3 way replication it would have to exist because the current master is replicating to 2 other masters. Here is the ldapsearch for all 3 existing hosts showing that DN (dn="cn=replica,cn=dc\3Ddev-globalrelay\2Cdc\3Dnet,cn=mapping tree,cn=config") which is apparently failing to be added because it already exists on all my hosts. The important thing here is that cn=config is not replicated. It is configured on each master during replica setup, exactly where it is failing for you. Given that it is failing on ANOTHER server says a lot. It is failing, I think in part, because this search on the remote master is returning no entries: [18/Jan/2016:09:28:33 -0800] conn=18732 op=9 SRCH base="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" scope=0 filter="(objectClass=*)" attrs=ALL [18/Jan/2016:09:28:33 -0800] conn=18732 op=9 RESULT err=0 tag=101 nentries=0 etime=0 Right after this is the ADD which fails with err=68 which means that in fact, it does exist. I'm not sure why this is happening. I don't immediately see why a NotFound would be raised in this case but I'm guessing it is. It would be interesting to walk through the code using the python debugger, pdb. In any case the duplicate entry is due to the replica setup code trying to configure the remote master for basic replication and this has already been done. rob From abokovoy at redhat.com Wed Jan 20 08:20:11 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Wed, 20 Jan 2016 10:20:11 +0200 Subject: [Freeipa-users] IPA wont start, all services fail In-Reply-To: <0137003026EBE54FBEC540C5600C03C432DE7C@PMC-EXMBX02.petermac.org.au> References: <0137003026EBE54FBEC540C5600C03C432D414@PMC-EXMBX02.petermac.org.au> <20160115065847.GC4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432D71C@PMC-EXMBX02.petermac.org.au> <20160118072748.GO4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432DA09@PMC-EXMBX02.petermac.org.au> <20160118223643.GG4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432DA31@PMC-EXMBX02.petermac.org.au> <0137003026EBE54FBEC540C5600C03C432DC31@PMC-EXMBX02.petermac.org.au> <20160119063310.GI4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432DE7C@PMC-EXMBX02.petermac.org.au> Message-ID: <20160120082011.GO4316@redhat.com> On Tue, 19 Jan 2016, Simpson Lachlan wrote: >> -----Original Message----- > >> From: Alexander Bokovoy [mailto:abokovoy at redhat.com] >> Let's start from the beginning: >> >> - What distribution you are running? > >Centos, Linux release 7.2.1511 (Core) > > >> - What IPA packages are installed? > >[root at vmts-linuxidm ~]# yum list installed | grep ipa >ipa-admintools.x86_64 4.2.0-15.el7.centos.3 @updates >ipa-client.x86_64 4.2.0-15.el7.centos.3 @updates >ipa-python.x86_64 4.2.0-15.el7.centos.3 @updates >ipa-server.x86_64 4.2.0-15.el7.centos.3 @updates >ipa-server-dns.x86_64 4.2.0-15.el7.centos.3 @updates >ipa-server-trust-ad.x86_64 4.2.0-15.el7.centos.3 @updates >libipa_hbac.x86_64 1.13.0-40.el7_2.1 @updates >python-iniparse.noarch 0.4-9.el7 @anaconda >python-libipa_hbac.x86_64 1.13.0-40.el7_2.1 @updates >sssd-ipa.x86_64 1.13.0-40.el7_2.1 @updates > >> - What 389-ds-base package is installed? > >[root at vmts-linuxidm ~]# yum list installed | grep 389 >389-admin.x86_64 1.1.38-1.el7 @epel >389-adminutil.x86_64 1.1.21-2.el7 @epel >389-adminutil-devel.x86_64 1.1.21-2.el7 @epel >389-ds-base.x86_64 1.3.4.0-21.el7_2 @updates >389-ds-base-debuginfo.x86_64 1.3.4.0-21.el7_2 @base-debuginfo >389-ds-base-libs.x86_64 1.3.4.0-21.el7_2 @updates > > >> - What slapi-nis package is installed? > >slapi-nis.x86_64 0.54-6.el7_2 @updates Ok, thanks. I've looked at 4.2.0-15.el7.centos.3, it only has debranding patch (change from Red Hat branding to a plain one and adding of CentOS 'OS'), this shouldn't be a problem. Is there any coredump available with 389-ds crashing? I've asked you to use http://www.port389.org/docs/389ds/FAQ/faq.html#debugging-crashes to enable coredumps for 389-ds in one of previous discussions, was it done? You seemed to get diverted to winbindd core (which was expected to coredump as 389-ds was not available), but if you see 389-ds disappearing in several hours without any logging, this means there was a crash and we'd like to see the coredump of it. You can check also /var/log/audit/audit.log to see if there is a trace of a crash. It may take different ways but one crash type is following: type=ANOM_ABEND msg=audit(1453212583.746:2337): auid=4294967295 uid=983 gid=980 ses=4294967295 subj=system_u:system_r:dirsrv_t:s0 pid=26079 comm="ns-slapd" exe="/usr/sbin/ns-slapd" sig=11 it is a crash with SIGSEGV (segmentation fault, a.k.a. null-pointer dereference). Thierry, is there any known issue with 1.3.4.0-21.el7_2 that might cause 389-ds crash? -- / Alexander Bokovoy From LuisFilipe.Domingues at nagra.com Wed Jan 20 08:29:40 2016 From: LuisFilipe.Domingues at nagra.com (Domingues Luis Filipe) Date: Wed, 20 Jan 2016 08:29:40 +0000 Subject: [Freeipa-users] ns-slapd using all CPU ressources In-Reply-To: <569E5D5F.2070305@redhat.com> References: <44CB25C72DF2CF4591AFBE25ED76033FB063A4@CHX-EXMBX-01.hq.k.grp>, <5699077D.7040408@redhat.com> <44CB25C72DF2CF4591AFBE25ED76033FB07CEE@CHX-EXMBX-01.hq.k.grp> <569E5D5F.2070305@redhat.com> Message-ID: <44CB25C72DF2CF4591AFBE25ED76033FB07EB8@CHX-EXMBX-01.hq.k.grp> Hi, Thanks, this is actually the version we are running. Do you have a link to the ticket? I tried to find it on the bug tracer but I have always a ticket not found. Luis -----Original Message----- From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Ludwig Krispenz Sent: mardi 19 janvier 2016 16:59 To: freeipa-users at redhat.com Subject: Re: [Freeipa-users] ns-slapd using all CPU ressources Hi, if you are running 389-ds 1.3.4+ you may hit, ticket #48379. It id fixed and a new build is in preparation Ludwig On 01/19/2016 03:39 PM, Domingues Luis Filipe wrote: > Hi, > > Reading the backtrace I have 30 threads with the same stack: > > Thread 6 (Thread 0x7f572efed700 (LWP 1335)): > #0 0x00007f576f80a877 in sched_yield () from /lib64/libc.so.6 No > symbol table info available. > #1 0x00007f577014df28 in PR_Sleep () from /lib64/libnspr4.so No > symbol table info available. > #2 0x000055c939e9e7c7 in connection_threadmain () No symbol table > info available. > #3 0x00007f577014d5cb in _pt_root () from /lib64/libnspr4.so No > symbol table info available. > #4 0x00007f576faec60a in start_thread () from /lib64/libpthread.so.0 > No symbol table info available. > #5 0x00007f576f826a4d in clone () from /lib64/libc.so.6 No symbol > table info available. > > While the other instance which is running fine, almost all threads are waiting on a cond_wait, with thise stack: > Thread 48 (Thread 0x7fced53a9700 (LWP 1871)): > #0 0x00007fcee9269b10 in pthread_cond_wait@@GLIBC_2.3.2 () from > /lib64/libpthread.so.0 No symbol table info available. > #1 0x00007fcee98bfcf0 in PR_WaitCondVar () from /lib64/libnspr4.so No > symbol table info available. > #2 0x00007fceeb7172c8 in slapi_wait_condvar () from > /usr/lib64/dirsrv/libslapd.so.0 No symbol table info available. > #3 0x00007fcee127a67e in cos_cache_wait_on_change () from > /usr/lib64/dirsrv/plugins/libcos-plugin.so > No symbol table info available. > #4 0x00007fcee98c55cb in _pt_root () from /lib64/libnspr4.so No > symbol table info available. > #5 0x00007fcee926460a in start_thread () from /lib64/libpthread.so.0 > No symbol table info available. > #6 0x00007fcee8f9ea4d in clone () from /lib64/libc.so.6 No symbol > table info available. > > Luis. > ________________________________________ > From: Rob Crittenden [rcritten at redhat.com] > Sent: Friday, January 15, 2016 3:51 PM > To: Domingues Luis Filipe; freeipa-users at redhat.com > Cc: Aviolat Romain > Subject: Re: [Freeipa-users] ns-slapd using all CPU ressources > > Domingues Luis Filipe wrote: >> Hi all, >> >> On our infra, we have two machines running Fedora with FreeIPA installed. >> >> we have an issue with ns-slapd using 100% of CPU after a while. If we >> restart the service, it starts to use all CPU resources after one day. >> >> Outpute of the command strace -c -p running for 4 minutes is: >> >> % time seconds usecs/call calls errors syscall >> ------ ----------- ----------- --------- --------- ---------------- >> 99.80 229.603633 11247 20415 poll >> 0.15 0.340032 10 32983 4 futex >> 0.05 0.114068 114068 1 restart_syscall >> 0.00 0.003464 0 20420 20416 getpeername >> 0.00 0.002752 0 20416 clock_gettime >> 0.00 0.001920 0 9840 read >> 0.00 0.000205 5 45 close >> 0.00 0.000036 2 22 access >> 0.00 0.000017 1 22 open >> 0.00 0.000016 1 24 accept >> 0.00 0.000012 0 45 setsockopt >> 0.00 0.000007 0 22 fstat >> 0.00 0.000000 0 22 stat >> 0.00 0.000000 0 1 sendto >> 0.00 0.000000 0 24 getsockname >> 0.00 0.000000 0 4 getsockopt >> 0.00 0.000000 0 70 fcntl >> 0.00 0.000000 0 22 gettimeofday >> ------ ----------- ----------- --------- --------- ---------------- >> 100.00 230.066162 104398 20420 total >> >> >> >> Plus we looked at the syscalls using FTrace: >> >> ns-slapd-7963 [000] .... 4063846.395630: sys_sched_yield() >> ns-slapd-7956 [000] .... 4063846.395631: sys_sched_yield -> 0x0 >> ns-slapd-7956 [000] .... 4063846.395632: sys_sched_yield() >> ns-slapd-7973 [000] .... 4063846.395633: sys_sched_yield -> 0x0 >> ns-slapd-7973 [000] .... 4063846.395634: sys_sched_yield() >> ns-slapd-7965 [000] .... 4063846.395635: sys_sched_yield -> 0x0 >> ns-slapd-7965 [000] .... 4063846.395637: sys_sched_yield() >> ns-slapd-7963 [000] .... 4063846.395637: sys_sched_yield -> 0x0 >> ns-slapd-7963 [000] .... 4063846.395639: sys_sched_yield() >> ns-slapd-7956 [000] .... 4063846.395640: sys_sched_yield -> 0x0 >> ns-slapd-7956 [000] .... 4063846.395641: sys_sched_yield() >> ns-slapd-7973 [000] .... 4063846.395642: sys_sched_yield -> 0x0 >> ns-slapd-7973 [000] .... 4063846.395643: sys_sched_yield() >> ns-slapd-7965 [000] .... 4063846.395644: sys_sched_yield -> 0x0 >> >> The sys_sched_yield function is called almost every 2 microseconds. It seems too much. > Your best bet is to get a pstack or full backtrace to see what 389-ds > is doing. See > http://directory.fedoraproject.org/docs/389ds/FAQ/faq.html#debugging-h > angs > > rob > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project From jhrozek at redhat.com Wed Jan 20 08:42:25 2016 From: jhrozek at redhat.com (Jakub Hrozek) Date: Wed, 20 Jan 2016 09:42:25 +0100 Subject: [Freeipa-users] idoverride-add gives incorrect, inconsistant results? In-Reply-To: References: <0137003026EBE54FBEC540C5600C03C432DB61@PMC-EXMBX02.petermac.org.au> <20160119074936.GD3391@hendrix> Message-ID: <20160120084225.GA3391@hendrix> On Wed, Jan 20, 2016 at 09:15:47AM +1100, Lachlan Musicman wrote: > 1.13.0 I suspect it's 7.2, then. Did you alrady update to the latest available version (1.13.0-41)? If yes, do you have logfiles? See https://fedorahosted.org/sssd/wiki/Troubleshooting From tbordaz at redhat.com Wed Jan 20 08:44:47 2016 From: tbordaz at redhat.com (thierry bordaz) Date: Wed, 20 Jan 2016 09:44:47 +0100 Subject: [Freeipa-users] IPA wont start, all services fail In-Reply-To: <20160120082011.GO4316@redhat.com> References: <0137003026EBE54FBEC540C5600C03C432D414@PMC-EXMBX02.petermac.org.au> <20160115065847.GC4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432D71C@PMC-EXMBX02.petermac.org.au> <20160118072748.GO4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432DA09@PMC-EXMBX02.petermac.org.au> <20160118223643.GG4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432DA31@PMC-EXMBX02.petermac.org.au> <0137003026EBE54FBEC540C5600C03C432DC31@PMC-EXMBX02.petermac.org.au> <20160119063310.GI4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432DE7C@PMC-EXMBX02.petermac.org.au> <20160120082011.GO4316@redhat.com> Message-ID: <569F48FF.2070108@redhat.com> On 01/20/2016 09:20 AM, Alexander Bokovoy wrote: > On Tue, 19 Jan 2016, Simpson Lachlan wrote: >>> -----Original Message----- >> >>> From: Alexander Bokovoy [mailto:abokovoy at redhat.com] >>> Let's start from the beginning: >>> >>> - What distribution you are running? >> >> Centos, Linux release 7.2.1511 (Core) >> >> >>> - What IPA packages are installed? >> >> [root at vmts-linuxidm ~]# yum list installed | grep ipa >> ipa-admintools.x86_64 4.2.0-15.el7.centos.3 @updates >> ipa-client.x86_64 4.2.0-15.el7.centos.3 @updates >> ipa-python.x86_64 4.2.0-15.el7.centos.3 @updates >> ipa-server.x86_64 4.2.0-15.el7.centos.3 @updates >> ipa-server-dns.x86_64 4.2.0-15.el7.centos.3 @updates >> ipa-server-trust-ad.x86_64 4.2.0-15.el7.centos.3 @updates >> libipa_hbac.x86_64 1.13.0-40.el7_2.1 @updates >> python-iniparse.noarch 0.4-9.el7 @anaconda >> python-libipa_hbac.x86_64 1.13.0-40.el7_2.1 @updates >> sssd-ipa.x86_64 1.13.0-40.el7_2.1 @updates >> >>> - What 389-ds-base package is installed? >> >> [root at vmts-linuxidm ~]# yum list installed | grep 389 >> 389-admin.x86_64 1.1.38-1.el7 @epel >> 389-adminutil.x86_64 1.1.21-2.el7 @epel >> 389-adminutil-devel.x86_64 1.1.21-2.el7 @epel >> 389-ds-base.x86_64 1.3.4.0-21.el7_2 @updates >> 389-ds-base-debuginfo.x86_64 1.3.4.0-21.el7_2 >> @base-debuginfo >> 389-ds-base-libs.x86_64 1.3.4.0-21.el7_2 @updates >> >> >>> - What slapi-nis package is installed? >> >> slapi-nis.x86_64 0.54-6.el7_2 @updates > Ok, thanks. I've looked at 4.2.0-15.el7.centos.3, it only has debranding > patch (change from Red Hat branding to a plain one and adding of CentOS > 'OS'), this shouldn't be a problem. > > Is there any coredump available with 389-ds crashing? I've asked you to > use http://www.port389.org/docs/389ds/FAQ/faq.html#debugging-crashes to > enable coredumps for 389-ds in one of previous discussions, was it done? > You seemed to get diverted to winbindd core (which was expected to > coredump as 389-ds was not available), but if you see 389-ds > disappearing in several hours without any logging, this means there was > a crash and we'd like to see the coredump of it. > > You can check also /var/log/audit/audit.log to see if there is a trace > of a crash. It may take different ways but one crash type is following: > > type=ANOM_ABEND msg=audit(1453212583.746:2337): auid=4294967295 uid=983 > gid=980 ses=4294967295 subj=system_u:system_r:dirsrv_t:s0 pid=26079 > comm="ns-slapd" exe="/usr/sbin/ns-slapd" sig=11 > > it is a crash with SIGSEGV (segmentation fault, a.k.a. null-pointer > dereference). > > Thierry, is there any known issue with 1.3.4.0-21.el7_2 that might cause > 389-ds crash? > No known crash are fixed between 1.3.4.0-21.el7_2 and 1.3.4.0-24.el7_2. We really need a core/pstack to match any known crash. Does it occur frequently, so you may wait for the next occurrence to get a core/pstack. thanks thierry From mbasti at redhat.com Wed Jan 20 09:15:44 2016 From: mbasti at redhat.com (Martin Basti) Date: Wed, 20 Jan 2016 10:15:44 +0100 Subject: [Freeipa-users] ns-slapd using all CPU ressources In-Reply-To: <44CB25C72DF2CF4591AFBE25ED76033FB07EB8@CHX-EXMBX-01.hq.k.grp> References: <44CB25C72DF2CF4591AFBE25ED76033FB063A4@CHX-EXMBX-01.hq.k.grp> <5699077D.7040408@redhat.com> <44CB25C72DF2CF4591AFBE25ED76033FB07CEE@CHX-EXMBX-01.hq.k.grp> <569E5D5F.2070305@redhat.com> <44CB25C72DF2CF4591AFBE25ED76033FB07EB8@CHX-EXMBX-01.hq.k.grp> Message-ID: <569F5040.9060204@redhat.com> On 20.01.2016 09:29, Domingues Luis Filipe wrote: > Hi, > > Thanks, this is actually the version we are running. > > Do you have a link to the ticket? I tried to find it on the bug tracer but I have always a ticket not found. > > Luis Link to DS ticket https://fedorahosted.org/389/ticket/48379 > > -----Original Message----- > From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Ludwig Krispenz > Sent: mardi 19 janvier 2016 16:59 > To: freeipa-users at redhat.com > Subject: Re: [Freeipa-users] ns-slapd using all CPU ressources > > Hi, > if you are running 389-ds 1.3.4+ you may hit, ticket #48379. It id fixed and a new build is in preparation > > Ludwig > > On 01/19/2016 03:39 PM, Domingues Luis Filipe wrote: >> Hi, >> >> Reading the backtrace I have 30 threads with the same stack: >> >> Thread 6 (Thread 0x7f572efed700 (LWP 1335)): >> #0 0x00007f576f80a877 in sched_yield () from /lib64/libc.so.6 No >> symbol table info available. >> #1 0x00007f577014df28 in PR_Sleep () from /lib64/libnspr4.so No >> symbol table info available. >> #2 0x000055c939e9e7c7 in connection_threadmain () No symbol table >> info available. >> #3 0x00007f577014d5cb in _pt_root () from /lib64/libnspr4.so No >> symbol table info available. >> #4 0x00007f576faec60a in start_thread () from /lib64/libpthread.so.0 >> No symbol table info available. >> #5 0x00007f576f826a4d in clone () from /lib64/libc.so.6 No symbol >> table info available. >> >> While the other instance which is running fine, almost all threads are waiting on a cond_wait, with thise stack: >> Thread 48 (Thread 0x7fced53a9700 (LWP 1871)): >> #0 0x00007fcee9269b10 in pthread_cond_wait@@GLIBC_2.3.2 () from >> /lib64/libpthread.so.0 No symbol table info available. >> #1 0x00007fcee98bfcf0 in PR_WaitCondVar () from /lib64/libnspr4.so No >> symbol table info available. >> #2 0x00007fceeb7172c8 in slapi_wait_condvar () from >> /usr/lib64/dirsrv/libslapd.so.0 No symbol table info available. >> #3 0x00007fcee127a67e in cos_cache_wait_on_change () from >> /usr/lib64/dirsrv/plugins/libcos-plugin.so >> No symbol table info available. >> #4 0x00007fcee98c55cb in _pt_root () from /lib64/libnspr4.so No >> symbol table info available. >> #5 0x00007fcee926460a in start_thread () from /lib64/libpthread.so.0 >> No symbol table info available. >> #6 0x00007fcee8f9ea4d in clone () from /lib64/libc.so.6 No symbol >> table info available. >> >> Luis. >> ________________________________________ >> From: Rob Crittenden [rcritten at redhat.com] >> Sent: Friday, January 15, 2016 3:51 PM >> To: Domingues Luis Filipe; freeipa-users at redhat.com >> Cc: Aviolat Romain >> Subject: Re: [Freeipa-users] ns-slapd using all CPU ressources >> >> Domingues Luis Filipe wrote: >>> Hi all, >>> >>> On our infra, we have two machines running Fedora with FreeIPA installed. >>> >>> we have an issue with ns-slapd using 100% of CPU after a while. If we >>> restart the service, it starts to use all CPU resources after one day. >>> >>> Outpute of the command strace -c -p running for 4 minutes is: >>> >>> % time seconds usecs/call calls errors syscall >>> ------ ----------- ----------- --------- --------- ---------------- >>> 99.80 229.603633 11247 20415 poll >>> 0.15 0.340032 10 32983 4 futex >>> 0.05 0.114068 114068 1 restart_syscall >>> 0.00 0.003464 0 20420 20416 getpeername >>> 0.00 0.002752 0 20416 clock_gettime >>> 0.00 0.001920 0 9840 read >>> 0.00 0.000205 5 45 close >>> 0.00 0.000036 2 22 access >>> 0.00 0.000017 1 22 open >>> 0.00 0.000016 1 24 accept >>> 0.00 0.000012 0 45 setsockopt >>> 0.00 0.000007 0 22 fstat >>> 0.00 0.000000 0 22 stat >>> 0.00 0.000000 0 1 sendto >>> 0.00 0.000000 0 24 getsockname >>> 0.00 0.000000 0 4 getsockopt >>> 0.00 0.000000 0 70 fcntl >>> 0.00 0.000000 0 22 gettimeofday >>> ------ ----------- ----------- --------- --------- ---------------- >>> 100.00 230.066162 104398 20420 total >>> >>> >>> >>> Plus we looked at the syscalls using FTrace: >>> >>> ns-slapd-7963 [000] .... 4063846.395630: sys_sched_yield() >>> ns-slapd-7956 [000] .... 4063846.395631: sys_sched_yield -> 0x0 >>> ns-slapd-7956 [000] .... 4063846.395632: sys_sched_yield() >>> ns-slapd-7973 [000] .... 4063846.395633: sys_sched_yield -> 0x0 >>> ns-slapd-7973 [000] .... 4063846.395634: sys_sched_yield() >>> ns-slapd-7965 [000] .... 4063846.395635: sys_sched_yield -> 0x0 >>> ns-slapd-7965 [000] .... 4063846.395637: sys_sched_yield() >>> ns-slapd-7963 [000] .... 4063846.395637: sys_sched_yield -> 0x0 >>> ns-slapd-7963 [000] .... 4063846.395639: sys_sched_yield() >>> ns-slapd-7956 [000] .... 4063846.395640: sys_sched_yield -> 0x0 >>> ns-slapd-7956 [000] .... 4063846.395641: sys_sched_yield() >>> ns-slapd-7973 [000] .... 4063846.395642: sys_sched_yield -> 0x0 >>> ns-slapd-7973 [000] .... 4063846.395643: sys_sched_yield() >>> ns-slapd-7965 [000] .... 4063846.395644: sys_sched_yield -> 0x0 >>> >>> The sys_sched_yield function is called almost every 2 microseconds. It seems too much. >> Your best bet is to get a pstack or full backtrace to see what 389-ds >> is doing. See >> http://directory.fedoraproject.org/docs/389ds/FAQ/faq.html#debugging-h >> angs >> >> rob >> > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project > From pvoborni at redhat.com Wed Jan 20 10:02:01 2016 From: pvoborni at redhat.com (Petr Vobornik) Date: Wed, 20 Jan 2016 11:02:01 +0100 Subject: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists In-Reply-To: <569EC761.9090306@redhat.com> References: <569D27C4.10602@redhat.com> <569D2F2F.6080806@redhat.com> <569DF522.4090505@redhat.com> <569E687D.5040006@redhat.com> <569E9D5F.9070801@redhat.com> <569EC761.9090306@redhat.com> Message-ID: <569F5B19.50009@redhat.com> On 01/20/2016 12:31 AM, Rob Crittenden wrote: > Nathan Peters wrote: >> [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 ADD dn="cn=replica,cn=dc\3Ddev-globalrelay\2Cdc\3Dnet,cn=mapping tree,cn=config" >> [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 RESULT err=68 tag=105 nentries=0 etime=0 >> [18/Jan/2016:09:28:33 -0800] conn=18732 op=11 UNBIND >> >> Do you mean that log entry ^? I am seeing that entry on dc2-ipa-dev-nvan, the host that dc1-ipa-dev-van is contacting as its master when we attempt the ipa-replica-install. Look through my earlier posts in this thread for a full log. > > Don't assume we have any idea what your hostnames mean, especially when > they differ only by a few characters. It is good to list them but I'd > also suggest you use terms like existing master and new server or > something so we can distinguish the players without having to slowly > parse every name. > >> Yes, of course that DN exists on all my masters. With a 3 way replication it would have to exist because the current master is replicating to 2 other masters. Here is the ldapsearch for all 3 existing hosts showing that DN (dn="cn=replica,cn=dc\3Ddev-globalrelay\2Cdc\3Dnet,cn=mapping tree,cn=config") which is apparently failing to be added because it already exists on all my hosts. > > The important thing here is that cn=config is not replicated. It is > configured on each master during replica setup, exactly where it is > failing for you. Given that it is failing on ANOTHER server says a lot. > > It is failing, I think in part, because this search on the remote master > is returning no entries: > > [18/Jan/2016:09:28:33 -0800] conn=18732 op=9 SRCH > base="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" > scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:33 -0800] conn=18732 op=9 RESULT err=0 tag=101 > nentries=0 etime=0 IMO this is the culprit. It should return the entry if it is in fact there. > > Right after this is the ADD which fails with err=68 which means that in > fact, it does exist. > > I'm not sure why this is happening. I don't immediately see why a > NotFound would be raised in this case but I'm guessing it is. It would > be interesting to walk through the code using the python debugger, pdb. > > In any case the duplicate entry is due to the replica setup code trying > to configure the remote master for basic replication and this has > already been done. Yes the replica code works as expected. Next step is to investigate why the search returns nothing. ACI issue? Weird DB state? Can other user fetch it? E.g. admin? If so wow does "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" on the master server looks like? -- Petr Vobornik From listeranon at gmail.com Wed Jan 20 10:30:58 2016 From: listeranon at gmail.com (Anon Lister) Date: Wed, 20 Jan 2016 05:30:58 -0500 Subject: [Freeipa-users] Fwd: Creating Trusts with AD - (RH#878168, FIPA#3266) In-Reply-To: References: Message-ID: So I had the same problem. For me it ended up being that some attribute was not created correctly in 389 using the instructions in the guide. I don't remember what it was off the top of my head. Something about a default user or group SID I think. Had to turn samba logging up. Eventually it shows the attribute it is failing on. I ended up manually adding it with vildap and it worked fine after that. If noone else gets it I'll poke around and see if I can find what it was, took me several hours to debug due to the somewhat misleading error message. On Jan 19, 2016 1:37 PM, "Jon" wrote: > Hello, > > While following the guide on setting up FreeIPA with AD > , I got to the > step where I'm adding the AD trust to FreeIPA but I receive an error: > > >> Active Directory domain administrator's password: > >> ipa: ERROR: CIFS server communication error: code "-1073741801", > >> message "Memory allocation error" (both may be "None") > > Thinking that the error was what was stated (my VM at the time only had > 1GB of ram), I shutdown my VM (memory hot add was not enabled in VMware, it > is now), bumped the RAM to 4GB, and booted the VM. > > Upon running the same command after reboot I received an error: > > >> ipa: ERROR: did not receive Kerberos credentials > > kinit admin is also reporting an error: > > >> kinit: Cannot contact any KDC for realm 'myrealm' while getting > initial credentials > > trying to start FreeIPA in debug mode identified the samba service as at > fault. > > >> Jan 19 10:19:50 myfreeipaserver smbd[3676]: kerberos error: > code=-1765328203, message=Keytab contains no suitable keys for cifs/ > myfreeipaserver at SUB.DOMAIN.MYDOMAIN.COM > >> Jan 19 10:19:51 myfreeipaserver smbd[3676]: [2016/01/19 > 10:19:51.261648, 0] ipa_sam.c:4520(pdb_init_ipasam) > >> Jan 19 10:19:51 myfreeipaserver smbd[3676]: Failed to get base DN. > >> Jan 19 10:19:51 myfreeipaserver smbd[3676]: [2016/01/19 > 10:19:51.262675, 0] > ../source3/passdb/pdb_interface.c:179(make_pdb_method_name) > >> Jan 19 10:19:51 myfreeipaserver smbd[3676]: pdb backend > ipasam:ldapi://%2fvar%2frun%2fslapd-SUB-DOMAIN-MYDOMAIN-COM.socket did not > correctly init (error was NT_STATUS_UNSUCCESSFUL) > > Googling for these errors turned up a few similar threads but none of the > solutions seemed to work and all signs pointed to AD integration as the > culprit... > > So I did what any good sysadmin would do and forced freeipa to start while > ignoring any failures. Every service except samba starts without issue. > > So I tried my trust connection again, and received the same error, > > >> Active Directory domain administrator's password: > >> ipa: ERROR: CIFS server communication error: code "-1073741801", > >> message "Memory allocation error" (both may be "None") > > Which brought me to googling two bug reports opened on this exact issue: > > >> https://bugzilla.redhat.com/show_bug.cgi?id=878168 > >> https://fedorahosted.org/freeipa/ticket/3266 > > Both of these bug reports indicate there's an upstream bug in Samba, the > bug has been closed and reopened at least once. I did add the AD servers > to /etc/hosts and rebooted the server. I have to go through the same > process of forcing freeipa to start after the server rebooted... However, I > received the same error message. > > While the bug report is currently closed, I seem to be experiencing the > same issues... > > Given this bug report, can you please answer me these questions three: > > 1) Given the issues with Samba starting after reboot, is this bug report > actually what's wrong or is the error message when trying to create a trust > a red herring and it's actually samba that's the problem? > 2) Does this bug report mean that trusts between FreeIPA and AD are > broken and can not be established until the upstream bug in Samba is fixed? > 3) Is there a workaround? (as adding the domain controllers to > /etc/hosts with IPv4 address does not appear to work) > > System Stats: > - AD Server: Win2k8R2 > - FreeIPA server: > > >> CentOS Linux release 7.2.1511 (Core) > > > >> # uname -a > >> Linux myserver 3.10.0-327.4.4.el7.x86_64 #1 SMP Tue Jan 5 16:07:00 UTC > 2016 x86_64 x86_64 x86_64 GNU/Linux > > >> # rpm -qa | grep ipa > >> python-libipa_hbac-1.13.0-40.el7_2.1.x86_64 > >> ipa-server-4.2.0-15.el7.centos.3.x86_64 > >> ipa-server-dns-4.2.0-15.el7.centos.3.x86_64 > >> python-iniparse-0.4-9.el7.noarch > >> libipa_hbac-1.13.0-40.el7_2.1.x86_64 > >> sssd-ipa-1.13.0-40.el7_2.1.x86_64 > >> ipa-python-4.2.0-15.el7.centos.3.x86_64 > >> ipa-client-4.2.0-15.el7.centos.3.x86_64 > >> ipa-server-trust-ad-4.2.0-15.el7.centos.3.x86_64 > >> ipa-admintools-4.2.0-15.el7.centos.3.x86_64 > > > I appreciate any help. I've been trying to get FreeIPA going for a couple > of weeks now and have run into nothing but frustrations. The funny thing > is, I've never had a problem deploying FreeIPA by itself... Microsoft > seems to be the common denominator in my hair pulling lately... Correlation > does not equal causation... but it sure is a coincidence... :) > > Thanks for your time! > > Best Regards, > Jon A > > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project > -------------- next part -------------- An HTML attachment was scrubbed... URL: From abokovoy at redhat.com Wed Jan 20 10:57:20 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Wed, 20 Jan 2016 12:57:20 +0200 Subject: [Freeipa-users] Fwd: Creating Trusts with AD - (RH#878168, FIPA#3266) In-Reply-To: References: Message-ID: <20160120105720.GU4316@redhat.com> On Wed, 20 Jan 2016, Anon Lister wrote: >So I had the same problem. For me it ended up being that some attribute was >not created correctly in 389 using the instructions in the guide. I don't >remember what it was off the top of my head. Something about a default user >or group SID I think. Had to turn samba logging up. Eventually it shows the >attribute it is failing on. I ended up manually adding it with vildap and >it worked fine after that. If noone else gets it I'll poke around and see >if I can find what it was, took me several hours to debug due to the >somewhat misleading error message. The message is the only thing we get from Samba Python libraries, so it is as good as what we get. Use http://www.freeipa.org/page/Active_Directory_trust_setup#Debugging_trust to produce debug output needed to find out where things happened. If your setup lacks 'Default SMB Group' group with a SID (ipaNTSecurityIdentifier attribute), run ipa-adtrust-install --add-sids. ipa-adtrust-install can be re-run several times to fix missing parts. It skips steps which were already done and only performs those that are really needed. However, if your base IPA deployment does not work, like in the Jon's case, there is little reason to run any of ipa-adtrust-install or other trust-related functions. Additionally, DNS should be configured properly. ipa-adtrust-install either automatically updates IPA DNS (if IPA manages the DNS zone) or produces list of entries that should be added to the DNS zone whoever manages it. This should not be overlooked -- when Active Directory domain controller tries to validate the trust, it uses DNS SRV records to find out IPA domain controllers ('trust controllers' in IPA speak, the ones where ipa-adtrust-install was run) and only considers those that are available via SRV records. If AD DC cannot find IPA DC via SRV record, trust cannot be validated. >On Jan 19, 2016 1:37 PM, "Jon" wrote: > >> Hello, >> >> While following the guide on setting up FreeIPA with AD >> , I got to the >> step where I'm adding the AD trust to FreeIPA but I receive an error: >> >> >> Active Directory domain administrator's password: >> >> ipa: ERROR: CIFS server communication error: code "-1073741801", >> >> message "Memory allocation error" (both may be "None") >> >> Thinking that the error was what was stated (my VM at the time only had >> 1GB of ram), I shutdown my VM (memory hot add was not enabled in VMware, it >> is now), bumped the RAM to 4GB, and booted the VM. >> >> Upon running the same command after reboot I received an error: >> >> >> ipa: ERROR: did not receive Kerberos credentials >> >> kinit admin is also reporting an error: >> >> >> kinit: Cannot contact any KDC for realm 'myrealm' while getting >> initial credentials >> >> trying to start FreeIPA in debug mode identified the samba service as at >> fault. >> >> >> Jan 19 10:19:50 myfreeipaserver smbd[3676]: kerberos error: >> code=-1765328203, message=Keytab contains no suitable keys for cifs/ >> myfreeipaserver at SUB.DOMAIN.MYDOMAIN.COM >> >> Jan 19 10:19:51 myfreeipaserver smbd[3676]: [2016/01/19 >> 10:19:51.261648, 0] ipa_sam.c:4520(pdb_init_ipasam) >> >> Jan 19 10:19:51 myfreeipaserver smbd[3676]: Failed to get base DN. >> >> Jan 19 10:19:51 myfreeipaserver smbd[3676]: [2016/01/19 >> 10:19:51.262675, 0] >> ../source3/passdb/pdb_interface.c:179(make_pdb_method_name) >> >> Jan 19 10:19:51 myfreeipaserver smbd[3676]: pdb backend >> ipasam:ldapi://%2fvar%2frun%2fslapd-SUB-DOMAIN-MYDOMAIN-COM.socket did not >> correctly init (error was NT_STATUS_UNSUCCESSFUL) >> >> Googling for these errors turned up a few similar threads but none of the >> solutions seemed to work and all signs pointed to AD integration as the >> culprit... >> >> So I did what any good sysadmin would do and forced freeipa to start while >> ignoring any failures. Every service except samba starts without issue. >> >> So I tried my trust connection again, and received the same error, >> >> >> Active Directory domain administrator's password: >> >> ipa: ERROR: CIFS server communication error: code "-1073741801", >> >> message "Memory allocation error" (both may be "None") >> >> Which brought me to googling two bug reports opened on this exact issue: >> >> >> https://bugzilla.redhat.com/show_bug.cgi?id=878168 >> >> https://fedorahosted.org/freeipa/ticket/3266 >> >> Both of these bug reports indicate there's an upstream bug in Samba, the >> bug has been closed and reopened at least once. I did add the AD servers >> to /etc/hosts and rebooted the server. I have to go through the same >> process of forcing freeipa to start after the server rebooted... However, I >> received the same error message. >> >> While the bug report is currently closed, I seem to be experiencing the >> same issues... >> >> Given this bug report, can you please answer me these questions three: >> >> 1) Given the issues with Samba starting after reboot, is this bug report >> actually what's wrong or is the error message when trying to create a trust >> a red herring and it's actually samba that's the problem? >> 2) Does this bug report mean that trusts between FreeIPA and AD are >> broken and can not be established until the upstream bug in Samba is fixed? >> 3) Is there a workaround? (as adding the domain controllers to >> /etc/hosts with IPv4 address does not appear to work) >> >> System Stats: >> - AD Server: Win2k8R2 >> - FreeIPA server: >> >> >> CentOS Linux release 7.2.1511 (Core) >> >> >> >> # uname -a >> >> Linux myserver 3.10.0-327.4.4.el7.x86_64 #1 SMP Tue Jan 5 16:07:00 UTC >> 2016 x86_64 x86_64 x86_64 GNU/Linux >> >> >> # rpm -qa | grep ipa >> >> python-libipa_hbac-1.13.0-40.el7_2.1.x86_64 >> >> ipa-server-4.2.0-15.el7.centos.3.x86_64 >> >> ipa-server-dns-4.2.0-15.el7.centos.3.x86_64 >> >> python-iniparse-0.4-9.el7.noarch >> >> libipa_hbac-1.13.0-40.el7_2.1.x86_64 >> >> sssd-ipa-1.13.0-40.el7_2.1.x86_64 >> >> ipa-python-4.2.0-15.el7.centos.3.x86_64 >> >> ipa-client-4.2.0-15.el7.centos.3.x86_64 >> >> ipa-server-trust-ad-4.2.0-15.el7.centos.3.x86_64 >> >> ipa-admintools-4.2.0-15.el7.centos.3.x86_64 >> >> >> I appreciate any help. I've been trying to get FreeIPA going for a couple >> of weeks now and have run into nothing but frustrations. The funny thing >> is, I've never had a problem deploying FreeIPA by itself... Microsoft >> seems to be the common denominator in my hair pulling lately... Correlation >> does not equal causation... but it sure is a coincidence... :) >> >> Thanks for your time! >> >> Best Regards, >> Jon A >> >> >> -- >> Manage your subscription for the Freeipa-users mailing list: >> https://www.redhat.com/mailman/listinfo/freeipa-users >> Go to http://freeipa.org for more info on the project >> >-- >Manage your subscription for the Freeipa-users mailing list: >https://www.redhat.com/mailman/listinfo/freeipa-users >Go to http://freeipa.org for more info on the project -- / Alexander Bokovoy From bahanw042014 at gmail.com Wed Jan 20 11:08:38 2016 From: bahanw042014 at gmail.com (bahan w) Date: Wed, 20 Jan 2016 12:08:38 +0100 Subject: [Freeipa-users] ipa-client-install and nsslapd-allow-anonymous-access: off Message-ID: Hello ! I send you this mail because of the following topic. I have FreeIPA 3.0.0.25 with RHEL 6.6 and I deactivated the anonymous access for security reasons. But now, I have a problem when I try to enroll a new host. Here is the command I try : ### ipa-client-install --domain= --realm= --server= --principal=admin --password= --mkhomedir --hostname= --no-ntp --no-ssh --no-sshd --unattended ### And here is the error message : ### 2016-01-20T11:06:44Z DEBUG Verifying that (realm None) is an IPA server 2016-01-20T11:06:44Z DEBUG Init LDAP connection with: ldap://:389 2016-01-20T11:06:44Z DEBUG LDAP Error: Anonymous access not allowed ### Is there a way with IPA 3.0.0.25 to enroll host with the anonymous acces disabled ? Best regards. Bahan -------------- next part -------------- An HTML attachment was scrubbed... URL: From mkosek at redhat.com Wed Jan 20 12:26:26 2016 From: mkosek at redhat.com (Martin Kosek) Date: Wed, 20 Jan 2016 13:26:26 +0100 Subject: [Freeipa-users] ipa-client-install and nsslapd-allow-anonymous-access: off In-Reply-To: References: Message-ID: <569F7CF2.3050908@redhat.com> On 01/20/2016 12:08 PM, bahan w wrote: > Hello ! > > I send you this mail because of the following topic. > > I have FreeIPA 3.0.0.25 with RHEL 6.6 and I deactivated the anonymous > access for security reasons. > > But now, I have a problem when I try to enroll a new host. > > Here is the command I try : > ### > ipa-client-install --domain= --realm= --server= ipaserver> --principal=admin --password= > --mkhomedir --hostname= --no-ntp --no-ssh --no-sshd > --unattended > ### > > And here is the error message : > ### > 2016-01-20T11:06:44Z DEBUG Verifying that (realm None) is > an IPA server > 2016-01-20T11:06:44Z DEBUG Init LDAP connection with: ldap:// server>:389 > 2016-01-20T11:06:44Z DEBUG LDAP Error: Anonymous access not allowed > ### > > Is there a way with IPA 3.0.0.25 to enroll host with the anonymous acces > disabled ? > > Best regards. > > Bahan Hello, This looks like https://bugzilla.redhat.com/show_bug.cgi?id=922843 It should be fixed in recent ipa-client versions (ipa-3.0.0-29.el6 and later). HTH, Martin From mkosek at redhat.com Wed Jan 20 12:52:25 2016 From: mkosek at redhat.com (Martin Kosek) Date: Wed, 20 Jan 2016 13:52:25 +0100 Subject: [Freeipa-users] ipa-client-install and nsslapd-allow-anonymous-access: off In-Reply-To: References: <569F7CF2.3050908@redhat.com> Message-ID: <569F8309.1010204@redhat.com> Adding freeipa-users back, so that others can benefit from the answer. Can you please attach a full ipaclient-install.log DEBUG log somewhere so that we can get the full context of the bug? You may also want to open a RHEL-6 Bugzilla as FreeIPA 3.0.0 is no longer developed upstream, but only maintained in RHEL-6.x. Thanks, Martin On 01/20/2016 01:39 PM, bahan w wrote: > Hello Martin ! > > Thanks for your answer, Martin ! > > I uninstalled the 3.0.0.25 and installed the 3.0.0.47, but unfortunately I > still have the same error message. > > # rpm -qa | grep ipa-client > ipa-client-3.0.0-47.el6.x86_64 > > And in ipa-client-install.log : > ### > 2016-01-20T12:38:14Z DEBUG [LDAP server check] > 2016-01-20T12:38:14Z DEBUG Verifying that (realm None) is > an IPA server > 2016-01-20T12:38:14Z DEBUG Init LDAP connection with: ldap:// server>:389 > 2016-01-20T12:38:14Z DEBUG LDAP Error: Anonymous access not allowed > ### > > Best regards. > > Bahan > > > On Wed, Jan 20, 2016 at 1:26 PM, Martin Kosek wrote: > >> On 01/20/2016 12:08 PM, bahan w wrote: >>> Hello ! >>> >>> I send you this mail because of the following topic. >>> >>> I have FreeIPA 3.0.0.25 with RHEL 6.6 and I deactivated the anonymous >>> access for security reasons. >>> >>> But now, I have a problem when I try to enroll a new host. >>> >>> Here is the command I try : >>> ### >>> ipa-client-install --domain= --realm= --server=>> ipaserver> --principal=admin --password= >>> --mkhomedir --hostname= --no-ntp --no-ssh --no-sshd >>> --unattended >>> ### >>> >>> And here is the error message : >>> ### >>> 2016-01-20T11:06:44Z DEBUG Verifying that (realm None) >> is >>> an IPA server >>> 2016-01-20T11:06:44Z DEBUG Init LDAP connection with: ldap://>> server>:389 >>> 2016-01-20T11:06:44Z DEBUG LDAP Error: Anonymous access not allowed >>> ### >>> >>> Is there a way with IPA 3.0.0.25 to enroll host with the anonymous acces >>> disabled ? >>> >>> Best regards. >>> >>> Bahan >> >> Hello, >> >> This looks like >> https://bugzilla.redhat.com/show_bug.cgi?id=922843 >> >> It should be fixed in recent ipa-client versions (ipa-3.0.0-29.el6 and >> later). >> >> HTH, >> Martin >> >> > From yks0000 at gmail.com Wed Jan 20 13:26:59 2016 From: yks0000 at gmail.com (Yogesh Sharma) Date: Wed, 20 Jan 2016 18:56:59 +0530 Subject: [Freeipa-users] UNABLE TO SEARCH HBAC RULE Message-ID: Hi, We have created a user with HBAC Admin permission which has below permission (Default as provided by IPA): System: Add HBAC Rule System: Add HBAC Service Groups System: Add HBAC Services System: Delete HBAC Rule System: Delete HBAC Service Groups System: Delete HBAC Services System: Manage HBAC Rule Membership System: Manage HBAC Service Group Membership System: Modify HBAC Rule When I try add below in a new RBAC, it denied the operation as it is already open for all. System: Read HBAC Rules System: Read HBAC Service Groups System: Read HBAC Services If we change it to permission, then login is failing. Please suggest what we need to do so that HBAC admin can search the HBAC rule in FreeIPA rule. *Best Regards,* *__________________________________________* *Yogesh Sharma* *Email: yks0000 at gmail.com | Web: www.initd.in * *RHCE, VCE-CIA, RACKSPACE CLOUD U Certified* -------------- next part -------------- An HTML attachment was scrubbed... URL: From mbasti at redhat.com Wed Jan 20 13:34:51 2016 From: mbasti at redhat.com (Martin Basti) Date: Wed, 20 Jan 2016 14:34:51 +0100 Subject: [Freeipa-users] Unable to search HBAC Rule In-Reply-To: References: Message-ID: <569F8CFB.8020801@redhat.com> On 20.01.2016 14:26, Yogesh Sharma wrote: > Hi, > > We have created a user with HBAC Admin permission which has below > permission (Default as provided by IPA): > > System: Add HBAC Rule > System: Add HBAC Service Groups > System: Add HBAC Services > System: Delete HBAC Rule > System: Delete HBAC Service Groups > System: Delete HBAC Services > System: Manage HBAC Rule Membership > System: Manage HBAC Service Group Membership > System: Modify HBAC Rule > > When I try add below in a new RBAC, it denied the operation as it is > already open for all. > > System: Read HBAC Rules > System: Read HBAC Service Groups > System: Read HBAC Services > > > If we change it to permission, then login is failing. > > Please suggest what we need to do so that HBAC admin can search the > HBAC rule in FreeIPA rule. > > Hello, which version of IPA do you use? This has been fixed (workaround). https://fedorahosted.org/freeipa/ticket/5130 The proper fix requires changes in DS ACI evaluation that should be in RHEL 7.3 Martin > > /Best Regards,/ > /__________________________________________ > / > /Yogesh Sharma > / > /Email: yks0000 at gmail.com | Web: > www.initd.in / > / > / > /RHCE, VCE-CIA, RACKSPACE CLOUD U Certified/ > > > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From yks0000 at gmail.com Wed Jan 20 13:37:14 2016 From: yks0000 at gmail.com (Yogesh Sharma) Date: Wed, 20 Jan 2016 19:07:14 +0530 Subject: [Freeipa-users] Unable to search HBAC Rule In-Reply-To: <569F8CFB.8020801@redhat.com> References: <569F8CFB.8020801@redhat.com> Message-ID: Hi Martin, FreeIPA version 4.1.0 Will look into the Workaround. Thanks *Best Regards,* *__________________________________________* *Yogesh Sharma* *Email: yks0000 at gmail.com | Web: www.initd.in * *RHCE, VCE-CIA, RACKSPACE CLOUD U Certified* On Wed, Jan 20, 2016 at 7:04 PM, Martin Basti wrote: > > > On 20.01.2016 14:26, Yogesh Sharma wrote: > > Hi, > > We have created a user with HBAC Admin permission which has below > permission (Default as provided by IPA): > > System: Add HBAC Rule > System: Add HBAC Service Groups > System: Add HBAC Services > System: Delete HBAC Rule > System: Delete HBAC Service Groups > System: Delete HBAC Services > System: Manage HBAC Rule Membership > System: Manage HBAC Service Group Membership > System: Modify HBAC Rule > > When I try add below in a new RBAC, it denied the operation as it is > already open for all. > > System: Read HBAC Rules > System: Read HBAC Service Groups > System: Read HBAC Services > > > If we change it to permission, then login is failing. > > Please suggest what we need to do so that HBAC admin can search the HBAC > rule in FreeIPA rule. > > > Hello, which version of IPA do you use? > > This has been fixed (workaround). > https://fedorahosted.org/freeipa/ticket/5130 > > The proper fix requires changes in DS ACI evaluation that should be in > RHEL 7.3 > > Martin > > > *Best Regards,* > > *__________________________________________ * > > *Yogesh Sharma * > *Email: yks0000 at gmail.com | Web: > www.initd.in * > > *RHCE, VCE-CIA, RACKSPACE CLOUD U Certified* > > > > > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From bahanw042014 at gmail.com Wed Jan 20 15:03:58 2016 From: bahanw042014 at gmail.com (bahan w) Date: Wed, 20 Jan 2016 16:03:58 +0100 Subject: [Freeipa-users] ipa-client-install and nsslapd-allow-anonymous-access: off In-Reply-To: <569F8309.1010204@redhat.com> References: <569F7CF2.3050908@redhat.com> <569F8309.1010204@redhat.com> Message-ID: Re Martin. Here we are for the ipaclient-install.log : ### 2016-01-20T14:55:48Z DEBUG /usr/sbin/ipa-client-install was invoked with options: {'domain': '', 'force': False, 'realm_name': '', 'krb5_offline_passwords': True, 'primary': False, 'mkhomedir': True, 'create_sshfp': True, 'conf_sshd': False, 'conf_ntp': False, 'on_master': False, 'ntp_server': None, 'nisdomain': None, 'no_nisdomain': False, 'principal': 'admin', 'hostname': '', 'no_ac': False, 'unattended': True, 'sssd': True, 'trust_sshfp': False, 'kinit_attempts': 5, 'dns_updates': False, 'conf_sudo': True, 'conf_ssh': False, 'force_join': False, 'ca_cert_file': None, 'server': [''], 'prompt_password': False, 'permit': False, 'debug': True, 'preserve_sssd': False, 'uninstall': False} 2016-01-20T14:55:48Z DEBUG missing options might be asked for interactively later 2016-01-20T14:55:48Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' 2016-01-20T14:55:48Z DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state' 2016-01-20T14:55:48Z DEBUG [IPA Discovery] 2016-01-20T14:55:48Z DEBUG Starting IPA discovery with domain=, servers=[''], hostname= 2016-01-20T14:55:48Z DEBUG Server and domain forced 2016-01-20T14:55:48Z DEBUG [Kerberos realm search] 2016-01-20T14:55:48Z DEBUG Search DNS for TXT record of _kerberos.. 2016-01-20T14:55:48Z DEBUG No DNS record found 2016-01-20T14:55:48Z DEBUG [LDAP server check] 2016-01-20T14:55:48Z DEBUG Verifying that (realm None) is an IPA server 2016-01-20T14:55:48Z DEBUG Init LDAP connection with: ldap://:389 2016-01-20T14:55:48Z DEBUG LDAP Error: Anonymous access not allowed 2016-01-20T14:55:48Z DEBUG Assuming realm is the same as domain: 2016-01-20T14:55:48Z DEBUG Generated basedn from realm: dc= 2016-01-20T14:55:48Z DEBUG Discovery result: NO_ACCESS_TO_LDAP; server=None, domain=, kdc=None, basedn= 2016-01-20T14:55:48Z DEBUG Validated servers: 2016-01-20T14:55:48Z DEBUG will use discovered domain: 2016-01-20T14:55:48Z DEBUG Using servers from command line, disabling DNS discovery 2016-01-20T14:55:48Z DEBUG will use provided server: 2016-01-20T14:55:48Z DEBUG will use discovered realm: 2016-01-20T14:55:48Z ERROR The provided realm name [] does not match discovered one [] 2016-01-20T14:55:48Z DEBUG (: Assumed same as domain) 2016-01-20T14:55:48Z ERROR Installation failed. Rolling back changes. 2016-01-20T14:55:48Z ERROR IPA client is not configured on this system. ### Best regards. Bahan On Wed, Jan 20, 2016 at 1:52 PM, Martin Kosek wrote: > Adding freeipa-users back, so that others can benefit from the answer. > > Can you please attach a full ipaclient-install.log DEBUG log somewhere so > that > we can get the full context of the bug? You may also want to open a RHEL-6 > Bugzilla as FreeIPA 3.0.0 is no longer developed upstream, but only > maintained > in RHEL-6.x. > > Thanks, > Martin > > On 01/20/2016 01:39 PM, bahan w wrote: > > Hello Martin ! > > > > Thanks for your answer, Martin ! > > > > I uninstalled the 3.0.0.25 and installed the 3.0.0.47, but unfortunately > I > > still have the same error message. > > > > # rpm -qa | grep ipa-client > > ipa-client-3.0.0-47.el6.x86_64 > > > > And in ipa-client-install.log : > > ### > > 2016-01-20T12:38:14Z DEBUG [LDAP server check] > > 2016-01-20T12:38:14Z DEBUG Verifying that (realm None) > is > > an IPA server > > 2016-01-20T12:38:14Z DEBUG Init LDAP connection with: ldap:// > server>:389 > > 2016-01-20T12:38:14Z DEBUG LDAP Error: Anonymous access not allowed > > ### > > > > Best regards. > > > > Bahan > > > > > > On Wed, Jan 20, 2016 at 1:26 PM, Martin Kosek wrote: > > > >> On 01/20/2016 12:08 PM, bahan w wrote: > >>> Hello ! > >>> > >>> I send you this mail because of the following topic. > >>> > >>> I have FreeIPA 3.0.0.25 with RHEL 6.6 and I deactivated the anonymous > >>> access for security reasons. > >>> > >>> But now, I have a problem when I try to enroll a new host. > >>> > >>> Here is the command I try : > >>> ### > >>> ipa-client-install --domain= --realm= --server= >>> ipaserver> --principal=admin --password= > >>> --mkhomedir --hostname= --no-ntp --no-ssh --no-sshd > >>> --unattended > >>> ### > >>> > >>> And here is the error message : > >>> ### > >>> 2016-01-20T11:06:44Z DEBUG Verifying that (realm None) > >> is > >>> an IPA server > >>> 2016-01-20T11:06:44Z DEBUG Init LDAP connection with: ldap:// >>> server>:389 > >>> 2016-01-20T11:06:44Z DEBUG LDAP Error: Anonymous access not allowed > >>> ### > >>> > >>> Is there a way with IPA 3.0.0.25 to enroll host with the anonymous > acces > >>> disabled ? > >>> > >>> Best regards. > >>> > >>> Bahan > >> > >> Hello, > >> > >> This looks like > >> https://bugzilla.redhat.com/show_bug.cgi?id=922843 > >> > >> It should be fixed in recent ipa-client versions (ipa-3.0.0-29.el6 and > >> later). > >> > >> HTH, > >> Martin > >> > >> > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mkosek at redhat.com Wed Jan 20 15:26:16 2016 From: mkosek at redhat.com (Martin Kosek) Date: Wed, 20 Jan 2016 16:26:16 +0100 Subject: [Freeipa-users] ipa-client-install and nsslapd-allow-anonymous-access: off In-Reply-To: References: <569F7CF2.3050908@redhat.com> <569F8309.1010204@redhat.com> Message-ID: <569FA718.4090503@redhat.com> On 01/20/2016 04:03 PM, bahan w wrote: > Re Martin. > > Here we are for the ipaclient-install.log : > > ### > 2016-01-20T14:55:48Z DEBUG /usr/sbin/ipa-client-install was invoked with > options: {'domain': '', 'force': False, 'realm_name': > '', 'krb5_offline_passwords': True, 'primary': False, 'mkhomedir': > True, 'create_sshfp': True, 'conf_sshd': False, 'conf_ntp': False, > 'on_master': False, 'ntp_server': None, 'nisdomain': None, 'no_nisdomain': > False, 'principal': 'admin', 'hostname': '', 'no_ac': > False, 'unattended': True, 'sssd': True, 'trust_sshfp': False, > 'kinit_attempts': 5, 'dns_updates': False, 'conf_sudo': True, 'conf_ssh': > False, 'force_join': False, 'ca_cert_file': None, 'server': [' SERVER>'], 'prompt_password': False, 'permit': False, 'debug': True, > 'preserve_sssd': False, 'uninstall': False} > 2016-01-20T14:55:48Z DEBUG missing options might be asked for interactively > later > 2016-01-20T14:55:48Z DEBUG Loading Index file from > '/var/lib/ipa-client/sysrestore/sysrestore.index' > 2016-01-20T14:55:48Z DEBUG Loading StateFile from > '/var/lib/ipa-client/sysrestore/sysrestore.state' > 2016-01-20T14:55:48Z DEBUG [IPA Discovery] > 2016-01-20T14:55:48Z DEBUG Starting IPA discovery with domain=, > servers=[''], hostname= > 2016-01-20T14:55:48Z DEBUG Server and domain forced > 2016-01-20T14:55:48Z DEBUG [Kerberos realm search] > 2016-01-20T14:55:48Z DEBUG Search DNS for TXT record of > _kerberos.. > 2016-01-20T14:55:48Z DEBUG No DNS record found > 2016-01-20T14:55:48Z DEBUG [LDAP server check] > 2016-01-20T14:55:48Z DEBUG Verifying that (realm None) is > an IPA server > 2016-01-20T14:55:48Z DEBUG Init LDAP connection with: ldap:// SERVER>:389 > 2016-01-20T14:55:48Z DEBUG LDAP Error: Anonymous access not allowed > 2016-01-20T14:55:48Z DEBUG Assuming realm is the same as domain: > 2016-01-20T14:55:48Z DEBUG Generated basedn from realm: > dc= > 2016-01-20T14:55:48Z DEBUG Discovery result: NO_ACCESS_TO_LDAP; > server=None, domain=, kdc=None, basedn= > 2016-01-20T14:55:48Z DEBUG Validated servers: > 2016-01-20T14:55:48Z DEBUG will use discovered domain: > 2016-01-20T14:55:48Z DEBUG Using servers from command line, disabling DNS > discovery > 2016-01-20T14:55:48Z DEBUG will use provided server: > 2016-01-20T14:55:48Z DEBUG will use discovered realm: > 2016-01-20T14:55:48Z ERROR The provided realm name [] does not > match discovered one [] Well, I think the line above is the key to the problem. The realm you provided and the one discovered do not match. > 2016-01-20T14:55:48Z DEBUG (: Assumed same as domain) > 2016-01-20T14:55:48Z ERROR Installation failed. Rolling back changes. > 2016-01-20T14:55:48Z ERROR IPA client is not configured on this system. > ### > > Best regards. > > Bahan > > On Wed, Jan 20, 2016 at 1:52 PM, Martin Kosek wrote: > >> Adding freeipa-users back, so that others can benefit from the answer. >> >> Can you please attach a full ipaclient-install.log DEBUG log somewhere so >> that >> we can get the full context of the bug? You may also want to open a RHEL-6 >> Bugzilla as FreeIPA 3.0.0 is no longer developed upstream, but only >> maintained >> in RHEL-6.x. >> >> Thanks, >> Martin >> >> On 01/20/2016 01:39 PM, bahan w wrote: >>> Hello Martin ! >>> >>> Thanks for your answer, Martin ! >>> >>> I uninstalled the 3.0.0.25 and installed the 3.0.0.47, but unfortunately >> I >>> still have the same error message. >>> >>> # rpm -qa | grep ipa-client >>> ipa-client-3.0.0-47.el6.x86_64 >>> >>> And in ipa-client-install.log : >>> ### >>> 2016-01-20T12:38:14Z DEBUG [LDAP server check] >>> 2016-01-20T12:38:14Z DEBUG Verifying that (realm None) >> is >>> an IPA server >>> 2016-01-20T12:38:14Z DEBUG Init LDAP connection with: ldap://>> server>:389 >>> 2016-01-20T12:38:14Z DEBUG LDAP Error: Anonymous access not allowed >>> ### >>> >>> Best regards. >>> >>> Bahan >>> >>> >>> On Wed, Jan 20, 2016 at 1:26 PM, Martin Kosek wrote: >>> >>>> On 01/20/2016 12:08 PM, bahan w wrote: >>>>> Hello ! >>>>> >>>>> I send you this mail because of the following topic. >>>>> >>>>> I have FreeIPA 3.0.0.25 with RHEL 6.6 and I deactivated the anonymous >>>>> access for security reasons. >>>>> >>>>> But now, I have a problem when I try to enroll a new host. >>>>> >>>>> Here is the command I try : >>>>> ### >>>>> ipa-client-install --domain= --realm= --server=>>>> ipaserver> --principal=admin --password= >>>>> --mkhomedir --hostname= --no-ntp --no-ssh --no-sshd >>>>> --unattended >>>>> ### >>>>> >>>>> And here is the error message : >>>>> ### >>>>> 2016-01-20T11:06:44Z DEBUG Verifying that (realm None) >>>> is >>>>> an IPA server >>>>> 2016-01-20T11:06:44Z DEBUG Init LDAP connection with: ldap://>>>> server>:389 >>>>> 2016-01-20T11:06:44Z DEBUG LDAP Error: Anonymous access not allowed >>>>> ### >>>>> >>>>> Is there a way with IPA 3.0.0.25 to enroll host with the anonymous >> acces >>>>> disabled ? >>>>> >>>>> Best regards. >>>>> >>>>> Bahan >>>> >>>> Hello, >>>> >>>> This looks like >>>> https://bugzilla.redhat.com/show_bug.cgi?id=922843 >>>> >>>> It should be fixed in recent ipa-client versions (ipa-3.0.0-29.el6 and >>>> later). >>>> >>>> HTH, >>>> Martin >>>> >>>> >>> >> >> > From bahanw042014 at gmail.com Wed Jan 20 16:55:52 2016 From: bahanw042014 at gmail.com (bahan w) Date: Wed, 20 Jan 2016 17:55:52 +0100 Subject: [Freeipa-users] ipa-client-install and nsslapd-allow-anonymous-access: off In-Reply-To: <569FA718.4090503@redhat.com> References: <569F7CF2.3050908@redhat.com> <569F8309.1010204@redhat.com> <569FA718.4090503@redhat.com> Message-ID: Ah sorry, for security reasons I didn't want to put the original name and I made a mistake. Here we are, for the confusing lines : ### Assuming realm is the same as domain: Generated basedn from realm: dc= Discovery result: NO_ACCESS_TO_LDAP; server=None, domain=, kdc=None, basedn=dc= Validated servers: will use discovered domain: Using servers from command line, disabling DNS discovery will use provided server: will use discovered realm: The provided realm name [] does not match discovered one [] (: Assumed same as domain) Installation failed. Rolling back changes IPA client is not configured on this system. ### Is it more clear ? Sorry again for the confusion. I use a realm which is different than the domain. Best regards. Bahan ? -------------- next part -------------- An HTML attachment was scrubbed... URL: From pvoborni at redhat.com Wed Jan 20 17:52:47 2016 From: pvoborni at redhat.com (Petr Vobornik) Date: Wed, 20 Jan 2016 18:52:47 +0100 Subject: [Freeipa-users] IE10 Dialogs close on Enter keypress In-Reply-To: References: Message-ID: <569FC96F.6010909@redhat.com> On 01/07/2016 06:11 AM, Jim Groffen wrote: > Hello, > > I found that when running FreeIPA Web UI on IE10 that modal dialogs close > when enter is pressed. Normal functionality is to 'submit' the dialog on an > enter keypress. > > I found a solution by adding a type="button" attribute to the close button > of the dialog (in /install/ui/src/freeipa/dialog.js). > > I have tested on recent Chrome, IE and Firefox versions as well as on IE10. > Seems to be no side-effects. > > Attached is a patch showing the change I made. Apologies if the patch isn't > formatted correctly. > > Regards, > > Jim G > Thanks for the patch. Looks good - ACK was pushed to master branch https://fedorahosted.org/freeipa/changeset/f5f5c8c603e95d246d2cde92f56959fedba4666d -- Petr Vobornik From Nathan.Peters at globalrelay.net Wed Jan 20 19:24:55 2016 From: Nathan.Peters at globalrelay.net (Nathan Peters) Date: Wed, 20 Jan 2016 19:24:55 +0000 Subject: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists In-Reply-To: <569F5B19.50009@redhat.com> References: <569D27C4.10602@redhat.com> <569D2F2F.6080806@redhat.com> <569DF522.4090505@redhat.com> <569E687D.5040006@redhat.com> <569E9D5F.9070801@redhat.com> <569EC761.9090306@redhat.com> <569F5B19.50009@redhat.com> Message-ID: Now we are starting to get somewhere (although a resolution still is not visible) :) First, thank you Petr and Rob for your help on this issue. I apologize for our hard to parse server names. I'm not a fan of them myself and in earlier reports I had been reformatting everything nicely with dc1, dc2, dc3 etc. After having to submit so many reports I started to get lazy an thought it may be more helpful to see data closer to what we are actually using. Petr hit the nail on the head with the "does everyone who binds get the same result" question, which although it has not revealed a resolution, has revealed a bunch of really interesting facts about the process. Going back to the original logs that were running on the remote master during the replica installation attempt I see the following : [18/Jan/2016:09:28:32 -0800] conn=18732 fd=77 slot=77 connection from 10.21.0.98 to 10.178.0.98 > [18/Jan/2016:09:28:32 -0800] conn=18732 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:32 -0800] conn=18732 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:32 -0800] conn=18732 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:32 -0800] conn=18732 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [18/Jan/2016:09:28:32 -0800] conn=18732 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [18/Jan/2016:09:28:32 -0800] conn=18732 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [18/Jan/2016:09:28:32 -0800] conn=18732 op=3 SRCH base="cn=replication,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:32 -0800] conn=18732 op=3 RESULT err=0 tag=101 nentries=1 etime=0 > [18/Jan/2016:09:28:32 -0800] conn=18732 op=4 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" > [18/Jan/2016:09:28:32 -0800] conn=18732 op=4 RESULT err=0 tag=101 nentries=1 etime=0 So, conn18732 was opened with a bind dn of "" ? Is this supposed to happen? Here is what I see when I search that base using the same empty bind dn : ---snip--- [root at dc2-ipa-dev-van ~]# ldapsearch -H ldaps://dc2-ipa-dev-nvan.mydomain.net -b "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" -D "" # extended LDIF # # LDAPv3 # base with scope subtree # filter: (objectclass=*) # requesting: ALL # # search result search: 2 result: 0 Success # numResponses: 1 ---snip--- Here is a similar empty looking result when I bind as the admin user ---snip--- [root at dc2-ipa-dev-van ~]# ldapsearch -H ldaps://dc2-ipa-dev-nvan.mydomain.net -b "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" -D "uid=admin,cn=users,cn=accounts,dc=mydomain,dc=net" -W Enter LDAP Password: # extended LDIF # # LDAPv3 # base with scope subtree # filter: (objectclass=*) # requesting: ALL # # search result search: 2 result: 0 Success # numResponses: 1 ---snip--- So we know that for whatever reason, this particular DN cannot be searched from anyone other than directory manager. So I now have a few new questions... 1. What user is the ipa-replica-install command supposed to bind as ? directory manager, admin, or "" ? 2/3. Should the ACL on that replica DN allow "" to get results? Isn't that essentially an anonymous bind ? What should the ACL be ? For reference, here is the result when I search from the new replica against the existing master using directory manager (I get a good result): [root at dc2-ipa-dev-van ~]# ldapsearch -H ldaps://dc2-ipa-dev-nvan.mydomain.net -b "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" -D "cn=directory manager" -W Enter LDAP Password: # extended LDIF # # LDAPv3 # base with scope subtree # filter: (objectclass=*) # requesting: ALL # # replica, dc\3Dmydomain\2Cdc\3Dnet, mapping tree, config dn: cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config cn: replica nsDS5Flags: 1 nsDS5ReplicaBindDN: cn=replication manager,cn=config nsDS5ReplicaBindDN: krbprincipalname=ldap/dc1-ipa-dev-nvan.mydomain.net @mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net nsDS5ReplicaBindDN: krbprincipalname=ldap/dc1-ipa-dev-van.mydomain.net@ mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net nsDS5ReplicaId: 15 nsDS5ReplicaName: 74d8b993-bcb911e5-ba5283c7-2a40cd64 nsDS5ReplicaRoot: dc=mydomain,dc=net nsDS5ReplicaType: 3 nsState:: DwAAAAAAAACJ2p9WAAAAAAAAAAAAAAAAbAEAAAAAAAAFAAAAAAAAAA== nsds5ReplicaLegacyConsumer: off nsds5replicabinddngroup: cn=replication managers,cn=sysaccounts,cn=etc,dc=mydomain,dc=net nsds5replicabinddngroupcheckinterval: 60 objectClass: nsds5replica objectClass: top objectClass: extensibleobject nsds5ReplicaChangeCount: 91169 nsds5replicareapactive: 0 # meTodc1-ipa-dev-nvan.mydomain.net, replica, dc\3Dmydomain\2Cdc\ 3Dnet, mapping tree, config dn: cn=meTodc1-ipa-dev-nvan.mydomain.net,cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config cn: meTodc1-ipa-dev-nvan.mydomain.net description: me to dc1-ipa-dev-nvan.mydomain.net nsDS5ReplicaBindMethod: SASL/GSSAPI nsDS5ReplicaHost: dc1-ipa-dev-nvan.mydomain.net nsDS5ReplicaPort: 389 nsDS5ReplicaRoot: dc=mydomain,dc=net nsDS5ReplicaTransportInfo: LDAP nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts uccessfulauth krblastfailedauth krbloginfailedcount nsds50ruv: {replicageneration} 553fe9bb000000040000 nsds50ruv: {replica 16 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 569afd 26000000100000 569b9201002200100000 nsds50ruv: {replica 17 ldap://dc1-ipa-dev-van.mydomain.net:389} 569b124 b000000110000 569b91af000d00110000 nsds50ruv: {replica 15 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 569aee 040000000f0000 569b92010002000f0000 nsds50ruv: {replica 14 ldap://dc2-ipa-dev-van.mydomain.net:389} 569ae7b b0000000e0000 569b91320014000e0000 nsds5ReplicaEnabled: on nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in ternalModifyTimestamp nsds5replicaTimeout: 120 nsruvReplicaLastModified: {replica 16 ldap://dc1-ipa-dev-nvan.mydomain. net:389} 00000000 nsruvReplicaLastModified: {replica 17 ldap://dc1-ipa-dev-van.mydomain.n et:389} 00000000 nsruvReplicaLastModified: {replica 15 ldap://dc2-ipa-dev-nvan.mydomain. net:389} 00000000 nsruvReplicaLastModified: {replica 14 ldap://dc2-ipa-dev-van.mydomain.n et:389} 00000000 objectClass: nsds5replicationagreement objectClass: top objectClass: ipaReplTopoManagedAgreement ipaReplTopoManagedAgreementState: managed agreement - controlled by topology p lugin nsds5replicareapactive: 0 nsds5replicaLastUpdateStart: 20160120190605Z nsds5replicaLastUpdateEnd: 20160120190605Z nsds5replicaChangesSentSinceStartup:: MTU6NjY3LzIyNTk3NTEgMTQ6MS8wIDE3OjIyLzAg MTY6Mi8wIA== nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd ate succeeded nsds5replicaUpdateInProgress: FALSE nsds5replicaLastInitStart: 19700101000000Z nsds5replicaLastInitEnd: 19700101000000Z # meTodc1-ipa-dev-van.mydomain.net, replica, dc\3Dmydomain\2Cdc\3 Dnet, mapping tree, config dn: cn=meTodc1-ipa-dev-van.mydomain.net,cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config cn: meTodc1-ipa-dev-van.mydomain.net description: me to dc1-ipa-dev-van.mydomain.net nsDS5ReplicaBindMethod: SASL/GSSAPI nsDS5ReplicaHost: dc1-ipa-dev-van.mydomain.net nsDS5ReplicaPort: 389 nsDS5ReplicaRoot: dc=mydomain,dc=net nsDS5ReplicaTransportInfo: LDAP nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts uccessfulauth krblastfailedauth krbloginfailedcount nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in ternalModifyTimestamp nsds5replicaTimeout: 120 objectClass: nsds5replicationagreement objectClass: top objectClass: ipaReplTopoManagedAgreement ipaReplTopoManagedAgreementState: managed agreement - controlled by topology p lugin nsds50ruv: {replicageneration} 553fe9bb000000040000 nsds50ruv: {replica 17 ldap://dc1-ipa-dev-van.mydomain.net:389} 569b124 b000000110000 569b9201000500110000 nsds50ruv: {replica 16 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 569afd 26000000100000 569b918d004a00100000 nsds50ruv: {replica 15 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 569aee 040000000f0000 569b92010002000f0000 nsds50ruv: {replica 14 ldap://dc2-ipa-dev-van.mydomain.net:389} 569ae7b b0000000e0000 569b91320014000e0000 nsruvReplicaLastModified: {replica 17 ldap://dc1-ipa-dev-van.mydomain.n et:389} 00000000 nsruvReplicaLastModified: {replica 16 ldap://dc1-ipa-dev-nvan.mydomain. net:389} 00000000 nsruvReplicaLastModified: {replica 15 ldap://dc2-ipa-dev-nvan.mydomain. net:389} 00000000 nsruvReplicaLastModified: {replica 14 ldap://dc2-ipa-dev-van.mydomain.n et:389} 00000000 nsds5replicareapactive: 0 nsds5replicaLastUpdateStart: 20160120190602Z nsds5replicaLastUpdateEnd: 20160120190602Z nsds5replicaChangesSentSinceStartup:: MTU6ODgzLzQwNDIwNTcgMTY6MjQzLzAgMTc6Mi8w IDA6MS8wIA== nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd ate succeeded nsds5replicaUpdateInProgress: FALSE nsds5replicaLastInitStart: 19700101000000Z nsds5replicaLastInitEnd: 19700101000000Z # search result search: 2 result: 0 Success # numResponses: 4 # numEntries: 3 -----Original Message----- From: Petr Vobornik [mailto:pvoborni at redhat.com] Sent: January-20-16 2:02 AM To: Rob Crittenden; Nathan Peters; Ludwig Krispenz Cc: freeipa-users at redhat.com Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists On 01/20/2016 12:31 AM, Rob Crittenden wrote: > Nathan Peters wrote: >> [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 ADD dn="cn=replica,cn=dc\3Ddev-globalrelay\2Cdc\3Dnet,cn=mapping tree,cn=config" >> [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 RESULT err=68 tag=105 nentries=0 etime=0 >> [18/Jan/2016:09:28:33 -0800] conn=18732 op=11 UNBIND >> >> Do you mean that log entry ^? I am seeing that entry on dc2-ipa-dev-nvan, the host that dc1-ipa-dev-van is contacting as its master when we attempt the ipa-replica-install. Look through my earlier posts in this thread for a full log. > > Don't assume we have any idea what your hostnames mean, especially > when they differ only by a few characters. It is good to list them but > I'd also suggest you use terms like existing master and new server or > something so we can distinguish the players without having to slowly > parse every name. > >> Yes, of course that DN exists on all my masters. With a 3 way replication it would have to exist because the current master is replicating to 2 other masters. Here is the ldapsearch for all 3 existing hosts showing that DN (dn="cn=replica,cn=dc\3Ddev-globalrelay\2Cdc\3Dnet,cn=mapping tree,cn=config") which is apparently failing to be added because it already exists on all my hosts. > > The important thing here is that cn=config is not replicated. It is > configured on each master during replica setup, exactly where it is > failing for you. Given that it is failing on ANOTHER server says a lot. > > It is failing, I think in part, because this search on the remote > master is returning no entries: > > [18/Jan/2016:09:28:33 -0800] conn=18732 op=9 SRCH > base="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" > scope=0 filter="(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:33 -0800] conn=18732 op=9 RESULT err=0 tag=101 > nentries=0 etime=0 IMO this is the culprit. It should return the entry if it is in fact there. > > Right after this is the ADD which fails with err=68 which means that > in fact, it does exist. > > I'm not sure why this is happening. I don't immediately see why a > NotFound would be raised in this case but I'm guessing it is. It would > be interesting to walk through the code using the python debugger, pdb. > > In any case the duplicate entry is due to the replica setup code > trying to configure the remote master for basic replication and this > has already been done. Yes the replica code works as expected. Next step is to investigate why the search returns nothing. ACI issue? Weird DB state? Can other user fetch it? E.g. admin? If so wow does "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" on the master server looks like? -- Petr Vobornik From gjn at gjn.priv.at Wed Jan 20 19:33:34 2016 From: gjn at gjn.priv.at (=?ISO-8859-1?Q?G=FCnther_J=2E?= Niederwimmer) Date: Wed, 20 Jan 2016 20:33:34 +0100 Subject: [Freeipa-users] =?utf-8?q?DNS_Module_=28DNSSEC=29_NSEC=C2=A7?= Message-ID: <4962689.cQPsURU9eU@techz> Hello, I can't find a way to integrate NSEC3, all DOC's I found is only for DNSSEC, but not including NSEC3. Can any help me to set up this correct ? Thanks for a answer, -- mit freundlichen Gr??en / best regards, G?nther J. Niederwimmer From rmeggins at redhat.com Wed Jan 20 19:41:32 2016 From: rmeggins at redhat.com (Rich Megginson) Date: Wed, 20 Jan 2016 12:41:32 -0700 Subject: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists In-Reply-To: References: <569D2F2F.6080806@redhat.com> <569DF522.4090505@redhat.com> <569E687D.5040006@redhat.com> <569E9D5F.9070801@redhat.com> <569EC761.9090306@redhat.com> <569F5B19.50009@redhat.com> Message-ID: <569FE2EC.5080307@redhat.com> On 01/20/2016 12:24 PM, Nathan Peters wrote: > Now we are starting to get somewhere (although a resolution still is not visible) :) > > First, thank you Petr and Rob for your help on this issue. I apologize for our hard to parse server names. I'm not a fan of them myself and in earlier reports I had been reformatting everything nicely with dc1, dc2, dc3 etc. After having to submit so many reports I started to get lazy an thought it may be more helpful to see data closer to what we are actually using. > > Petr hit the nail on the head with the "does everyone who binds get the same result" question, which although it has not revealed a resolution, has revealed a bunch of really interesting facts about the process. > > Going back to the original logs that were running on the remote master during the replica installation attempt I see the following : > > [18/Jan/2016:09:28:32 -0800] conn=18732 fd=77 slot=77 connection from 10.21.0.98 to 10.178.0.98 >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=3 SRCH base="cn=replication,cn=etc,dc=mydomain,dc=net" scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=3 RESULT err=0 tag=101 nentries=1 etime=0 >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=4 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=4 RESULT err=0 tag=101 nentries=1 etime=0 > So, conn18732 was opened with a bind dn of "" ? Is this supposed to happen? Yes. GSSAPI/SASL binds are multi-stage binds. You'll notice that the last stage is op=2, and the result has the full bind DN to which the kerberos principals mapped to. The dn="" until the last stage at which time the mapped DN is known and logged. > > Here is what I see when I search that base using the same empty bind dn : nack - you have to first use "kinit myusername at MYDOMAIN", then use ldapsearch -Y GSSAPI ...., to do the bind in the same way to use GSSAPI. > > ---snip--- > [root at dc2-ipa-dev-van ~]# ldapsearch -H ldaps://dc2-ipa-dev-nvan.mydomain.net -b "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" -D "" > # extended LDIF > # > # LDAPv3 > # base with scope subtree > # filter: (objectclass=*) > # requesting: ALL > # > > # search result > search: 2 > result: 0 Success > > # numResponses: 1 > ---snip--- > > Here is a similar empty looking result when I bind as the admin user > > ---snip--- > [root at dc2-ipa-dev-van ~]# ldapsearch -H ldaps://dc2-ipa-dev-nvan.mydomain.net -b "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" -D "uid=admin,cn=users,cn=accounts,dc=mydomain,dc=net" -W > Enter LDAP Password: > # extended LDIF > # > # LDAPv3 > # base with scope subtree > # filter: (objectclass=*) > # requesting: ALL > # > > # search result > search: 2 > result: 0 Success > > # numResponses: 1 > ---snip--- > > So we know that for whatever reason, this particular DN cannot be searched from anyone other than directory manager. > > So I now have a few new questions... > > 1. What user is the ipa-replica-install command supposed to bind as ? directory manager, admin, or "" ? > > 2/3. Should the ACL on that replica DN allow "" to get results? Isn't that essentially an anonymous bind ? What should the ACL be ? > > For reference, here is the result when I search from the new replica against the existing master using directory manager (I get a good result): > > [root at dc2-ipa-dev-van ~]# ldapsearch -H ldaps://dc2-ipa-dev-nvan.mydomain.net -b "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" -D "cn=directory manager" -W > Enter LDAP Password: > # extended LDIF > # > # LDAPv3 > # base with scope subtree > # filter: (objectclass=*) > # requesting: ALL > # > > # replica, dc\3Dmydomain\2Cdc\3Dnet, mapping tree, config > dn: cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config > cn: replica > nsDS5Flags: 1 > nsDS5ReplicaBindDN: cn=replication manager,cn=config > nsDS5ReplicaBindDN: krbprincipalname=ldap/dc1-ipa-dev-nvan.mydomain.net > @mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net > nsDS5ReplicaBindDN: krbprincipalname=ldap/dc1-ipa-dev-van.mydomain.net@ > mydomain.NET,cn=services,cn=accounts,dc=mydomain,dc=net > nsDS5ReplicaId: 15 > nsDS5ReplicaName: 74d8b993-bcb911e5-ba5283c7-2a40cd64 > nsDS5ReplicaRoot: dc=mydomain,dc=net > nsDS5ReplicaType: 3 > nsState:: DwAAAAAAAACJ2p9WAAAAAAAAAAAAAAAAbAEAAAAAAAAFAAAAAAAAAA== > nsds5ReplicaLegacyConsumer: off > nsds5replicabinddngroup: cn=replication managers,cn=sysaccounts,cn=etc,dc=mydomain,dc=net > nsds5replicabinddngroupcheckinterval: 60 > objectClass: nsds5replica > objectClass: top > objectClass: extensibleobject > nsds5ReplicaChangeCount: 91169 > nsds5replicareapactive: 0 > > # meTodc1-ipa-dev-nvan.mydomain.net, replica, dc\3Dmydomain\2Cdc\ > 3Dnet, mapping tree, config > dn: cn=meTodc1-ipa-dev-nvan.mydomain.net,cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config > cn: meTodc1-ipa-dev-nvan.mydomain.net > description: me to dc1-ipa-dev-nvan.mydomain.net > nsDS5ReplicaBindMethod: SASL/GSSAPI > nsDS5ReplicaHost: dc1-ipa-dev-nvan.mydomain.net > nsDS5ReplicaPort: 389 > nsDS5ReplicaRoot: dc=mydomain,dc=net > nsDS5ReplicaTransportInfo: LDAP > nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial > entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount > nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts > uccessfulauth krblastfailedauth krbloginfailedcount > nsds50ruv: {replicageneration} 553fe9bb000000040000 > nsds50ruv: {replica 16 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 569afd > 26000000100000 569b9201002200100000 > nsds50ruv: {replica 17 ldap://dc1-ipa-dev-van.mydomain.net:389} 569b124 > b000000110000 569b91af000d00110000 > nsds50ruv: {replica 15 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 569aee > 040000000f0000 569b92010002000f0000 > nsds50ruv: {replica 14 ldap://dc2-ipa-dev-van.mydomain.net:389} 569ae7b > b0000000e0000 569b91320014000e0000 > nsds5ReplicaEnabled: on > nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in > ternalModifyTimestamp > nsds5replicaTimeout: 120 > nsruvReplicaLastModified: {replica 16 ldap://dc1-ipa-dev-nvan.mydomain. > net:389} 00000000 > nsruvReplicaLastModified: {replica 17 ldap://dc1-ipa-dev-van.mydomain.n > et:389} 00000000 > nsruvReplicaLastModified: {replica 15 ldap://dc2-ipa-dev-nvan.mydomain. > net:389} 00000000 > nsruvReplicaLastModified: {replica 14 ldap://dc2-ipa-dev-van.mydomain.n > et:389} 00000000 > objectClass: nsds5replicationagreement > objectClass: top > objectClass: ipaReplTopoManagedAgreement > ipaReplTopoManagedAgreementState: managed agreement - controlled by topology p > lugin > nsds5replicareapactive: 0 > nsds5replicaLastUpdateStart: 20160120190605Z > nsds5replicaLastUpdateEnd: 20160120190605Z > nsds5replicaChangesSentSinceStartup:: MTU6NjY3LzIyNTk3NTEgMTQ6MS8wIDE3OjIyLzAg > MTY6Mi8wIA== > nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd > ate succeeded > nsds5replicaUpdateInProgress: FALSE > nsds5replicaLastInitStart: 19700101000000Z > nsds5replicaLastInitEnd: 19700101000000Z > > # meTodc1-ipa-dev-van.mydomain.net, replica, dc\3Dmydomain\2Cdc\3 > Dnet, mapping tree, config > dn: cn=meTodc1-ipa-dev-van.mydomain.net,cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config > cn: meTodc1-ipa-dev-van.mydomain.net > description: me to dc1-ipa-dev-van.mydomain.net > nsDS5ReplicaBindMethod: SASL/GSSAPI > nsDS5ReplicaHost: dc1-ipa-dev-van.mydomain.net > nsDS5ReplicaPort: 389 > nsDS5ReplicaRoot: dc=mydomain,dc=net > nsDS5ReplicaTransportInfo: LDAP > nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial > entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount > nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts > uccessfulauth krblastfailedauth krbloginfailedcount > nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in > ternalModifyTimestamp > nsds5replicaTimeout: 120 > objectClass: nsds5replicationagreement > objectClass: top > objectClass: ipaReplTopoManagedAgreement > ipaReplTopoManagedAgreementState: managed agreement - controlled by topology p > lugin > nsds50ruv: {replicageneration} 553fe9bb000000040000 > nsds50ruv: {replica 17 ldap://dc1-ipa-dev-van.mydomain.net:389} 569b124 > b000000110000 569b9201000500110000 > nsds50ruv: {replica 16 ldap://dc1-ipa-dev-nvan.mydomain.net:389} 569afd > 26000000100000 569b918d004a00100000 > nsds50ruv: {replica 15 ldap://dc2-ipa-dev-nvan.mydomain.net:389} 569aee > 040000000f0000 569b92010002000f0000 > nsds50ruv: {replica 14 ldap://dc2-ipa-dev-van.mydomain.net:389} 569ae7b > b0000000e0000 569b91320014000e0000 > nsruvReplicaLastModified: {replica 17 ldap://dc1-ipa-dev-van.mydomain.n > et:389} 00000000 > nsruvReplicaLastModified: {replica 16 ldap://dc1-ipa-dev-nvan.mydomain. > net:389} 00000000 > nsruvReplicaLastModified: {replica 15 ldap://dc2-ipa-dev-nvan.mydomain. > net:389} 00000000 > nsruvReplicaLastModified: {replica 14 ldap://dc2-ipa-dev-van.mydomain.n > et:389} 00000000 > nsds5replicareapactive: 0 > nsds5replicaLastUpdateStart: 20160120190602Z > nsds5replicaLastUpdateEnd: 20160120190602Z > nsds5replicaChangesSentSinceStartup:: MTU6ODgzLzQwNDIwNTcgMTY6MjQzLzAgMTc6Mi8w > IDA6MS8wIA== > nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd > ate succeeded > nsds5replicaUpdateInProgress: FALSE > nsds5replicaLastInitStart: 19700101000000Z > nsds5replicaLastInitEnd: 19700101000000Z > > # search result > search: 2 > result: 0 Success > > # numResponses: 4 > # numEntries: 3 > > > -----Original Message----- > From: Petr Vobornik [mailto:pvoborni at redhat.com] > Sent: January-20-16 2:02 AM > To: Rob Crittenden; Nathan Peters; Ludwig Krispenz > Cc: freeipa-users at redhat.com > Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists > > On 01/20/2016 12:31 AM, Rob Crittenden wrote: >> Nathan Peters wrote: >>> [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 ADD dn="cn=replica,cn=dc\3Ddev-globalrelay\2Cdc\3Dnet,cn=mapping tree,cn=config" >>> [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 RESULT err=68 tag=105 nentries=0 etime=0 >>> [18/Jan/2016:09:28:33 -0800] conn=18732 op=11 UNBIND >>> >>> Do you mean that log entry ^? I am seeing that entry on dc2-ipa-dev-nvan, the host that dc1-ipa-dev-van is contacting as its master when we attempt the ipa-replica-install. Look through my earlier posts in this thread for a full log. >> Don't assume we have any idea what your hostnames mean, especially >> when they differ only by a few characters. It is good to list them but >> I'd also suggest you use terms like existing master and new server or >> something so we can distinguish the players without having to slowly >> parse every name. >> >>> Yes, of course that DN exists on all my masters. With a 3 way replication it would have to exist because the current master is replicating to 2 other masters. Here is the ldapsearch for all 3 existing hosts showing that DN (dn="cn=replica,cn=dc\3Ddev-globalrelay\2Cdc\3Dnet,cn=mapping tree,cn=config") which is apparently failing to be added because it already exists on all my hosts. >> The important thing here is that cn=config is not replicated. It is >> configured on each master during replica setup, exactly where it is >> failing for you. Given that it is failing on ANOTHER server says a lot. >> >> It is failing, I think in part, because this search on the remote >> master is returning no entries: >> >> [18/Jan/2016:09:28:33 -0800] conn=18732 op=9 SRCH >> base="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" >> scope=0 filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:33 -0800] conn=18732 op=9 RESULT err=0 tag=101 >> nentries=0 etime=0 > IMO this is the culprit. It should return the entry if it is in fact there. > >> Right after this is the ADD which fails with err=68 which means that >> in fact, it does exist. >> >> I'm not sure why this is happening. I don't immediately see why a >> NotFound would be raised in this case but I'm guessing it is. It would >> be interesting to walk through the code using the python debugger, pdb. >> >> In any case the duplicate entry is due to the replica setup code >> trying to configure the remote master for basic replication and this >> has already been done. > Yes the replica code works as expected. > > Next step is to investigate why the search returns nothing. ACI issue? > Weird DB state? > > Can other user fetch it? E.g. admin? > > If so wow does "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping > tree,cn=config" on the master server looks like? > -- > Petr Vobornik > From andrewm659 at yahoo.com Wed Jan 20 20:49:27 2016 From: andrewm659 at yahoo.com (Andrew Meyer) Date: Wed, 20 Jan 2016 20:49:27 +0000 (UTC) Subject: [Freeipa-users] FreeIPA AD Trust References: <293292950.6613448.1453322967743.JavaMail.yahoo.ref@mail.yahoo.com> Message-ID: <293292950.6613448.1453322967743.JavaMail.yahoo@mail.yahoo.com> So I'm getting this when trying to setup a trust between 2012r2 and FreeIPA on CentOS 7.2? [user at asm-dns01 ~]$ sudo ipa-adtrust-install The log file for this installation can be found in /var/log/ipaserver-install.log==============================================================================This program will setup components needed to establish trust to AD domains forthe IPA Server. This includes:? * Configure Samba? * Add trust related objects to IPA LDAP server To accept the default shown in brackets, press the Enter key. ipa.ipaserver.rpcserver.xmlserver_session: ERROR ? ?unable to parse session_auth_duration, defaulting to 3600: expected string or bufferipa.ipaserver.rpcserver.xmlserver_session: ERROR ? ?unable to parse session_auth_duration, defaulting to 3600: expected string or bufferipa.ipaserver.rpcserver.login_kerberos: ERROR ? ?unable to parse session_auth_duration, defaulting to 3600: expected string or bufferipa.ipaserver.rpcserver.login_password: ERROR ? ?unable to parse session_auth_duration, defaulting to 3600: expected string or bufferipa.ipaserver.rpcserver.xmlserver: ERROR ? ?unable to parse session_auth_duration, defaulting to 3600: expected string or bufferipa.ipaserver.rpcserver.jsonserver_session: ERROR ? ?unable to parse session_auth_duration, defaulting to 3600: expected string or bufferipa.ipaserver.rpcserver.jsonserver_kerb: ERROR ? ?unable to parse session_auth_duration, defaulting to 3600: expected string or bufferWARNING: The smb.conf already exists. Running ipa-adtrust-install will break your existing samba configuration. Do you wish to continue? [no]:Aborting installation.[user at asm-dns01 ~]$ Not sure what i'm missing. ?IS this a DNS issue? ?Maybe I don't have a NS record or something? ? FreeIPA DNS domain is borg.localAD DNS Domain is ad.borg.local -------------- next part -------------- An HTML attachment was scrubbed... URL: From abokovoy at redhat.com Wed Jan 20 21:14:21 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Wed, 20 Jan 2016 23:14:21 +0200 Subject: [Freeipa-users] FreeIPA AD Trust In-Reply-To: <293292950.6613448.1453322967743.JavaMail.yahoo@mail.yahoo.com> References: <293292950.6613448.1453322967743.JavaMail.yahoo.ref@mail.yahoo.com> <293292950.6613448.1453322967743.JavaMail.yahoo@mail.yahoo.com> Message-ID: <20160120211421.GY4316@redhat.com> On Wed, 20 Jan 2016, Andrew Meyer wrote: >So I'm getting this when trying to setup a trust between 2012r2 and FreeIPA on CentOS 7.2? >[user at asm-dns01 ~]$ sudo ipa-adtrust-install I don't recommend running ipa-adtrust-install under sudo as you do. sudo would keep some of user-related environment that is used by IPA framework code to decide where user's cached session data is stored. Use 'sudo -i' instead. The rest of warnings and errors you've got are related to this unexpected behavior. -- / Alexander Bokovoy From andrewm659 at yahoo.com Wed Jan 20 21:23:20 2016 From: andrewm659 at yahoo.com (Andrew Meyer) Date: Wed, 20 Jan 2016 21:23:20 +0000 (UTC) Subject: [Freeipa-users] FreeIPA AD Trust In-Reply-To: <20160120211421.GY4316@redhat.com> References: <293292950.6613448.1453322967743.JavaMail.yahoo.ref@mail.yahoo.com> <293292950.6613448.1453322967743.JavaMail.yahoo@mail.yahoo.com> <20160120211421.GY4316@redhat.com> Message-ID: <1180247197.6600890.1453325000997.JavaMail.yahoo@mail.yahoo.com> So then should I say yes to continue? ?I don't have samba configured on here. ?Its just running FreeIPA... On Wednesday, January 20, 2016 3:14 PM, Alexander Bokovoy wrote: On Wed, 20 Jan 2016, Andrew Meyer wrote: >So I'm getting this when trying to setup a trust between 2012r2 and FreeIPA on CentOS 7.2? >[user at asm-dns01 ~]$ sudo ipa-adtrust-install I don't recommend running ipa-adtrust-install under sudo as you do. sudo would keep some of user-related environment that is used by IPA framework code to decide where user's cached session data is stored. Use 'sudo -i' instead. The rest of warnings and errors you've got are related to this unexpected behavior. -- / Alexander Bokovoy -------------- next part -------------- An HTML attachment was scrubbed... URL: From Lachlan.Simpson at petermac.org Wed Jan 20 21:31:20 2016 From: Lachlan.Simpson at petermac.org (Simpson Lachlan) Date: Wed, 20 Jan 2016 21:31:20 +0000 Subject: [Freeipa-users] IPA wont start, all services fail In-Reply-To: <20160120082011.GO4316@redhat.com> References: <0137003026EBE54FBEC540C5600C03C432D414@PMC-EXMBX02.petermac.org.au> <20160115065847.GC4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432D71C@PMC-EXMBX02.petermac.org.au> <20160118072748.GO4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432DA09@PMC-EXMBX02.petermac.org.au> <20160118223643.GG4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432DA31@PMC-EXMBX02.petermac.org.au> <0137003026EBE54FBEC540C5600C03C432DC31@PMC-EXMBX02.petermac.org.au> <20160119063310.GI4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432DE7C@PMC-EXMBX02.petermac.org.au> <20160120082011.GO4316@redhat.com> Message-ID: <0137003026EBE54FBEC540C5600C03C432E269@PMC-EXMBX02.petermac.org.au> > -----Original Message----- > > Is there any coredump available with 389-ds crashing? I've asked you to use > http://www.port389.org/docs/389ds/FAQ/faq.html#debugging-crashes to enable > coredumps for 389-ds in one of previous discussions, was it done? > You seemed to get diverted to winbindd core (which was expected to coredump as > 389-ds was not available), but if you see 389-ds disappearing in several hours > without any logging, this means there was a crash and we'd like to see the > coredump of it. Hi Alex, I did perform the "Debugging Crashes" steps when you asked, but there are still no core dumps in /var/log/dirsrv/slapd-INSTANCENAME. > You can check also /var/log/audit/audit.log to see if there is a trace of a crash. It > may take different ways but one crash type is following: > type=ANOM_ABEND msg=audit(1453212583.746:2337): auid=4294967295 > uid=983 > gid=980 ses=4294967295 subj=system_u:system_r:dirsrv_t:s0 pid=26079 > comm="ns-slapd" exe="/usr/sbin/ns-slapd" sig=11 There are no instances of ns-slap in the audit.log, there are a dozen sig=11s, all of them relate to a "memory violation" in httpd_t, and all references to dirsrv look like this: type=SERVICE_STOP msg=audit(1453174960.933:209): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=dirsrv at UNIX-CO-ORG-AU comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' cheers L. This email (including any attachments or links) may contain confidential and/or legally privileged information and is intended only to be read or used by the addressee. If you are not the intended addressee, any use, distribution, disclosure or copying of this email is strictly prohibited. Confidentiality and legal privilege attached to this email (including any attachments) are not waived or lost by reason of its mistaken delivery to you. If you have received this email in error, please delete it and notify us immediately by telephone or email. Peter MacCallum Cancer Centre provides no guarantee that this transmission is free of virus or that it has not been intercepted or altered and will not be liable for any delay in its receipt. From abokovoy at redhat.com Wed Jan 20 21:42:01 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Wed, 20 Jan 2016 23:42:01 +0200 Subject: [Freeipa-users] FreeIPA AD Trust In-Reply-To: <1180247197.6600890.1453325000997.JavaMail.yahoo@mail.yahoo.com> References: <293292950.6613448.1453322967743.JavaMail.yahoo.ref@mail.yahoo.com> <293292950.6613448.1453322967743.JavaMail.yahoo@mail.yahoo.com> <20160120211421.GY4316@redhat.com> <1180247197.6600890.1453325000997.JavaMail.yahoo@mail.yahoo.com> Message-ID: <20160120214201.GZ4316@redhat.com> On Wed, 20 Jan 2016, Andrew Meyer wrote: >So then should I say yes to continue? ?I don't have samba configured on here. ?Its just running FreeIPA... Yes, but please do follow my suggestion when running ipa-adtrust-install. -- / Alexander Bokovoy From abokovoy at redhat.com Wed Jan 20 21:43:48 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Wed, 20 Jan 2016 23:43:48 +0200 Subject: [Freeipa-users] IPA wont start, all services fail In-Reply-To: <0137003026EBE54FBEC540C5600C03C432E269@PMC-EXMBX02.petermac.org.au> References: <0137003026EBE54FBEC540C5600C03C432D71C@PMC-EXMBX02.petermac.org.au> <20160118072748.GO4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432DA09@PMC-EXMBX02.petermac.org.au> <20160118223643.GG4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432DA31@PMC-EXMBX02.petermac.org.au> <0137003026EBE54FBEC540C5600C03C432DC31@PMC-EXMBX02.petermac.org.au> <20160119063310.GI4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432DE7C@PMC-EXMBX02.petermac.org.au> <20160120082011.GO4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432E269@PMC-EXMBX02.petermac.org.au> Message-ID: <20160120214348.GA4316@redhat.com> On Wed, 20 Jan 2016, Simpson Lachlan wrote: >> -----Original Message----- >> >> Is there any coredump available with 389-ds crashing? I've asked you to use >> http://www.port389.org/docs/389ds/FAQ/faq.html#debugging-crashes to enable >> coredumps for 389-ds in one of previous discussions, was it done? >> You seemed to get diverted to winbindd core (which was expected to coredump as >> 389-ds was not available), but if you see 389-ds disappearing in several hours >> without any logging, this means there was a crash and we'd like to see the >> coredump of it. > >Hi Alex, > >I did perform the "Debugging Crashes" steps when you asked, but there >are still no core dumps in /var/log/dirsrv/slapd-INSTANCENAME. Well, perhaps it takes longer to get a crash than what you are expecting. >> You can check also /var/log/audit/audit.log to see if there is a trace of a crash. It >> may take different ways but one crash type is following: > >> type=ANOM_ABEND msg=audit(1453212583.746:2337): auid=4294967295 >> uid=983 >> gid=980 ses=4294967295 subj=system_u:system_r:dirsrv_t:s0 pid=26079 >> comm="ns-slapd" exe="/usr/sbin/ns-slapd" sig=11 > >There are no instances of ns-slap in the audit.log, there are a dozen >sig=11s, all of them relate to a "memory violation" in httpd_t, and all >references to dirsrv look like this: > >type=SERVICE_STOP msg=audit(1453174960.933:209): pid=1 uid=0 >auid=4294967295 ses=4294967295 subj=kernel >msg='unit=dirsrv at UNIX-CO-ORG-AU comm="systemd" >exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? >res=success' What are the memory violation for httpd_t? Can you show exact line from audit.log? -- / Alexander Bokovoy From Lachlan.Simpson at petermac.org Wed Jan 20 21:47:18 2016 From: Lachlan.Simpson at petermac.org (Simpson Lachlan) Date: Wed, 20 Jan 2016 21:47:18 +0000 Subject: [Freeipa-users] IPA wont start, all services fail In-Reply-To: <20160120214348.GA4316@redhat.com> References: <0137003026EBE54FBEC540C5600C03C432D71C@PMC-EXMBX02.petermac.org.au> <20160118072748.GO4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432DA09@PMC-EXMBX02.petermac.org.au> <20160118223643.GG4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432DA31@PMC-EXMBX02.petermac.org.au> <0137003026EBE54FBEC540C5600C03C432DC31@PMC-EXMBX02.petermac.org.au> <20160119063310.GI4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432DE7C@PMC-EXMBX02.petermac.org.au> <20160120082011.GO4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432E269@PMC-EXMBX02.petermac.org.au> <20160120214348.GA4316@redhat.com> Message-ID: <0137003026EBE54FBEC540C5600C03C432E3BD@PMC-EXMBX02.petermac.org.au> > -----Original Message----- > From: Alexander Bokovoy [mailto:abokovoy at redhat.com] > Sent: Thursday, 21 January 2016 8:44 AM > To: Simpson Lachlan > Cc: tbordaz at redhat.com; freeipa-users at redhat.com > Subject: Re: [Freeipa-users] IPA wont start, all services fail > > On Wed, 20 Jan 2016, Simpson Lachlan wrote: > >> -----Original Message----- > >> > >> Is there any coredump available with 389-ds crashing? I've asked you > >> to use > >> http://www.port389.org/docs/389ds/FAQ/faq.html#debugging-crashes to > enable coredumps for 389-ds in one of previous discussions, was it done? > >> You seemed to get diverted to winbindd core (which was expected to > >> coredump as 389-ds was not available), but if you see 389-ds > >> disappearing in several hours without any logging, this means there > >> was a crash and we'd like to see the coredump of it. > > > >Hi Alex, > > > >I did perform the "Debugging Crashes" steps when you asked, but there > >are still no core dumps in /var/log/dirsrv/slapd-INSTANCENAME. > Well, perhaps it takes longer to get a crash than what you are expecting. > > >> You can check also /var/log/audit/audit.log to see if there is a > >> trace of a crash. It may take different ways but one crash type is following: > > > >> type=ANOM_ABEND msg=audit(1453212583.746:2337): auid=4294967295 > >> uid=983 > >> gid=980 ses=4294967295 subj=system_u:system_r:dirsrv_t:s0 pid=26079 > >> comm="ns-slapd" exe="/usr/sbin/ns-slapd" sig=11 > > > >There are no instances of ns-slap in the audit.log, there are a dozen > >sig=11s, all of them relate to a "memory violation" in httpd_t, and all > >references to dirsrv look like this: > > > >type=SERVICE_STOP msg=audit(1453174960.933:209): pid=1 uid=0 > >auid=4294967295 ses=4294967295 subj=kernel > >msg='unit=dirsrv at UNIX-CO-ORG-AU comm="systemd" > >exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? > >res=success' > What are the memory violation for httpd_t? Can you show exact line from > audit.log? type=ANOM_ABEND msg=audit(1452818553.235:5394): auid=4294967295 uid=48 gid=48 ses=4294967295 subj=system_u:system_r:httpd_t:s0 pid=32704 comm="httpd" reason="memory violation" sig=11 type=ANOM_ABEND msg=audit(1452818553.258:5395): auid=4294967295 uid=48 gid=48 ses=4294967295 subj=system_u:system_r:httpd_t:s0 pid=32707 comm="httpd" reason="memory violation" sig=11 type=ANOM_ABEND msg=audit(1452962463.319:1390): auid=4294967295 uid=991 gid=987 ses=4294967295 subj=kernel pid=12939 comm="httpd" reason="memory violation" sig=11 type=ANOM_ABEND msg=audit(1453071013.594:2471): auid=0 uid=0 gid=0 ses=202 subj=kernel pid=17888 comm="systemd-tty-ask" reason="memory violation" sig=11 type=ANOM_ABEND msg=audit(1453161444.878:732): auid=4294967295 uid=48 gid=48 ses=4294967295 subj=kernel pid=15219 comm="httpd" reason="memory violation" sig=11 type=ANOM_ABEND msg=audit(1453162831.092:807): auid=4294967295 uid=991 gid=987 ses=4294967295 subj=kernel pid=17619 comm="httpd" reason="memory violation" sig=11 type=ANOM_ABEND msg=audit(1453167608.043:869): auid=4294967295 uid=48 gid=48 ses=4294967295 subj=kernel pid=19188 comm="httpd" reason="memory violation" sig=11 type=ANOM_ABEND msg=audit(1453167608.281:870): auid=4294967295 uid=48 gid=48 ses=4294967295 subj=kernel pid=19191 comm="httpd" reason="memory violation" sig=11 type=ANOM_ABEND msg=audit(1453174424.305:167): auid=4294967295 uid=48 gid=48 ses=4294967295 subj=kernel pid=13075 comm="httpd" reason="memory violation" sig=11 type=ANOM_ABEND msg=audit(1453174424.337:168): auid=4294967295 uid=48 gid=48 ses=4294967295 subj=kernel pid=13078 comm="httpd" reason="memory violation" sig=11 type=ANOM_ABEND msg=audit(1453174959.183:205): auid=4294967295 uid=991 gid=987 ses=4294967295 subj=kernel pid=14220 comm="httpd" reason="memory violation" sig=11 type=ANOM_ABEND msg=audit(1453174959.183:206): auid=4294967295 uid=991 gid=987 ses=4294967295 subj=kernel pid=14203 comm="httpd" reason="memory violation" sig=11 type=ANOM_ABEND msg=audit(1453325222.755:1226): auid=4294967295 uid=48 gid=48 ses=4294967295 subj=kernel pid=14716 comm="httpd" reason="memory violation" sig=11 type=ANOM_ABEND msg=audit(1453325222.825:1227): auid=4294967295 uid=48 gid=48 ses=4294967295 subj=kernel pid=14713 comm="httpd" reason="memory violation" sig=11 type=ANOM_ABEND msg=audit(1453325558.988:1244): auid=4294967295 uid=991 gid=987 ses=4294967295 subj=kernel pid=18340 comm="httpd" reason="memory violation" sig=11 type=ANOM_ABEND msg=audit(1453325558.988:1245): auid=4294967295 uid=991 gid=987 ses=4294967295 subj=kernel pid=18357 comm="httpd" reason="memory violation" sig=11 cheers L. This email (including any attachments or links) may contain confidential and/or legally privileged information and is intended only to be read or used by the addressee. If you are not the intended addressee, any use, distribution, disclosure or copying of this email is strictly prohibited. Confidentiality and legal privilege attached to this email (including any attachments) are not waived or lost by reason of its mistaken delivery to you. If you have received this email in error, please delete it and notify us immediately by telephone or email. Peter MacCallum Cancer Centre provides no guarantee that this transmission is free of virus or that it has not been intercepted or altered and will not be liable for any delay in its receipt. From abokovoy at redhat.com Wed Jan 20 22:21:35 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Thu, 21 Jan 2016 00:21:35 +0200 Subject: [Freeipa-users] IPA wont start, all services fail In-Reply-To: <0137003026EBE54FBEC540C5600C03C432E3BD@PMC-EXMBX02.petermac.org.au> References: <0137003026EBE54FBEC540C5600C03C432DA09@PMC-EXMBX02.petermac.org.au> <20160118223643.GG4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432DA31@PMC-EXMBX02.petermac.org.au> <0137003026EBE54FBEC540C5600C03C432DC31@PMC-EXMBX02.petermac.org.au> <20160119063310.GI4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432DE7C@PMC-EXMBX02.petermac.org.au> <20160120082011.GO4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432E269@PMC-EXMBX02.petermac.org.au> <20160120214348.GA4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432E3BD@PMC-EXMBX02.petermac.org.au> Message-ID: <20160120222135.GC4316@redhat.com> On Wed, 20 Jan 2016, Simpson Lachlan wrote: >> -----Original Message----- >> From: Alexander Bokovoy [mailto:abokovoy at redhat.com] >> Sent: Thursday, 21 January 2016 8:44 AM >> To: Simpson Lachlan >> Cc: tbordaz at redhat.com; freeipa-users at redhat.com >> Subject: Re: [Freeipa-users] IPA wont start, all services fail >> >> On Wed, 20 Jan 2016, Simpson Lachlan wrote: >> >> -----Original Message----- >> >> >> >> Is there any coredump available with 389-ds crashing? I've asked you >> >> to use >> >> http://www.port389.org/docs/389ds/FAQ/faq.html#debugging-crashes to >> enable coredumps for 389-ds in one of previous discussions, was it done? >> >> You seemed to get diverted to winbindd core (which was expected to >> >> coredump as 389-ds was not available), but if you see 389-ds >> >> disappearing in several hours without any logging, this means there >> >> was a crash and we'd like to see the coredump of it. >> > >> >Hi Alex, >> > >> >I did perform the "Debugging Crashes" steps when you asked, but there >> >are still no core dumps in /var/log/dirsrv/slapd-INSTANCENAME. >> Well, perhaps it takes longer to get a crash than what you are expecting. >> >> >> You can check also /var/log/audit/audit.log to see if there is a >> >> trace of a crash. It may take different ways but one crash type is following: >> > >> >> type=ANOM_ABEND msg=audit(1453212583.746:2337): auid=4294967295 >> >> uid=983 >> >> gid=980 ses=4294967295 subj=system_u:system_r:dirsrv_t:s0 pid=26079 >> >> comm="ns-slapd" exe="/usr/sbin/ns-slapd" sig=11 >> > >> >There are no instances of ns-slap in the audit.log, there are a dozen >> >sig=11s, all of them relate to a "memory violation" in httpd_t, and all >> >references to dirsrv look like this: >> > >> >type=SERVICE_STOP msg=audit(1453174960.933:209): pid=1 uid=0 >> >auid=4294967295 ses=4294967295 subj=kernel >> >msg='unit=dirsrv at UNIX-CO-ORG-AU comm="systemd" >> >exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? >> >res=success' >> What are the memory violation for httpd_t? Can you show exact line from >> audit.log? > > > >type=ANOM_ABEND msg=audit(1452818553.235:5394): auid=4294967295 uid=48 gid=48 ses=4294967295 subj=system_u:system_r:httpd_t:s0 pid=32704 comm="httpd" reason="memory violation" sig=11 >type=ANOM_ABEND msg=audit(1452818553.258:5395): auid=4294967295 uid=48 gid=48 ses=4294967295 subj=system_u:system_r:httpd_t:s0 pid=32707 comm="httpd" reason="memory violation" sig=11 >type=ANOM_ABEND msg=audit(1452962463.319:1390): auid=4294967295 uid=991 gid=987 ses=4294967295 subj=kernel pid=12939 comm="httpd" reason="memory violation" sig=11 >type=ANOM_ABEND msg=audit(1453071013.594:2471): auid=0 uid=0 gid=0 ses=202 subj=kernel pid=17888 comm="systemd-tty-ask" reason="memory violation" sig=11 >type=ANOM_ABEND msg=audit(1453161444.878:732): auid=4294967295 uid=48 gid=48 ses=4294967295 subj=kernel pid=15219 comm="httpd" reason="memory violation" sig=11 >type=ANOM_ABEND msg=audit(1453162831.092:807): auid=4294967295 uid=991 gid=987 ses=4294967295 subj=kernel pid=17619 comm="httpd" reason="memory violation" sig=11 >type=ANOM_ABEND msg=audit(1453167608.043:869): auid=4294967295 uid=48 gid=48 ses=4294967295 subj=kernel pid=19188 comm="httpd" reason="memory violation" sig=11 >type=ANOM_ABEND msg=audit(1453167608.281:870): auid=4294967295 uid=48 gid=48 ses=4294967295 subj=kernel pid=19191 comm="httpd" reason="memory violation" sig=11 >type=ANOM_ABEND msg=audit(1453174424.305:167): auid=4294967295 uid=48 gid=48 ses=4294967295 subj=kernel pid=13075 comm="httpd" reason="memory violation" sig=11 >type=ANOM_ABEND msg=audit(1453174424.337:168): auid=4294967295 uid=48 gid=48 ses=4294967295 subj=kernel pid=13078 comm="httpd" reason="memory violation" sig=11 >type=ANOM_ABEND msg=audit(1453174959.183:205): auid=4294967295 uid=991 gid=987 ses=4294967295 subj=kernel pid=14220 comm="httpd" reason="memory violation" sig=11 >type=ANOM_ABEND msg=audit(1453174959.183:206): auid=4294967295 uid=991 gid=987 ses=4294967295 subj=kernel pid=14203 comm="httpd" reason="memory violation" sig=11 >type=ANOM_ABEND msg=audit(1453325222.755:1226): auid=4294967295 uid=48 gid=48 ses=4294967295 subj=kernel pid=14716 comm="httpd" reason="memory violation" sig=11 >type=ANOM_ABEND msg=audit(1453325222.825:1227): auid=4294967295 uid=48 gid=48 ses=4294967295 subj=kernel pid=14713 comm="httpd" reason="memory violation" sig=11 >type=ANOM_ABEND msg=audit(1453325558.988:1244): auid=4294967295 uid=991 gid=987 ses=4294967295 subj=kernel pid=18340 comm="httpd" reason="memory violation" sig=11 >type=ANOM_ABEND msg=audit(1453325558.988:1245): auid=4294967295 uid=991 gid=987 ses=4294967295 subj=kernel pid=18357 comm="httpd" reason="memory violation" sig=11 Ok, I see two problems above and they may be related to recently fixed issue with python-cryptography's use of python-cffi. However, this issue should not affect CentOS 7.2 as the broken python-cryptography code is not in RHEL 7.2 at all, so I'm a bit puzzled. -- / Alexander Bokovoy From Lachlan.Simpson at petermac.org Wed Jan 20 22:29:00 2016 From: Lachlan.Simpson at petermac.org (Simpson Lachlan) Date: Wed, 20 Jan 2016 22:29:00 +0000 Subject: [Freeipa-users] IPA wont start, all services fail In-Reply-To: <20160120222135.GC4316@redhat.com> References: <0137003026EBE54FBEC540C5600C03C432DA09@PMC-EXMBX02.petermac.org.au> <20160118223643.GG4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432DA31@PMC-EXMBX02.petermac.org.au> <0137003026EBE54FBEC540C5600C03C432DC31@PMC-EXMBX02.petermac.org.au> <20160119063310.GI4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432DE7C@PMC-EXMBX02.petermac.org.au> <20160120082011.GO4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432E269@PMC-EXMBX02.petermac.org.au> <20160120214348.GA4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432E3BD@PMC-EXMBX02.petermac.org.au> <20160120222135.GC4316@redhat.com> Message-ID: <0137003026EBE54FBEC540C5600C03C432ECB3@PMC-EXMBX02.petermac.org.au> > -----Original Message----- > From: Alexander Bokovoy [mailto:abokovoy at redhat.com] > Sent: Thursday, 21 January 2016 9:22 AM > To: Simpson Lachlan > Cc: freeipa-users at redhat.com > Subject: Re: [Freeipa-users] IPA wont start, all services fail > > On Wed, 20 Jan 2016, Simpson Lachlan wrote: > >> -----Original Message----- > >> From: Alexander Bokovoy [mailto:abokovoy at redhat.com] > >> Sent: Thursday, 21 January 2016 8:44 AM > >> To: Simpson Lachlan > >> Cc: tbordaz at redhat.com; freeipa-users at redhat.com > >> Subject: Re: [Freeipa-users] IPA wont start, all services fail > >> > >> On Wed, 20 Jan 2016, Simpson Lachlan wrote: > >> >> -----Original Message----- > >> >> > >> >> Is there any coredump available with 389-ds crashing? I've asked > >> >> you to use > >> >> http://www.port389.org/docs/389ds/FAQ/faq.html#debugging-crashes > >> >> to > >> enable coredumps for 389-ds in one of previous discussions, was it done? > >> >> You seemed to get diverted to winbindd core (which was expected to > >> >> coredump as 389-ds was not available), but if you see 389-ds > >> >> disappearing in several hours without any logging, this means > >> >> there was a crash and we'd like to see the coredump of it. > >> > > >> >Hi Alex, > >> > > >> >I did perform the "Debugging Crashes" steps when you asked, but > >> >there are still no core dumps in /var/log/dirsrv/slapd-INSTANCENAME. > >> Well, perhaps it takes longer to get a crash than what you are expecting. > >> > >> >> You can check also /var/log/audit/audit.log to see if there is a > >> >> trace of a crash. It may take different ways but one crash type is following: > >> > > >> >> type=ANOM_ABEND msg=audit(1453212583.746:2337): auid=4294967295 > >> >> uid=983 > >> >> gid=980 ses=4294967295 subj=system_u:system_r:dirsrv_t:s0 > >> >> pid=26079 comm="ns-slapd" exe="/usr/sbin/ns-slapd" sig=11 > >> > > >> >There are no instances of ns-slap in the audit.log, there are a > >> >dozen sig=11s, all of them relate to a "memory violation" in > >> >httpd_t, and all references to dirsrv look like this: > >> > > >> >type=SERVICE_STOP msg=audit(1453174960.933:209): pid=1 uid=0 > >> >auid=4294967295 ses=4294967295 subj=kernel > >> >msg='unit=dirsrv at UNIX-CO-ORG-AU comm="systemd" > >> >exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? > >> >res=success' > >> What are the memory violation for httpd_t? Can you show exact line > >> from audit.log? > > > > > > > >type=ANOM_ABEND msg=audit(1452818553.235:5394): auid=4294967295 > uid=48 > >gid=48 ses=4294967295 subj=system_u:system_r:httpd_t:s0 pid=32704 > >comm="httpd" reason="memory violation" sig=11 type=ANOM_ABEND > Ok, I see two problems above and they may be related to recently fixed issue with > python-cryptography's use of python-cffi. However, this issue should not affect > CentOS 7.2 as the broken python-cryptography code is not in RHEL 7.2 at all, so > I'm a bit puzzled. Me too. I can't even give SIDs to the smb default group with ipa-adtrust-install --add-sids (as mentioned in another email thread this morning). I tried this bc it reflects an obvious solution to the problem I seem to have? That everything starts except smb, and ipa also fails as a result of smb failing. Smb fails with the error smbd[18615]: [2016/01/21 08:32:37.519517, 0] ipa_sam.c:3654(get_fallback_group_sid) smbd[18615]: Missing mandatory attribute ipaNTSecurityIdentifier. smbd[18615]: [2016/01/21 08:32:37.519572, 0] ipa_sam.c:4606(pdb_init_ipasam) smbd[18615]: Cannot find SID of fallback group. smbd[18615]: [2016/01/21 08:32:37.519593, 0] ../source3/passdb/pdb_interface.c:179(make_pdb_method_name) smbd[18615]: pdb backend ipasam:ldapi://%2fvar%2frun%2fslapd-UNIX-CO-ORG-AU.socket did not correctly init (error was NT_STATUS_INVALID_PARAMETER) systemd[1]: smb.service: main process exited, code=exited, status=1/FAILURE systemd[1]: Failed to start Samba SMB Daemon. I know I keep coming back to this, but it really does seem to be the error that I am seeing most often. Cheers L. This email (including any attachments or links) may contain confidential and/or legally privileged information and is intended only to be read or used by the addressee. If you are not the intended addressee, any use, distribution, disclosure or copying of this email is strictly prohibited. Confidentiality and legal privilege attached to this email (including any attachments) are not waived or lost by reason of its mistaken delivery to you. If you have received this email in error, please delete it and notify us immediately by telephone or email. Peter MacCallum Cancer Centre provides no guarantee that this transmission is free of virus or that it has not been intercepted or altered and will not be liable for any delay in its receipt. From Lachlan.Simpson at petermac.org Thu Jan 21 03:03:04 2016 From: Lachlan.Simpson at petermac.org (Simpson Lachlan) Date: Thu, 21 Jan 2016 03:03:04 +0000 Subject: [Freeipa-users] IPA wont start, all services fail In-Reply-To: <20160120222135.GC4316@redhat.com> References: <0137003026EBE54FBEC540C5600C03C432DA09@PMC-EXMBX02.petermac.org.au> <20160118223643.GG4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432DA31@PMC-EXMBX02.petermac.org.au> <0137003026EBE54FBEC540C5600C03C432DC31@PMC-EXMBX02.petermac.org.au> <20160119063310.GI4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432DE7C@PMC-EXMBX02.petermac.org.au> <20160120082011.GO4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432E269@PMC-EXMBX02.petermac.org.au> <20160120214348.GA4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432E3BD@PMC-EXMBX02.petermac.org.au> <20160120222135.GC4316@redhat.com> Message-ID: <0137003026EBE54FBEC540C5600C03C432EEEE@PMC-EXMBX02.petermac.org.au> > -----Original Message----- > From: Alexander Bokovoy [mailto:abokovoy at redhat.com] > Sent: Thursday, 21 January 2016 9:22 AM > >ses=4294967295 subj=kernel pid=18340 comm="httpd" reason="memory > >violation" sig=11 type=ANOM_ABEND msg=audit(1453325558.988:1245): > >auid=4294967295 uid=991 gid=987 ses=4294967295 subj=kernel pid=18357 > >comm="httpd" reason="memory violation" sig=11 > Ok, I see two problems above and they may be related to recently fixed issue with > python-cryptography's use of python-cffi. However, this issue should not affect > CentOS 7.2 as the broken python-cryptography code is not in RHEL 7.2 at all, so > I'm a bit puzzled. I?m sure it's now apparent that I'm a relative FreeIPA/sssd new comer, and tbh, my involvement with AD has been "enough to not hurt myself or others or production", samba I last played with seriously for AD related issues way back when 2.x was around - since then it's been file sharing only. I would like to test a few things, but I'm finding it hard to find good examples. How can I test that the one way trust relationship between the FreeIPA server and the AD DC is still in effect? (FreeIPA trusts AD, AD does not trust FreeIIPA). I presume there is an ldapsearch or sssd command that should connect directly to the AD server? Cheers L. This email (including any attachments or links) may contain confidential and/or legally privileged information and is intended only to be read or used by the addressee. If you are not the intended addressee, any use, distribution, disclosure or copying of this email is strictly prohibited. Confidentiality and legal privilege attached to this email (including any attachments) are not waived or lost by reason of its mistaken delivery to you. If you have received this email in error, please delete it and notify us immediately by telephone or email. Peter MacCallum Cancer Centre provides no guarantee that this transmission is free of virus or that it has not been intercepted or altered and will not be liable for any delay in its receipt. From Lachlan.Simpson at petermac.org Thu Jan 21 04:23:50 2016 From: Lachlan.Simpson at petermac.org (Simpson Lachlan) Date: Thu, 21 Jan 2016 04:23:50 +0000 Subject: [Freeipa-users] IPA wont start, all services fail References: <0137003026EBE54FBEC540C5600C03C432DA09@PMC-EXMBX02.petermac.org.au> <20160118223643.GG4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432DA31@PMC-EXMBX02.petermac.org.au> <0137003026EBE54FBEC540C5600C03C432DC31@PMC-EXMBX02.petermac.org.au> <20160119063310.GI4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432DE7C@PMC-EXMBX02.petermac.org.au> <20160120082011.GO4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432E269@PMC-EXMBX02.petermac.org.au> <20160120214348.GA4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432E3BD@PMC-EXMBX02.petermac.org.au> <20160120222135.GC4316@redhat.com> Message-ID: <0137003026EBE54FBEC540C5600C03C432EF64@PMC-EXMBX02.petermac.org.au> > -----Original Message----- > From: Simpson Lachlan > I would like to test a few things, but I'm finding it hard to find good examples. > > How can I test that the one way trust relationship between the FreeIPA server > and the AD DC is still in effect? (FreeIPA trusts AD, AD does not trust > FreeIIPA). > I presume there is an ldapsearch or sssd command that should connect directly > to > the AD server? I should have asked for what I wanted, because of course I found the solution to what I *did* ask almost immediately. Real question: If I get the SID for the "SMB Default Group", is it just a matter of editing the ldap directory via ldapmodify? No, because that's again not the issue. The samba error I get is pdb backend ipasam:ldapi://%2fvar%2frun%2fslapd-UNIX-CO-ORG-AU.socket did not correctly init (error was NT_STATUS_INVALID_PARAMETER) pbdedit fails on the same problem. How can I set the SID of the default group manually - by which I mean, using a command line tool to manipulate text (rather than a shell script or ipa-adtrust). Cheers L. This email (including any attachments or links) may contain confidential and/or legally privileged information and is intended only to be read or used by the addressee. If you are not the intended addressee, any use, distribution, disclosure or copying of this email is strictly prohibited. Confidentiality and legal privilege attached to this email (including any attachments) are not waived or lost by reason of its mistaken delivery to you. If you have received this email in error, please delete it and notify us immediately by telephone or email. Peter MacCallum Cancer Centre provides no guarantee that this transmission is free of virus or that it has not been intercepted or altered and will not be liable for any delay in its receipt. From f.zoske at euroimmun.de Thu Jan 21 06:41:21 2016 From: f.zoske at euroimmun.de (Zoske, Fabian) Date: Thu, 21 Jan 2016 06:41:21 +0000 Subject: [Freeipa-users] Cross Domain Trust In-Reply-To: <20160118170243.GA32654@mail.corp.redhat.com> References: <20151215123822.GB24928@p.redhat.com> <20160111183721.GA19957@mail.corp.redhat.com> <01E75E6E-4BF3-4996-9A26-6B182C460196@euroimmun.de> <20160112101128.GD14430@mail.corp.redhat.com> <20160118170243.GA32654@mail.corp.redhat.com> Message-ID: Hi Lukas, such a realm does not exists, but it is my user principal name in AD, due to legacy compatibility with Exchange. Best regards, Fabian -----Urspr?ngliche Nachricht----- Von: Lukas Slebodnik [mailto:lslebodn at redhat.com] Gesendet: Montag, 18. Januar 2016 18:03 An: Zoske, Fabian Cc: freeipa-users at redhat.com Betreff: Re: [Freeipa-users] Cross Domain Trust On (12/01/16 11:11), Lukas Slebodnik wrote: >On (12/01/16 08:25), Zoske, Fabian wrote: >>We recently upgraded our IPA-Server from CentOS 7.1 to CentOS 7.2. So far no differences. >> >Then please provide sssd logfiles (1.13.3) from client and also log >files from sssd on freeipa server (sssd on freeipa server is used >indirectly by extop plugin in 389-ds) > >Please provide log files from the same time when you reproduced an issue. > Thank you very much for log files. Authentication on client failed Due to following error: (Thu Jan 14 12:58:36 2016) [[sssd[krb5_child[992]]]] [sss_child_krb5_trace_cb] (0x4000): [992] 1452772716.736098: Sending request (173 bytes) to EUROIMMUN.TEST (master) (Thu Jan 14 12:58:37 2016) [[sssd[krb5_child[992]]]] [get_and_save_tgt] (0x0020): 1232: [-1765328230][Cannot find KDC for realm "EUROIMMUN.TEST"] (Thu Jan 14 12:58:37 2016) [[sssd[krb5_child[992]]]] [map_krb5_error] (0x0020): 1301: [-1765328230][Cannot find KDC for realm "EUROIMMUN.TEST"] (Thu Jan 14 12:58:37 2016) [[sssd[krb5_child[992]]]] [k5c_send_data] (0x0200): Received error code 1432158209 (Thu Jan 14 12:58:37 2016) [[sssd[krb5_child[992]]]] [pack_response_packet] (0x2000): response packet size: [4] (Thu Jan 14 12:58:37 2016) [[sssd[krb5_child[992]]]] [k5c_send_data] (0x4000): Response sent. (Thu Jan 14 12:58:37 2016) [[sssd[krb5_child[992]]]] [main] (0x0400): krb5_child completed successfully Do you have defineded the realm "EUROIMMUN.TEST" in your krb5.conf? It is possible that sssd wrote snippet to the directory /var/lib/sss/pubconf/krb5.include.d/ but this directory is not included in krb5.conf. $ grep includedir /etc/krb5.conf includedir /var/lib/sss/pubconf/krb5.include.d/ BTW you can test the same operation as sssd did from command line. KRB5_TRACE=/dev/stderr kinit f.zoske at EUROIMMUN.TEST or is this principal name an enterprise name? LS From mkosek at redhat.com Thu Jan 21 07:21:19 2016 From: mkosek at redhat.com (Martin Kosek) Date: Thu, 21 Jan 2016 08:21:19 +0100 Subject: [Freeipa-users] ipa-client-install and nsslapd-allow-anonymous-access: off In-Reply-To: References: <569F7CF2.3050908@redhat.com> <569F8309.1010204@redhat.com> <569FA718.4090503@redhat.com> Message-ID: <56A086EF.4050207@redhat.com> On 01/20/2016 05:55 PM, bahan w wrote: > Ah sorry, for security reasons I didn't want to put the original name and I > made a mistake. > > Here we are, for the confusing lines : > ### > Assuming realm is the same as domain: > Generated basedn from realm: dc= > Discovery result: NO_ACCESS_TO_LDAP; server=None, domain=, > kdc=None, basedn=dc= > Validated servers: > will use discovered domain: > Using servers from command line, disabling DNS discovery > will use provided server: > will use discovered realm: > The provided realm name [] does not match discovered one > [] > (: Assumed same as domain) > Installation failed. Rolling back changes > IPA client is not configured on this system. > ### > > Is it more clear ? Sorry again for the confusion. > > I use a realm which is different than the domain. Ah, I see. I think you just found a bug. The problem is that given the server is not reachable, the realm is calculated based on the domain and then rejected as it is different from the option. In this case, ipa-client-install should just accept the realm passed to the script. It is very specific condition, but we should be able to fix that easily I filed a bug: https://bugzilla.redhat.com/show_bug.cgi?id=1300561 We will need to think if there is a workaround for you until the fix is delivered. From Nathan.Peters at globalrelay.net Thu Jan 21 07:38:13 2016 From: Nathan.Peters at globalrelay.net (Nathan Peters) Date: Thu, 21 Jan 2016 07:38:13 +0000 Subject: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists In-Reply-To: <569FE2EC.5080307@redhat.com> References: <569D2F2F.6080806@redhat.com> <569DF522.4090505@redhat.com> <569E687D.5040006@redhat.com> <569E9D5F.9070801@redhat.com> <569EC761.9090306@redhat.com> <569F5B19.50009@redhat.com> <569FE2EC.5080307@redhat.com> Message-ID: All checks below were performed from the host we are trying to turn into a replica and they were performed against the master who logs I also show The first check was to kinit admin and try the search. Surprisingly, the GSSAPI bind returns no results when we search that. In my previous email you can see that the standard bind gets a result as admin for that search. Next, I tried as the host by kinit with its keytab. Same result, nothing back. Finally I tried as my own personal admin user. Same result, nothing back. For good measure, I tried a broad search against the base "cn=mydomain,cn=net" as each user as well and I'll spare you the ten thousand lines of screenshot but the results were as expected, several thousand entries in that tree. Although the output differed slightly. This is the total as admin or my personal user # numResponses: 3372 # numEntries: 3371 and this is the total as the host keytab account # numResponses: 3371 # numEntries: 3370 To be even more thorough, I did searches farther and farther up the config tree using GSSAPI until I found something. The only thing that is visible through GSSAPI searches is the base of the config tree. Even the mapping tree branch doesn't seem to be visible. At the very bottom of this email is the results of the search against cn=config directly as the attempted new replica and as admin. Admin gets about 50 results and the host only gets about 30 for some reason. I get the same results as admin on my personal account so I've excluded those. So if I got all that right I was able to determine that only the base of the config tree is available using GSSAPI for any account, users for some reason get slightly more results than hosts, and all accounts can see the dc=mydomain,dc=net tree just fine using GSSAPI. So does that help shed some light on what the cause of this might be or why the server is not answering as expected? Is there some way I can adjust this so everyone can see the results they do using regular binds as they do using GSSAPI binds ? Is there some way I can check ACLS on stuff ? =============== search as admin =============== [nathan.peters at dc2-ipa-dev-van ~]$ klist Ticket cache: KEYRING:persistent:756600344:756600344 Default principal: admin at MYDOMAIN.NET Valid starting Expires Service principal 20/01/16 22:53:18 21/01/16 22:53:08 krbtgt/MYDOMAIN.NET at MYDOMAIN.NET [nathan.peters at dc2-ipa-dev-van ~]$ ldapsearch -Y GSSAPI -H ldaps://dc2-ipa-dev-nvan.mydomain.net -b "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" SASL/GSSAPI authentication started SASL username: admin at MYDOMAIN.NET SASL SSF: 56 SASL data security layer installed. # extended LDIF # # LDAPv3 # base with scope subtree # filter: (objectclass=*) # requesting: ALL # # search result search: 4 result: 0 Success # numResponses: 1 ============ check host keytab ============ [root at dc2-ipa-dev-van ipa]# klist -kt /etc/krb5.keytab Keytab name: FILE:/etc/krb5.keytab KVNO Timestamp Principal ---- ----------------- -------------------------------------------------------- 5 19/01/16 12:07:12 host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET 5 19/01/16 12:07:12 host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET 5 19/01/16 12:07:12 host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET 5 19/01/16 12:07:12 host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET ======== kinit host keytab ======== [root at dc2-ipa-dev-van ipa]# kinit -t /etc/krb5.keytab keytab specified, forcing -k [root at dc2-ipa-dev-van ipa]# klist Ticket cache: KEYRING:persistent:0:krb_ccache_uwO1f2L Default principal: host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET Valid starting Expires Service principal 20/01/16 23:01:11 21/01/16 23:01:11 krbtgt/MYDOMAIN.NET at MYDOMAIN.NET [root at dc2-ipa-dev-van ipa]# ========= ldap search against master as host ========== [root at dc2-ipa-dev-van ipa]# ldapsearch -Y GSSAPI -H ldaps://dc2-ipa-dev-nvan.mydomain.net -b "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" SASL/GSSAPI authentication started SASL username: host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET SASL SSF: 56 SASL data security layer installed. # extended LDIF # # LDAPv3 # base with scope subtree # filter: (objectclass=*) # requesting: ALL # # search result search: 4 result: 0 Success # numResponses: 1 [root at dc2-ipa-dev-van ipa]# ======== ldap search against master as my personal domain admin account ======== [root at dc2-ipa-dev-van ipa]# kinit nathan.peters Password for nathan.peters at MYDOMAIN.NET: [root at dc2-ipa-dev-van ipa]# ldapsearch -Y GSSAPI -H ldaps://dc2-ipa-dev-nvan.mydomain.net -b "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" SASL/GSSAPI authentication started SASL username: nathan.peters at MYDOMAIN.NET SASL SSF: 56 SASL data security layer installed. # extended LDIF # # LDAPv3 # base with scope subtree # filter: (objectclass=*) # requesting: ALL # # search result search: 4 result: 0 Success # numResponses: 1 ======= logs on master during attempt ======= ===== logs on master as admin ===== [20/Jan/2016:22:55:22 -0800] conn=62398 fd=321 slot=321 SSL connection from 10.21.0.98 to 10.178.0.98 [20/Jan/2016:22:55:22 -0800] conn=62398 TLS1.2 128-bit AES [20/Jan/2016:22:55:22 -0800] conn=62398 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [20/Jan/2016:22:55:22 -0800] conn=62398 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [20/Jan/2016:22:55:22 -0800] conn=62398 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [20/Jan/2016:22:55:22 -0800] conn=62398 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [20/Jan/2016:22:55:22 -0800] conn=62398 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [20/Jan/2016:22:55:22 -0800] conn=62398 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=admin,cn=users,cn=accounts,dc=mydomain,dc=net" [20/Jan/2016:22:55:22 -0800] conn=62398 op=3 SRCH base="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" scope=2 filter="(objectClass=*)" attrs=ALL [20/Jan/2016:22:55:22 -0800] conn=62398 op=3 RESULT err=0 tag=101 nentries=0 etime=0 [20/Jan/2016:22:55:22 -0800] conn=62398 op=4 UNBIND [20/Jan/2016:22:55:22 -0800] conn=62398 op=4 fd=321 closed - U1 ===== logs on master as the host we are trying to promote as a replica ====== [20/Jan/2016:23:02:40 -0800] conn=62480 fd=153 slot=153 SSL connection from 10.21.0.98 to 10.178.0.98 [20/Jan/2016:23:02:40 -0800] conn=62480 TLS1.2 128-bit AES [20/Jan/2016:23:02:40 -0800] conn=62480 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [20/Jan/2016:23:02:40 -0800] conn=62480 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [20/Jan/2016:23:02:40 -0800] conn=62480 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [20/Jan/2016:23:02:40 -0800] conn=62480 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [20/Jan/2016:23:02:40 -0800] conn=62480 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [20/Jan/2016:23:02:40 -0800] conn=62480 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [20/Jan/2016:23:02:40 -0800] conn=62480 op=3 SRCH base="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" scope=2 filter="(objectClass=*)" attrs=ALL [20/Jan/2016:23:02:40 -0800] conn=62480 op=3 RESULT err=0 tag=101 nentries=0 etime=0 [20/Jan/2016:23:02:40 -0800] conn=62480 op=4 UNBIND [20/Jan/2016:23:02:40 -0800] conn=62480 op=4 fd=153 closed - U1 ===== logs on master as my personal user ====== [20/Jan/2016:23:09:36 -0800] conn=62564 fd=318 slot=318 SSL connection from 10.21.0.98 to 10.178.0.98 [20/Jan/2016:23:09:36 -0800] conn=62564 TLS1.2 128-bit AES [20/Jan/2016:23:09:36 -0800] conn=62564 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [20/Jan/2016:23:09:36 -0800] conn=62564 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [20/Jan/2016:23:09:36 -0800] conn=62564 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [20/Jan/2016:23:09:36 -0800] conn=62564 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [20/Jan/2016:23:09:36 -0800] conn=62564 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [20/Jan/2016:23:09:36 -0800] conn=62564 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" [20/Jan/2016:23:09:36 -0800] conn=62564 op=3 SRCH base="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" scope=2 filter="(objectClass=*)" attrs=ALL [20/Jan/2016:23:09:36 -0800] conn=62564 op=3 RESULT err=0 tag=101 nentries=0 etime=0 [20/Jan/2016:23:09:36 -0800] conn=62564 op=4 UNBIND [20/Jan/2016:23:09:36 -0800] conn=62564 op=4 fd=318 closed - U1 ========== final searches against cn=mapping tree,cn=config and cn=config using host keytab and gssapi ========== [root at dc2-ipa-dev-van ipa]# ldapsearch -Y GSSAPI -H ldaps://dc2-ipa-dev-nvan.mydomain.net -b "cn=mapping tree,cn=config" SASL/GSSAPI authentication started SASL username: host/dc2-ipa-dev-van.mydomain.net at mydomain.NET SASL SSF: 56 SASL data security layer installed. # extended LDIF # # LDAPv3 # base with scope subtree # filter: (objectclass=*) # requesting: ALL # # search result search: 4 result: 0 Success # numResponses: 1 [root at dc2-ipa-dev-van ipa]# ldapsearch -Y GSSAPI -H ldaps://dc2-ipa-dev-nvan.mydomain.net -b "cn=config" SASL/GSSAPI authentication started SASL username: host/dc2-ipa-dev-van.mydomain.net at mydomain.NET SASL SSF: 56 SASL data security layer installed. # extended LDIF # # LDAPv3 # base with scope subtree # filter: (objectclass=*) # requesting: ALL # # SNMP, config dn: cn=SNMP,cn=config cn: SNMP nsSNMPEnabled: on objectClass: top objectClass: nsSNMP # 1.3.6.1.4.1.4203.1.9.1.1, features, config dn: oid=1.3.6.1.4.1.4203.1.9.1.1,cn=features,cn=config cn: Sync Request Control objectClass: top objectClass: directoryServerFeature oid: 1.3.6.1.4.1.4203.1.9.1.1 # 2.16.840.1.113730.3.4.9, features, config dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config cn: VLV Request Control objectClass: top objectClass: directoryServerFeature oid: 2.16.840.1.113730.3.4.9 # ipa_pwd_extop, plugins, config dn: cn=ipa_pwd_extop,cn=plugins,cn=config cn: ipa_pwd_extop objectClass: top objectClass: nsSlapdPlugin objectClass: extensibleObject # Posix IDs, Distributed Numeric Assignment Plugin, plugins, config dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config cn: Posix IDs dnaMaxValue: 1100 dnaNextValue: 1101 dnaThreshold: 500 dnaType: uidNumber dnaType: gidNumber objectClass: top objectClass: extensibleObject # config, ldbm database, plugins, config dn: cn=config,cn=ldbm database,cn=plugins,cn=config cn: config objectClass: top objectClass: extensibleObject nsslapd-directory: /var/lib/dirsrv/slapd-mydomain-NET/db # default indexes, config, ldbm database, plugins, config dn: cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config cn: default indexes objectClass: top objectClass: extensibleObject # aci, default indexes, config, ldbm database, plugins, config dn: cn=aci,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config cn: aci objectClass: top objectClass: nsIndex # cn, default indexes, config, ldbm database, plugins, config dn: cn=cn,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config cn: cn objectClass: top objectClass: nsIndex # entryusn, default indexes, config, ldbm database, plugins, config dn: cn=entryusn,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=co nfig cn: entryusn objectClass: top objectClass: nsIndex # givenName, default indexes, config, ldbm database, plugins, config dn: cn=givenName,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=c onfig cn: givenName objectClass: top objectClass: nsIndex # mail, default indexes, config, ldbm database, plugins, config dn: cn=mail,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config cn: mail objectClass: top objectClass: nsIndex # mailAlternateAddress, default indexes, config, ldbm database, plugins, config dn: cn=mailAlternateAddress,cn=default indexes,cn=config,cn=ldbm database,cn=p lugins,cn=config cn: mailAlternateAddress objectClass: top objectClass: nsIndex # mailHost, default indexes, config, ldbm database, plugins, config dn: cn=mailHost,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=co nfig cn: mailHost objectClass: top objectClass: nsIndex # member, default indexes, config, ldbm database, plugins, config dn: cn=member,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=conf ig cn: member objectClass: top objectClass: nsIndex # memberOf, default indexes, config, ldbm database, plugins, config dn: cn=memberOf,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=co nfig cn: memberOf objectClass: top objectClass: nsIndex # nsTombstoneCSN, default indexes, config, ldbm database, plugins, config dn: cn=nsTombstoneCSN,cn=default indexes,cn=config,cn=ldbm database,cn=plugins ,cn=config cn: nsTombstoneCSN objectClass: top objectClass: nsIndex # nsUniqueId, default indexes, config, ldbm database, plugins, config dn: cn=nsUniqueId,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn= config cn: nsUniqueId objectClass: top objectClass: nsIndex # ntUniqueId, default indexes, config, ldbm database, plugins, config dn: cn=ntUniqueId,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn= config cn: ntUniqueId objectClass: top objectClass: nsIndex # ntUserDomainId, default indexes, config, ldbm database, plugins, config dn: cn=ntUserDomainId,cn=default indexes,cn=config,cn=ldbm database,cn=plugins ,cn=config cn: ntUserDomainId objectClass: top objectClass: nsIndex # numsubordinates, default indexes, config, ldbm database, plugins, config dn: cn=numsubordinates,cn=default indexes,cn=config,cn=ldbm database,cn=plugin s,cn=config cn: numsubordinates objectClass: top objectClass: nsIndex # objectclass, default indexes, config, ldbm database, plugins, config dn: cn=objectclass,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn =config cn: objectclass objectClass: top objectClass: nsIndex # owner, default indexes, config, ldbm database, plugins, config dn: cn=owner,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=confi g cn: owner objectClass: top objectClass: nsIndex # parentid, default indexes, config, ldbm database, plugins, config dn: cn=parentid,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=co nfig cn: parentid objectClass: top objectClass: nsIndex # seeAlso, default indexes, config, ldbm database, plugins, config dn: cn=seeAlso,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=con fig cn: seeAlso objectClass: top objectClass: nsIndex # sn, default indexes, config, ldbm database, plugins, config dn: cn=sn,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config cn: sn objectClass: top objectClass: nsIndex # targetuniqueid, default indexes, config, ldbm database, plugins, config dn: cn=targetuniqueid,cn=default indexes,cn=config,cn=ldbm database,cn=plugins ,cn=config cn: targetuniqueid objectClass: top objectClass: nsIndex # telephoneNumber, default indexes, config, ldbm database, plugins, config dn: cn=telephoneNumber,cn=default indexes,cn=config,cn=ldbm database,cn=plugin s,cn=config cn: telephoneNumber objectClass: top objectClass: nsIndex # uid, default indexes, config, ldbm database, plugins, config dn: cn=uid,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config cn: uid objectClass: top objectClass: nsIndex # uniquemember, default indexes, config, ldbm database, plugins, config dn: cn=uniquemember,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,c n=config cn: uniquemember objectClass: top objectClass: nsIndex # search result search: 4 result: 0 Success # numResponses: 31 # numEntries: 30 ======== search against cn=config as admin using GSSAPI from host we are trying to turn into a replica ========= [root at dc2-ipa-dev-van ipa]# kinit admin Password for admin at MYDOMAIN.NET: [root at dc2-ipa-dev-van ipa]# ldapsearch -Y GSSAPI -H ldaps://dc2-ipa-dev-nvan.mydomain.net -b "cn=config" SASL/GSSAPI authentication started SASL username: admin at MYDOMAIN.NET SASL SSF: 56 SASL data security layer installed. # extended LDIF # # LDAPv3 # base with scope subtree # filter: (objectclass=*) # requesting: ALL # # SNMP, config dn: cn=SNMP,cn=config cn: SNMP nsSNMPEnabled: on objectClass: top objectClass: nsSNMP # tasks, config dn: cn=tasks,cn=config cn: tasks objectClass: top objectClass: extensibleObject # 1.3.6.1.4.1.4203.1.9.1.1, features, config dn: oid=1.3.6.1.4.1.4203.1.9.1.1,cn=features,cn=config cn: Sync Request Control objectClass: top objectClass: directoryServerFeature oid: 1.3.6.1.4.1.4203.1.9.1.1 # 2.16.840.1.113730.3.4.9, features, config dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config cn: VLV Request Control objectClass: top objectClass: directoryServerFeature oid: 2.16.840.1.113730.3.4.9 # ipa_pwd_extop, plugins, config dn: cn=ipa_pwd_extop,cn=plugins,cn=config cn: ipa_pwd_extop objectClass: top objectClass: nsSlapdPlugin objectClass: extensibleObject # abort cleanallruv, tasks, config dn: cn=abort cleanallruv,cn=tasks,cn=config objectClass: top objectClass: extensibleObject cn: abort cleanallruv # automember export updates, tasks, config dn: cn=automember export updates,cn=tasks,cn=config objectClass: top objectClass: extensibleObject cn: automember export updates # automember map updates, tasks, config dn: cn=automember map updates,cn=tasks,cn=config objectClass: top objectClass: extensibleObject cn: automember map updates # automember rebuild membership, tasks, config dn: cn=automember rebuild membership,cn=tasks,cn=config objectClass: top objectClass: extensibleObject cn: automember rebuild membership # backup, tasks, config dn: cn=backup,cn=tasks,cn=config objectClass: top objectClass: extensibleObject cn: backup # cleanallruv, tasks, config dn: cn=cleanallruv,cn=tasks,cn=config objectClass: top objectClass: extensibleObject cn: cleanallruv # export, tasks, config dn: cn=export,cn=tasks,cn=config objectClass: top objectClass: extensibleObject cn: export # fixup linked attributes, tasks, config dn: cn=fixup linked attributes,cn=tasks,cn=config objectClass: top objectClass: extensibleObject cn: fixup linked attributes # fixup tombstones, tasks, config dn: cn=fixup tombstones,cn=tasks,cn=config objectClass: top objectClass: extensibleObject cn: fixup tombstones # import, tasks, config dn: cn=import,cn=tasks,cn=config objectClass: top objectClass: extensibleObject cn: import # index, tasks, config dn: cn=index,cn=tasks,cn=config objectClass: top objectClass: extensibleObject cn: index # ipa-sidgen-task, tasks, config dn: cn=ipa-sidgen-task,cn=tasks,cn=config objectClass: top objectClass: extensibleObject cn: ipa-sidgen-task # memberof task, tasks, config dn: cn=memberof task,cn=tasks,cn=config objectClass: top objectClass: extensibleObject cn: memberof task # restore, tasks, config dn: cn=restore,cn=tasks,cn=config objectClass: top objectClass: extensibleObject cn: restore # schema reload task, tasks, config dn: cn=schema reload task,cn=tasks,cn=config objectClass: top objectClass: extensibleObject cn: schema reload task # syntax validate, tasks, config dn: cn=syntax validate,cn=tasks,cn=config objectClass: top objectClass: extensibleObject cn: syntax validate # sysconfig reload, tasks, config dn: cn=sysconfig reload,cn=tasks,cn=config objectClass: top objectClass: extensibleObject cn: sysconfig reload # upgradedb, tasks, config dn: cn=upgradedb,cn=tasks,cn=config objectClass: top objectClass: extensibleObject cn: upgradedb # USN tombstone cleanup task, tasks, config dn: cn=USN tombstone cleanup task,cn=tasks,cn=config objectClass: top objectClass: extensibleObject cn: USN tombstone cleanup task # Posix IDs, Distributed Numeric Assignment Plugin, plugins, config dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config cn: Posix IDs dnaMaxValue: 1100 dnaNextValue: 1101 dnaThreshold: 500 dnaType: uidNumber dnaType: gidNumber objectClass: top objectClass: extensibleObject # config, ldbm database, plugins, config dn: cn=config,cn=ldbm database,cn=plugins,cn=config cn: config objectClass: top objectClass: extensibleObject nsslapd-directory: /var/lib/dirsrv/slapd-mydomain-NET/db # default indexes, config, ldbm database, plugins, config dn: cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config cn: default indexes objectClass: top objectClass: extensibleObject # aci, default indexes, config, ldbm database, plugins, config dn: cn=aci,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config cn: aci objectClass: top objectClass: nsIndex # cn, default indexes, config, ldbm database, plugins, config dn: cn=cn,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config cn: cn objectClass: top objectClass: nsIndex # entryusn, default indexes, config, ldbm database, plugins, config dn: cn=entryusn,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=co nfig cn: entryusn objectClass: top objectClass: nsIndex # givenName, default indexes, config, ldbm database, plugins, config dn: cn=givenName,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=c onfig cn: givenName objectClass: top objectClass: nsIndex # mail, default indexes, config, ldbm database, plugins, config dn: cn=mail,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config cn: mail objectClass: top objectClass: nsIndex # mailAlternateAddress, default indexes, config, ldbm database, plugins, config dn: cn=mailAlternateAddress,cn=default indexes,cn=config,cn=ldbm database,cn=p lugins,cn=config cn: mailAlternateAddress objectClass: top objectClass: nsIndex # mailHost, default indexes, config, ldbm database, plugins, config dn: cn=mailHost,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=co nfig cn: mailHost objectClass: top objectClass: nsIndex # member, default indexes, config, ldbm database, plugins, config dn: cn=member,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=conf ig cn: member objectClass: top objectClass: nsIndex # memberOf, default indexes, config, ldbm database, plugins, config dn: cn=memberOf,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=co nfig cn: memberOf objectClass: top objectClass: nsIndex # nsTombstoneCSN, default indexes, config, ldbm database, plugins, config dn: cn=nsTombstoneCSN,cn=default indexes,cn=config,cn=ldbm database,cn=plugins ,cn=config cn: nsTombstoneCSN objectClass: top objectClass: nsIndex # nsUniqueId, default indexes, config, ldbm database, plugins, config dn: cn=nsUniqueId,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn= config cn: nsUniqueId objectClass: top objectClass: nsIndex # ntUniqueId, default indexes, config, ldbm database, plugins, config dn: cn=ntUniqueId,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn= config cn: ntUniqueId objectClass: top objectClass: nsIndex # ntUserDomainId, default indexes, config, ldbm database, plugins, config dn: cn=ntUserDomainId,cn=default indexes,cn=config,cn=ldbm database,cn=plugins ,cn=config cn: ntUserDomainId objectClass: top objectClass: nsIndex # numsubordinates, default indexes, config, ldbm database, plugins, config dn: cn=numsubordinates,cn=default indexes,cn=config,cn=ldbm database,cn=plugin s,cn=config cn: numsubordinates objectClass: top objectClass: nsIndex # objectclass, default indexes, config, ldbm database, plugins, config dn: cn=objectclass,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn =config cn: objectclass objectClass: top objectClass: nsIndex # owner, default indexes, config, ldbm database, plugins, config dn: cn=owner,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=confi g cn: owner objectClass: top objectClass: nsIndex # parentid, default indexes, config, ldbm database, plugins, config dn: cn=parentid,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=co nfig cn: parentid objectClass: top objectClass: nsIndex # seeAlso, default indexes, config, ldbm database, plugins, config dn: cn=seeAlso,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=con fig cn: seeAlso objectClass: top objectClass: nsIndex # sn, default indexes, config, ldbm database, plugins, config dn: cn=sn,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config cn: sn objectClass: top objectClass: nsIndex # targetuniqueid, default indexes, config, ldbm database, plugins, config dn: cn=targetuniqueid,cn=default indexes,cn=config,cn=ldbm database,cn=plugins ,cn=config cn: targetuniqueid objectClass: top objectClass: nsIndex # telephoneNumber, default indexes, config, ldbm database, plugins, config dn: cn=telephoneNumber,cn=default indexes,cn=config,cn=ldbm database,cn=plugin s,cn=config cn: telephoneNumber objectClass: top objectClass: nsIndex # uid, default indexes, config, ldbm database, plugins, config dn: cn=uid,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config cn: uid objectClass: top objectClass: nsIndex # uniquemember, default indexes, config, ldbm database, plugins, config dn: cn=uniquemember,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,c n=config cn: uniquemember objectClass: top objectClass: nsIndex # search result search: 4 result: 0 Success # numResponses: 51 # numEntries: 50 -----Original Message----- From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Rich Megginson Sent: January-20-16 11:44 AM To: freeipa-users at redhat.com Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists On 01/20/2016 12:24 PM, Nathan Peters wrote: > Now we are starting to get somewhere (although a resolution still is > not visible) :) > > First, thank you Petr and Rob for your help on this issue. I apologize for our hard to parse server names. I'm not a fan of them myself and in earlier reports I had been reformatting everything nicely with dc1, dc2, dc3 etc. After having to submit so many reports I started to get lazy an thought it may be more helpful to see data closer to what we are actually using. > > Petr hit the nail on the head with the "does everyone who binds get the same result" question, which although it has not revealed a resolution, has revealed a bunch of really interesting facts about the process. > > Going back to the original logs that were running on the remote master during the replica installation attempt I see the following : > > [18/Jan/2016:09:28:32 -0800] conn=18732 fd=77 slot=77 connection from > 10.21.0.98 to 10.178.0.98 >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=0 BIND dn="" method=sasl >> version=3 mech=GSSAPI >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=0 RESULT err=14 tag=97 >> nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=1 BIND dn="" method=sasl >> version=3 mech=GSSAPI >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=1 RESULT err=14 tag=97 >> nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=2 BIND dn="" method=sasl >> version=3 mech=GSSAPI >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=3 SRCH >> base="cn=replication,cn=etc,dc=mydomain,dc=net" scope=0 >> filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=3 RESULT err=0 tag=101 >> nentries=1 etime=0 >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=4 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=4 RESULT err=0 tag=101 >> nentries=1 etime=0 > So, conn18732 was opened with a bind dn of "" ? Is this supposed to happen? Yes. GSSAPI/SASL binds are multi-stage binds. You'll notice that the last stage is op=2, and the result has the full bind DN to which the kerberos principals mapped to. The dn="" until the last stage at which time the mapped DN is known and logged. > > Here is what I see when I search that base using the same empty bind dn : nack - you have to first use "kinit myusername at MYDOMAIN", then use ldapsearch -Y GSSAPI ...., to do the bind in the same way to use GSSAPI. From Nathan.Peters at globalrelay.net Thu Jan 21 07:50:02 2016 From: Nathan.Peters at globalrelay.net (Nathan Peters) Date: Thu, 21 Jan 2016 07:50:02 +0000 Subject: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists In-Reply-To: References: <569D2F2F.6080806@redhat.com> <569DF522.4090505@redhat.com> <569E687D.5040006@redhat.com> <569E9D5F.9070801@redhat.com> <569EC761.9090306@redhat.com> <569F5B19.50009@redhat.com> <569FE2EC.5080307@redhat.com> Message-ID: I don't know if this makes a difference too, but I performed the same checks on a different completely working and joined FreeIPA master, against other masters, and even against itself directly. It seems that no account, no keytab, and no host can see that mapping tree branch no matter who they search from or against if GSSAPI is used. -----Original Message----- From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Nathan Peters Sent: January-20-16 11:41 PM To: Rich Megginson; freeipa-users at redhat.com Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists All checks below were performed from the host we are trying to turn into a replica and they were performed against the master who logs I also show The first check was to kinit admin and try the search. Surprisingly, the GSSAPI bind returns no results when we search that. In my previous email you can see that the standard bind gets a result as admin for that search. Next, I tried as the host by kinit with its keytab. Same result, nothing back. Finally I tried as my own personal admin user. Same result, nothing back. For good measure, I tried a broad search against the base "cn=mydomain,cn=net" as each user as well and I'll spare you the ten thousand lines of screenshot but the results were as expected, several thousand entries in that tree. Although the output differed slightly. This is the total as admin or my personal user # numResponses: 3372 # numEntries: 3371 and this is the total as the host keytab account # numResponses: 3371 # numEntries: 3370 To be even more thorough, I did searches farther and farther up the config tree using GSSAPI until I found something. The only thing that is visible through GSSAPI searches is the base of the config tree. Even the mapping tree branch doesn't seem to be visible. At the very bottom of this email is the results of the search against cn=config directly as the attempted new replica and as admin. Admin gets about 50 results and the host only gets about 30 for some reason. I get the same results as admin on my personal account so I've excluded those. So if I got all that right I was able to determine that only the base of the config tree is available using GSSAPI for any account, users for some reason get slightly more results than hosts, and all accounts can see the dc=mydomain,dc=net tree just fine using GSSAPI. So does that help shed some light on what the cause of this might be or why the server is not answering as expected? Is there some way I can adjust this so everyone can see the results they do using regular binds as they do using GSSAPI binds ? Is there some way I can check ACLS on stuff ? =============== search as admin =============== [nathan.peters at dc2-ipa-dev-van ~]$ klist Ticket cache: KEYRING:persistent:756600344:756600344 Default principal: admin at MYDOMAIN.NET Valid starting Expires Service principal 20/01/16 22:53:18 21/01/16 22:53:08 krbtgt/MYDOMAIN.NET at MYDOMAIN.NET [nathan.peters at dc2-ipa-dev-van ~]$ ldapsearch -Y GSSAPI -H ldaps://dc2-ipa-dev-nvan.mydomain.net -b "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" SASL/GSSAPI authentication started SASL username: admin at MYDOMAIN.NET SASL SSF: 56 SASL data security layer installed. # extended LDIF # # LDAPv3 # base with scope subtree # filter: (objectclass=*) # requesting: ALL # # search result search: 4 result: 0 Success # numResponses: 1 ============ check host keytab ============ [root at dc2-ipa-dev-van ipa]# klist -kt /etc/krb5.keytab Keytab name: FILE:/etc/krb5.keytab KVNO Timestamp Principal ---- ----------------- -------------------------------------------------------- 5 19/01/16 12:07:12 host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET 5 19/01/16 12:07:12 host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET 5 19/01/16 12:07:12 host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET 5 19/01/16 12:07:12 host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET ======== kinit host keytab ======== [root at dc2-ipa-dev-van ipa]# kinit -t /etc/krb5.keytab keytab specified, forcing -k [root at dc2-ipa-dev-van ipa]# klist Ticket cache: KEYRING:persistent:0:krb_ccache_uwO1f2L Default principal: host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET Valid starting Expires Service principal 20/01/16 23:01:11 21/01/16 23:01:11 krbtgt/MYDOMAIN.NET at MYDOMAIN.NET [root at dc2-ipa-dev-van ipa]# ========= ldap search against master as host ========== [root at dc2-ipa-dev-van ipa]# ldapsearch -Y GSSAPI -H ldaps://dc2-ipa-dev-nvan.mydomain.net -b "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" SASL/GSSAPI authentication started SASL username: host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET SASL SSF: 56 SASL data security layer installed. # extended LDIF # # LDAPv3 # base with scope subtree # filter: (objectclass=*) # requesting: ALL # # search result search: 4 result: 0 Success # numResponses: 1 [root at dc2-ipa-dev-van ipa]# ======== ldap search against master as my personal domain admin account ======== [root at dc2-ipa-dev-van ipa]# kinit nathan.peters Password for nathan.peters at MYDOMAIN.NET: [root at dc2-ipa-dev-van ipa]# ldapsearch -Y GSSAPI -H ldaps://dc2-ipa-dev-nvan.mydomain.net -b "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" SASL/GSSAPI authentication started SASL username: nathan.peters at MYDOMAIN.NET SASL SSF: 56 SASL data security layer installed. # extended LDIF # # LDAPv3 # base with scope subtree # filter: (objectclass=*) # requesting: ALL # # search result search: 4 result: 0 Success # numResponses: 1 ======= logs on master during attempt ======= ===== logs on master as admin ===== [20/Jan/2016:22:55:22 -0800] conn=62398 fd=321 slot=321 SSL connection from 10.21.0.98 to 10.178.0.98 [20/Jan/2016:22:55:22 -0800] conn=62398 TLS1.2 128-bit AES [20/Jan/2016:22:55:22 -0800] conn=62398 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [20/Jan/2016:22:55:22 -0800] conn=62398 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [20/Jan/2016:22:55:22 -0800] conn=62398 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [20/Jan/2016:22:55:22 -0800] conn=62398 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [20/Jan/2016:22:55:22 -0800] conn=62398 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [20/Jan/2016:22:55:22 -0800] conn=62398 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=admin,cn=users,cn=accounts,dc=mydomain,dc=net" [20/Jan/2016:22:55:22 -0800] conn=62398 op=3 SRCH base="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" scope=2 filter="(objectClass=*)" attrs=ALL [20/Jan/2016:22:55:22 -0800] conn=62398 op=3 RESULT err=0 tag=101 nentries=0 etime=0 [20/Jan/2016:22:55:22 -0800] conn=62398 op=4 UNBIND [20/Jan/2016:22:55:22 -0800] conn=62398 op=4 fd=321 closed - U1 ===== logs on master as the host we are trying to promote as a replica ====== [20/Jan/2016:23:02:40 -0800] conn=62480 fd=153 slot=153 SSL connection from 10.21.0.98 to 10.178.0.98 [20/Jan/2016:23:02:40 -0800] conn=62480 TLS1.2 128-bit AES [20/Jan/2016:23:02:40 -0800] conn=62480 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [20/Jan/2016:23:02:40 -0800] conn=62480 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [20/Jan/2016:23:02:40 -0800] conn=62480 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [20/Jan/2016:23:02:40 -0800] conn=62480 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [20/Jan/2016:23:02:40 -0800] conn=62480 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [20/Jan/2016:23:02:40 -0800] conn=62480 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" [20/Jan/2016:23:02:40 -0800] conn=62480 op=3 SRCH base="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" scope=2 filter="(objectClass=*)" attrs=ALL [20/Jan/2016:23:02:40 -0800] conn=62480 op=3 RESULT err=0 tag=101 nentries=0 etime=0 [20/Jan/2016:23:02:40 -0800] conn=62480 op=4 UNBIND [20/Jan/2016:23:02:40 -0800] conn=62480 op=4 fd=153 closed - U1 ===== logs on master as my personal user ====== [20/Jan/2016:23:09:36 -0800] conn=62564 fd=318 slot=318 SSL connection from 10.21.0.98 to 10.178.0.98 [20/Jan/2016:23:09:36 -0800] conn=62564 TLS1.2 128-bit AES [20/Jan/2016:23:09:36 -0800] conn=62564 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [20/Jan/2016:23:09:36 -0800] conn=62564 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [20/Jan/2016:23:09:36 -0800] conn=62564 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [20/Jan/2016:23:09:36 -0800] conn=62564 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [20/Jan/2016:23:09:36 -0800] conn=62564 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [20/Jan/2016:23:09:36 -0800] conn=62564 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" [20/Jan/2016:23:09:36 -0800] conn=62564 op=3 SRCH base="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" scope=2 filter="(objectClass=*)" attrs=ALL [20/Jan/2016:23:09:36 -0800] conn=62564 op=3 RESULT err=0 tag=101 nentries=0 etime=0 [20/Jan/2016:23:09:36 -0800] conn=62564 op=4 UNBIND [20/Jan/2016:23:09:36 -0800] conn=62564 op=4 fd=318 closed - U1 ========== final searches against cn=mapping tree,cn=config and cn=config using host keytab and gssapi ========== [root at dc2-ipa-dev-van ipa]# ldapsearch -Y GSSAPI -H ldaps://dc2-ipa-dev-nvan.mydomain.net -b "cn=mapping tree,cn=config" SASL/GSSAPI authentication started SASL username: host/dc2-ipa-dev-van.mydomain.net at mydomain.NET SASL SSF: 56 SASL data security layer installed. # extended LDIF # # LDAPv3 # base with scope subtree # filter: (objectclass=*) # requesting: ALL # # search result search: 4 result: 0 Success # numResponses: 1 [root at dc2-ipa-dev-van ipa]# ldapsearch -Y GSSAPI -H ldaps://dc2-ipa-dev-nvan.mydomain.net -b "cn=config" SASL/GSSAPI authentication started SASL username: host/dc2-ipa-dev-van.mydomain.net at mydomain.NET SASL SSF: 56 SASL data security layer installed. # extended LDIF # # LDAPv3 # base with scope subtree # filter: (objectclass=*) # requesting: ALL # # SNMP, config dn: cn=SNMP,cn=config cn: SNMP nsSNMPEnabled: on objectClass: top objectClass: nsSNMP # 1.3.6.1.4.1.4203.1.9.1.1, features, config dn: oid=1.3.6.1.4.1.4203.1.9.1.1,cn=features,cn=config cn: Sync Request Control objectClass: top objectClass: directoryServerFeature oid: 1.3.6.1.4.1.4203.1.9.1.1 # 2.16.840.1.113730.3.4.9, features, config dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config cn: VLV Request Control objectClass: top objectClass: directoryServerFeature oid: 2.16.840.1.113730.3.4.9 # ipa_pwd_extop, plugins, config dn: cn=ipa_pwd_extop,cn=plugins,cn=config cn: ipa_pwd_extop objectClass: top objectClass: nsSlapdPlugin objectClass: extensibleObject # Posix IDs, Distributed Numeric Assignment Plugin, plugins, config dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config cn: Posix IDs dnaMaxValue: 1100 dnaNextValue: 1101 dnaThreshold: 500 dnaType: uidNumber dnaType: gidNumber objectClass: top objectClass: extensibleObject # config, ldbm database, plugins, config dn: cn=config,cn=ldbm database,cn=plugins,cn=config cn: config objectClass: top objectClass: extensibleObject nsslapd-directory: /var/lib/dirsrv/slapd-mydomain-NET/db # default indexes, config, ldbm database, plugins, config dn: cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config cn: default indexes objectClass: top objectClass: extensibleObject # aci, default indexes, config, ldbm database, plugins, config dn: cn=aci,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config cn: aci objectClass: top objectClass: nsIndex # cn, default indexes, config, ldbm database, plugins, config dn: cn=cn,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config cn: cn objectClass: top objectClass: nsIndex # entryusn, default indexes, config, ldbm database, plugins, config dn: cn=entryusn,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=co nfig cn: entryusn objectClass: top objectClass: nsIndex # givenName, default indexes, config, ldbm database, plugins, config dn: cn=givenName,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=c onfig cn: givenName objectClass: top objectClass: nsIndex # mail, default indexes, config, ldbm database, plugins, config dn: cn=mail,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config cn: mail objectClass: top objectClass: nsIndex # mailAlternateAddress, default indexes, config, ldbm database, plugins, config dn: cn=mailAlternateAddress,cn=default indexes,cn=config,cn=ldbm database,cn=p lugins,cn=config cn: mailAlternateAddress objectClass: top objectClass: nsIndex # mailHost, default indexes, config, ldbm database, plugins, config dn: cn=mailHost,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=co nfig cn: mailHost objectClass: top objectClass: nsIndex # member, default indexes, config, ldbm database, plugins, config dn: cn=member,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=conf ig cn: member objectClass: top objectClass: nsIndex # memberOf, default indexes, config, ldbm database, plugins, config dn: cn=memberOf,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=co nfig cn: memberOf objectClass: top objectClass: nsIndex # nsTombstoneCSN, default indexes, config, ldbm database, plugins, config dn: cn=nsTombstoneCSN,cn=default indexes,cn=config,cn=ldbm database,cn=plugins ,cn=config cn: nsTombstoneCSN objectClass: top objectClass: nsIndex # nsUniqueId, default indexes, config, ldbm database, plugins, config dn: cn=nsUniqueId,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn= config cn: nsUniqueId objectClass: top objectClass: nsIndex # ntUniqueId, default indexes, config, ldbm database, plugins, config dn: cn=ntUniqueId,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn= config cn: ntUniqueId objectClass: top objectClass: nsIndex # ntUserDomainId, default indexes, config, ldbm database, plugins, config dn: cn=ntUserDomainId,cn=default indexes,cn=config,cn=ldbm database,cn=plugins ,cn=config cn: ntUserDomainId objectClass: top objectClass: nsIndex # numsubordinates, default indexes, config, ldbm database, plugins, config dn: cn=numsubordinates,cn=default indexes,cn=config,cn=ldbm database,cn=plugin s,cn=config cn: numsubordinates objectClass: top objectClass: nsIndex # objectclass, default indexes, config, ldbm database, plugins, config dn: cn=objectclass,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn =config cn: objectclass objectClass: top objectClass: nsIndex # owner, default indexes, config, ldbm database, plugins, config dn: cn=owner,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=confi g cn: owner objectClass: top objectClass: nsIndex # parentid, default indexes, config, ldbm database, plugins, config dn: cn=parentid,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=co nfig cn: parentid objectClass: top objectClass: nsIndex # seeAlso, default indexes, config, ldbm database, plugins, config dn: cn=seeAlso,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=con fig cn: seeAlso objectClass: top objectClass: nsIndex # sn, default indexes, config, ldbm database, plugins, config dn: cn=sn,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config cn: sn objectClass: top objectClass: nsIndex # targetuniqueid, default indexes, config, ldbm database, plugins, config dn: cn=targetuniqueid,cn=default indexes,cn=config,cn=ldbm database,cn=plugins ,cn=config cn: targetuniqueid objectClass: top objectClass: nsIndex # telephoneNumber, default indexes, config, ldbm database, plugins, config dn: cn=telephoneNumber,cn=default indexes,cn=config,cn=ldbm database,cn=plugin s,cn=config cn: telephoneNumber objectClass: top objectClass: nsIndex # uid, default indexes, config, ldbm database, plugins, config dn: cn=uid,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config cn: uid objectClass: top objectClass: nsIndex # uniquemember, default indexes, config, ldbm database, plugins, config dn: cn=uniquemember,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,c n=config cn: uniquemember objectClass: top objectClass: nsIndex # search result search: 4 result: 0 Success # numResponses: 31 # numEntries: 30 ======== search against cn=config as admin using GSSAPI from host we are trying to turn into a replica ========= [root at dc2-ipa-dev-van ipa]# kinit admin Password for admin at MYDOMAIN.NET: [root at dc2-ipa-dev-van ipa]# ldapsearch -Y GSSAPI -H ldaps://dc2-ipa-dev-nvan.mydomain.net -b "cn=config" SASL/GSSAPI authentication started SASL username: admin at MYDOMAIN.NET SASL SSF: 56 SASL data security layer installed. # extended LDIF # # LDAPv3 # base with scope subtree # filter: (objectclass=*) # requesting: ALL # # SNMP, config dn: cn=SNMP,cn=config cn: SNMP nsSNMPEnabled: on objectClass: top objectClass: nsSNMP # tasks, config dn: cn=tasks,cn=config cn: tasks objectClass: top objectClass: extensibleObject # 1.3.6.1.4.1.4203.1.9.1.1, features, config dn: oid=1.3.6.1.4.1.4203.1.9.1.1,cn=features,cn=config cn: Sync Request Control objectClass: top objectClass: directoryServerFeature oid: 1.3.6.1.4.1.4203.1.9.1.1 # 2.16.840.1.113730.3.4.9, features, config dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config cn: VLV Request Control objectClass: top objectClass: directoryServerFeature oid: 2.16.840.1.113730.3.4.9 # ipa_pwd_extop, plugins, config dn: cn=ipa_pwd_extop,cn=plugins,cn=config cn: ipa_pwd_extop objectClass: top objectClass: nsSlapdPlugin objectClass: extensibleObject # abort cleanallruv, tasks, config dn: cn=abort cleanallruv,cn=tasks,cn=config objectClass: top objectClass: extensibleObject cn: abort cleanallruv # automember export updates, tasks, config dn: cn=automember export updates,cn=tasks,cn=config objectClass: top objectClass: extensibleObject cn: automember export updates # automember map updates, tasks, config dn: cn=automember map updates,cn=tasks,cn=config objectClass: top objectClass: extensibleObject cn: automember map updates # automember rebuild membership, tasks, config dn: cn=automember rebuild membership,cn=tasks,cn=config objectClass: top objectClass: extensibleObject cn: automember rebuild membership # backup, tasks, config dn: cn=backup,cn=tasks,cn=config objectClass: top objectClass: extensibleObject cn: backup # cleanallruv, tasks, config dn: cn=cleanallruv,cn=tasks,cn=config objectClass: top objectClass: extensibleObject cn: cleanallruv # export, tasks, config dn: cn=export,cn=tasks,cn=config objectClass: top objectClass: extensibleObject cn: export # fixup linked attributes, tasks, config dn: cn=fixup linked attributes,cn=tasks,cn=config objectClass: top objectClass: extensibleObject cn: fixup linked attributes # fixup tombstones, tasks, config dn: cn=fixup tombstones,cn=tasks,cn=config objectClass: top objectClass: extensibleObject cn: fixup tombstones # import, tasks, config dn: cn=import,cn=tasks,cn=config objectClass: top objectClass: extensibleObject cn: import # index, tasks, config dn: cn=index,cn=tasks,cn=config objectClass: top objectClass: extensibleObject cn: index # ipa-sidgen-task, tasks, config dn: cn=ipa-sidgen-task,cn=tasks,cn=config objectClass: top objectClass: extensibleObject cn: ipa-sidgen-task # memberof task, tasks, config dn: cn=memberof task,cn=tasks,cn=config objectClass: top objectClass: extensibleObject cn: memberof task # restore, tasks, config dn: cn=restore,cn=tasks,cn=config objectClass: top objectClass: extensibleObject cn: restore # schema reload task, tasks, config dn: cn=schema reload task,cn=tasks,cn=config objectClass: top objectClass: extensibleObject cn: schema reload task # syntax validate, tasks, config dn: cn=syntax validate,cn=tasks,cn=config objectClass: top objectClass: extensibleObject cn: syntax validate # sysconfig reload, tasks, config dn: cn=sysconfig reload,cn=tasks,cn=config objectClass: top objectClass: extensibleObject cn: sysconfig reload # upgradedb, tasks, config dn: cn=upgradedb,cn=tasks,cn=config objectClass: top objectClass: extensibleObject cn: upgradedb # USN tombstone cleanup task, tasks, config dn: cn=USN tombstone cleanup task,cn=tasks,cn=config objectClass: top objectClass: extensibleObject cn: USN tombstone cleanup task # Posix IDs, Distributed Numeric Assignment Plugin, plugins, config dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config cn: Posix IDs dnaMaxValue: 1100 dnaNextValue: 1101 dnaThreshold: 500 dnaType: uidNumber dnaType: gidNumber objectClass: top objectClass: extensibleObject # config, ldbm database, plugins, config dn: cn=config,cn=ldbm database,cn=plugins,cn=config cn: config objectClass: top objectClass: extensibleObject nsslapd-directory: /var/lib/dirsrv/slapd-mydomain-NET/db # default indexes, config, ldbm database, plugins, config dn: cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config cn: default indexes objectClass: top objectClass: extensibleObject # aci, default indexes, config, ldbm database, plugins, config dn: cn=aci,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config cn: aci objectClass: top objectClass: nsIndex # cn, default indexes, config, ldbm database, plugins, config dn: cn=cn,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config cn: cn objectClass: top objectClass: nsIndex # entryusn, default indexes, config, ldbm database, plugins, config dn: cn=entryusn,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=co nfig cn: entryusn objectClass: top objectClass: nsIndex # givenName, default indexes, config, ldbm database, plugins, config dn: cn=givenName,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=c onfig cn: givenName objectClass: top objectClass: nsIndex # mail, default indexes, config, ldbm database, plugins, config dn: cn=mail,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config cn: mail objectClass: top objectClass: nsIndex # mailAlternateAddress, default indexes, config, ldbm database, plugins, config dn: cn=mailAlternateAddress,cn=default indexes,cn=config,cn=ldbm database,cn=p lugins,cn=config cn: mailAlternateAddress objectClass: top objectClass: nsIndex # mailHost, default indexes, config, ldbm database, plugins, config dn: cn=mailHost,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=co nfig cn: mailHost objectClass: top objectClass: nsIndex # member, default indexes, config, ldbm database, plugins, config dn: cn=member,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=conf ig cn: member objectClass: top objectClass: nsIndex # memberOf, default indexes, config, ldbm database, plugins, config dn: cn=memberOf,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=co nfig cn: memberOf objectClass: top objectClass: nsIndex # nsTombstoneCSN, default indexes, config, ldbm database, plugins, config dn: cn=nsTombstoneCSN,cn=default indexes,cn=config,cn=ldbm database,cn=plugins ,cn=config cn: nsTombstoneCSN objectClass: top objectClass: nsIndex # nsUniqueId, default indexes, config, ldbm database, plugins, config dn: cn=nsUniqueId,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn= config cn: nsUniqueId objectClass: top objectClass: nsIndex # ntUniqueId, default indexes, config, ldbm database, plugins, config dn: cn=ntUniqueId,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn= config cn: ntUniqueId objectClass: top objectClass: nsIndex # ntUserDomainId, default indexes, config, ldbm database, plugins, config dn: cn=ntUserDomainId,cn=default indexes,cn=config,cn=ldbm database,cn=plugins ,cn=config cn: ntUserDomainId objectClass: top objectClass: nsIndex # numsubordinates, default indexes, config, ldbm database, plugins, config dn: cn=numsubordinates,cn=default indexes,cn=config,cn=ldbm database,cn=plugin s,cn=config cn: numsubordinates objectClass: top objectClass: nsIndex # objectclass, default indexes, config, ldbm database, plugins, config dn: cn=objectclass,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn =config cn: objectclass objectClass: top objectClass: nsIndex # owner, default indexes, config, ldbm database, plugins, config dn: cn=owner,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=confi g cn: owner objectClass: top objectClass: nsIndex # parentid, default indexes, config, ldbm database, plugins, config dn: cn=parentid,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=co nfig cn: parentid objectClass: top objectClass: nsIndex # seeAlso, default indexes, config, ldbm database, plugins, config dn: cn=seeAlso,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=con fig cn: seeAlso objectClass: top objectClass: nsIndex # sn, default indexes, config, ldbm database, plugins, config dn: cn=sn,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config cn: sn objectClass: top objectClass: nsIndex # targetuniqueid, default indexes, config, ldbm database, plugins, config dn: cn=targetuniqueid,cn=default indexes,cn=config,cn=ldbm database,cn=plugins ,cn=config cn: targetuniqueid objectClass: top objectClass: nsIndex # telephoneNumber, default indexes, config, ldbm database, plugins, config dn: cn=telephoneNumber,cn=default indexes,cn=config,cn=ldbm database,cn=plugin s,cn=config cn: telephoneNumber objectClass: top objectClass: nsIndex # uid, default indexes, config, ldbm database, plugins, config dn: cn=uid,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config cn: uid objectClass: top objectClass: nsIndex # uniquemember, default indexes, config, ldbm database, plugins, config dn: cn=uniquemember,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,c n=config cn: uniquemember objectClass: top objectClass: nsIndex # search result search: 4 result: 0 Success # numResponses: 51 # numEntries: 50 -----Original Message----- From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Rich Megginson Sent: January-20-16 11:44 AM To: freeipa-users at redhat.com Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists On 01/20/2016 12:24 PM, Nathan Peters wrote: > Now we are starting to get somewhere (although a resolution still is > not visible) :) > > First, thank you Petr and Rob for your help on this issue. I apologize for our hard to parse server names. I'm not a fan of them myself and in earlier reports I had been reformatting everything nicely with dc1, dc2, dc3 etc. After having to submit so many reports I started to get lazy an thought it may be more helpful to see data closer to what we are actually using. > > Petr hit the nail on the head with the "does everyone who binds get the same result" question, which although it has not revealed a resolution, has revealed a bunch of really interesting facts about the process. > > Going back to the original logs that were running on the remote master during the replica installation attempt I see the following : > > [18/Jan/2016:09:28:32 -0800] conn=18732 fd=77 slot=77 connection from > 10.21.0.98 to 10.178.0.98 >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=0 BIND dn="" method=sasl >> version=3 mech=GSSAPI >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=0 RESULT err=14 tag=97 >> nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=1 BIND dn="" method=sasl >> version=3 mech=GSSAPI >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=1 RESULT err=14 tag=97 >> nentries=0 etime=0, SASL bind in progress >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=2 BIND dn="" method=sasl >> version=3 mech=GSSAPI >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=3 SRCH >> base="cn=replication,cn=etc,dc=mydomain,dc=net" scope=0 >> filter="(objectClass=*)" attrs=ALL >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=3 RESULT err=0 tag=101 >> nentries=1 etime=0 >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=4 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" >> [18/Jan/2016:09:28:32 -0800] conn=18732 op=4 RESULT err=0 tag=101 >> nentries=1 etime=0 > So, conn18732 was opened with a bind dn of "" ? Is this supposed to happen? Yes. GSSAPI/SASL binds are multi-stage binds. You'll notice that the last stage is op=2, and the result has the full bind DN to which the kerberos principals mapped to. The dn="" until the last stage at which time the mapped DN is known and logged. > > Here is what I see when I search that base using the same empty bind dn : nack - you have to first use "kinit myusername at MYDOMAIN", then use ldapsearch -Y GSSAPI ...., to do the bind in the same way to use GSSAPI. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project From abokovoy at redhat.com Thu Jan 21 07:51:22 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Thu, 21 Jan 2016 09:51:22 +0200 Subject: [Freeipa-users] IPA wont start, all services fail In-Reply-To: <0137003026EBE54FBEC540C5600C03C432EF64@PMC-EXMBX02.petermac.org.au> References: <0137003026EBE54FBEC540C5600C03C432DA31@PMC-EXMBX02.petermac.org.au> <0137003026EBE54FBEC540C5600C03C432DC31@PMC-EXMBX02.petermac.org.au> <20160119063310.GI4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432DE7C@PMC-EXMBX02.petermac.org.au> <20160120082011.GO4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432E269@PMC-EXMBX02.petermac.org.au> <20160120214348.GA4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432E3BD@PMC-EXMBX02.petermac.org.au> <20160120222135.GC4316@redhat.com> <0137003026EBE54FBEC540C5600C03C432EF64@PMC-EXMBX02.petermac.org.au> Message-ID: <20160121075122.GF4316@redhat.com> On Thu, 21 Jan 2016, Simpson Lachlan wrote: >> -----Original Message----- >> From: Simpson Lachlan > >> I would like to test a few things, but I'm finding it hard to find good examples. >> >> How can I test that the one way trust relationship between the FreeIPA server >> and the AD DC is still in effect? (FreeIPA trusts AD, AD does not trust >> FreeIIPA). >> I presume there is an ldapsearch or sssd command that should connect directly >> to >> the AD server? > >I should have asked for what I wanted, because of course I found the solution to what >I *did* ask almost immediately. > >Real question: If I get the SID for the "SMB Default Group", is it just a matter of editing >the ldap directory via ldapmodify? The SID is generated by sidgen plugin but you can edit it with ldapmodify yes. > >No, because that's again not the issue. No, it *is* the issue for Samba to start. > >The samba error I get is > >pdb backend ipasam:ldapi://%2fvar%2frun%2fslapd-UNIX-CO-ORG-AU.socket did not correctly init (error was NT_STATUS_INVALID_PARAMETER) > >pbdedit fails on the same problem. Sure, because it cannot initialize its ipasam LDAP driver which requires properly set up LDAP data which is supposed to be set up by ipa-adtrust-install. I would appreciate you concentrating on the right issue instead of jumping around to pretend Samba can start without fixing the real issue at hand. >How can I set the SID of the default group manually - by which I mean, >using a command line tool to manipulate text (rather than a shell >script or ipa-adtrust). At this point let us do a different look. Can you provide /var/log/ipaserver-install.log and /var/log/ipaupgrade.log somehow off the mailing list to see what exactly had happened to your environment when it was installed and when ipa-adtrust-install was run? I'm pretty busy with other stuff so analyzing these files might take several days. -- / Alexander Bokovoy From mbasti at redhat.com Thu Jan 21 08:42:19 2016 From: mbasti at redhat.com (Martin Basti) Date: Thu, 21 Jan 2016 09:42:19 +0100 Subject: [Freeipa-users] =?utf-8?q?DNS_Module_=28DNSSEC=29_NSEC=C2=A7?= In-Reply-To: <4962689.cQPsURU9eU@techz> References: <4962689.cQPsURU9eU@techz> Message-ID: <56A099EB.3080106@redhat.com> Hello, you can try to set up NSEC3PARAM record for zone ipa dnszone-mod example.com. --nsec3param-rec " " Martin On 20.01.2016 20:33, G?nther J. Niederwimmer wrote: > Hello, > > I can't find a way to integrate NSEC3, all DOC's I found is only for DNSSEC, > but not including NSEC3. > > Can any help me to set up this correct ? > > Thanks for a answer, > From Terry.John at completeautomotivesolutions.co.uk Thu Jan 21 14:31:35 2016 From: Terry.John at completeautomotivesolutions.co.uk (Terry John) Date: Thu, 21 Jan 2016 14:31:35 +0000 Subject: [Freeipa-users] FREAK Vulnerability Message-ID: I've been trying to tidy the security on my FreeIPA and this is causing me some problems. I'm using OpenVAS vulnerability scanner and it is coming up with this issue EXPORT_RSA cipher suites supported by the remote server: TLSv1.0: TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0006) TLSv1.0: TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0003) It seems we have to disable export TLS ciphers but I can't see how. I've edited /etc/httpd/conf.d/nss.conf and disabled all SSL and TLSV1.0. I've got NSSCipherSuite -all,-exp,+ I've restarted httpd and ipa but it still fails Is there something I have overlooked Thanks, Terry The Manheim group of companies within the UK comprises: Manheim Europe Limited (registered number: 03183918), Manheim Auctions Limited (registered number: 00448761), Manheim Retail Services Limited (registered number: 02838588), Motors.co.uk Limited (registered number: 05975777), Real Time Communications Limited (registered number: 04277845) and Complete Automotive Solutions Limited (registered number: 05302535). Each of these companies is registered in England and Wales with the registered office address of Central House, Leeds Road, Rothwell, Leeds LS26 0JE. The Manheim group of companies operates under various brand/trading names including Manheim Inspection Services, Manheim Auctions, Manheim Direct, Manheim De-fleet and Manheim Aftersales Solutions. V:0CF72C13B2AC -------------- next part -------------- An HTML attachment was scrubbed... URL: From mkosek at redhat.com Thu Jan 21 14:37:33 2016 From: mkosek at redhat.com (Martin Kosek) Date: Thu, 21 Jan 2016 15:37:33 +0100 Subject: [Freeipa-users] ipa-client-install and nsslapd-allow-anonymous-access: off In-Reply-To: References: <569F7CF2.3050908@redhat.com> <569F8309.1010204@redhat.com> <569FA718.4090503@redhat.com> <56A086EF.4050207@redhat.com> Message-ID: <56A0ED2D.1070102@redhat.com> On 01/21/2016 02:29 PM, bahan w wrote: > Hello Martin. > > Thank you for your answer. Adding freeipa-users list back, so that others can follow the thread. > Excuse me for my ignorance, but may you tell me how the bug and resolution > work for FreeIPA ? This is probably not something that would require own upstream release, it is too old version no longer developed upstream. It may be rather fixed downstream, in RHEL (I cannot promise anything though). I wonder, do RHEL-7.x clients work in your environment? RHEL-7.1+ should have https://fedorahosted.org/freeipa/ticket/4444 applied which may fix the issue. > Will there be a new release concerning IPA 3.0.0, or a patch to apply ? There may be RHEL-6.x fix. If you have RHEL subscription, I would recommend pointing your Support Representative to Bug 1300561 below, to get higher priority for the bug. > Best regards. > > Bahan > > > On Thu, Jan 21, 2016 at 8:21 AM, Martin Kosek wrote: > >> On 01/20/2016 05:55 PM, bahan w wrote: >>> Ah sorry, for security reasons I didn't want to put the original name >> and I >>> made a mistake. >>> >>> Here we are, for the confusing lines : >>> ### >>> Assuming realm is the same as domain: >>> Generated basedn from realm: dc= >>> Discovery result: NO_ACCESS_TO_LDAP; server=None, domain=, >>> kdc=None, basedn=dc= >>> Validated servers: >>> will use discovered domain: >>> Using servers from command line, disabling DNS discovery >>> will use provided server: >>> will use discovered realm: >>> The provided realm name [] does not match discovered one >>> [] >>> (: Assumed same as domain) >>> Installation failed. Rolling back changes >>> IPA client is not configured on this system. >>> ### >>> >>> Is it more clear ? Sorry again for the confusion. >>> >>> I use a realm which is different than the domain. >> >> Ah, I see. I think you just found a bug. The problem is that given the >> server >> is not reachable, the realm is calculated based on the domain and then >> rejected >> as it is different from the option. In this case, ipa-client-install should >> just accept the realm passed to the script. It is very specific condition, >> but >> we should be able to fix that easily >> >> I filed a bug: >> https://bugzilla.redhat.com/show_bug.cgi?id=1300561 >> >> We will need to think if there is a workaround for you until the fix is >> delivered. >> > From mkosek at redhat.com Thu Jan 21 14:51:17 2016 From: mkosek at redhat.com (Martin Kosek) Date: Thu, 21 Jan 2016 15:51:17 +0100 Subject: [Freeipa-users] FREAK Vulnerability In-Reply-To: References: Message-ID: <56A0F065.7050407@redhat.com> On 01/21/2016 03:31 PM, Terry John wrote: > I've been trying to tidy the security on my FreeIPA and this is causing me some problems. I'm using OpenVAS vulnerability scanner and it is coming up with this issue > > EXPORT_RSA cipher suites supported by the remote server: > TLSv1.0: TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0006) > TLSv1.0: TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0003) > > It seems we have to disable export TLS ciphers but I can't see how. I've edited /etc/httpd/conf.d/nss.conf and disabled all SSL and TLSV1.0. > > I've got > > NSSCipherSuite -all,-exp,+ > > I've restarted httpd and ipa but it still fails > > Is there something I have overlooked > > Thanks, Terry > > > > The Manheim group of companies within the UK comprises: Manheim Europe Limited (registered number: 03183918), Manheim Auctions Limited (registered number: 00448761), Manheim Retail Services Limited (registered number: 02838588), Motors.co.uk Limited (registered number: 05975777), Real Time Communications Limited (registered number: 04277845) and Complete Automotive Solutions Limited (registered number: 05302535). Each of these companies is registered in England and Wales with the registered office address of Central House, Leeds Road, Rothwell, Leeds LS26 0JE. The Manheim group of companies operates under various brand/trading names including Manheim Inspection Services, Manheim Auctions, Manheim Direct, Manheim De-fleet and Manheim Aftersales Solutions. > > V:0CF72C13B2AC Hi Terry, Please check https://fedorahosted.org/freeipa/ticket/5589 We are trying to come up with a better cipher suite right now. The fix should be in some of the next FreeIPA 4.3.x versions. The ticket has more details in it. From cheimes at redhat.com Thu Jan 21 15:06:34 2016 From: cheimes at redhat.com (Christian Heimes) Date: Thu, 21 Jan 2016 16:06:34 +0100 Subject: [Freeipa-users] FREAK Vulnerability In-Reply-To: <56A0F065.7050407@redhat.com> References: <56A0F065.7050407@redhat.com> Message-ID: <56A0F3FA.9030902@redhat.com> On 2016-01-21 15:51, Martin Kosek wrote: > On 01/21/2016 03:31 PM, Terry John wrote: >> I've been trying to tidy the security on my FreeIPA and this is causing me some problems. I'm using OpenVAS vulnerability scanner and it is coming up with this issue >> >> EXPORT_RSA cipher suites supported by the remote server: >> TLSv1.0: TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0006) >> TLSv1.0: TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0003) >> >> It seems we have to disable export TLS ciphers but I can't see how. I've edited /etc/httpd/conf.d/nss.conf and disabled all SSL and TLSV1.0. >> >> I've got >> >> NSSCipherSuite -all,-exp,+ >> >> I've restarted httpd and ipa but it still fails >> >> Is there something I have overlooked >> >> Thanks, Terry Hi Terry, the syntax of your NSSCipherSuite stanza is wrong. mod_nss has a different syntax for NSSCipherSuite than mod_ssl has for SSLCipherSuite. The native mod_nss syntax doesn't support qualifiers such as 'all' or 'exp'. You have to put in the NSS names of cipher suites. If you use the native syntax, then mod_nss disables all ciphers suites that are not listed. mod_nss also supports OpenSSL's / mod_ssl's syntax if you use ':' instead of ',' as separator. But I advice against the alternative syntax because it is not as well tested as the native syntax. For example '!' prefix used to be broken (CVE-2015-5244) and '+' prefix causes another issue (https://fedorahosted.org/mod_nss/ticket/20). > Hi Terry, > > Please check > https://fedorahosted.org/freeipa/ticket/5589 > > We are trying to come up with a better cipher suite right now. The fix should > be in some of the next FreeIPA 4.3.x versions. > > The ticket has more details in it. The NSSCipherSuite from https://fedorahosted.org/freeipa/ticket/5589#comment:6 has been reviewed by a couple of people and has been tested with ssllabs.com. The script nssciphersuite.py? in the ticket explains why certain algorithms and cipher suites have been removed. Christian -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: OpenPGP digital signature URL: From rmeggins at redhat.com Thu Jan 21 15:29:02 2016 From: rmeggins at redhat.com (Rich Megginson) Date: Thu, 21 Jan 2016 08:29:02 -0700 Subject: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists In-Reply-To: References: <569DF522.4090505@redhat.com> <569E687D.5040006@redhat.com> <569E9D5F.9070801@redhat.com> <569EC761.9090306@redhat.com> <569F5B19.50009@redhat.com> <569FE2EC.5080307@redhat.com> Message-ID: <56A0F93E.3000406@redhat.com> On 01/21/2016 12:50 AM, Nathan Peters wrote: > I don't know if this makes a difference too, but I performed the same checks on a different completely working and joined FreeIPA master, against other masters, and even against itself directly. > > It seems that no account, no keytab, and no host can see that mapping tree branch no matter who they search from or against if GSSAPI is used. > > > -----Original Message----- > From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Nathan Peters > Sent: January-20-16 11:41 PM > To: Rich Megginson; freeipa-users at redhat.com > Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists > > All checks below were performed from the host we are trying to turn into a replica and they were performed against the master who logs I also show > > The first check was to kinit admin and try the search. Surprisingly, the GSSAPI bind returns no results when we search that. In my previous email you can see that the standard bind gets a result as admin for that search. > > Next, I tried as the host by kinit with its keytab. Same result, nothing back. > > Finally I tried as my own personal admin user. Same result, nothing back. > > For good measure, I tried a broad search against the base "cn=mydomain,cn=net" as each user as well and I'll spare you the ten thousand lines of screenshot but the results were as expected, several thousand entries in that tree. > Although the output differed slightly. This is the total as admin or my personal user # numResponses: 3372 # numEntries: 3371 > > and this is the total as the host keytab account > > # numResponses: 3371 > # numEntries: 3370 > > To be even more thorough, I did searches farther and farther up the config tree using GSSAPI until I found something. The only thing that is visible through GSSAPI searches is the base of the config tree. Even the mapping tree branch doesn't seem to be visible. > > At the very bottom of this email is the results of the search against cn=config directly as the attempted new replica and as admin. Admin gets about 50 results and the host only gets about 30 for some reason. I get the same results as admin on my personal account so I've excluded those. > > So if I got all that right I was able to determine that only the base of the config tree is available using GSSAPI for any account, users for some reason get slightly more results than hosts, and all accounts can see the dc=mydomain,dc=net tree just fine using GSSAPI. > > So does that help shed some light on what the cause of this might be or why the server is not answering as expected? > > Is there some way I can adjust this so everyone can see the results they do using regular binds as they do using GSSAPI binds ? > > Is there some way I can check ACLS on stuff ? https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Access_Control-Viewing_the_ACIs_for_an_Entry.html Note: There is a bug in the docs. You have to also specify the suffix e.g. "-b cn=config", and make sure the search filter is quoted e.g. '(aci=*)' If it is not aci related, I have no idea why you would get different results depending on if you did a simple bind vs. a gssapi bind with the same user that mapped to the same bind DN. > > =============== > search as admin > =============== > [nathan.peters at dc2-ipa-dev-van ~]$ klist Ticket cache: KEYRING:persistent:756600344:756600344 > Default principal: admin at MYDOMAIN.NET > > Valid starting Expires Service principal > 20/01/16 22:53:18 21/01/16 22:53:08 krbtgt/MYDOMAIN.NET at MYDOMAIN.NET [nathan.peters at dc2-ipa-dev-van ~]$ ldapsearch -Y GSSAPI -H ldaps://dc2-ipa-dev-nvan.mydomain.net -b "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" > SASL/GSSAPI authentication started > SASL username: admin at MYDOMAIN.NET > SASL SSF: 56 > SASL data security layer installed. > # extended LDIF > # > # LDAPv3 > # base with scope subtree # filter: (objectclass=*) # requesting: ALL # > > # search result > search: 4 > result: 0 Success > > # numResponses: 1 > > ============ > check host keytab > ============ > > [root at dc2-ipa-dev-van ipa]# klist -kt /etc/krb5.keytab Keytab name: FILE:/etc/krb5.keytab > KVNO Timestamp Principal > ---- ----------------- -------------------------------------------------------- > 5 19/01/16 12:07:12 host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET > 5 19/01/16 12:07:12 host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET > 5 19/01/16 12:07:12 host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET > 5 19/01/16 12:07:12 host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET > > ======== > kinit host keytab > ======== > > [root at dc2-ipa-dev-van ipa]# kinit -t /etc/krb5.keytab keytab specified, forcing -k [root at dc2-ipa-dev-van ipa]# klist Ticket cache: KEYRING:persistent:0:krb_ccache_uwO1f2L > Default principal: host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET > > Valid starting Expires Service principal > 20/01/16 23:01:11 21/01/16 23:01:11 krbtgt/MYDOMAIN.NET at MYDOMAIN.NET [root at dc2-ipa-dev-van ipa]# > > ========= > ldap search against master as host > ========== > [root at dc2-ipa-dev-van ipa]# ldapsearch -Y GSSAPI -H ldaps://dc2-ipa-dev-nvan.mydomain.net -b "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" > SASL/GSSAPI authentication started > SASL username: host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET > SASL SSF: 56 > SASL data security layer installed. > # extended LDIF > # > # LDAPv3 > # base with scope subtree # filter: (objectclass=*) # requesting: ALL # > > # search result > search: 4 > result: 0 Success > > # numResponses: 1 > [root at dc2-ipa-dev-van ipa]# > > ======== > ldap search against master as my personal domain admin account ======== [root at dc2-ipa-dev-van ipa]# kinit nathan.peters Password for nathan.peters at MYDOMAIN.NET: > [root at dc2-ipa-dev-van ipa]# ldapsearch -Y GSSAPI -H ldaps://dc2-ipa-dev-nvan.mydomain.net -b "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" > SASL/GSSAPI authentication started > SASL username: nathan.peters at MYDOMAIN.NET SASL SSF: 56 SASL data security layer installed. > # extended LDIF > # > # LDAPv3 > # base with scope subtree # filter: (objectclass=*) # requesting: ALL # > > # search result > search: 4 > result: 0 Success > > # numResponses: 1 > > > > ======= > logs on master during attempt > ======= > > ===== > logs on master as admin > ===== > [20/Jan/2016:22:55:22 -0800] conn=62398 fd=321 slot=321 SSL connection from 10.21.0.98 to 10.178.0.98 > [20/Jan/2016:22:55:22 -0800] conn=62398 TLS1.2 128-bit AES > [20/Jan/2016:22:55:22 -0800] conn=62398 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [20/Jan/2016:22:55:22 -0800] conn=62398 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [20/Jan/2016:22:55:22 -0800] conn=62398 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [20/Jan/2016:22:55:22 -0800] conn=62398 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [20/Jan/2016:22:55:22 -0800] conn=62398 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [20/Jan/2016:22:55:22 -0800] conn=62398 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=admin,cn=users,cn=accounts,dc=mydomain,dc=net" > [20/Jan/2016:22:55:22 -0800] conn=62398 op=3 SRCH base="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" scope=2 filter="(objectClass=*)" attrs=ALL > [20/Jan/2016:22:55:22 -0800] conn=62398 op=3 RESULT err=0 tag=101 nentries=0 etime=0 > [20/Jan/2016:22:55:22 -0800] conn=62398 op=4 UNBIND > [20/Jan/2016:22:55:22 -0800] conn=62398 op=4 fd=321 closed - U1 > > ===== > logs on master as the host we are trying to promote as a replica ====== > [20/Jan/2016:23:02:40 -0800] conn=62480 fd=153 slot=153 SSL connection from 10.21.0.98 to 10.178.0.98 > [20/Jan/2016:23:02:40 -0800] conn=62480 TLS1.2 128-bit AES > [20/Jan/2016:23:02:40 -0800] conn=62480 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [20/Jan/2016:23:02:40 -0800] conn=62480 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [20/Jan/2016:23:02:40 -0800] conn=62480 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [20/Jan/2016:23:02:40 -0800] conn=62480 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [20/Jan/2016:23:02:40 -0800] conn=62480 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [20/Jan/2016:23:02:40 -0800] conn=62480 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [20/Jan/2016:23:02:40 -0800] conn=62480 op=3 SRCH base="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" scope=2 filter="(objectClass=*)" attrs=ALL > [20/Jan/2016:23:02:40 -0800] conn=62480 op=3 RESULT err=0 tag=101 nentries=0 etime=0 > [20/Jan/2016:23:02:40 -0800] conn=62480 op=4 UNBIND > [20/Jan/2016:23:02:40 -0800] conn=62480 op=4 fd=153 closed - U1 > > ===== > logs on master as my personal user > ====== > [20/Jan/2016:23:09:36 -0800] conn=62564 fd=318 slot=318 SSL connection from 10.21.0.98 to 10.178.0.98 > [20/Jan/2016:23:09:36 -0800] conn=62564 TLS1.2 128-bit AES > [20/Jan/2016:23:09:36 -0800] conn=62564 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [20/Jan/2016:23:09:36 -0800] conn=62564 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [20/Jan/2016:23:09:36 -0800] conn=62564 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [20/Jan/2016:23:09:36 -0800] conn=62564 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [20/Jan/2016:23:09:36 -0800] conn=62564 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [20/Jan/2016:23:09:36 -0800] conn=62564 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" > [20/Jan/2016:23:09:36 -0800] conn=62564 op=3 SRCH base="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" scope=2 filter="(objectClass=*)" attrs=ALL > [20/Jan/2016:23:09:36 -0800] conn=62564 op=3 RESULT err=0 tag=101 nentries=0 etime=0 > [20/Jan/2016:23:09:36 -0800] conn=62564 op=4 UNBIND > [20/Jan/2016:23:09:36 -0800] conn=62564 op=4 fd=318 closed - U1 > > > ========== > final searches against cn=mapping tree,cn=config and cn=config using host keytab and gssapi ========== > > [root at dc2-ipa-dev-van ipa]# ldapsearch -Y GSSAPI -H ldaps://dc2-ipa-dev-nvan.mydomain.net -b "cn=mapping tree,cn=config" > SASL/GSSAPI authentication started > SASL username: host/dc2-ipa-dev-van.mydomain.net at mydomain.NET > SASL SSF: 56 > SASL data security layer installed. > # extended LDIF > # > # LDAPv3 > # base with scope subtree # filter: (objectclass=*) # requesting: ALL # > > # search result > search: 4 > result: 0 Success > > # numResponses: 1 > [root at dc2-ipa-dev-van ipa]# ldapsearch -Y GSSAPI -H ldaps://dc2-ipa-dev-nvan.mydomain.net -b "cn=config" SASL/GSSAPI authentication started > SASL username: host/dc2-ipa-dev-van.mydomain.net at mydomain.NET > SASL SSF: 56 > SASL data security layer installed. > # extended LDIF > # > # LDAPv3 > # base with scope subtree > # filter: (objectclass=*) > # requesting: ALL > # > > # SNMP, config > dn: cn=SNMP,cn=config > cn: SNMP > nsSNMPEnabled: on > objectClass: top > objectClass: nsSNMP > > # 1.3.6.1.4.1.4203.1.9.1.1, features, config > dn: oid=1.3.6.1.4.1.4203.1.9.1.1,cn=features,cn=config > cn: Sync Request Control > objectClass: top > objectClass: directoryServerFeature > oid: 1.3.6.1.4.1.4203.1.9.1.1 > > # 2.16.840.1.113730.3.4.9, features, config > dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config > cn: VLV Request Control > objectClass: top > objectClass: directoryServerFeature > oid: 2.16.840.1.113730.3.4.9 > > # ipa_pwd_extop, plugins, config > dn: cn=ipa_pwd_extop,cn=plugins,cn=config > cn: ipa_pwd_extop > objectClass: top > objectClass: nsSlapdPlugin > objectClass: extensibleObject > > # Posix IDs, Distributed Numeric Assignment Plugin, plugins, config > dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config > cn: Posix IDs > dnaMaxValue: 1100 > dnaNextValue: 1101 > dnaThreshold: 500 > dnaType: uidNumber > dnaType: gidNumber > objectClass: top > objectClass: extensibleObject > > # config, ldbm database, plugins, config > dn: cn=config,cn=ldbm database,cn=plugins,cn=config > cn: config > objectClass: top > objectClass: extensibleObject > nsslapd-directory: /var/lib/dirsrv/slapd-mydomain-NET/db > > # default indexes, config, ldbm database, plugins, config > dn: cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config > cn: default indexes > objectClass: top > objectClass: extensibleObject > > # aci, default indexes, config, ldbm database, plugins, config > dn: cn=aci,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config > cn: aci > objectClass: top > objectClass: nsIndex > > # cn, default indexes, config, ldbm database, plugins, config > dn: cn=cn,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config > cn: cn > objectClass: top > objectClass: nsIndex > > # entryusn, default indexes, config, ldbm database, plugins, config > dn: cn=entryusn,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=co nfig > cn: entryusn > objectClass: top > objectClass: nsIndex > > # givenName, default indexes, config, ldbm database, plugins, config > dn: cn=givenName,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=c onfig > cn: givenName > objectClass: top > objectClass: nsIndex > > # mail, default indexes, config, ldbm database, plugins, config > dn: cn=mail,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config > cn: mail > objectClass: top > objectClass: nsIndex > > # mailAlternateAddress, default indexes, config, ldbm database, plugins, config > dn: cn=mailAlternateAddress,cn=default indexes,cn=config,cn=ldbm database,cn=p lugins,cn=config > cn: mailAlternateAddress > objectClass: top > objectClass: nsIndex > > # mailHost, default indexes, config, ldbm database, plugins, config > dn: cn=mailHost,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=co nfig > cn: mailHost > objectClass: top > objectClass: nsIndex > > # member, default indexes, config, ldbm database, plugins, config > dn: cn=member,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=conf ig > cn: member > objectClass: top > objectClass: nsIndex > > # memberOf, default indexes, config, ldbm database, plugins, config > dn: cn=memberOf,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=co nfig > cn: memberOf > objectClass: top > objectClass: nsIndex > > # nsTombstoneCSN, default indexes, config, ldbm database, plugins, config > dn: cn=nsTombstoneCSN,cn=default indexes,cn=config,cn=ldbm database,cn=plugins ,cn=config > cn: nsTombstoneCSN > objectClass: top > objectClass: nsIndex > > # nsUniqueId, default indexes, config, ldbm database, plugins, config > dn: cn=nsUniqueId,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn= config > cn: nsUniqueId > objectClass: top > objectClass: nsIndex > > # ntUniqueId, default indexes, config, ldbm database, plugins, config > dn: cn=ntUniqueId,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn= config > cn: ntUniqueId > objectClass: top > objectClass: nsIndex > > # ntUserDomainId, default indexes, config, ldbm database, plugins, config > dn: cn=ntUserDomainId,cn=default indexes,cn=config,cn=ldbm database,cn=plugins ,cn=config > cn: ntUserDomainId > objectClass: top > objectClass: nsIndex > > # numsubordinates, default indexes, config, ldbm database, plugins, config > dn: cn=numsubordinates,cn=default indexes,cn=config,cn=ldbm database,cn=plugin s,cn=config > cn: numsubordinates > objectClass: top > objectClass: nsIndex > > # objectclass, default indexes, config, ldbm database, plugins, config > dn: cn=objectclass,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn =config > cn: objectclass > objectClass: top > objectClass: nsIndex > > # owner, default indexes, config, ldbm database, plugins, config > dn: cn=owner,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=confi g > cn: owner > objectClass: top > objectClass: nsIndex > > # parentid, default indexes, config, ldbm database, plugins, config > dn: cn=parentid,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=co nfig > cn: parentid > objectClass: top > objectClass: nsIndex > > # seeAlso, default indexes, config, ldbm database, plugins, config > dn: cn=seeAlso,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=con fig > cn: seeAlso > objectClass: top > objectClass: nsIndex > > # sn, default indexes, config, ldbm database, plugins, config > dn: cn=sn,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config > cn: sn > objectClass: top > objectClass: nsIndex > > # targetuniqueid, default indexes, config, ldbm database, plugins, config > dn: cn=targetuniqueid,cn=default indexes,cn=config,cn=ldbm database,cn=plugins ,cn=config > cn: targetuniqueid > objectClass: top > objectClass: nsIndex > > # telephoneNumber, default indexes, config, ldbm database, plugins, config > dn: cn=telephoneNumber,cn=default indexes,cn=config,cn=ldbm database,cn=plugin s,cn=config > cn: telephoneNumber > objectClass: top > objectClass: nsIndex > > # uid, default indexes, config, ldbm database, plugins, config > dn: cn=uid,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config > cn: uid > objectClass: top > objectClass: nsIndex > > # uniquemember, default indexes, config, ldbm database, plugins, config > dn: cn=uniquemember,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,c n=config > cn: uniquemember > objectClass: top > objectClass: nsIndex > > # search result > search: 4 > result: 0 Success > > # numResponses: 31 > # numEntries: 30 > > ======== > search against cn=config as admin using GSSAPI from host we are trying to turn into a replica ========= [root at dc2-ipa-dev-van ipa]# kinit admin Password for admin at MYDOMAIN.NET: > [root at dc2-ipa-dev-van ipa]# ldapsearch -Y GSSAPI -H ldaps://dc2-ipa-dev-nvan.mydomain.net -b "cn=config" > SASL/GSSAPI authentication started > SASL username: admin at MYDOMAIN.NET > SASL SSF: 56 > SASL data security layer installed. > # extended LDIF > # > # LDAPv3 > # base with scope subtree > # filter: (objectclass=*) > # requesting: ALL > # > > # SNMP, config > dn: cn=SNMP,cn=config > cn: SNMP > nsSNMPEnabled: on > objectClass: top > objectClass: nsSNMP > > # tasks, config > dn: cn=tasks,cn=config > cn: tasks > objectClass: top > objectClass: extensibleObject > > # 1.3.6.1.4.1.4203.1.9.1.1, features, config > dn: oid=1.3.6.1.4.1.4203.1.9.1.1,cn=features,cn=config > cn: Sync Request Control > objectClass: top > objectClass: directoryServerFeature > oid: 1.3.6.1.4.1.4203.1.9.1.1 > > # 2.16.840.1.113730.3.4.9, features, config > dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config > cn: VLV Request Control > objectClass: top > objectClass: directoryServerFeature > oid: 2.16.840.1.113730.3.4.9 > > # ipa_pwd_extop, plugins, config > dn: cn=ipa_pwd_extop,cn=plugins,cn=config > cn: ipa_pwd_extop > objectClass: top > objectClass: nsSlapdPlugin > objectClass: extensibleObject > > # abort cleanallruv, tasks, config > dn: cn=abort cleanallruv,cn=tasks,cn=config > objectClass: top > objectClass: extensibleObject > cn: abort cleanallruv > > # automember export updates, tasks, config > dn: cn=automember export updates,cn=tasks,cn=config > objectClass: top > objectClass: extensibleObject > cn: automember export updates > > # automember map updates, tasks, config > dn: cn=automember map updates,cn=tasks,cn=config > objectClass: top > objectClass: extensibleObject > cn: automember map updates > > # automember rebuild membership, tasks, config > dn: cn=automember rebuild membership,cn=tasks,cn=config > objectClass: top > objectClass: extensibleObject > cn: automember rebuild membership > > # backup, tasks, config > dn: cn=backup,cn=tasks,cn=config > objectClass: top > objectClass: extensibleObject > cn: backup > > # cleanallruv, tasks, config > dn: cn=cleanallruv,cn=tasks,cn=config > objectClass: top > objectClass: extensibleObject > cn: cleanallruv > > # export, tasks, config > dn: cn=export,cn=tasks,cn=config > objectClass: top > objectClass: extensibleObject > cn: export > > # fixup linked attributes, tasks, config > dn: cn=fixup linked attributes,cn=tasks,cn=config > objectClass: top > objectClass: extensibleObject > cn: fixup linked attributes > > # fixup tombstones, tasks, config > dn: cn=fixup tombstones,cn=tasks,cn=config > objectClass: top > objectClass: extensibleObject > cn: fixup tombstones > > # import, tasks, config > dn: cn=import,cn=tasks,cn=config > objectClass: top > objectClass: extensibleObject > cn: import > > # index, tasks, config > dn: cn=index,cn=tasks,cn=config > objectClass: top > objectClass: extensibleObject > cn: index > > # ipa-sidgen-task, tasks, config > dn: cn=ipa-sidgen-task,cn=tasks,cn=config > objectClass: top > objectClass: extensibleObject > cn: ipa-sidgen-task > > # memberof task, tasks, config > dn: cn=memberof task,cn=tasks,cn=config > objectClass: top > objectClass: extensibleObject > cn: memberof task > > # restore, tasks, config > dn: cn=restore,cn=tasks,cn=config > objectClass: top > objectClass: extensibleObject > cn: restore > > # schema reload task, tasks, config > dn: cn=schema reload task,cn=tasks,cn=config > objectClass: top > objectClass: extensibleObject > cn: schema reload task > > # syntax validate, tasks, config > dn: cn=syntax validate,cn=tasks,cn=config > objectClass: top > objectClass: extensibleObject > cn: syntax validate > > # sysconfig reload, tasks, config > dn: cn=sysconfig reload,cn=tasks,cn=config > objectClass: top > objectClass: extensibleObject > cn: sysconfig reload > > # upgradedb, tasks, config > dn: cn=upgradedb,cn=tasks,cn=config > objectClass: top > objectClass: extensibleObject > cn: upgradedb > > # USN tombstone cleanup task, tasks, config > dn: cn=USN tombstone cleanup task,cn=tasks,cn=config > objectClass: top > objectClass: extensibleObject > cn: USN tombstone cleanup task > > # Posix IDs, Distributed Numeric Assignment Plugin, plugins, config > dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config > cn: Posix IDs > dnaMaxValue: 1100 > dnaNextValue: 1101 > dnaThreshold: 500 > dnaType: uidNumber > dnaType: gidNumber > objectClass: top > objectClass: extensibleObject > > # config, ldbm database, plugins, config > dn: cn=config,cn=ldbm database,cn=plugins,cn=config > cn: config > objectClass: top > objectClass: extensibleObject > nsslapd-directory: /var/lib/dirsrv/slapd-mydomain-NET/db > > # default indexes, config, ldbm database, plugins, config > dn: cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config > cn: default indexes > objectClass: top > objectClass: extensibleObject > > # aci, default indexes, config, ldbm database, plugins, config > dn: cn=aci,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config > cn: aci > objectClass: top > objectClass: nsIndex > > # cn, default indexes, config, ldbm database, plugins, config > dn: cn=cn,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config > cn: cn > objectClass: top > objectClass: nsIndex > > # entryusn, default indexes, config, ldbm database, plugins, config > dn: cn=entryusn,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=co nfig > cn: entryusn > objectClass: top > objectClass: nsIndex > > # givenName, default indexes, config, ldbm database, plugins, config > dn: cn=givenName,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=c onfig > cn: givenName > objectClass: top > objectClass: nsIndex > > # mail, default indexes, config, ldbm database, plugins, config > dn: cn=mail,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config > cn: mail > objectClass: top > objectClass: nsIndex > > # mailAlternateAddress, default indexes, config, ldbm database, plugins, config > dn: cn=mailAlternateAddress,cn=default indexes,cn=config,cn=ldbm database,cn=p lugins,cn=config > cn: mailAlternateAddress > objectClass: top > objectClass: nsIndex > > # mailHost, default indexes, config, ldbm database, plugins, config > dn: cn=mailHost,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=co nfig > cn: mailHost > objectClass: top > objectClass: nsIndex > > # member, default indexes, config, ldbm database, plugins, config > dn: cn=member,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=conf ig > cn: member > objectClass: top > objectClass: nsIndex > > # memberOf, default indexes, config, ldbm database, plugins, config > dn: cn=memberOf,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=co nfig > cn: memberOf > objectClass: top > objectClass: nsIndex > > # nsTombstoneCSN, default indexes, config, ldbm database, plugins, config > dn: cn=nsTombstoneCSN,cn=default indexes,cn=config,cn=ldbm database,cn=plugins ,cn=config > cn: nsTombstoneCSN > objectClass: top > objectClass: nsIndex > > # nsUniqueId, default indexes, config, ldbm database, plugins, config > dn: cn=nsUniqueId,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn= config > cn: nsUniqueId > objectClass: top > objectClass: nsIndex > > # ntUniqueId, default indexes, config, ldbm database, plugins, config > dn: cn=ntUniqueId,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn= config > cn: ntUniqueId > objectClass: top > objectClass: nsIndex > > # ntUserDomainId, default indexes, config, ldbm database, plugins, config > dn: cn=ntUserDomainId,cn=default indexes,cn=config,cn=ldbm database,cn=plugins ,cn=config > cn: ntUserDomainId > objectClass: top > objectClass: nsIndex > > # numsubordinates, default indexes, config, ldbm database, plugins, config > dn: cn=numsubordinates,cn=default indexes,cn=config,cn=ldbm database,cn=plugin s,cn=config > cn: numsubordinates > objectClass: top > objectClass: nsIndex > > # objectclass, default indexes, config, ldbm database, plugins, config > dn: cn=objectclass,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn =config > cn: objectclass > objectClass: top > objectClass: nsIndex > > # owner, default indexes, config, ldbm database, plugins, config > dn: cn=owner,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=confi g > cn: owner > objectClass: top > objectClass: nsIndex > > # parentid, default indexes, config, ldbm database, plugins, config > dn: cn=parentid,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=co nfig > cn: parentid > objectClass: top > objectClass: nsIndex > > # seeAlso, default indexes, config, ldbm database, plugins, config > dn: cn=seeAlso,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=con fig > cn: seeAlso > objectClass: top > objectClass: nsIndex > > # sn, default indexes, config, ldbm database, plugins, config > dn: cn=sn,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config > cn: sn > objectClass: top > objectClass: nsIndex > > # targetuniqueid, default indexes, config, ldbm database, plugins, config > dn: cn=targetuniqueid,cn=default indexes,cn=config,cn=ldbm database,cn=plugins ,cn=config > cn: targetuniqueid > objectClass: top > objectClass: nsIndex > > # telephoneNumber, default indexes, config, ldbm database, plugins, config > dn: cn=telephoneNumber,cn=default indexes,cn=config,cn=ldbm database,cn=plugin s,cn=config > cn: telephoneNumber > objectClass: top > objectClass: nsIndex > > # uid, default indexes, config, ldbm database, plugins, config > dn: cn=uid,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config > cn: uid > objectClass: top > objectClass: nsIndex > > # uniquemember, default indexes, config, ldbm database, plugins, config > dn: cn=uniquemember,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,c n=config > cn: uniquemember > objectClass: top > objectClass: nsIndex > > # search result > search: 4 > result: 0 Success > > # numResponses: 51 > # numEntries: 50 > > > -----Original Message----- > From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Rich Megginson > Sent: January-20-16 11:44 AM > To: freeipa-users at redhat.com > Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists > > On 01/20/2016 12:24 PM, Nathan Peters wrote: >> Now we are starting to get somewhere (although a resolution still is >> not visible) :) >> >> First, thank you Petr and Rob for your help on this issue. I apologize for our hard to parse server names. I'm not a fan of them myself and in earlier reports I had been reformatting everything nicely with dc1, dc2, dc3 etc. After having to submit so many reports I started to get lazy an thought it may be more helpful to see data closer to what we are actually using. >> >> Petr hit the nail on the head with the "does everyone who binds get the same result" question, which although it has not revealed a resolution, has revealed a bunch of really interesting facts about the process. >> >> Going back to the original logs that were running on the remote master during the replica installation attempt I see the following : >> >> [18/Jan/2016:09:28:32 -0800] conn=18732 fd=77 slot=77 connection from >> 10.21.0.98 to 10.178.0.98 >>> [18/Jan/2016:09:28:32 -0800] conn=18732 op=0 BIND dn="" method=sasl >>> version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:32 -0800] conn=18732 op=0 RESULT err=14 tag=97 >>> nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:28:32 -0800] conn=18732 op=1 BIND dn="" method=sasl >>> version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:32 -0800] conn=18732 op=1 RESULT err=14 tag=97 >>> nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:28:32 -0800] conn=18732 op=2 BIND dn="" method=sasl >>> version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:32 -0800] conn=18732 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >>> [18/Jan/2016:09:28:32 -0800] conn=18732 op=3 SRCH >>> base="cn=replication,cn=etc,dc=mydomain,dc=net" scope=0 >>> filter="(objectClass=*)" attrs=ALL >>> [18/Jan/2016:09:28:32 -0800] conn=18732 op=3 RESULT err=0 tag=101 >>> nentries=1 etime=0 >>> [18/Jan/2016:09:28:32 -0800] conn=18732 op=4 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" >>> [18/Jan/2016:09:28:32 -0800] conn=18732 op=4 RESULT err=0 tag=101 >>> nentries=1 etime=0 >> So, conn18732 was opened with a bind dn of "" ? Is this supposed to happen? > Yes. GSSAPI/SASL binds are multi-stage binds. You'll notice that the last stage is op=2, and the result has the full bind DN to which the kerberos principals mapped to. The dn="" until the last stage at which time the mapped DN is known and logged. > >> Here is what I see when I search that base using the same empty bind dn : > nack - you have to first use "kinit myusername at MYDOMAIN", then use ldapsearch -Y GSSAPI ...., to do the bind in the same way to use GSSAPI. > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project From lkrispen at redhat.com Thu Jan 21 15:44:30 2016 From: lkrispen at redhat.com (Ludwig Krispenz) Date: Thu, 21 Jan 2016 16:44:30 +0100 Subject: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists In-Reply-To: References: <569DF522.4090505@redhat.com> <569E687D.5040006@redhat.com> <569E9D5F.9070801@redhat.com> <569EC761.9090306@redhat.com> <569F5B19.50009@redhat.com> <569FE2EC.5080307@redhat.com> Message-ID: <56A0FCDE.8070906@redhat.com> On 01/21/2016 08:50 AM, Nathan Peters wrote: > I don't know if this makes a difference too, but I performed the same checks on a different completely working and joined FreeIPA master, against other masters, and even against itself directly. > > It seems that no account, no keytab, and no host can see that mapping tree branch no matter who they search from or against if GSSAPI is used. there should be no difference in the result, it should only depend on the acis and in one of your previous posts you said that you don't get a result bound as admin: >>> [root at dc2-ipa-dev-van ~]# ldapsearch -Hldaps://dc2-ipa-dev-nvan.mydomain.net -b "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" -D "uid=admin,cn=users,cn=accounts,dc=mydomain,dc=net" -W Enter LDAP Password: # extended LDIF # # LDAPv3 # base with scope subtree # filter: (objectclass=*) # requesting: ALL # # search result search: 2 result: 0 Success # numResponses: 1 ---snip--- So we know that for whatever reason, this particular DN cannot be searched from anyone other than directory manager. <<< so could you provide the result and log of a search with gssapi and directly bound to the same server. And as directory manager query the acis in the mapping tree entry > > > -----Original Message----- > From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Nathan Peters > Sent: January-20-16 11:41 PM > To: Rich Megginson; freeipa-users at redhat.com > Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists > > All checks below were performed from the host we are trying to turn into a replica and they were performed against the master who logs I also show > > The first check was to kinit admin and try the search. Surprisingly, the GSSAPI bind returns no results when we search that. In my previous email you can see that the standard bind gets a result as admin for that search. > > Next, I tried as the host by kinit with its keytab. Same result, nothing back. > > Finally I tried as my own personal admin user. Same result, nothing back. > > For good measure, I tried a broad search against the base "cn=mydomain,cn=net" as each user as well and I'll spare you the ten thousand lines of screenshot but the results were as expected, several thousand entries in that tree. > Although the output differed slightly. This is the total as admin or my personal user # numResponses: 3372 # numEntries: 3371 > > and this is the total as the host keytab account > > # numResponses: 3371 > # numEntries: 3370 > > To be even more thorough, I did searches farther and farther up the config tree using GSSAPI until I found something. The only thing that is visible through GSSAPI searches is the base of the config tree. Even the mapping tree branch doesn't seem to be visible. > > At the very bottom of this email is the results of the search against cn=config directly as the attempted new replica and as admin. Admin gets about 50 results and the host only gets about 30 for some reason. I get the same results as admin on my personal account so I've excluded those. > > So if I got all that right I was able to determine that only the base of the config tree is available using GSSAPI for any account, users for some reason get slightly more results than hosts, and all accounts can see the dc=mydomain,dc=net tree just fine using GSSAPI. > > So does that help shed some light on what the cause of this might be or why the server is not answering as expected? > > Is there some way I can adjust this so everyone can see the results they do using regular binds as they do using GSSAPI binds ? > > Is there some way I can check ACLS on stuff ? > > =============== > search as admin > =============== > [nathan.peters at dc2-ipa-dev-van ~]$ klist Ticket cache: KEYRING:persistent:756600344:756600344 > Default principal: admin at MYDOMAIN.NET > > Valid starting Expires Service principal > 20/01/16 22:53:18 21/01/16 22:53:08 krbtgt/MYDOMAIN.NET at MYDOMAIN.NET [nathan.peters at dc2-ipa-dev-van ~]$ ldapsearch -Y GSSAPI -H ldaps://dc2-ipa-dev-nvan.mydomain.net -b "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" > SASL/GSSAPI authentication started > SASL username: admin at MYDOMAIN.NET > SASL SSF: 56 > SASL data security layer installed. > # extended LDIF > # > # LDAPv3 > # base with scope subtree # filter: (objectclass=*) # requesting: ALL # > > # search result > search: 4 > result: 0 Success > > # numResponses: 1 > > ============ > check host keytab > ============ > > [root at dc2-ipa-dev-van ipa]# klist -kt /etc/krb5.keytab Keytab name: FILE:/etc/krb5.keytab > KVNO Timestamp Principal > ---- ----------------- -------------------------------------------------------- > 5 19/01/16 12:07:12 host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET > 5 19/01/16 12:07:12 host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET > 5 19/01/16 12:07:12 host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET > 5 19/01/16 12:07:12 host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET > > ======== > kinit host keytab > ======== > > [root at dc2-ipa-dev-van ipa]# kinit -t /etc/krb5.keytab keytab specified, forcing -k [root at dc2-ipa-dev-van ipa]# klist Ticket cache: KEYRING:persistent:0:krb_ccache_uwO1f2L > Default principal: host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET > > Valid starting Expires Service principal > 20/01/16 23:01:11 21/01/16 23:01:11 krbtgt/MYDOMAIN.NET at MYDOMAIN.NET [root at dc2-ipa-dev-van ipa]# > > ========= > ldap search against master as host > ========== > [root at dc2-ipa-dev-van ipa]# ldapsearch -Y GSSAPI -H ldaps://dc2-ipa-dev-nvan.mydomain.net -b "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" > SASL/GSSAPI authentication started > SASL username: host/dc2-ipa-dev-van.mydomain.net at MYDOMAIN.NET > SASL SSF: 56 > SASL data security layer installed. > # extended LDIF > # > # LDAPv3 > # base with scope subtree # filter: (objectclass=*) # requesting: ALL # > > # search result > search: 4 > result: 0 Success > > # numResponses: 1 > [root at dc2-ipa-dev-van ipa]# > > ======== > ldap search against master as my personal domain admin account ======== [root at dc2-ipa-dev-van ipa]# kinit nathan.peters Password for nathan.peters at MYDOMAIN.NET: > [root at dc2-ipa-dev-van ipa]# ldapsearch -Y GSSAPI -H ldaps://dc2-ipa-dev-nvan.mydomain.net -b "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" > SASL/GSSAPI authentication started > SASL username: nathan.peters at MYDOMAIN.NET SASL SSF: 56 SASL data security layer installed. > # extended LDIF > # > # LDAPv3 > # base with scope subtree # filter: (objectclass=*) # requesting: ALL # > > # search result > search: 4 > result: 0 Success > > # numResponses: 1 > > > > ======= > logs on master during attempt > ======= > > ===== > logs on master as admin > ===== > [20/Jan/2016:22:55:22 -0800] conn=62398 fd=321 slot=321 SSL connection from 10.21.0.98 to 10.178.0.98 > [20/Jan/2016:22:55:22 -0800] conn=62398 TLS1.2 128-bit AES > [20/Jan/2016:22:55:22 -0800] conn=62398 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [20/Jan/2016:22:55:22 -0800] conn=62398 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [20/Jan/2016:22:55:22 -0800] conn=62398 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [20/Jan/2016:22:55:22 -0800] conn=62398 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [20/Jan/2016:22:55:22 -0800] conn=62398 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [20/Jan/2016:22:55:22 -0800] conn=62398 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=admin,cn=users,cn=accounts,dc=mydomain,dc=net" > [20/Jan/2016:22:55:22 -0800] conn=62398 op=3 SRCH base="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" scope=2 filter="(objectClass=*)" attrs=ALL > [20/Jan/2016:22:55:22 -0800] conn=62398 op=3 RESULT err=0 tag=101 nentries=0 etime=0 > [20/Jan/2016:22:55:22 -0800] conn=62398 op=4 UNBIND > [20/Jan/2016:22:55:22 -0800] conn=62398 op=4 fd=321 closed - U1 > > ===== > logs on master as the host we are trying to promote as a replica ====== > [20/Jan/2016:23:02:40 -0800] conn=62480 fd=153 slot=153 SSL connection from 10.21.0.98 to 10.178.0.98 > [20/Jan/2016:23:02:40 -0800] conn=62480 TLS1.2 128-bit AES > [20/Jan/2016:23:02:40 -0800] conn=62480 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [20/Jan/2016:23:02:40 -0800] conn=62480 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [20/Jan/2016:23:02:40 -0800] conn=62480 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [20/Jan/2016:23:02:40 -0800] conn=62480 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [20/Jan/2016:23:02:40 -0800] conn=62480 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [20/Jan/2016:23:02:40 -0800] conn=62480 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" > [20/Jan/2016:23:02:40 -0800] conn=62480 op=3 SRCH base="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" scope=2 filter="(objectClass=*)" attrs=ALL > [20/Jan/2016:23:02:40 -0800] conn=62480 op=3 RESULT err=0 tag=101 nentries=0 etime=0 > [20/Jan/2016:23:02:40 -0800] conn=62480 op=4 UNBIND > [20/Jan/2016:23:02:40 -0800] conn=62480 op=4 fd=153 closed - U1 > > ===== > logs on master as my personal user > ====== > [20/Jan/2016:23:09:36 -0800] conn=62564 fd=318 slot=318 SSL connection from 10.21.0.98 to 10.178.0.98 > [20/Jan/2016:23:09:36 -0800] conn=62564 TLS1.2 128-bit AES > [20/Jan/2016:23:09:36 -0800] conn=62564 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI > [20/Jan/2016:23:09:36 -0800] conn=62564 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [20/Jan/2016:23:09:36 -0800] conn=62564 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI > [20/Jan/2016:23:09:36 -0800] conn=62564 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress > [20/Jan/2016:23:09:36 -0800] conn=62564 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI > [20/Jan/2016:23:09:36 -0800] conn=62564 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=nathan.peters,cn=users,cn=accounts,dc=mydomain,dc=net" > [20/Jan/2016:23:09:36 -0800] conn=62564 op=3 SRCH base="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" scope=2 filter="(objectClass=*)" attrs=ALL > [20/Jan/2016:23:09:36 -0800] conn=62564 op=3 RESULT err=0 tag=101 nentries=0 etime=0 > [20/Jan/2016:23:09:36 -0800] conn=62564 op=4 UNBIND > [20/Jan/2016:23:09:36 -0800] conn=62564 op=4 fd=318 closed - U1 > > > ========== > final searches against cn=mapping tree,cn=config and cn=config using host keytab and gssapi ========== > > [root at dc2-ipa-dev-van ipa]# ldapsearch -Y GSSAPI -H ldaps://dc2-ipa-dev-nvan.mydomain.net -b "cn=mapping tree,cn=config" > SASL/GSSAPI authentication started > SASL username: host/dc2-ipa-dev-van.mydomain.net at mydomain.NET > SASL SSF: 56 > SASL data security layer installed. > # extended LDIF > # > # LDAPv3 > # base with scope subtree # filter: (objectclass=*) # requesting: ALL # > > # search result > search: 4 > result: 0 Success > > # numResponses: 1 > [root at dc2-ipa-dev-van ipa]# ldapsearch -Y GSSAPI -H ldaps://dc2-ipa-dev-nvan.mydomain.net -b "cn=config" SASL/GSSAPI authentication started > SASL username: host/dc2-ipa-dev-van.mydomain.net at mydomain.NET > SASL SSF: 56 > SASL data security layer installed. > # extended LDIF > # > # LDAPv3 > # base with scope subtree > # filter: (objectclass=*) > # requesting: ALL > # > > # SNMP, config > dn: cn=SNMP,cn=config > cn: SNMP > nsSNMPEnabled: on > objectClass: top > objectClass: nsSNMP > > # 1.3.6.1.4.1.4203.1.9.1.1, features, config > dn: oid=1.3.6.1.4.1.4203.1.9.1.1,cn=features,cn=config > cn: Sync Request Control > objectClass: top > objectClass: directoryServerFeature > oid: 1.3.6.1.4.1.4203.1.9.1.1 > > # 2.16.840.1.113730.3.4.9, features, config > dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config > cn: VLV Request Control > objectClass: top > objectClass: directoryServerFeature > oid: 2.16.840.1.113730.3.4.9 > > # ipa_pwd_extop, plugins, config > dn: cn=ipa_pwd_extop,cn=plugins,cn=config > cn: ipa_pwd_extop > objectClass: top > objectClass: nsSlapdPlugin > objectClass: extensibleObject > > # Posix IDs, Distributed Numeric Assignment Plugin, plugins, config > dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config > cn: Posix IDs > dnaMaxValue: 1100 > dnaNextValue: 1101 > dnaThreshold: 500 > dnaType: uidNumber > dnaType: gidNumber > objectClass: top > objectClass: extensibleObject > > # config, ldbm database, plugins, config > dn: cn=config,cn=ldbm database,cn=plugins,cn=config > cn: config > objectClass: top > objectClass: extensibleObject > nsslapd-directory: /var/lib/dirsrv/slapd-mydomain-NET/db > > # default indexes, config, ldbm database, plugins, config > dn: cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config > cn: default indexes > objectClass: top > objectClass: extensibleObject > > # aci, default indexes, config, ldbm database, plugins, config > dn: cn=aci,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config > cn: aci > objectClass: top > objectClass: nsIndex > > # cn, default indexes, config, ldbm database, plugins, config > dn: cn=cn,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config > cn: cn > objectClass: top > objectClass: nsIndex > > # entryusn, default indexes, config, ldbm database, plugins, config > dn: cn=entryusn,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=co nfig > cn: entryusn > objectClass: top > objectClass: nsIndex > > # givenName, default indexes, config, ldbm database, plugins, config > dn: cn=givenName,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=c onfig > cn: givenName > objectClass: top > objectClass: nsIndex > > # mail, default indexes, config, ldbm database, plugins, config > dn: cn=mail,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config > cn: mail > objectClass: top > objectClass: nsIndex > > # mailAlternateAddress, default indexes, config, ldbm database, plugins, config > dn: cn=mailAlternateAddress,cn=default indexes,cn=config,cn=ldbm database,cn=p lugins,cn=config > cn: mailAlternateAddress > objectClass: top > objectClass: nsIndex > > # mailHost, default indexes, config, ldbm database, plugins, config > dn: cn=mailHost,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=co nfig > cn: mailHost > objectClass: top > objectClass: nsIndex > > # member, default indexes, config, ldbm database, plugins, config > dn: cn=member,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=conf ig > cn: member > objectClass: top > objectClass: nsIndex > > # memberOf, default indexes, config, ldbm database, plugins, config > dn: cn=memberOf,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=co nfig > cn: memberOf > objectClass: top > objectClass: nsIndex > > # nsTombstoneCSN, default indexes, config, ldbm database, plugins, config > dn: cn=nsTombstoneCSN,cn=default indexes,cn=config,cn=ldbm database,cn=plugins ,cn=config > cn: nsTombstoneCSN > objectClass: top > objectClass: nsIndex > > # nsUniqueId, default indexes, config, ldbm database, plugins, config > dn: cn=nsUniqueId,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn= config > cn: nsUniqueId > objectClass: top > objectClass: nsIndex > > # ntUniqueId, default indexes, config, ldbm database, plugins, config > dn: cn=ntUniqueId,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn= config > cn: ntUniqueId > objectClass: top > objectClass: nsIndex > > # ntUserDomainId, default indexes, config, ldbm database, plugins, config > dn: cn=ntUserDomainId,cn=default indexes,cn=config,cn=ldbm database,cn=plugins ,cn=config > cn: ntUserDomainId > objectClass: top > objectClass: nsIndex > > # numsubordinates, default indexes, config, ldbm database, plugins, config > dn: cn=numsubordinates,cn=default indexes,cn=config,cn=ldbm database,cn=plugin s,cn=config > cn: numsubordinates > objectClass: top > objectClass: nsIndex > > # objectclass, default indexes, config, ldbm database, plugins, config > dn: cn=objectclass,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn =config > cn: objectclass > objectClass: top > objectClass: nsIndex > > # owner, default indexes, config, ldbm database, plugins, config > dn: cn=owner,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=confi g > cn: owner > objectClass: top > objectClass: nsIndex > > # parentid, default indexes, config, ldbm database, plugins, config > dn: cn=parentid,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=co nfig > cn: parentid > objectClass: top > objectClass: nsIndex > > # seeAlso, default indexes, config, ldbm database, plugins, config > dn: cn=seeAlso,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=con fig > cn: seeAlso > objectClass: top > objectClass: nsIndex > > # sn, default indexes, config, ldbm database, plugins, config > dn: cn=sn,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config > cn: sn > objectClass: top > objectClass: nsIndex > > # targetuniqueid, default indexes, config, ldbm database, plugins, config > dn: cn=targetuniqueid,cn=default indexes,cn=config,cn=ldbm database,cn=plugins ,cn=config > cn: targetuniqueid > objectClass: top > objectClass: nsIndex > > # telephoneNumber, default indexes, config, ldbm database, plugins, config > dn: cn=telephoneNumber,cn=default indexes,cn=config,cn=ldbm database,cn=plugin s,cn=config > cn: telephoneNumber > objectClass: top > objectClass: nsIndex > > # uid, default indexes, config, ldbm database, plugins, config > dn: cn=uid,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config > cn: uid > objectClass: top > objectClass: nsIndex > > # uniquemember, default indexes, config, ldbm database, plugins, config > dn: cn=uniquemember,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,c n=config > cn: uniquemember > objectClass: top > objectClass: nsIndex > > # search result > search: 4 > result: 0 Success > > # numResponses: 31 > # numEntries: 30 > > ======== > search against cn=config as admin using GSSAPI from host we are trying to turn into a replica ========= [root at dc2-ipa-dev-van ipa]# kinit admin Password for admin at MYDOMAIN.NET: > [root at dc2-ipa-dev-van ipa]# ldapsearch -Y GSSAPI -H ldaps://dc2-ipa-dev-nvan.mydomain.net -b "cn=config" > SASL/GSSAPI authentication started > SASL username: admin at MYDOMAIN.NET > SASL SSF: 56 > SASL data security layer installed. > # extended LDIF > # > # LDAPv3 > # base with scope subtree > # filter: (objectclass=*) > # requesting: ALL > # > > # SNMP, config > dn: cn=SNMP,cn=config > cn: SNMP > nsSNMPEnabled: on > objectClass: top > objectClass: nsSNMP > > # tasks, config > dn: cn=tasks,cn=config > cn: tasks > objectClass: top > objectClass: extensibleObject > > # 1.3.6.1.4.1.4203.1.9.1.1, features, config > dn: oid=1.3.6.1.4.1.4203.1.9.1.1,cn=features,cn=config > cn: Sync Request Control > objectClass: top > objectClass: directoryServerFeature > oid: 1.3.6.1.4.1.4203.1.9.1.1 > > # 2.16.840.1.113730.3.4.9, features, config > dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config > cn: VLV Request Control > objectClass: top > objectClass: directoryServerFeature > oid: 2.16.840.1.113730.3.4.9 > > # ipa_pwd_extop, plugins, config > dn: cn=ipa_pwd_extop,cn=plugins,cn=config > cn: ipa_pwd_extop > objectClass: top > objectClass: nsSlapdPlugin > objectClass: extensibleObject > > # abort cleanallruv, tasks, config > dn: cn=abort cleanallruv,cn=tasks,cn=config > objectClass: top > objectClass: extensibleObject > cn: abort cleanallruv > > # automember export updates, tasks, config > dn: cn=automember export updates,cn=tasks,cn=config > objectClass: top > objectClass: extensibleObject > cn: automember export updates > > # automember map updates, tasks, config > dn: cn=automember map updates,cn=tasks,cn=config > objectClass: top > objectClass: extensibleObject > cn: automember map updates > > # automember rebuild membership, tasks, config > dn: cn=automember rebuild membership,cn=tasks,cn=config > objectClass: top > objectClass: extensibleObject > cn: automember rebuild membership > > # backup, tasks, config > dn: cn=backup,cn=tasks,cn=config > objectClass: top > objectClass: extensibleObject > cn: backup > > # cleanallruv, tasks, config > dn: cn=cleanallruv,cn=tasks,cn=config > objectClass: top > objectClass: extensibleObject > cn: cleanallruv > > # export, tasks, config > dn: cn=export,cn=tasks,cn=config > objectClass: top > objectClass: extensibleObject > cn: export > > # fixup linked attributes, tasks, config > dn: cn=fixup linked attributes,cn=tasks,cn=config > objectClass: top > objectClass: extensibleObject > cn: fixup linked attributes > > # fixup tombstones, tasks, config > dn: cn=fixup tombstones,cn=tasks,cn=config > objectClass: top > objectClass: extensibleObject > cn: fixup tombstones > > # import, tasks, config > dn: cn=import,cn=tasks,cn=config > objectClass: top > objectClass: extensibleObject > cn: import > > # index, tasks, config > dn: cn=index,cn=tasks,cn=config > objectClass: top > objectClass: extensibleObject > cn: index > > # ipa-sidgen-task, tasks, config > dn: cn=ipa-sidgen-task,cn=tasks,cn=config > objectClass: top > objectClass: extensibleObject > cn: ipa-sidgen-task > > # memberof task, tasks, config > dn: cn=memberof task,cn=tasks,cn=config > objectClass: top > objectClass: extensibleObject > cn: memberof task > > # restore, tasks, config > dn: cn=restore,cn=tasks,cn=config > objectClass: top > objectClass: extensibleObject > cn: restore > > # schema reload task, tasks, config > dn: cn=schema reload task,cn=tasks,cn=config > objectClass: top > objectClass: extensibleObject > cn: schema reload task > > # syntax validate, tasks, config > dn: cn=syntax validate,cn=tasks,cn=config > objectClass: top > objectClass: extensibleObject > cn: syntax validate > > # sysconfig reload, tasks, config > dn: cn=sysconfig reload,cn=tasks,cn=config > objectClass: top > objectClass: extensibleObject > cn: sysconfig reload > > # upgradedb, tasks, config > dn: cn=upgradedb,cn=tasks,cn=config > objectClass: top > objectClass: extensibleObject > cn: upgradedb > > # USN tombstone cleanup task, tasks, config > dn: cn=USN tombstone cleanup task,cn=tasks,cn=config > objectClass: top > objectClass: extensibleObject > cn: USN tombstone cleanup task > > # Posix IDs, Distributed Numeric Assignment Plugin, plugins, config > dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config > cn: Posix IDs > dnaMaxValue: 1100 > dnaNextValue: 1101 > dnaThreshold: 500 > dnaType: uidNumber > dnaType: gidNumber > objectClass: top > objectClass: extensibleObject > > # config, ldbm database, plugins, config > dn: cn=config,cn=ldbm database,cn=plugins,cn=config > cn: config > objectClass: top > objectClass: extensibleObject > nsslapd-directory: /var/lib/dirsrv/slapd-mydomain-NET/db > > # default indexes, config, ldbm database, plugins, config > dn: cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config > cn: default indexes > objectClass: top > objectClass: extensibleObject > > # aci, default indexes, config, ldbm database, plugins, config > dn: cn=aci,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config > cn: aci > objectClass: top > objectClass: nsIndex > > # cn, default indexes, config, ldbm database, plugins, config > dn: cn=cn,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config > cn: cn > objectClass: top > objectClass: nsIndex > > # entryusn, default indexes, config, ldbm database, plugins, config > dn: cn=entryusn,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=co nfig > cn: entryusn > objectClass: top > objectClass: nsIndex > > # givenName, default indexes, config, ldbm database, plugins, config > dn: cn=givenName,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=c onfig > cn: givenName > objectClass: top > objectClass: nsIndex > > # mail, default indexes, config, ldbm database, plugins, config > dn: cn=mail,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config > cn: mail > objectClass: top > objectClass: nsIndex > > # mailAlternateAddress, default indexes, config, ldbm database, plugins, config > dn: cn=mailAlternateAddress,cn=default indexes,cn=config,cn=ldbm database,cn=p lugins,cn=config > cn: mailAlternateAddress > objectClass: top > objectClass: nsIndex > > # mailHost, default indexes, config, ldbm database, plugins, config > dn: cn=mailHost,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=co nfig > cn: mailHost > objectClass: top > objectClass: nsIndex > > # member, default indexes, config, ldbm database, plugins, config > dn: cn=member,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=conf ig > cn: member > objectClass: top > objectClass: nsIndex > > # memberOf, default indexes, config, ldbm database, plugins, config > dn: cn=memberOf,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=co nfig > cn: memberOf > objectClass: top > objectClass: nsIndex > > # nsTombstoneCSN, default indexes, config, ldbm database, plugins, config > dn: cn=nsTombstoneCSN,cn=default indexes,cn=config,cn=ldbm database,cn=plugins ,cn=config > cn: nsTombstoneCSN > objectClass: top > objectClass: nsIndex > > # nsUniqueId, default indexes, config, ldbm database, plugins, config > dn: cn=nsUniqueId,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn= config > cn: nsUniqueId > objectClass: top > objectClass: nsIndex > > # ntUniqueId, default indexes, config, ldbm database, plugins, config > dn: cn=ntUniqueId,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn= config > cn: ntUniqueId > objectClass: top > objectClass: nsIndex > > # ntUserDomainId, default indexes, config, ldbm database, plugins, config > dn: cn=ntUserDomainId,cn=default indexes,cn=config,cn=ldbm database,cn=plugins ,cn=config > cn: ntUserDomainId > objectClass: top > objectClass: nsIndex > > # numsubordinates, default indexes, config, ldbm database, plugins, config > dn: cn=numsubordinates,cn=default indexes,cn=config,cn=ldbm database,cn=plugin s,cn=config > cn: numsubordinates > objectClass: top > objectClass: nsIndex > > # objectclass, default indexes, config, ldbm database, plugins, config > dn: cn=objectclass,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn =config > cn: objectclass > objectClass: top > objectClass: nsIndex > > # owner, default indexes, config, ldbm database, plugins, config > dn: cn=owner,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=confi g > cn: owner > objectClass: top > objectClass: nsIndex > > # parentid, default indexes, config, ldbm database, plugins, config > dn: cn=parentid,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=co nfig > cn: parentid > objectClass: top > objectClass: nsIndex > > # seeAlso, default indexes, config, ldbm database, plugins, config > dn: cn=seeAlso,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=con fig > cn: seeAlso > objectClass: top > objectClass: nsIndex > > # sn, default indexes, config, ldbm database, plugins, config > dn: cn=sn,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config > cn: sn > objectClass: top > objectClass: nsIndex > > # targetuniqueid, default indexes, config, ldbm database, plugins, config > dn: cn=targetuniqueid,cn=default indexes,cn=config,cn=ldbm database,cn=plugins ,cn=config > cn: targetuniqueid > objectClass: top > objectClass: nsIndex > > # telephoneNumber, default indexes, config, ldbm database, plugins, config > dn: cn=telephoneNumber,cn=default indexes,cn=config,cn=ldbm database,cn=plugin s,cn=config > cn: telephoneNumber > objectClass: top > objectClass: nsIndex > > # uid, default indexes, config, ldbm database, plugins, config > dn: cn=uid,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config > cn: uid > objectClass: top > objectClass: nsIndex > > # uniquemember, default indexes, config, ldbm database, plugins, config > dn: cn=uniquemember,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,c n=config > cn: uniquemember > objectClass: top > objectClass: nsIndex > > # search result > search: 4 > result: 0 Success > > # numResponses: 51 > # numEntries: 50 > > > -----Original Message----- > From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Rich Megginson > Sent: January-20-16 11:44 AM > To: freeipa-users at redhat.com > Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists > > On 01/20/2016 12:24 PM, Nathan Peters wrote: >> Now we are starting to get somewhere (although a resolution still is >> not visible) :) >> >> First, thank you Petr and Rob for your help on this issue. I apologize for our hard to parse server names. I'm not a fan of them myself and in earlier reports I had been reformatting everything nicely with dc1, dc2, dc3 etc. After having to submit so many reports I started to get lazy an thought it may be more helpful to see data closer to what we are actually using. >> >> Petr hit the nail on the head with the "does everyone who binds get the same result" question, which although it has not revealed a resolution, has revealed a bunch of really interesting facts about the process. >> >> Going back to the original logs that were running on the remote master during the replica installation attempt I see the following : >> >> [18/Jan/2016:09:28:32 -0800] conn=18732 fd=77 slot=77 connection from >> 10.21.0.98 to 10.178.0.98 >>> [18/Jan/2016:09:28:32 -0800] conn=18732 op=0 BIND dn="" method=sasl >>> version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:32 -0800] conn=18732 op=0 RESULT err=14 tag=97 >>> nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:28:32 -0800] conn=18732 op=1 BIND dn="" method=sasl >>> version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:32 -0800] conn=18732 op=1 RESULT err=14 tag=97 >>> nentries=0 etime=0, SASL bind in progress >>> [18/Jan/2016:09:28:32 -0800] conn=18732 op=2 BIND dn="" method=sasl >>> version=3 mech=GSSAPI >>> [18/Jan/2016:09:28:32 -0800] conn=18732 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-van.mydomain.net,cn=computers,cn=accounts,dc=mydomain,dc=net" >>> [18/Jan/2016:09:28:32 -0800] conn=18732 op=3 SRCH >>> base="cn=replication,cn=etc,dc=mydomain,dc=net" scope=0 >>> filter="(objectClass=*)" attrs=ALL >>> [18/Jan/2016:09:28:32 -0800] conn=18732 op=3 RESULT err=0 tag=101 >>> nentries=1 etime=0 >>> [18/Jan/2016:09:28:32 -0800] conn=18732 op=4 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" >>> [18/Jan/2016:09:28:32 -0800] conn=18732 op=4 RESULT err=0 tag=101 >>> nentries=1 etime=0 >> So, conn18732 was opened with a bind dn of "" ? Is this supposed to happen? > Yes. GSSAPI/SASL binds are multi-stage binds. You'll notice that the last stage is op=2, and the result has the full bind DN to which the kerberos principals mapped to. The dn="" until the last stage at which time the mapped DN is known and logged. > >> Here is what I see when I search that base using the same empty bind dn : > nack - you have to first use "kinit myusername at MYDOMAIN", then use ldapsearch -Y GSSAPI ...., to do the bind in the same way to use GSSAPI. > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project > From Terry.John at completeautomotivesolutions.co.uk Thu Jan 21 16:54:04 2016 From: Terry.John at completeautomotivesolutions.co.uk (Terry John) Date: Thu, 21 Jan 2016 16:54:04 +0000 Subject: [Freeipa-users] FREAK Vulnerability In-Reply-To: <56A0F065.7050407@redhat.com> References: <56A0F065.7050407@redhat.com> Message-ID: >> I've been trying to tidy the security on my FreeIPA and this is >> causing me some problems. I'm using OpenVAS vulnerability scanner and >> it is coming up with this issue >> >> EXPORT_RSA cipher suites supported by the remote server: >> TLSv1.0: TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0006) >> TLSv1.0: TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0003) >> >> It seems we have to disable export TLS ciphers but I can't see how. I've edited /etc/httpd/conf.d/nss.conf and disabled all SSL and TLSV1.0. > >> NSSCipherSuite -all,-exp,+ >> >> I've restarted httpd and ipa but it still fails >> >> Is there something I have overlooked >Hi Terry, > >Please check >https://fedorahosted.org/freeipa/ticket/5589 > >We are trying to come up with a better cipher suite right now. The fix should be in some of the next FreeIPA 4.3.x versions. > >The ticket has more details in it. Thanks for the info. I have tried nearly all the NSSCipherSuite settings in that ticket but none so far has eliminated the FREAK report. Christian thanks for the heads up on the syntax, I wasn't sure of what I was doing Each time I've made a change I've run an sslscan from the OpenVAS scanner and I do get a different result each time but the errors still remains in OpenVAS. Aaargh! Just noticed the port is 636/tcp(!) which is ns-slapd. Back to the drawing board :-) The Manheim group of companies within the UK comprises: Manheim Europe Limited (registered number: 03183918), Manheim Auctions Limited (registered number: 00448761), Manheim Retail Services Limited (registered number: 02838588), Motors.co.uk Limited (registered number: 05975777), Real Time Communications Limited (registered number: 04277845) and Complete Automotive Solutions Limited (registered number: 05302535). Each of these companies is registered in England and Wales with the registered office address of Central House, Leeds Road, Rothwell, Leeds LS26 0JE. The Manheim group of companies operates under various brand/trading names including Manheim Inspection Services, Manheim Auctions, Manheim Direct, Manheim De-fleet and Manheim Aftersales Solutions. V:0CF72C13B2AC From rcritten at redhat.com Thu Jan 21 16:58:39 2016 From: rcritten at redhat.com (Rob Crittenden) Date: Thu, 21 Jan 2016 11:58:39 -0500 Subject: [Freeipa-users] FREAK Vulnerability In-Reply-To: <56A0F3FA.9030902@redhat.com> References: <56A0F065.7050407@redhat.com> <56A0F3FA.9030902@redhat.com> Message-ID: <56A10E3F.9000503@redhat.com> Christian Heimes wrote: > On 2016-01-21 15:51, Martin Kosek wrote: >> On 01/21/2016 03:31 PM, Terry John wrote: >>> I've been trying to tidy the security on my FreeIPA and this is causing me some problems. I'm using OpenVAS vulnerability scanner and it is coming up with this issue >>> >>> EXPORT_RSA cipher suites supported by the remote server: >>> TLSv1.0: TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0006) >>> TLSv1.0: TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0003) >>> >>> It seems we have to disable export TLS ciphers but I can't see how. I've edited /etc/httpd/conf.d/nss.conf and disabled all SSL and TLSV1.0. >>> >>> I've got >>> >>> NSSCipherSuite -all,-exp,+ >>> >>> I've restarted httpd and ipa but it still fails >>> >>> Is there something I have overlooked >>> >>> Thanks, Terry > > Hi Terry, > > the syntax of your NSSCipherSuite stanza is wrong. mod_nss has a > different syntax for NSSCipherSuite than mod_ssl has for SSLCipherSuite. > The native mod_nss syntax doesn't support qualifiers such as 'all' or > 'exp'. You have to put in the NSS names of cipher suites. If you use the > native syntax, then mod_nss disables all ciphers suites that are not listed. > > mod_nss also supports OpenSSL's / mod_ssl's syntax if you use ':' > instead of ',' as separator. But I advice against the alternative syntax > because it is not as well tested as the native syntax. For example '!' > prefix used to be broken (CVE-2015-5244) and '+' prefix causes another > issue (https://fedorahosted.org/mod_nss/ticket/20). By that argument one would never use any software because of previous bugs. It should work fine now, but it there are some differences, but note that the F-22 fix hasn't been pushed to stable yet (https://bodhi.fedoraproject.org/updates/FEDORA-2016-6aa4dd4f3a). + doesn't add ciphers, it only re-orders them so is a no-op since NSS doesn't allow cipher re-ordering. Given you just disabled all ciphers with -ALL, -EXP is a no-op. If you want to ban anything from adding in export ciphers later use !EXP instead. The string is also case-sensitive and needs to be all upper-case. But yeah, I'd check out the referenced ticket and use those as your default. rob > >> Hi Terry, >> >> Please check >> https://fedorahosted.org/freeipa/ticket/5589 >> >> We are trying to come up with a better cipher suite right now. The fix should >> be in some of the next FreeIPA 4.3.x versions. >> >> The ticket has more details in it. > > The NSSCipherSuite from > https://fedorahosted.org/freeipa/ticket/5589#comment:6 has been reviewed > by a couple of people and has been tested with ssllabs.com. The script > nssciphersuite.py? in the ticket explains why certain algorithms and > cipher suites have been removed. > > Christian > > > From cheimes at redhat.com Thu Jan 21 17:18:43 2016 From: cheimes at redhat.com (Christian Heimes) Date: Thu, 21 Jan 2016 18:18:43 +0100 Subject: [Freeipa-users] FREAK Vulnerability In-Reply-To: References: <56A0F065.7050407@redhat.com> Message-ID: <56A112F3.8010509@redhat.com> On 2016-01-21 17:54, Terry John wrote: >>> I've been trying to tidy the security on my FreeIPA and this is >>> causing me some problems. I'm using OpenVAS vulnerability scanner and >>> it is coming up with this issue >>> >>> EXPORT_RSA cipher suites supported by the remote server: >>> TLSv1.0: TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0006) >>> TLSv1.0: TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0003) >>> >>> It seems we have to disable export TLS ciphers but I can't see how. I've edited /etc/httpd/conf.d/nss.conf and disabled all SSL and TLSV1.0. >> >>> NSSCipherSuite -all,-exp,+ >>> >>> I've restarted httpd and ipa but it still fails >>> >>> Is there something I have overlooked > > >> Hi Terry, >> >> Please check >> https://fedorahosted.org/freeipa/ticket/5589 >> >> We are trying to come up with a better cipher suite right now. The fix should be in some of the next FreeIPA 4.3.x versions. >> >> The ticket has more details in it. > > Thanks for the info. I have tried nearly all the NSSCipherSuite settings in that ticket but none so far has eliminated the FREAK report. > Christian thanks for the heads up on the syntax, I wasn't sure of what I was doing > > Each time I've made a change I've run an sslscan from the OpenVAS scanner and I do get a different result each time but the errors still remains in OpenVAS. > Aaargh! Just noticed the port is 636/tcp(!) which is ns-slapd. > > Back to the drawing board :-) The TLS/SSL configuration of the LDAP server is handled by a different configuration file. It's on my radar, but I haven't touched it yet. LDAP clients and browsers are different beasts. ssllabs.com makes it very convenient to test a site against all relevant browsers. There is no such service for LDAP. By the way does OpenVAS also detect issues on 389/TCP for LDAP with STARTTLS? 389/TCP talks plain TCP first but can be upgrade to TLS with STARTTLS. Christian -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: OpenPGP digital signature URL: From Nathan.Peters at globalrelay.net Fri Jan 22 03:48:01 2016 From: Nathan.Peters at globalrelay.net (Nathan Peters) Date: Fri, 22 Jan 2016 03:48:01 +0000 Subject: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists In-Reply-To: <56A0F93E.3000406@redhat.com> References: <569DF522.4090505@redhat.com> <569E687D.5040006@redhat.com> <569E9D5F.9070801@redhat.com> <569EC761.9090306@redhat.com> <569F5B19.50009@redhat.com> <569FE2EC.5080307@redhat.com> <56A0F93E.3000406@redhat.com> Message-ID: Here are the results for that aci search using a non gssapi bind by directory manager on the old master that we are attempting to join agains. I don't see anything in this list that would indicate that some users should or should not have access through a certain method. Unless one of those sasl config settings is doing it ? [root at dc2-ipa-dev-nvan ~]# ldapsearch -D "cn=directory manager" -W -b "cn=config" "(aci=*)" Enter LDAP Password: # extended LDIF # # LDAPv3 # base with scope subtree # filter: (aci=*) # requesting: ALL # # config dn: cn=config cn: config objectClass: top objectClass: extensibleObject objectClass: nsslapdConfig nsslapd-backendconfig: cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=co nfig nsslapd-backendconfig: cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=confi g nsslapd-backendconfig: cn=config,cn=changelog,cn=ldbm database,cn=plugins,cn=c onfig nsslapd-betype: ldbm database nsslapd-privatenamespaces: cn=schema nsslapd-privatenamespaces: nsslapd-privatenamespaces: cn=monitor nsslapd-privatenamespaces: cn=config nsslapd-plugin: cn=binary syntax,cn=plugins,cn=config nsslapd-plugin: cn=bit string syntax,cn=plugins,cn=config nsslapd-plugin: cn=boolean syntax,cn=plugins,cn=config nsslapd-plugin: cn=case exact string syntax,cn=plugins,cn=config nsslapd-plugin: cn=case ignore string syntax,cn=plugins,cn=config nsslapd-plugin: cn=country string syntax,cn=plugins,cn=config nsslapd-plugin: cn=delivery method syntax,cn=plugins,cn=config nsslapd-plugin: cn=distinguished name syntax,cn=plugins,cn=config nsslapd-plugin: cn=enhanced guide syntax,cn=plugins,cn=config nsslapd-plugin: cn=facsimile telephone number syntax,cn=plugins,cn=config nsslapd-plugin: cn=fax syntax,cn=plugins,cn=config nsslapd-plugin: cn=generalized time syntax,cn=plugins,cn=config nsslapd-plugin: cn=guide syntax,cn=plugins,cn=config nsslapd-plugin: cn=integer syntax,cn=plugins,cn=config nsslapd-plugin: cn=jpeg syntax,cn=plugins,cn=config nsslapd-plugin: cn=name and optional uid syntax,cn=plugins,cn=config nsslapd-plugin: cn=numeric string syntax,cn=plugins,cn=config nsslapd-plugin: cn=octet string syntax,cn=plugins,cn=config nsslapd-plugin: cn=oid syntax,cn=plugins,cn=config nsslapd-plugin: cn=postal address syntax,cn=plugins,cn=config nsslapd-plugin: cn=printable string syntax,cn=plugins,cn=config nsslapd-plugin: cn=telephone syntax,cn=plugins,cn=config nsslapd-plugin: cn=teletex terminal identifier syntax,cn=plugins,cn=config nsslapd-plugin: cn=telex number syntax,cn=plugins,cn=config nsslapd-plugin: cn=octetstringmatch,cn=plugins,cn=config nsslapd-plugin: cn=octetstringorderingmatch,cn=plugins,cn=config nsslapd-plugin: cn=bitstringmatch,cn=plugins,cn=config nsslapd-plugin: cn=bitwise plugin,cn=plugins,cn=config nsslapd-plugin: cn=caseexactia5match,cn=plugins,cn=config nsslapd-plugin: cn=caseexactmatch,cn=plugins,cn=config nsslapd-plugin: cn=caseexactorderingmatch,cn=plugins,cn=config nsslapd-plugin: cn=caseexactsubstringsmatch,cn=plugins,cn=config nsslapd-plugin: cn=caseexactia5substringsmatch,cn=plugins,cn=config nsslapd-plugin: cn=generalizedtimematch,cn=plugins,cn=config nsslapd-plugin: cn=generalizedtimeorderingmatch,cn=plugins,cn=config nsslapd-plugin: cn=booleanmatch,cn=plugins,cn=config nsslapd-plugin: cn=caseignoreia5match,cn=plugins,cn=config nsslapd-plugin: cn=caseignoreia5substringsmatch,cn=plugins,cn=config nsslapd-plugin: cn=caseignorematch,cn=plugins,cn=config nsslapd-plugin: cn=caseignoreorderingmatch,cn=plugins,cn=config nsslapd-plugin: cn=caseignoresubstringsmatch,cn=plugins,cn=config nsslapd-plugin: cn=caseignorelistmatch,cn=plugins,cn=config nsslapd-plugin: cn=caseignorelistsubstringsmatch,cn=plugins,cn=config nsslapd-plugin: cn=objectidentifiermatch,cn=plugins,cn=config nsslapd-plugin: cn=directorystringfirstcomponentmatch,cn=plugins,cn=config nsslapd-plugin: cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config nsslapd-plugin: cn=distinguishednamematch,cn=plugins,cn=config nsslapd-plugin: cn=integermatch,cn=plugins,cn=config nsslapd-plugin: cn=integerorderingmatch,cn=plugins,cn=config nsslapd-plugin: cn=integerfirstcomponentmatch,cn=plugins,cn=config nsslapd-plugin: cn=internationalization plugin,cn=plugins,cn=config nsslapd-plugin: cn=uniquemembermatch,cn=plugins,cn=config nsslapd-plugin: cn=numericstringmatch,cn=plugins,cn=config nsslapd-plugin: cn=numericstringorderingmatch,cn=plugins,cn=config nsslapd-plugin: cn=numericstringsubstringsmatch,cn=plugins,cn=config nsslapd-plugin: cn=telephonenumbermatch,cn=plugins,cn=config nsslapd-plugin: cn=telephonenumbersubstringsmatch,cn=plugins,cn=config nsslapd-requiresrestart: cn=config:nsslapd-port nsslapd-requiresrestart: cn=config:nsslapd-secureport nsslapd-requiresrestart: cn=config:nsslapd-ldapifilepath nsslapd-requiresrestart: cn=config:nsslapd-ldapilisten nsslapd-requiresrestart: cn=config:nsslapd-workingdir nsslapd-requiresrestart: cn=config:nsslapd-plugin nsslapd-requiresrestart: cn=config:nsslapd-sslclientauth nsslapd-requiresrestart: cn=config:nsslapd-changelogdir nsslapd-requiresrestart: cn=config:nsslapd-changelogsuffix nsslapd-requiresrestart: cn=config:nsslapd-changelogmaxentries nsslapd-requiresrestart: cn=config:nsslapd-changelogmaxage nsslapd-requiresrestart: cn=config:nsslapd-db-locks nsslapd-requiresrestart: cn=config:nsslapd-maxdescriptors nsslapd-requiresrestart: cn=config:nsslapd-return-exact-case nsslapd-requiresrestart: cn=config:nsslapd-schema-ignore-trailing-spaces nsslapd-requiresrestart: cn=config,cn=ldbm:nsslapd-idlistscanlimit nsslapd-requiresrestart: cn=config,cn=ldbm:nsslapd-parentcheck nsslapd-requiresrestart: cn=config,cn=ldbm:nsslapd-dbcachesize nsslapd-requiresrestart: cn=config,cn=ldbm:nsslapd-dbncache nsslapd-requiresrestart: cn=config,cn=ldbm:nsslapd-cachesize nsslapd-requiresrestart: cn=config,cn=ldbm:nsslapd-plugin nsslapd-requiresrestart: cn=encryption,cn=config:nssslsessiontimeout nsslapd-requiresrestart: cn=encryption,cn=config:nssslclientauth nsslapd-requiresrestart: cn=encryption,cn=config:nsssl2 nsslapd-requiresrestart: cn=encryption,cn=config:nsssl3 nsslapd-auditlog-mode: 600 nsslapd-auditlog-logrotationsync-enabled: off nsslapd-auditlog-logrotationsynchour: 0 nsslapd-auditlog-logrotationsyncmin: 0 nsslapd-auditlog-logrotationtime: 1 nsslapd-accesslog-mode: 600 nsslapd-accesslog-maxlogsperdir: 10 nsslapd-errorlog-level: 16384 nsslapd-errorlog-logging-enabled: on nsslapd-errorlog-mode: 600 nsslapd-errorlog-logexpirationtime: 1 nsslapd-accesslog-logging-enabled: on nsslapd-port: 389 nsslapd-workingdir: /var/log/dirsrv/slapd-DEV-mydomain-NET nsslapd-maxthreadsperconn: 5 nsslapd-accesslog-logexpirationtime: 1 nsslapd-localuser: dirsrv nsslapd-errorlog-logrotationsync-enabled: off nsslapd-errorlog-logrotationsynchour: 0 nsslapd-errorlog-logrotationsyncmin: 0 nsslapd-errorlog-logrotationtime: 1 passwordInHistory: 6 passwordUnlock: on passwordGraceLimit: 0 nsslapd-accesslog-logrotationsync-enabled: off nsslapd-accesslog-logrotationsynchour: 0 nsslapd-accesslog-logrotationsyncmin: 0 nsslapd-accesslog-logrotationtime: 1 passwordMustChange: off nsslapd-pwpolicy-local: off nsslapd-auditlog-logmaxdiskspace: 100 nsslapd-sizelimit: 2000 nsslapd-auditlog-maxlogsize: 100 passwordWarning: 86400 nsslapd-readonly: off nsslapd-sasl-mapping-fallback: on nsslapd-threadnumber: 30 passwordLockout: off nsslapd-enquote-sup-oc: off nsslapd-localhost: dc2-ipa-dev-nvan.dev-mydomain.net nsslapd-ioblocktimeout: 1800000 nsslapd-max-filter-nest-level: 40 nsslapd-errorlog-logmaxdiskspace: 100 passwordMinLength: 8 passwordMinDigits: 0 passwordMinAlphas: 0 passwordMinUppers: 0 passwordMinLowers: 0 passwordMinSpecials: 0 passwordMin8bit: 0 passwordMaxRepeats: 0 passwordMinCategories: 3 passwordMinTokenLength: 3 nsslapd-errorlog: /var/log/dirsrv/slapd-DEV-mydomain-NET/errors nsslapd-auditlog-logexpirationtime: 1 nsslapd-schemacheck: on nsslapd-schemamod: on nsslapd-syntaxcheck: on nsslapd-syntaxlogging: off nsslapd-dn-validate-strict: off nsslapd-ds4-compatible-schema: off nsslapd-schema-ignore-trailing-spaces: off nsslapd-schemareplace: replication-only nsslapd-accesslog-logmaxdiskspace: 500 passwordMaxFailure: 3 nsslapd-accesslog: /var/log/dirsrv/slapd-DEV-mydomain-NET/access nsslapd-lastmod: on nsslapd-security: on passwordMaxAge: 8640000 nsslapd-auditlog-logrotationtimeunit: day passwordResetFailureCount: 600 passwordIsGlobalPolicy: off passwordLegacyPolicy: on passwordTrackUpdateTime: off nsslapd-auditlog-maxlogsperdir: 1 nsslapd-errorlog-logexpirationtimeunit: month nsslapd-groupevalnestlevel: 0 nsslapd-accesslog-logexpirationtimeunit: month nsslapd-rootpw: {SSHA}dVkYQwrJNWRuX/ErfQCCtcEE1pOjkpm8sIUgDw== passwordChange: on nsslapd-accesslog-level: 256 nsslapd-errorlog-logrotationtimeunit: week nsslapd-securePort: 636 nsslapd-certmap-basedn: nsslapd-timelimit: 3600 nsslapd-errorlog-maxlogsize: 100 nsslapd-reservedescriptors: 64 nsslapd-svrtab: passwordExp: off nsslapd-accesscontrol: on nsslapd-accesslog-logrotationtimeunit: day passwordLockoutDuration: 3600 nsslapd-accesslog-maxlogsize: 100 nsslapd-idletimeout: 0 nsslapd-nagle: on nsslapd-errorlog-logminfreediskspace: 5 nsslapd-auditlog-logging-enabled: off nsslapd-auditlog-logging-hide-unhashed-pw: on nsslapd-accesslog-logbuffering: on nsslapd-csnlogging: on nsslapd-auditlog-logexpirationtimeunit: month nsslapd-allow-hashed-passwords: on passwordCheckSyntax: off nsslapd-listenhost: nsslapd-snmp-index: 0 nsslapd-ldapifilepath: /var/run/slapd-DEV-mydomain-NET.socket nsslapd-ldapilisten: on nsslapd-ldapiautobind: on nsslapd-ldapimaprootdn: cn=Directory Manager nsslapd-ldapimaptoentries: on nsslapd-ldapiuidnumbertype: uidNumber nsslapd-ldapigidnumbertype: gidNumber nsslapd-ldapientrysearchbase: dc=example,dc=com nsslapd-anonlimitsdn: cn=anonymous-limits,cn=etc,dc=dev-mydomain,dc=net nsslapd-counters: on nsslapd-accesslog-logminfreediskspace: 5 nsslapd-errorlog-maxlogsperdir: 2 nsslapd-securelistenhost: nsslapd-auditlog-logminfreediskspace: 5 nsslapd-rootdn: cn=Directory Manager passwordMinAge: 0 nsslapd-auditlog: /var/log/dirsrv/slapd-DEV-mydomain-NET/audit nsslapd-return-exact-case: on nsslapd-result-tweak: off nsslapd-plugin-binddn-tracking: off nsslapd-moddn-aci: on nsslapd-attribute-name-exceptions: off nsslapd-maxbersize: 209715200 nsslapd-maxsasliosize: 2097152 nsslapd-versionstring: 389-Directory/1.3.4.5 nsslapd-referralmode: nsslapd-maxdescriptors: 8192 nsslapd-conntablesize: 8192 nsslapd-SSLclientAuth: allowed nsslapd-config: cn=config nsslapd-instancedir: /var/lib/dirsrv/scripts-DEV-mydomain-NET nsslapd-schemadir: /etc/dirsrv/slapd-DEV-mydomain-NET/schema nsslapd-lockdir: /var/lock/dirsrv/slapd-DEV-mydomain-NET nsslapd-tmpdir: /tmp nsslapd-certdir: /etc/dirsrv/slapd-DEV-mydomain-NET nsslapd-ldifdir: /var/lib/dirsrv/slapd-DEV-mydomain-NET/ldif nsslapd-bakdir: /var/lib/dirsrv/slapd-DEV-mydomain-NET/bak nsslapd-saslpath: nsslapd-rundir: /var/run/dirsrv nsslapd-rewrite-rfc1274: off nsslapd-outbound-ldap-io-timeout: 300000 nsslapd-allow-unauthenticated-binds: off nsslapd-require-secure-binds: off nsslapd-allow-anonymous-access: on nsslapd-localssf: 71 nsslapd-minssf: 0 nsslapd-minssf-exclude-rootdse: on nsslapd-force-sasl-external: off nsslapd-entryusn-global: on nsslapd-entryusn-import-initval: next nsslapd-allowed-to-delete-attrs: passwordadmindn nsslapd-listenhost nsslapd-se curelistenhost nsslapd-defaultnamingcontext nsslapd-validate-cert: warn nsslapd-pagedsizelimit: 0 nsslapd-defaultnamingcontext: dc=dev-mydomain,dc=net nsslapd-disk-monitoring: off nsslapd-disk-monitoring-threshold: 2097152 nsslapd-disk-monitoring-grace-period: 60 nsslapd-disk-monitoring-logging-critical: off nsslapd-ndn-cache-enabled: on nsslapd-ndn-cache-max-size: 20971520 nsslapd-allowed-sasl-mechanisms: nsslapd-ignore-virtual-attrs: off nsslapd-unhashed-pw-switch: on nsslapd-sasl-max-buffer-size: 2097152 nsslapd-search-return-original-type-switch: off nsslapd-enable-turbo-mode: on nsslapd-connection-buffer: 1 nsslapd-connection-nocanon: on nsslapd-plugin-logging: off nsslapd-listen-backlog-size: 128 nsslapd-dynamic-plugins: off nsslapd-cn-uses-dn-syntax-in-dns: off nsslapd-malloc-mxfast: -10 nsslapd-malloc-trim-threshold: -10 nsslapd-malloc-mmap-threshold: -10 nsslapd-ignore-time-skew: off nsslapd-global-backend-lock: off nsslapd-maxsimplepaged-per-conn: -1 nsslapd-enable-nunc-stans: off passwordStorageScheme: SSHA passwordAdminDN: nsslapd-rootpwstoragescheme: SSHA nsslapd-errorlog-list: nsslapd-accesslog-list: /var/log/dirsrv/slapd-DEV-mydomain-NET/access.20160121-071658 nsslapd-accesslog-list: /var/log/dirsrv/slapd-DEV-mydomain-NET/access.20160121-022556 nsslapd-accesslog-list: /var/log/dirsrv/slapd-DEV-mydomain-NET/access.20160120-191523 nsslapd-accesslog-list: /var/log/dirsrv/slapd-DEV-mydomain-NET/access.20160120-091819 nsslapd-accesslog-list: /var/log/dirsrv/slapd-DEV-mydomain-NET/access.20160120-021415 nsslapd-accesslog-list: /var/log/dirsrv/slapd-DEV-mydomain-NET/access.20160119-165941 nsslapd-accesslog-list: /var/log/dirsrv/slapd-DEV-mydomain-NET/access.20160119-065036 nsslapd-accesslog-list: /var/log/dirsrv/slapd-DEV-mydomain-NET/access.20160119-023133 nsslapd-accesslog-list: /var/log/dirsrv/slapd-DEV-mydomain-NET/access.20160118-205128 nsslapd-auditlog-list: nsslapd-ssl-check-hostname: on nsslapd-hash-filters: off # mapping tree, config dn: cn=mapping tree,cn=config cn: mapping tree objectClass: top objectClass: extensibleObject # SNMP, config dn: cn=SNMP,cn=config cn: SNMP nsSNMPEnabled: on objectClass: top objectClass: nsSNMP # tasks, config dn: cn=tasks,cn=config cn: tasks objectClass: top objectClass: extensibleObject # csusers, config dn: ou=csusers,cn=config objectClass: top objectClass: organizationalUnit ou: csusers # 1.3.6.1.4.1.4203.1.9.1.1, features, config dn: oid=1.3.6.1.4.1.4203.1.9.1.1,cn=features,cn=config cn: Sync Request Control objectClass: top objectClass: directoryServerFeature oid: 1.3.6.1.4.1.4203.1.9.1.1 # 2.16.840.1.113730.3.4.9, features, config dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config cn: VLV Request Control objectClass: top objectClass: directoryServerFeature oid: 2.16.840.1.113730.3.4.9 # dc\3Ddev-mydomain\2Cdc\3Dnet, mapping tree, config dn: cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config cn: dc=dev-mydomain,dc=net cn: "dc=dev-mydomain,dc=net" nsslapd-backend: userRoot nsslapd-referral: ldap://dc1-ipa-dev-van.dev-mydomain.net:389/dc%3Ddev-mydomain%2Cdc%3Dnet nsslapd-referral: ldap://dc1-ipa-dev-nvan.dev-mydomain.net:389/dc%3Ddev-mydomain%2Cdc%3Dnet nsslapd-state: backend objectClass: top objectClass: extensibleObject objectClass: nsMappingTree # o\3Dipaca, mapping tree, config dn: cn=o\3Dipaca,cn=mapping tree,cn=config cn: o=ipaca nsslapd-backend: ipaca nsslapd-referral: ldap://dc1-ipa-dev-nvan.dev-mydomain.net:389/o%3Dipaca nsslapd-referral: ldap://dc1-ipa-dev-van.dev-mydomain.net:389/o%3Dipaca nsslapd-state: Backend objectClass: top objectClass: extensibleObject objectClass: nsMappingTree # ldbm database, plugins, config dn: cn=ldbm database,cn=plugins,cn=config cn: ldbm database nsslapd-plugin-depends-on-type: Syntax nsslapd-plugin-depends-on-type: matchingRule nsslapd-pluginDescription: high-performance LDAP backend database plugin nsslapd-pluginEnabled: on nsslapd-pluginId: ldbm-backend nsslapd-pluginInitfunc: ldbm_back_init nsslapd-pluginPath: libback-ldbm nsslapd-pluginType: database nsslapd-pluginVendor: 389 Project nsslapd-pluginVersion: 1.3.4.5 objectClass: top objectClass: nsSlapdPlugin objectClass: extensibleObject # Posix IDs, Distributed Numeric Assignment Plugin, plugins, config dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config cn: Posix IDs dnaExcludeScope: cn=provisioning,dc=dev-mydomain,dc=net dnaFilter: (|(objectClass=posixAccount)(objectClass=posixGroup)(objectClass=ipaIDobject)) dnaMagicRegen: -1 dnaMaxValue: 1100 dnaNextValue: 1101 dnaScope: dc=dev-mydomain,dc=net dnaSharedCfgDN: cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=dev-mydomain,dc=net dnaThreshold: 500 dnaType: uidNumber dnaType: gidNumber objectClass: top objectClass: extensibleObject # userRoot, ldbm database, plugins, config dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config cn: userRoot objectClass: top objectClass: extensibleObject objectClass: nsBackendInstance nsslapd-suffix: dc=dev-mydomain,dc=net nsslapd-cachesize: -1 nsslapd-cachememsize: 10485760 nsslapd-readonly: off nsslapd-require-index: off nsslapd-directory: /var/lib/dirsrv/slapd-DEV-mydomain-NET/db/userRoot nsslapd-dncachememsize: 10485760 # search result search: 2 result: 0 Success # numResponses: 13 # numEntries: 12 -----Original Message----- From: Rich Megginson [mailto:rmeggins at redhat.com] Sent: January-21-16 7:29 AM To: Nathan Peters; freeipa-users at redhat.com Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists On 01/21/2016 12:50 AM, Nathan Peters wrote: > I don't know if this makes a difference too, but I performed the same checks on a different completely working and joined FreeIPA master, against other masters, and even against itself directly. > > It seems that no account, no keytab, and no host can see that mapping tree branch no matter who they search from or against if GSSAPI is used. > > > -----Original Message----- > From: freeipa-users-bounces at redhat.com > [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Nathan Peters > Sent: January-20-16 11:41 PM > To: Rich Megginson; freeipa-users at redhat.com > Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails > with DuplicateEntry: This entry already exists > > All checks below were performed from the host we are trying to turn > into a replica and they were performed against the master who logs I > also show > > The first check was to kinit admin and try the search. Surprisingly, the GSSAPI bind returns no results when we search that. In my previous email you can see that the standard bind gets a result as admin for that search. > > Next, I tried as the host by kinit with its keytab. Same result, nothing back. > > Finally I tried as my own personal admin user. Same result, nothing back. > > For good measure, I tried a broad search against the base "cn=mydomain,cn=net" as each user as well and I'll spare you the ten thousand lines of screenshot but the results were as expected, several thousand entries in that tree. > Although the output differed slightly. This is the total as admin or > my personal user # numResponses: 3372 # numEntries: 3371 > > and this is the total as the host keytab account > > # numResponses: 3371 > # numEntries: 3370 > > To be even more thorough, I did searches farther and farther up the config tree using GSSAPI until I found something. The only thing that is visible through GSSAPI searches is the base of the config tree. Even the mapping tree branch doesn't seem to be visible. > > At the very bottom of this email is the results of the search against cn=config directly as the attempted new replica and as admin. Admin gets about 50 results and the host only gets about 30 for some reason. I get the same results as admin on my personal account so I've excluded those. > > So if I got all that right I was able to determine that only the base of the config tree is available using GSSAPI for any account, users for some reason get slightly more results than hosts, and all accounts can see the dc=mydomain,dc=net tree just fine using GSSAPI. > > So does that help shed some light on what the cause of this might be or why the server is not answering as expected? > > Is there some way I can adjust this so everyone can see the results they do using regular binds as they do using GSSAPI binds ? > > Is there some way I can check ACLS on stuff ? https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Access_Control-Viewing_the_ACIs_for_an_Entry.html Note: There is a bug in the docs. You have to also specify the suffix e.g. "-b cn=config", and make sure the search filter is quoted e.g. '(aci=*)' If it is not aci related, I have no idea why you would get different results depending on if you did a simple bind vs. a gssapi bind with the same user that mapped to the same bind DN. From Nathan.Peters at globalrelay.net Fri Jan 22 04:08:39 2016 From: Nathan.Peters at globalrelay.net (Nathan Peters) Date: Fri, 22 Jan 2016 04:08:39 +0000 Subject: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists In-Reply-To: <56A0FCDE.8070906@redhat.com> References: <569DF522.4090505@redhat.com> <569E687D.5040006@redhat.com> <569E9D5F.9070801@redhat.com> <569EC761.9090306@redhat.com> <569F5B19.50009@redhat.com> <569FE2EC.5080307@redhat.com> <56A0FCDE.8070906@redhat.com> Message-ID: Ok, here are the logs and console session from those searches as admin and as the host on the new master against itself. Same result, nothing in there. See my email reply to Rich I sent a few minutes ago for the directory manager aci search results. ========================================================================== GSSAPI search using admin on old master searching old master (current host) ========================================================================== [root at dc2-ipa-dev-nvan ~]# kinit admin Password for admin at DEV-mydomain.NET: [root at dc2-ipa-dev-nvan ~]# klist Ticket cache: KEYRING:persistent:0:krb_ccache_swFzxQf Default principal: admin at DEV-mydomain.NET Valid starting Expires Service principal 21/01/16 19:54:14 22/01/16 19:54:05 krbtgt/DEV-mydomain.NET at DEV-mydomain.NET [root at dc2-ipa-dev-nvan ~]# ldapsearch -Y GSSAPI -b "cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" SASL/GSSAPI authentication started SASL username: admin at DEV-mydomain.NET SASL SSF: 56 SASL data security layer installed. # extended LDIF # # LDAPv3 # base with scope subtree # filter: (objectclass=*) # requesting: ALL # # search result search: 4 result: 0 Success # numResponses: 1 [root at dc2-ipa-dev-nvan ~]# kdestroy ========================================================================== GSSAPI search using host keytab on old master searching old master (current host) ========================================================================== [root at dc2-ipa-dev-nvan ~]# kinit -k -t /etc/krb5.keytab [root at dc2-ipa-dev-nvan ~]# klist Ticket cache: KEYRING:persistent:0:krb_ccache_swFzxQf Default principal: host/dc2-ipa-dev-nvan.dev-mydomain.net at DEV-mydomain.NET Valid starting Expires Service principal 21/01/16 19:54:53 22/01/16 19:54:53 krbtgt/DEV-mydomain.NET at DEV-mydomain.NET [root at dc2-ipa-dev-nvan ~]# ldapsearch -Y GSSAPI -b "cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" SASL/GSSAPI authentication started SASL username: host/dc2-ipa-dev-nvan.dev-mydomain.net at DEV-mydomain.NET SASL SSF: 56 SASL data security layer installed. # extended LDIF # # LDAPv3 # base with scope subtree # filter: (objectclass=*) # requesting: ALL # # search result search: 4 result: 0 Success # numResponses: 1 [root at dc2-ipa-dev-nvan ~]# ======================================================== logs from old master (current host) during search using host keytab ======================================================== [21/Jan/2016:19:55:15 -0800] conn=76103 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [21/Jan/2016:19:55:15 -0800] conn=76103 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [21/Jan/2016:19:55:15 -0800] conn=76103 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [21/Jan/2016:19:55:15 -0800] conn=76103 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [21/Jan/2016:19:55:15 -0800] conn=76103 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI [21/Jan/2016:19:55:15 -0800] conn=76103 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=dc2-ipa-dev-nvan.dev-mydomain.net,cn=computers,cn=accounts,dc=dev-mydomain,dc=net" [21/Jan/2016:19:55:15 -0800] conn=76103 op=4 SRCH base="cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" scope=2 filter="(objectClass=*)" attrs=ALL [21/Jan/2016:19:55:15 -0800] conn=76103 op=4 RESULT err=0 tag=101 nentries=0 etime=0 [21/Jan/2016:19:55:15 -0800] conn=76103 op=5 UNBIND [21/Jan/2016:19:55:15 -0800] conn=76103 op=5 fd=273 closed - U1 =========================================================== logs from old master (current host) during search as admin =========================================================== [21/Jan/2016:19:54:40 -0800] conn=76094 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [21/Jan/2016:19:54:40 -0800] conn=76094 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [21/Jan/2016:19:54:40 -0800] conn=76094 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [21/Jan/2016:19:54:40 -0800] conn=76094 op=2 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [21/Jan/2016:19:54:40 -0800] conn=76094 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI [21/Jan/2016:19:54:40 -0800] conn=76094 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=admin,cn=users,cn=accounts,dc=dev-mydomain,dc=net" [21/Jan/2016:19:54:40 -0800] conn=76094 op=4 SRCH base="cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" scope=2 filter="(objectClass=*)" attrs=ALL [21/Jan/2016:19:54:40 -0800] conn=76094 op=4 RESULT err=0 tag=101 nentries=0 etime=0 [21/Jan/2016:19:54:40 -0800] conn=76094 op=5 UNBIND [21/Jan/2016:19:54:40 -0800] conn=76094 op=5 fd=143 closed - U1 -----Original Message----- From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Ludwig Krispenz Sent: January-21-16 7:45 AM To: freeipa-users at redhat.com Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists On 01/21/2016 08:50 AM, Nathan Peters wrote: > I don't know if this makes a difference too, but I performed the same checks on a different completely working and joined FreeIPA master, against other masters, and even against itself directly. > > It seems that no account, no keytab, and no host can see that mapping tree branch no matter who they search from or against if GSSAPI is used. there should be no difference in the result, it should only depend on the acis and in one of your previous posts you said that you don't get a result bound as admin: >>> [root at dc2-ipa-dev-van ~]# ldapsearch -Hldaps://dc2-ipa-dev-nvan.mydomain.net -b "cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" -D "uid=admin,cn=users,cn=accounts,dc=mydomain,dc=net" -W Enter LDAP Password: # extended LDIF # # LDAPv3 # base with scope subtree # filter: (objectclass=*) # requesting: ALL # # search result search: 2 result: 0 Success # numResponses: 1 ---snip--- So we know that for whatever reason, this particular DN cannot be searched from anyone other than directory manager. <<< so could you provide the result and log of a search with gssapi and directly bound to the same server. And as directory manager query the acis in the mapping tree entry From jhrozek at redhat.com Fri Jan 22 07:54:04 2016 From: jhrozek at redhat.com (Jakub Hrozek) Date: Fri, 22 Jan 2016 08:54:04 +0100 Subject: [Freeipa-users] idoverride-add gives incorrect, inconsistant results? In-Reply-To: References: <0137003026EBE54FBEC540C5600C03C432DB61@PMC-EXMBX02.petermac.org.au> <20160119074936.GD3391@hendrix> <20160120084225.GA3391@hendrix> Message-ID: <540697E4-3E30-4377-9CF8-9C6B1F7D3093@redhat.com> > On 22 Jan 2016, at 01:25, Lachlan Musicman wrote: > > The /var/log/sssd/ldap_child.log have one line repeated: > > [[sssd[ldap_child[9738]]]] [ldap_child_get_tgt_sync] (0x0010): Failed to init credentials: Cannot contact any KDC for realm UNIX.CO.ORG.AU > > All other log files are 0 size. Well, sssd only logs critical failures by default. If UNIX.CO.ORG.AU is your IPA domain, then chances are your clients are operating offline..nonetheless it might be a good idea to check out https://fedorahosted.org/sssd/wiki/Troubleshooting and see what the logs have to say.. > > > cheers > L. > > ------ > The most dangerous phrase in the language is, "We've always done it this way." > > - Grace Hopper > > On 22 January 2016 at 11:17, Lachlan Musicman wrote: > No, I've not updated to 1.13.0-41 - I do the "yum upgrades" relatively frequently, I don't think it's in the repos yet. > > cheers > L. > > ------ > The most dangerous phrase in the language is, "We've always done it this way." > > - Grace Hopper > > On 20 January 2016 at 19:42, Jakub Hrozek wrote: > On Wed, Jan 20, 2016 at 09:15:47AM +1100, Lachlan Musicman wrote: > > 1.13.0 > > I suspect it's 7.2, then. Did you alrady update to the latest available > version (1.13.0-41)? If yes, do you have logfiles? > > See https://fedorahosted.org/sssd/wiki/Troubleshooting > > From john.obaterspok at gmail.com Fri Jan 22 07:53:45 2016 From: john.obaterspok at gmail.com (John Obaterspok) Date: Fri, 22 Jan 2016 08:53:45 +0100 Subject: [Freeipa-users] Samba crashes with recent F23 update Message-ID: Hello, I'm running F23 and now IPA fails to start due to crash in smb: -- Unit smb.service has begun starting up. jan 22 08:38:52 ipa.win.lan audit[7037]: ANOM_ABEND auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:smbd_t:s0 pid=7037 comm="smbd" exe="/usr/sbin/smbd" sig=6 jan 22 08:38:58 ipa.win.lan systemd-coredump[7038]: Process 7037 (smbd) of user 0 dumped core. Stack trace of thread 7037: #0 0x00007f1cb7bc8a98 raise (libc.so.6) #1 0x00007f1cb7bca69a abort (libc.so.6) #2 0x00007f1cbb5c060c smb_panic (libsamba-util.so.0) #3 0x00007f1cb8168675 _talloc_free (libtalloc.so.2) #4 0x00007f1cb87a206c lpcfg_string_free (libsamba-hostconfig.so.0) #5 0x00007f1cb87a20a5 lpcfg_string_set (libsamba-hostconfig.so.0) #6 0x00007f1cb9541208 lp_load_ex (libsmbconf.so.0) #7 0x00007f1cb9540d5d lp_load_ex (libsmbconf.so.0) #8 0x00007f1cb95415c0 lp_load_initial_only (libsmbconf.so.0) #9 0x000055df01d405fb main (smbd) #10 0x00007f1cb7bb4580 __libc_start_main (libc.so.6) #11 0x000055df01d41b79 _start (smbd) -- Subject: Process 7037 (smbd) dumped core Anyone seen this? samba-4.3.4-0.fc23.x86_64 freeipa-server-4.2.3-1.1.fc23.x86_64 -- john -------------- next part -------------- An HTML attachment was scrubbed... URL: From abokovoy at redhat.com Fri Jan 22 08:14:25 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Fri, 22 Jan 2016 10:14:25 +0200 Subject: [Freeipa-users] Samba crashes with recent F23 update In-Reply-To: References: Message-ID: <20160122081425.GN4316@redhat.com> On Fri, 22 Jan 2016, John Obaterspok wrote: >Hello, > >I'm running F23 and now IPA fails to start due to crash in smb: > > >-- Unit smb.service has begun starting up. >jan 22 08:38:52 ipa.win.lan audit[7037]: ANOM_ABEND auid=4294967295 uid=0 >gid=0 ses=4294967295 subj=system_u:system_r:smbd_t:s0 pid=7037 comm="smbd" >exe="/usr/sbin/smbd" sig=6 >jan 22 08:38:58 ipa.win.lan systemd-coredump[7038]: Process 7037 (smbd) of >user 0 dumped core. > > Stack trace of thread >7037: > #0 > 0x00007f1cb7bc8a98 raise (libc.so.6) > #1 > 0x00007f1cb7bca69a abort (libc.so.6) > #2 > 0x00007f1cbb5c060c smb_panic (libsamba-util.so.0) > #3 > 0x00007f1cb8168675 _talloc_free (libtalloc.so.2) > #4 > 0x00007f1cb87a206c lpcfg_string_free (libsamba-hostconfig.so.0) > #5 > 0x00007f1cb87a20a5 lpcfg_string_set (libsamba-hostconfig.so.0) > #6 > 0x00007f1cb9541208 lp_load_ex (libsmbconf.so.0) > #7 > 0x00007f1cb9540d5d lp_load_ex (libsmbconf.so.0) > #8 > 0x00007f1cb95415c0 lp_load_initial_only (libsmbconf.so.0) > #9 > 0x000055df01d405fb main (smbd) > #10 >0x00007f1cb7bb4580 __libc_start_main (libc.so.6) > #11 >0x000055df01d41b79 _start (smbd) >-- Subject: Process 7037 (smbd) dumped core > >Anyone seen this? > >samba-4.3.4-0.fc23.x86_64 >freeipa-server-4.2.3-1.1.fc23.x86_64 Yes, there is a bug about it. https://bugzilla.redhat.com/show_bug.cgi?id=1300038 -- / Alexander Bokovoy From lkrispen at redhat.com Fri Jan 22 08:44:10 2016 From: lkrispen at redhat.com (Ludwig Krispenz) Date: Fri, 22 Jan 2016 09:44:10 +0100 Subject: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists In-Reply-To: References: <569DF522.4090505@redhat.com> <569E687D.5040006@redhat.com> <569E9D5F.9070801@redhat.com> <569EC761.9090306@redhat.com> <569F5B19.50009@redhat.com> <569FE2EC.5080307@redhat.com> <56A0F93E.3000406@redhat.com> Message-ID: <56A1EBDA.6060502@redhat.com> On 01/22/2016 04:48 AM, Nathan Peters wrote: > Here are the results for that aci search using a non gssapi bind by directory manager on the old master that we are attempting to join agains. I don't see anything in this list that would indicate that some users should or should not have access through a certain method. Unless one of those sasl config settings is doing it ? > > [root at dc2-ipa-dev-nvan ~]# ldapsearch -D "cn=directory manager" -W -b "cn=config" "(aci=*)" you need to request the aci attribute to see the acis: ldapsearch -D "cn=directory manager" -W -b "cn=config" "(aci=*)" aci > Enter LDAP Password: > # extended LDIF > # > # LDAPv3 > # base with scope subtree > # filter: (aci=*) > # requesting: ALL > # > > # config > dn: cn=config > cn: config > objectClass: top > objectClass: extensibleObject > objectClass: nsslapdConfig > nsslapd-backendconfig: cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=co > nfig > nsslapd-backendconfig: cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=confi > g > nsslapd-backendconfig: cn=config,cn=changelog,cn=ldbm database,cn=plugins,cn=c > onfig > nsslapd-betype: ldbm database > nsslapd-privatenamespaces: cn=schema > nsslapd-privatenamespaces: > nsslapd-privatenamespaces: cn=monitor > nsslapd-privatenamespaces: cn=config > nsslapd-plugin: cn=binary syntax,cn=plugins,cn=config > nsslapd-plugin: cn=bit string syntax,cn=plugins,cn=config > nsslapd-plugin: cn=boolean syntax,cn=plugins,cn=config > nsslapd-plugin: cn=case exact string syntax,cn=plugins,cn=config > nsslapd-plugin: cn=case ignore string syntax,cn=plugins,cn=config > nsslapd-plugin: cn=country string syntax,cn=plugins,cn=config > nsslapd-plugin: cn=delivery method syntax,cn=plugins,cn=config > nsslapd-plugin: cn=distinguished name syntax,cn=plugins,cn=config > nsslapd-plugin: cn=enhanced guide syntax,cn=plugins,cn=config > nsslapd-plugin: cn=facsimile telephone number syntax,cn=plugins,cn=config > nsslapd-plugin: cn=fax syntax,cn=plugins,cn=config > nsslapd-plugin: cn=generalized time syntax,cn=plugins,cn=config > nsslapd-plugin: cn=guide syntax,cn=plugins,cn=config > nsslapd-plugin: cn=integer syntax,cn=plugins,cn=config > nsslapd-plugin: cn=jpeg syntax,cn=plugins,cn=config > nsslapd-plugin: cn=name and optional uid syntax,cn=plugins,cn=config > nsslapd-plugin: cn=numeric string syntax,cn=plugins,cn=config > nsslapd-plugin: cn=octet string syntax,cn=plugins,cn=config > nsslapd-plugin: cn=oid syntax,cn=plugins,cn=config > nsslapd-plugin: cn=postal address syntax,cn=plugins,cn=config > nsslapd-plugin: cn=printable string syntax,cn=plugins,cn=config > nsslapd-plugin: cn=telephone syntax,cn=plugins,cn=config > nsslapd-plugin: cn=teletex terminal identifier syntax,cn=plugins,cn=config > nsslapd-plugin: cn=telex number syntax,cn=plugins,cn=config > nsslapd-plugin: cn=octetstringmatch,cn=plugins,cn=config > nsslapd-plugin: cn=octetstringorderingmatch,cn=plugins,cn=config > nsslapd-plugin: cn=bitstringmatch,cn=plugins,cn=config > nsslapd-plugin: cn=bitwise plugin,cn=plugins,cn=config > nsslapd-plugin: cn=caseexactia5match,cn=plugins,cn=config > nsslapd-plugin: cn=caseexactmatch,cn=plugins,cn=config > nsslapd-plugin: cn=caseexactorderingmatch,cn=plugins,cn=config > nsslapd-plugin: cn=caseexactsubstringsmatch,cn=plugins,cn=config > nsslapd-plugin: cn=caseexactia5substringsmatch,cn=plugins,cn=config > nsslapd-plugin: cn=generalizedtimematch,cn=plugins,cn=config > nsslapd-plugin: cn=generalizedtimeorderingmatch,cn=plugins,cn=config > nsslapd-plugin: cn=booleanmatch,cn=plugins,cn=config > nsslapd-plugin: cn=caseignoreia5match,cn=plugins,cn=config > nsslapd-plugin: cn=caseignoreia5substringsmatch,cn=plugins,cn=config > nsslapd-plugin: cn=caseignorematch,cn=plugins,cn=config > nsslapd-plugin: cn=caseignoreorderingmatch,cn=plugins,cn=config > nsslapd-plugin: cn=caseignoresubstringsmatch,cn=plugins,cn=config > nsslapd-plugin: cn=caseignorelistmatch,cn=plugins,cn=config > nsslapd-plugin: cn=caseignorelistsubstringsmatch,cn=plugins,cn=config > nsslapd-plugin: cn=objectidentifiermatch,cn=plugins,cn=config > nsslapd-plugin: cn=directorystringfirstcomponentmatch,cn=plugins,cn=config > nsslapd-plugin: cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config > nsslapd-plugin: cn=distinguishednamematch,cn=plugins,cn=config > nsslapd-plugin: cn=integermatch,cn=plugins,cn=config > nsslapd-plugin: cn=integerorderingmatch,cn=plugins,cn=config > nsslapd-plugin: cn=integerfirstcomponentmatch,cn=plugins,cn=config > nsslapd-plugin: cn=internationalization plugin,cn=plugins,cn=config > nsslapd-plugin: cn=uniquemembermatch,cn=plugins,cn=config > nsslapd-plugin: cn=numericstringmatch,cn=plugins,cn=config > nsslapd-plugin: cn=numericstringorderingmatch,cn=plugins,cn=config > nsslapd-plugin: cn=numericstringsubstringsmatch,cn=plugins,cn=config > nsslapd-plugin: cn=telephonenumbermatch,cn=plugins,cn=config > nsslapd-plugin: cn=telephonenumbersubstringsmatch,cn=plugins,cn=config > nsslapd-requiresrestart: cn=config:nsslapd-port > nsslapd-requiresrestart: cn=config:nsslapd-secureport > nsslapd-requiresrestart: cn=config:nsslapd-ldapifilepath > nsslapd-requiresrestart: cn=config:nsslapd-ldapilisten > nsslapd-requiresrestart: cn=config:nsslapd-workingdir > nsslapd-requiresrestart: cn=config:nsslapd-plugin > nsslapd-requiresrestart: cn=config:nsslapd-sslclientauth > nsslapd-requiresrestart: cn=config:nsslapd-changelogdir > nsslapd-requiresrestart: cn=config:nsslapd-changelogsuffix > nsslapd-requiresrestart: cn=config:nsslapd-changelogmaxentries > nsslapd-requiresrestart: cn=config:nsslapd-changelogmaxage > nsslapd-requiresrestart: cn=config:nsslapd-db-locks > nsslapd-requiresrestart: cn=config:nsslapd-maxdescriptors > nsslapd-requiresrestart: cn=config:nsslapd-return-exact-case > nsslapd-requiresrestart: cn=config:nsslapd-schema-ignore-trailing-spaces > nsslapd-requiresrestart: cn=config,cn=ldbm:nsslapd-idlistscanlimit > nsslapd-requiresrestart: cn=config,cn=ldbm:nsslapd-parentcheck > nsslapd-requiresrestart: cn=config,cn=ldbm:nsslapd-dbcachesize > nsslapd-requiresrestart: cn=config,cn=ldbm:nsslapd-dbncache > nsslapd-requiresrestart: cn=config,cn=ldbm:nsslapd-cachesize > nsslapd-requiresrestart: cn=config,cn=ldbm:nsslapd-plugin > nsslapd-requiresrestart: cn=encryption,cn=config:nssslsessiontimeout > nsslapd-requiresrestart: cn=encryption,cn=config:nssslclientauth > nsslapd-requiresrestart: cn=encryption,cn=config:nsssl2 > nsslapd-requiresrestart: cn=encryption,cn=config:nsssl3 > nsslapd-auditlog-mode: 600 > nsslapd-auditlog-logrotationsync-enabled: off > nsslapd-auditlog-logrotationsynchour: 0 > nsslapd-auditlog-logrotationsyncmin: 0 > nsslapd-auditlog-logrotationtime: 1 > nsslapd-accesslog-mode: 600 > nsslapd-accesslog-maxlogsperdir: 10 > nsslapd-errorlog-level: 16384 > nsslapd-errorlog-logging-enabled: on > nsslapd-errorlog-mode: 600 > nsslapd-errorlog-logexpirationtime: 1 > nsslapd-accesslog-logging-enabled: on > nsslapd-port: 389 > nsslapd-workingdir: /var/log/dirsrv/slapd-DEV-mydomain-NET > nsslapd-maxthreadsperconn: 5 > nsslapd-accesslog-logexpirationtime: 1 > nsslapd-localuser: dirsrv > nsslapd-errorlog-logrotationsync-enabled: off > nsslapd-errorlog-logrotationsynchour: 0 > nsslapd-errorlog-logrotationsyncmin: 0 > nsslapd-errorlog-logrotationtime: 1 > passwordInHistory: 6 > passwordUnlock: on > passwordGraceLimit: 0 > nsslapd-accesslog-logrotationsync-enabled: off > nsslapd-accesslog-logrotationsynchour: 0 > nsslapd-accesslog-logrotationsyncmin: 0 > nsslapd-accesslog-logrotationtime: 1 > passwordMustChange: off > nsslapd-pwpolicy-local: off > nsslapd-auditlog-logmaxdiskspace: 100 > nsslapd-sizelimit: 2000 > nsslapd-auditlog-maxlogsize: 100 > passwordWarning: 86400 > nsslapd-readonly: off > nsslapd-sasl-mapping-fallback: on > nsslapd-threadnumber: 30 > passwordLockout: off > nsslapd-enquote-sup-oc: off > nsslapd-localhost: dc2-ipa-dev-nvan.dev-mydomain.net > nsslapd-ioblocktimeout: 1800000 > nsslapd-max-filter-nest-level: 40 > nsslapd-errorlog-logmaxdiskspace: 100 > passwordMinLength: 8 > passwordMinDigits: 0 > passwordMinAlphas: 0 > passwordMinUppers: 0 > passwordMinLowers: 0 > passwordMinSpecials: 0 > passwordMin8bit: 0 > passwordMaxRepeats: 0 > passwordMinCategories: 3 > passwordMinTokenLength: 3 > nsslapd-errorlog: /var/log/dirsrv/slapd-DEV-mydomain-NET/errors > nsslapd-auditlog-logexpirationtime: 1 > nsslapd-schemacheck: on > nsslapd-schemamod: on > nsslapd-syntaxcheck: on > nsslapd-syntaxlogging: off > nsslapd-dn-validate-strict: off > nsslapd-ds4-compatible-schema: off > nsslapd-schema-ignore-trailing-spaces: off > nsslapd-schemareplace: replication-only > nsslapd-accesslog-logmaxdiskspace: 500 > passwordMaxFailure: 3 > nsslapd-accesslog: /var/log/dirsrv/slapd-DEV-mydomain-NET/access > nsslapd-lastmod: on > nsslapd-security: on > passwordMaxAge: 8640000 > nsslapd-auditlog-logrotationtimeunit: day > passwordResetFailureCount: 600 > passwordIsGlobalPolicy: off > passwordLegacyPolicy: on > passwordTrackUpdateTime: off > nsslapd-auditlog-maxlogsperdir: 1 > nsslapd-errorlog-logexpirationtimeunit: month > nsslapd-groupevalnestlevel: 0 > nsslapd-accesslog-logexpirationtimeunit: month > nsslapd-rootpw: {SSHA}dVkYQwrJNWRuX/ErfQCCtcEE1pOjkpm8sIUgDw== > passwordChange: on > nsslapd-accesslog-level: 256 > nsslapd-errorlog-logrotationtimeunit: week > nsslapd-securePort: 636 > nsslapd-certmap-basedn: > nsslapd-timelimit: 3600 > nsslapd-errorlog-maxlogsize: 100 > nsslapd-reservedescriptors: 64 > nsslapd-svrtab: > passwordExp: off > nsslapd-accesscontrol: on > nsslapd-accesslog-logrotationtimeunit: day > passwordLockoutDuration: 3600 > nsslapd-accesslog-maxlogsize: 100 > nsslapd-idletimeout: 0 > nsslapd-nagle: on > nsslapd-errorlog-logminfreediskspace: 5 > nsslapd-auditlog-logging-enabled: off > nsslapd-auditlog-logging-hide-unhashed-pw: on > nsslapd-accesslog-logbuffering: on > nsslapd-csnlogging: on > nsslapd-auditlog-logexpirationtimeunit: month > nsslapd-allow-hashed-passwords: on > passwordCheckSyntax: off > nsslapd-listenhost: > nsslapd-snmp-index: 0 > nsslapd-ldapifilepath: /var/run/slapd-DEV-mydomain-NET.socket > nsslapd-ldapilisten: on > nsslapd-ldapiautobind: on > nsslapd-ldapimaprootdn: cn=Directory Manager > nsslapd-ldapimaptoentries: on > nsslapd-ldapiuidnumbertype: uidNumber > nsslapd-ldapigidnumbertype: gidNumber > nsslapd-ldapientrysearchbase: dc=example,dc=com > nsslapd-anonlimitsdn: cn=anonymous-limits,cn=etc,dc=dev-mydomain,dc=net > nsslapd-counters: on > nsslapd-accesslog-logminfreediskspace: 5 > nsslapd-errorlog-maxlogsperdir: 2 > nsslapd-securelistenhost: > nsslapd-auditlog-logminfreediskspace: 5 > nsslapd-rootdn: cn=Directory Manager > passwordMinAge: 0 > nsslapd-auditlog: /var/log/dirsrv/slapd-DEV-mydomain-NET/audit > nsslapd-return-exact-case: on > nsslapd-result-tweak: off > nsslapd-plugin-binddn-tracking: off > nsslapd-moddn-aci: on > nsslapd-attribute-name-exceptions: off > nsslapd-maxbersize: 209715200 > nsslapd-maxsasliosize: 2097152 > nsslapd-versionstring: 389-Directory/1.3.4.5 > nsslapd-referralmode: > nsslapd-maxdescriptors: 8192 > nsslapd-conntablesize: 8192 > nsslapd-SSLclientAuth: allowed > nsslapd-config: cn=config > nsslapd-instancedir: /var/lib/dirsrv/scripts-DEV-mydomain-NET > nsslapd-schemadir: /etc/dirsrv/slapd-DEV-mydomain-NET/schema > nsslapd-lockdir: /var/lock/dirsrv/slapd-DEV-mydomain-NET > nsslapd-tmpdir: /tmp > nsslapd-certdir: /etc/dirsrv/slapd-DEV-mydomain-NET > nsslapd-ldifdir: /var/lib/dirsrv/slapd-DEV-mydomain-NET/ldif > nsslapd-bakdir: /var/lib/dirsrv/slapd-DEV-mydomain-NET/bak > nsslapd-saslpath: > nsslapd-rundir: /var/run/dirsrv > nsslapd-rewrite-rfc1274: off > nsslapd-outbound-ldap-io-timeout: 300000 > nsslapd-allow-unauthenticated-binds: off > nsslapd-require-secure-binds: off > nsslapd-allow-anonymous-access: on > nsslapd-localssf: 71 > nsslapd-minssf: 0 > nsslapd-minssf-exclude-rootdse: on > nsslapd-force-sasl-external: off > nsslapd-entryusn-global: on > nsslapd-entryusn-import-initval: next > nsslapd-allowed-to-delete-attrs: passwordadmindn nsslapd-listenhost nsslapd-se > curelistenhost nsslapd-defaultnamingcontext > nsslapd-validate-cert: warn > nsslapd-pagedsizelimit: 0 > nsslapd-defaultnamingcontext: dc=dev-mydomain,dc=net > nsslapd-disk-monitoring: off > nsslapd-disk-monitoring-threshold: 2097152 > nsslapd-disk-monitoring-grace-period: 60 > nsslapd-disk-monitoring-logging-critical: off > nsslapd-ndn-cache-enabled: on > nsslapd-ndn-cache-max-size: 20971520 > nsslapd-allowed-sasl-mechanisms: > nsslapd-ignore-virtual-attrs: off > nsslapd-unhashed-pw-switch: on > nsslapd-sasl-max-buffer-size: 2097152 > nsslapd-search-return-original-type-switch: off > nsslapd-enable-turbo-mode: on > nsslapd-connection-buffer: 1 > nsslapd-connection-nocanon: on > nsslapd-plugin-logging: off > nsslapd-listen-backlog-size: 128 > nsslapd-dynamic-plugins: off > nsslapd-cn-uses-dn-syntax-in-dns: off > nsslapd-malloc-mxfast: -10 > nsslapd-malloc-trim-threshold: -10 > nsslapd-malloc-mmap-threshold: -10 > nsslapd-ignore-time-skew: off > nsslapd-global-backend-lock: off > nsslapd-maxsimplepaged-per-conn: -1 > nsslapd-enable-nunc-stans: off > passwordStorageScheme: SSHA > passwordAdminDN: > nsslapd-rootpwstoragescheme: SSHA > nsslapd-errorlog-list: > nsslapd-accesslog-list: /var/log/dirsrv/slapd-DEV-mydomain-NET/access.20160121-071658 > nsslapd-accesslog-list: /var/log/dirsrv/slapd-DEV-mydomain-NET/access.20160121-022556 > nsslapd-accesslog-list: /var/log/dirsrv/slapd-DEV-mydomain-NET/access.20160120-191523 > nsslapd-accesslog-list: /var/log/dirsrv/slapd-DEV-mydomain-NET/access.20160120-091819 > nsslapd-accesslog-list: /var/log/dirsrv/slapd-DEV-mydomain-NET/access.20160120-021415 > nsslapd-accesslog-list: /var/log/dirsrv/slapd-DEV-mydomain-NET/access.20160119-165941 > nsslapd-accesslog-list: /var/log/dirsrv/slapd-DEV-mydomain-NET/access.20160119-065036 > nsslapd-accesslog-list: /var/log/dirsrv/slapd-DEV-mydomain-NET/access.20160119-023133 > nsslapd-accesslog-list: /var/log/dirsrv/slapd-DEV-mydomain-NET/access.20160118-205128 > nsslapd-auditlog-list: > nsslapd-ssl-check-hostname: on > nsslapd-hash-filters: off > > # mapping tree, config > dn: cn=mapping tree,cn=config > cn: mapping tree > objectClass: top > objectClass: extensibleObject > > # SNMP, config > dn: cn=SNMP,cn=config > cn: SNMP > nsSNMPEnabled: on > objectClass: top > objectClass: nsSNMP > > # tasks, config > dn: cn=tasks,cn=config > cn: tasks > objectClass: top > objectClass: extensibleObject > > # csusers, config > dn: ou=csusers,cn=config > objectClass: top > objectClass: organizationalUnit > ou: csusers > > # 1.3.6.1.4.1.4203.1.9.1.1, features, config > dn: oid=1.3.6.1.4.1.4203.1.9.1.1,cn=features,cn=config > cn: Sync Request Control > objectClass: top > objectClass: directoryServerFeature > oid: 1.3.6.1.4.1.4203.1.9.1.1 > > # 2.16.840.1.113730.3.4.9, features, config > dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config > cn: VLV Request Control > objectClass: top > objectClass: directoryServerFeature > oid: 2.16.840.1.113730.3.4.9 > > # dc\3Ddev-mydomain\2Cdc\3Dnet, mapping tree, config > dn: cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config > cn: dc=dev-mydomain,dc=net > cn: "dc=dev-mydomain,dc=net" > nsslapd-backend: userRoot > nsslapd-referral: ldap://dc1-ipa-dev-van.dev-mydomain.net:389/dc%3Ddev-mydomain%2Cdc%3Dnet > nsslapd-referral: ldap://dc1-ipa-dev-nvan.dev-mydomain.net:389/dc%3Ddev-mydomain%2Cdc%3Dnet > nsslapd-state: backend > objectClass: top > objectClass: extensibleObject > objectClass: nsMappingTree > > # o\3Dipaca, mapping tree, config > dn: cn=o\3Dipaca,cn=mapping tree,cn=config > cn: o=ipaca > nsslapd-backend: ipaca > nsslapd-referral: ldap://dc1-ipa-dev-nvan.dev-mydomain.net:389/o%3Dipaca > nsslapd-referral: ldap://dc1-ipa-dev-van.dev-mydomain.net:389/o%3Dipaca > nsslapd-state: Backend > objectClass: top > objectClass: extensibleObject > objectClass: nsMappingTree > > # ldbm database, plugins, config > dn: cn=ldbm database,cn=plugins,cn=config > cn: ldbm database > nsslapd-plugin-depends-on-type: Syntax > nsslapd-plugin-depends-on-type: matchingRule > nsslapd-pluginDescription: high-performance LDAP backend database plugin > nsslapd-pluginEnabled: on > nsslapd-pluginId: ldbm-backend > nsslapd-pluginInitfunc: ldbm_back_init > nsslapd-pluginPath: libback-ldbm > nsslapd-pluginType: database > nsslapd-pluginVendor: 389 Project > nsslapd-pluginVersion: 1.3.4.5 > objectClass: top > objectClass: nsSlapdPlugin > objectClass: extensibleObject > > # Posix IDs, Distributed Numeric Assignment Plugin, plugins, config > dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config > cn: Posix IDs > dnaExcludeScope: cn=provisioning,dc=dev-mydomain,dc=net > dnaFilter: (|(objectClass=posixAccount)(objectClass=posixGroup)(objectClass=ipaIDobject)) > dnaMagicRegen: -1 > dnaMaxValue: 1100 > dnaNextValue: 1101 > dnaScope: dc=dev-mydomain,dc=net > dnaSharedCfgDN: cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=dev-mydomain,dc=net > dnaThreshold: 500 > dnaType: uidNumber > dnaType: gidNumber > objectClass: top > objectClass: extensibleObject > > # userRoot, ldbm database, plugins, config > dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config > cn: userRoot > objectClass: top > objectClass: extensibleObject > objectClass: nsBackendInstance > nsslapd-suffix: dc=dev-mydomain,dc=net > nsslapd-cachesize: -1 > nsslapd-cachememsize: 10485760 > nsslapd-readonly: off > nsslapd-require-index: off > nsslapd-directory: /var/lib/dirsrv/slapd-DEV-mydomain-NET/db/userRoot > nsslapd-dncachememsize: 10485760 > > # search result > search: 2 > result: 0 Success > > # numResponses: 13 > # numEntries: 12 > > > -----Original Message----- > From: Rich Megginson [mailto:rmeggins at redhat.com] > Sent: January-21-16 7:29 AM > To: Nathan Peters; freeipa-users at redhat.com > Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists > > On 01/21/2016 12:50 AM, Nathan Peters wrote: >> I don't know if this makes a difference too, but I performed the same checks on a different completely working and joined FreeIPA master, against other masters, and even against itself directly. >> >> It seems that no account, no keytab, and no host can see that mapping tree branch no matter who they search from or against if GSSAPI is used. >> >> >> -----Original Message----- >> From: freeipa-users-bounces at redhat.com >> [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Nathan Peters >> Sent: January-20-16 11:41 PM >> To: Rich Megginson; freeipa-users at redhat.com >> Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails >> with DuplicateEntry: This entry already exists >> >> All checks below were performed from the host we are trying to turn >> into a replica and they were performed against the master who logs I >> also show >> >> The first check was to kinit admin and try the search. Surprisingly, the GSSAPI bind returns no results when we search that. In my previous email you can see that the standard bind gets a result as admin for that search. >> >> Next, I tried as the host by kinit with its keytab. Same result, nothing back. >> >> Finally I tried as my own personal admin user. Same result, nothing back. >> >> For good measure, I tried a broad search against the base "cn=mydomain,cn=net" as each user as well and I'll spare you the ten thousand lines of screenshot but the results were as expected, several thousand entries in that tree. >> Although the output differed slightly. This is the total as admin or >> my personal user # numResponses: 3372 # numEntries: 3371 >> >> and this is the total as the host keytab account >> >> # numResponses: 3371 >> # numEntries: 3370 >> >> To be even more thorough, I did searches farther and farther up the config tree using GSSAPI until I found something. The only thing that is visible through GSSAPI searches is the base of the config tree. Even the mapping tree branch doesn't seem to be visible. >> >> At the very bottom of this email is the results of the search against cn=config directly as the attempted new replica and as admin. Admin gets about 50 results and the host only gets about 30 for some reason. I get the same results as admin on my personal account so I've excluded those. >> >> So if I got all that right I was able to determine that only the base of the config tree is available using GSSAPI for any account, users for some reason get slightly more results than hosts, and all accounts can see the dc=mydomain,dc=net tree just fine using GSSAPI. >> >> So does that help shed some light on what the cause of this might be or why the server is not answering as expected? >> >> Is there some way I can adjust this so everyone can see the results they do using regular binds as they do using GSSAPI binds ? >> >> Is there some way I can check ACLS on stuff ? > https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Access_Control-Viewing_the_ACIs_for_an_Entry.html > > Note: There is a bug in the docs. You have to also specify the suffix e.g. "-b cn=config", and make sure the search filter is quoted e.g. > '(aci=*)' > > If it is not aci related, I have no idea why you would get different results depending on if you did a simple bind vs. a gssapi bind with the same user that mapped to the same bind DN. > From Warren.Birnbaum at nike.com Fri Jan 22 09:27:40 2016 From: Warren.Birnbaum at nike.com (Birnbaum, Warren (ETW)) Date: Fri, 22 Jan 2016 09:27:40 +0000 Subject: [Freeipa-users] Active Directory users are not controlled by HBAC Message-ID: Hi. I have a been successful using Freeipa 4.1 configuring active directory users and with sudo. The problem I am having is that the HBAC rules are not applying to my active directory users. They have access to all systems even if I disable my Allow_ALL rule. Is there something special I should be doing to domain? Thanks, Warren -------------- next part -------------- An HTML attachment was scrubbed... URL: From mkosek at redhat.com Fri Jan 22 09:47:39 2016 From: mkosek at redhat.com (Martin Kosek) Date: Fri, 22 Jan 2016 10:47:39 +0100 Subject: [Freeipa-users] FREAK Vulnerability In-Reply-To: References: <56A0F065.7050407@redhat.com> Message-ID: <56A1FABB.7060203@redhat.com> On 01/21/2016 05:54 PM, Terry John wrote: >>> I've been trying to tidy the security on my FreeIPA and this is >>> causing me some problems. I'm using OpenVAS vulnerability scanner and >>> it is coming up with this issue >>> >>> EXPORT_RSA cipher suites supported by the remote server: >>> TLSv1.0: TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0006) >>> TLSv1.0: TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0003) >>> >>> It seems we have to disable export TLS ciphers but I can't see how. I've edited /etc/httpd/conf.d/nss.conf and disabled all SSL and TLSV1.0. >> >>> NSSCipherSuite -all,-exp,+ >>> >>> I've restarted httpd and ipa but it still fails >>> >>> Is there something I have overlooked > > >> Hi Terry, >> >> Please check >> https://fedorahosted.org/freeipa/ticket/5589 >> >> We are trying to come up with a better cipher suite right now. The fix should be in some of the next FreeIPA 4.3.x versions. >> >> The ticket has more details in it. > > Thanks for the info. I have tried nearly all the NSSCipherSuite settings in that ticket but none so far has eliminated the FREAK report. > Christian thanks for the heads up on the syntax, I wasn't sure of what I was doing > > Each time I've made a change I've run an sslscan from the OpenVAS scanner and I do get a different result each time but the errors still remains in OpenVAS. > Aaargh! Just noticed the port is 636/tcp(!) which is ns-slapd. Just for the record, 389 Directory Server cipher suites for 636 were much improved in https://fedorahosted.org/freeipa/ticket/4395 https://fedorahosted.org/389/ticket/47838 i..e FreeIPA 4.0.3+ (and RHEL/CentOS 7.1 too). So that port should not use any really unsecure ciphers any more. > Back to the drawing board :-) > > > > > The Manheim group of companies within the UK comprises: Manheim Europe Limited (registered number: 03183918), Manheim Auctions Limited (registered number: 00448761), Manheim Retail Services Limited (registered number: 02838588), Motors.co.uk Limited (registered number: 05975777), Real Time Communications Limited (registered number: 04277845) and Complete Automotive Solutions Limited (registered number: 05302535). Each of these companies is registered in England and Wales with the registered office address of Central House, Leeds Road, Rothwell, Leeds LS26 0JE. The Manheim group of companies operates under various brand/trading names including Manheim Inspection Services, Manheim Auctions, Manheim Direct, Manheim De-fleet and Manheim Aftersales Solutions. > > V:0CF72C13B2AC > > From cheimes at redhat.com Fri Jan 22 10:03:05 2016 From: cheimes at redhat.com (Christian Heimes) Date: Fri, 22 Jan 2016 11:03:05 +0100 Subject: [Freeipa-users] FREAK Vulnerability In-Reply-To: References: <56A0F065.7050407@redhat.com> Message-ID: <56A1FE59.5010407@redhat.com> On 2016-01-21 17:54, Terry John wrote: > Thanks for the info. I have tried nearly all the NSSCipherSuite settings in that ticket but none so far has eliminated the FREAK report. > Christian thanks for the heads up on the syntax, I wasn't sure of what I was doing > > Each time I've made a change I've run an sslscan from the OpenVAS scanner and I do get a different result each time but the errors still remains in OpenVAS. > Aaargh! Just noticed the port is 636/tcp(!) which is ns-slapd. > > Back to the drawing board :-) Hi Terry, you can give the attached file a try. It's a ldif file for ipa-ldap-updater. You need to run the command on the machine as root and restart 389-DS. The hardened TLS configuration is highly experimental and comes with no warranty whatsoever. The configuration works on my tests systems with Python's ldap client and Apache Directory Studio. It may not work with other clients, especially older clients or clients in FIPS mode. Christian -------------- next part -------------- # Harden TLS/SSL configuration of 389-DS # # Christian Heimes # # $ sudo ipa-ldap-updater slapd_ssl.uldif # $ sudo ipactl restart dn: cn=encryption,cn=config only: allowWeakCipher: off only: nsSSL2: off only: nsSSL3: off only: nsTLS1: on only: sslVersionMin: TLS1.0 only: sslVersionMax: TLS1.2 only: nsSSL3Ciphers: +TLS_RSA_WITH_AES_128_CBC_SHA256,+TLS_RSA_WITH_AES_256_CBC_SHA256,+TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,+TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,+TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,+TLS_RSA_WITH_AES_128_GCM_SHA256,+TLS_RSA_WITH_AES_128_CBC_SHA,+TLS_RSA_WITH_AES_256_CBC_SHA -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: OpenPGP digital signature URL: From wdh at dds.nl Fri Jan 22 10:25:47 2016 From: wdh at dds.nl (Winfried de Heiden) Date: Fri, 22 Jan 2016 11:25:47 +0100 Subject: [Freeipa-users] IPA KDC Proxy Message-ID: <56A203AB.6090509@dds.nl> An HTML attachment was scrubbed... URL: From abokovoy at redhat.com Fri Jan 22 10:57:18 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Fri, 22 Jan 2016 05:57:18 -0500 (EST) Subject: [Freeipa-users] IPA KDC Proxy In-Reply-To: <56A203AB.6090509@dds.nl> References: <56A203AB.6090509@dds.nl> Message-ID: <1607578959.16647901.1453460238287.JavaMail.zimbra@redhat.com> ----- Original Message ----- > Hi all, > > I configured an IPA client using de FreeIPA 4.2 KDC Proxy something like > this: > > ~ > dns_lookup_realm = false > dns_lookup_kdc = false > ~ > [realms] > LINUX.EXAMPLE.COM = { > pkinit_anchors = FILE:/etc/ipa/ca.crt > http_anchors = FILE:/etc/ipa/ca.crt > kdc = https://ipa1.linux.example.com/KdcProxy > kpasswd_server = https://ipa1.linux.example.com/KdcProxy > } > > Now, this seems to work well, I blocked port 88 towards als KDC's, used some > tcpdump and yes: only port 443 towards the IPA server is being used and > kinit will give me a TGT. > > However, I do have a trust to a Windows AD-server. I would expect something > like this: > > ipa-client cannot access the windows AD server > ipa-server however can > ipa-client will use ipa-server as a KDC proxy and will get a TGT through the > IPA KDC-proxy > > Now, of course kinit winuser at WINDOWS.EXAMPLE.COM will give: > > [root at ipa-client7 etc]# kinit winuser at WINDOWS.EXAMPLE.COM > kinit: Cannot find KDC for realm "WINDOWS.EXAMPLE.COM" while getting initial > credentials > > Adding something like this to krb5.conf won't work, still the same error > message: > > WINDOWS.BLABLA.BLA = { > pkinit_anchors = FILE:/etc/ipa/ca.crt > http_anchors = FILE:/etc/ipa/ca.crt > kdc = https://ipa1.linux.example.com/KdcProxy > kpasswd_server = https://ipa1.linux.example.com/KdcProxy > } > > > Now, is it possible to use the IPA-server as a proxy for the trusted Windows > Domain? How...? You need to have WINDOWS.EXAMPLE.COM definition on the IPA client that points to the KDC proxy _and_ WINDOWS.EXAMPLE.COM on IPA master should point to AD DCs. The latter one should not use proxy but rather specify KDCs properly. Alternatively you should have dns_lookup_kdc = true -- / Alexander Bokovoy From cheimes at redhat.com Fri Jan 22 11:04:03 2016 From: cheimes at redhat.com (Christian Heimes) Date: Fri, 22 Jan 2016 12:04:03 +0100 Subject: [Freeipa-users] IPA KDC Proxy In-Reply-To: <56A203AB.6090509@dds.nl> References: <56A203AB.6090509@dds.nl> Message-ID: <56A20CA3.3070503@redhat.com> On 2016-01-22 11:25, Winfried de Heiden wrote: > Now, is it possible to use the IPA-server as a proxy for the trusted > Windows Domain? How...? I haven't tried yet it but it should be possible. MS-KKDCP requests are prefixed with the requested realm name. You have to configure the mapping from real name to KDC on the *server*, too. The KDC Proxy service uses /etc/krb5.conf to map realms to servers. Please add a configuration for [realms] WINDOWS.EXAMPLE.COM on the IPA server and restart Apache HTTPD. The configuration on IPA server must use the Kerboers protocol over port 88 for KDC, 749 for kadmin and 464 for kpasswd. You can't use KDC Proxy here. Christian -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: OpenPGP digital signature URL: From cheimes at redhat.com Fri Jan 22 11:05:56 2016 From: cheimes at redhat.com (Christian Heimes) Date: Fri, 22 Jan 2016 12:05:56 +0100 Subject: [Freeipa-users] IPA KDC Proxy In-Reply-To: <1607578959.16647901.1453460238287.JavaMail.zimbra@redhat.com> References: <56A203AB.6090509@dds.nl> <1607578959.16647901.1453460238287.JavaMail.zimbra@redhat.com> Message-ID: <56A20D14.8050800@redhat.com> On 2016-01-22 11:57, Alexander Bokovoy wrote: > ----- Original Message ----- >> Hi all, >> >> I configured an IPA client using de FreeIPA 4.2 KDC Proxy something like >> this: >> >> ~ >> dns_lookup_realm = false >> dns_lookup_kdc = false >> ~ >> [realms] >> LINUX.EXAMPLE.COM = { >> pkinit_anchors = FILE:/etc/ipa/ca.crt >> http_anchors = FILE:/etc/ipa/ca.crt >> kdc = https://ipa1.linux.example.com/KdcProxy >> kpasswd_server = https://ipa1.linux.example.com/KdcProxy >> } >> >> Now, this seems to work well, I blocked port 88 towards als KDC's, used some >> tcpdump and yes: only port 443 towards the IPA server is being used and >> kinit will give me a TGT. >> >> However, I do have a trust to a Windows AD-server. I would expect something >> like this: >> >> ipa-client cannot access the windows AD server >> ipa-server however can >> ipa-client will use ipa-server as a KDC proxy and will get a TGT through the >> IPA KDC-proxy >> >> Now, of course kinit winuser at WINDOWS.EXAMPLE.COM will give: >> >> [root at ipa-client7 etc]# kinit winuser at WINDOWS.EXAMPLE.COM >> kinit: Cannot find KDC for realm "WINDOWS.EXAMPLE.COM" while getting initial >> credentials >> >> Adding something like this to krb5.conf won't work, still the same error >> message: >> >> WINDOWS.BLABLA.BLA = { >> pkinit_anchors = FILE:/etc/ipa/ca.crt >> http_anchors = FILE:/etc/ipa/ca.crt >> kdc = https://ipa1.linux.example.com/KdcProxy >> kpasswd_server = https://ipa1.linux.example.com/KdcProxy >> } >> >> >> Now, is it possible to use the IPA-server as a proxy for the trusted Windows >> Domain? How...? > You need to have WINDOWS.EXAMPLE.COM definition on the IPA client that points to the KDC proxy > _and_ WINDOWS.EXAMPLE.COM on IPA master should point to AD DCs. > > The latter one should not use proxy but rather specify KDCs properly. Alternatively you should have > dns_lookup_kdc = true For FreeIPA python-kdcproxy has DNS lookup disabled. It only reads config items from /etc/krb5.conf. # cat /etc/ipa/kdcproxy/kdcproxy.conf [global] configs = mit use_dns = false Christian -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: OpenPGP digital signature URL: From jhrozek at redhat.com Fri Jan 22 12:51:55 2016 From: jhrozek at redhat.com (Jakub Hrozek) Date: Fri, 22 Jan 2016 13:51:55 +0100 Subject: [Freeipa-users] Active Directory users are not controlled by HBAC In-Reply-To: References: Message-ID: <20160122125155.GE7092@hendrix.redhat.com> On Fri, Jan 22, 2016 at 09:27:40AM +0000, Birnbaum, Warren (ETW) wrote: > Hi. > > I have a been successful using Freeipa 4.1 configuring active directory users and with sudo. The problem I am having is that the HBAC rules are not applying to my active directory users. They have access to all systems even if I disable my Allow_ALL rule. Is there something special I should be doing to domain? Normally HBAC for AD users should be done through an external group you add the AD users or groups to, then add the external group to a regular IPA group and reference this IPA group from HBAC rules. There have been bugs related to external groups resolution, so please update to the latest IPA and SSSD packages also. From Warren.Birnbaum at nike.com Fri Jan 22 13:36:36 2016 From: Warren.Birnbaum at nike.com (Birnbaum, Warren (ETW)) Date: Fri, 22 Jan 2016 13:36:36 +0000 Subject: [Freeipa-users] Active Directory users are not controlled by HBAC In-Reply-To: <20160122125155.GE7092@hendrix.redhat.com> References: <20160122125155.GE7092@hendrix.redhat.com> Message-ID: Thanks for you reply. I understand what you are saying but don?t see how this would work because Allow_All is my current situation (even with this rule disabled). My understand is you can?t restrict through a rule, only limit. I am missing something? On 1/22/16, 1:51 PM, "freeipa-users-bounces at redhat.com on behalf of Jakub Hrozek" wrote: >On Fri, Jan 22, 2016 at 09:27:40AM +0000, Birnbaum, Warren (ETW) wrote: >> Hi. >> >> I have a been successful using Freeipa 4.1 configuring active directory >>users and with sudo. The problem I am having is that the HBAC rules are >>not applying to my active directory users. They have access to all >>systems even if I disable my Allow_ALL rule. Is there something special >>I should be doing to domain? > >Normally HBAC for AD users should be done through an external group you >add the AD users or groups to, then add the external group to a regular >IPA group and reference this IPA group from HBAC rules. > >There have been bugs related to external groups resolution, so please >update to the latest IPA and SSSD packages also. > >-- >Manage your subscription for the Freeipa-users mailing list: >https://www.redhat.com/mailman/listinfo/freeipa-users >Go to http://freeipa.org for more info on the project From abokovoy at redhat.com Fri Jan 22 13:44:38 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Fri, 22 Jan 2016 15:44:38 +0200 Subject: [Freeipa-users] Active Directory users are not controlled by HBAC In-Reply-To: References: <20160122125155.GE7092@hendrix.redhat.com> Message-ID: <20160122134438.GP4316@redhat.com> On Fri, 22 Jan 2016, Birnbaum, Warren (ETW) wrote: >Thanks for you reply. I understand what you are saying but don?t see how >this would work because Allow_All is my current situation (even with this >rule disabled). My understand is you can?t restrict through a rule, only >limit. I am missing something? Yes. First, lack of HBAC rule that allows to access a service means pam_sss will deny access to this service. HBAC rules only give you means to _allow_ access, not to limit it as when no rules are in place, everything is disallowed. 'allow_all' HBAC rule is provided exactly to allow starting with a fresh working ground -- you would then remove 'allow_all' rule after creating specific allow rules. Second, while pam_sss evaluates HBAC rules, it is only one module in a PAM stack. There might be other PAM modules that could make own decisions to allow access to a specific service. You need to see what is in your configuration. On RHEL and Fedora we configure PAM stack in such way that apart from root and wheel group the rest is managed by SSSD via pam_sss. If your configuration is different, it is up to you to ensure everything is tightened up. > > > > >On 1/22/16, 1:51 PM, "freeipa-users-bounces at redhat.com on behalf of Jakub >Hrozek" >wrote: > >>On Fri, Jan 22, 2016 at 09:27:40AM +0000, Birnbaum, Warren (ETW) wrote: >>> Hi. >>> >>> I have a been successful using Freeipa 4.1 configuring active directory >>>users and with sudo. The problem I am having is that the HBAC rules are >>>not applying to my active directory users. They have access to all >>>systems even if I disable my Allow_ALL rule. Is there something special >>>I should be doing to domain? >> >>Normally HBAC for AD users should be done through an external group you >>add the AD users or groups to, then add the external group to a regular >>IPA group and reference this IPA group from HBAC rules. >> >>There have been bugs related to external groups resolution, so please >>update to the latest IPA and SSSD packages also. >> >>-- >>Manage your subscription for the Freeipa-users mailing list: >>https://www.redhat.com/mailman/listinfo/freeipa-users >>Go to http://freeipa.org for more info on the project > > >-- >Manage your subscription for the Freeipa-users mailing list: >https://www.redhat.com/mailman/listinfo/freeipa-users >Go to http://freeipa.org for more info on the project -- / Alexander Bokovoy From abokovoy at redhat.com Fri Jan 22 13:59:33 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Fri, 22 Jan 2016 15:59:33 +0200 Subject: [Freeipa-users] IPA KDC Proxy In-Reply-To: <56A20D14.8050800@redhat.com> References: <56A203AB.6090509@dds.nl> <1607578959.16647901.1453460238287.JavaMail.zimbra@redhat.com> <56A20D14.8050800@redhat.com> Message-ID: <20160122135933.GQ4316@redhat.com> On Fri, 22 Jan 2016, Christian Heimes wrote: >On 2016-01-22 11:57, Alexander Bokovoy wrote: >> ----- Original Message ----- >>> Hi all, >>> >>> I configured an IPA client using de FreeIPA 4.2 KDC Proxy something like >>> this: >>> >>> ~ >>> dns_lookup_realm = false >>> dns_lookup_kdc = false >>> ~ >>> [realms] >>> LINUX.EXAMPLE.COM = { >>> pkinit_anchors = FILE:/etc/ipa/ca.crt >>> http_anchors = FILE:/etc/ipa/ca.crt >>> kdc = https://ipa1.linux.example.com/KdcProxy >>> kpasswd_server = https://ipa1.linux.example.com/KdcProxy >>> } >>> >>> Now, this seems to work well, I blocked port 88 towards als KDC's, used some >>> tcpdump and yes: only port 443 towards the IPA server is being used and >>> kinit will give me a TGT. >>> >>> However, I do have a trust to a Windows AD-server. I would expect something >>> like this: >>> >>> ipa-client cannot access the windows AD server >>> ipa-server however can >>> ipa-client will use ipa-server as a KDC proxy and will get a TGT through the >>> IPA KDC-proxy >>> >>> Now, of course kinit winuser at WINDOWS.EXAMPLE.COM will give: >>> >>> [root at ipa-client7 etc]# kinit winuser at WINDOWS.EXAMPLE.COM >>> kinit: Cannot find KDC for realm "WINDOWS.EXAMPLE.COM" while getting initial >>> credentials >>> >>> Adding something like this to krb5.conf won't work, still the same error >>> message: >>> >>> WINDOWS.BLABLA.BLA = { >>> pkinit_anchors = FILE:/etc/ipa/ca.crt >>> http_anchors = FILE:/etc/ipa/ca.crt >>> kdc = https://ipa1.linux.example.com/KdcProxy >>> kpasswd_server = https://ipa1.linux.example.com/KdcProxy >>> } >>> >>> >>> Now, is it possible to use the IPA-server as a proxy for the trusted Windows >>> Domain? How...? >> You need to have WINDOWS.EXAMPLE.COM definition on the IPA client that points to the KDC proxy >> _and_ WINDOWS.EXAMPLE.COM on IPA master should point to AD DCs. >> >> The latter one should not use proxy but rather specify KDCs properly. Alternatively you should have >> dns_lookup_kdc = true > >For FreeIPA python-kdcproxy has DNS lookup disabled. It only reads >config items from /etc/krb5.conf. > ># cat /etc/ipa/kdcproxy/kdcproxy.conf >[global] >configs = mit >use_dns = false Yes, either explicitly define realms that should be accessible via KDC Proxy or enable use of DNS discovery. The latter might be needed if there are multiple domains in AD forests and AD DCs change over time. -- / Alexander Bokovoy From rmeggins at redhat.com Fri Jan 22 14:25:31 2016 From: rmeggins at redhat.com (Rich Megginson) Date: Fri, 22 Jan 2016 07:25:31 -0700 Subject: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists In-Reply-To: References: <569DF522.4090505@redhat.com> <569E687D.5040006@redhat.com> <569E9D5F.9070801@redhat.com> <569EC761.9090306@redhat.com> <569F5B19.50009@redhat.com> <569FE2EC.5080307@redhat.com> <56A0F93E.3000406@redhat.com> Message-ID: <56A23BDB.1020608@redhat.com> On 01/21/2016 08:48 PM, Nathan Peters wrote: > Here are the results for that aci search using a non gssapi bind by directory manager on the old master that we are attempting to join agains. I don't see anything in this list that would indicate that some users should or should not have access through a certain method. Unless one of those sasl config settings is doing it ? > > [root at dc2-ipa-dev-nvan ~]# ldapsearch -D "cn=directory manager" -W -b "cn=config" "(aci=*)" You almost got it. You left out the most important part, at the end of the command, specifying the "aci" attribute: https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Access_Control-Viewing_the_ACIs_for_an_Entry.html # ldapsearch -D "cn=directory manager" -W -b "cn=config" "(aci=*)" aci > Enter LDAP Password: > # extended LDIF > # > # LDAPv3 > # base with scope subtree > # filter: (aci=*) > # requesting: ALL > # > > # config > dn: cn=config > cn: config > objectClass: top > objectClass: extensibleObject > objectClass: nsslapdConfig > nsslapd-backendconfig: cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=co > nfig > nsslapd-backendconfig: cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=confi > g > nsslapd-backendconfig: cn=config,cn=changelog,cn=ldbm database,cn=plugins,cn=c > onfig > nsslapd-betype: ldbm database > nsslapd-privatenamespaces: cn=schema > nsslapd-privatenamespaces: > nsslapd-privatenamespaces: cn=monitor > nsslapd-privatenamespaces: cn=config > nsslapd-plugin: cn=binary syntax,cn=plugins,cn=config > nsslapd-plugin: cn=bit string syntax,cn=plugins,cn=config > nsslapd-plugin: cn=boolean syntax,cn=plugins,cn=config > nsslapd-plugin: cn=case exact string syntax,cn=plugins,cn=config > nsslapd-plugin: cn=case ignore string syntax,cn=plugins,cn=config > nsslapd-plugin: cn=country string syntax,cn=plugins,cn=config > nsslapd-plugin: cn=delivery method syntax,cn=plugins,cn=config > nsslapd-plugin: cn=distinguished name syntax,cn=plugins,cn=config > nsslapd-plugin: cn=enhanced guide syntax,cn=plugins,cn=config > nsslapd-plugin: cn=facsimile telephone number syntax,cn=plugins,cn=config > nsslapd-plugin: cn=fax syntax,cn=plugins,cn=config > nsslapd-plugin: cn=generalized time syntax,cn=plugins,cn=config > nsslapd-plugin: cn=guide syntax,cn=plugins,cn=config > nsslapd-plugin: cn=integer syntax,cn=plugins,cn=config > nsslapd-plugin: cn=jpeg syntax,cn=plugins,cn=config > nsslapd-plugin: cn=name and optional uid syntax,cn=plugins,cn=config > nsslapd-plugin: cn=numeric string syntax,cn=plugins,cn=config > nsslapd-plugin: cn=octet string syntax,cn=plugins,cn=config > nsslapd-plugin: cn=oid syntax,cn=plugins,cn=config > nsslapd-plugin: cn=postal address syntax,cn=plugins,cn=config > nsslapd-plugin: cn=printable string syntax,cn=plugins,cn=config > nsslapd-plugin: cn=telephone syntax,cn=plugins,cn=config > nsslapd-plugin: cn=teletex terminal identifier syntax,cn=plugins,cn=config > nsslapd-plugin: cn=telex number syntax,cn=plugins,cn=config > nsslapd-plugin: cn=octetstringmatch,cn=plugins,cn=config > nsslapd-plugin: cn=octetstringorderingmatch,cn=plugins,cn=config > nsslapd-plugin: cn=bitstringmatch,cn=plugins,cn=config > nsslapd-plugin: cn=bitwise plugin,cn=plugins,cn=config > nsslapd-plugin: cn=caseexactia5match,cn=plugins,cn=config > nsslapd-plugin: cn=caseexactmatch,cn=plugins,cn=config > nsslapd-plugin: cn=caseexactorderingmatch,cn=plugins,cn=config > nsslapd-plugin: cn=caseexactsubstringsmatch,cn=plugins,cn=config > nsslapd-plugin: cn=caseexactia5substringsmatch,cn=plugins,cn=config > nsslapd-plugin: cn=generalizedtimematch,cn=plugins,cn=config > nsslapd-plugin: cn=generalizedtimeorderingmatch,cn=plugins,cn=config > nsslapd-plugin: cn=booleanmatch,cn=plugins,cn=config > nsslapd-plugin: cn=caseignoreia5match,cn=plugins,cn=config > nsslapd-plugin: cn=caseignoreia5substringsmatch,cn=plugins,cn=config > nsslapd-plugin: cn=caseignorematch,cn=plugins,cn=config > nsslapd-plugin: cn=caseignoreorderingmatch,cn=plugins,cn=config > nsslapd-plugin: cn=caseignoresubstringsmatch,cn=plugins,cn=config > nsslapd-plugin: cn=caseignorelistmatch,cn=plugins,cn=config > nsslapd-plugin: cn=caseignorelistsubstringsmatch,cn=plugins,cn=config > nsslapd-plugin: cn=objectidentifiermatch,cn=plugins,cn=config > nsslapd-plugin: cn=directorystringfirstcomponentmatch,cn=plugins,cn=config > nsslapd-plugin: cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config > nsslapd-plugin: cn=distinguishednamematch,cn=plugins,cn=config > nsslapd-plugin: cn=integermatch,cn=plugins,cn=config > nsslapd-plugin: cn=integerorderingmatch,cn=plugins,cn=config > nsslapd-plugin: cn=integerfirstcomponentmatch,cn=plugins,cn=config > nsslapd-plugin: cn=internationalization plugin,cn=plugins,cn=config > nsslapd-plugin: cn=uniquemembermatch,cn=plugins,cn=config > nsslapd-plugin: cn=numericstringmatch,cn=plugins,cn=config > nsslapd-plugin: cn=numericstringorderingmatch,cn=plugins,cn=config > nsslapd-plugin: cn=numericstringsubstringsmatch,cn=plugins,cn=config > nsslapd-plugin: cn=telephonenumbermatch,cn=plugins,cn=config > nsslapd-plugin: cn=telephonenumbersubstringsmatch,cn=plugins,cn=config > nsslapd-requiresrestart: cn=config:nsslapd-port > nsslapd-requiresrestart: cn=config:nsslapd-secureport > nsslapd-requiresrestart: cn=config:nsslapd-ldapifilepath > nsslapd-requiresrestart: cn=config:nsslapd-ldapilisten > nsslapd-requiresrestart: cn=config:nsslapd-workingdir > nsslapd-requiresrestart: cn=config:nsslapd-plugin > nsslapd-requiresrestart: cn=config:nsslapd-sslclientauth > nsslapd-requiresrestart: cn=config:nsslapd-changelogdir > nsslapd-requiresrestart: cn=config:nsslapd-changelogsuffix > nsslapd-requiresrestart: cn=config:nsslapd-changelogmaxentries > nsslapd-requiresrestart: cn=config:nsslapd-changelogmaxage > nsslapd-requiresrestart: cn=config:nsslapd-db-locks > nsslapd-requiresrestart: cn=config:nsslapd-maxdescriptors > nsslapd-requiresrestart: cn=config:nsslapd-return-exact-case > nsslapd-requiresrestart: cn=config:nsslapd-schema-ignore-trailing-spaces > nsslapd-requiresrestart: cn=config,cn=ldbm:nsslapd-idlistscanlimit > nsslapd-requiresrestart: cn=config,cn=ldbm:nsslapd-parentcheck > nsslapd-requiresrestart: cn=config,cn=ldbm:nsslapd-dbcachesize > nsslapd-requiresrestart: cn=config,cn=ldbm:nsslapd-dbncache > nsslapd-requiresrestart: cn=config,cn=ldbm:nsslapd-cachesize > nsslapd-requiresrestart: cn=config,cn=ldbm:nsslapd-plugin > nsslapd-requiresrestart: cn=encryption,cn=config:nssslsessiontimeout > nsslapd-requiresrestart: cn=encryption,cn=config:nssslclientauth > nsslapd-requiresrestart: cn=encryption,cn=config:nsssl2 > nsslapd-requiresrestart: cn=encryption,cn=config:nsssl3 > nsslapd-auditlog-mode: 600 > nsslapd-auditlog-logrotationsync-enabled: off > nsslapd-auditlog-logrotationsynchour: 0 > nsslapd-auditlog-logrotationsyncmin: 0 > nsslapd-auditlog-logrotationtime: 1 > nsslapd-accesslog-mode: 600 > nsslapd-accesslog-maxlogsperdir: 10 > nsslapd-errorlog-level: 16384 > nsslapd-errorlog-logging-enabled: on > nsslapd-errorlog-mode: 600 > nsslapd-errorlog-logexpirationtime: 1 > nsslapd-accesslog-logging-enabled: on > nsslapd-port: 389 > nsslapd-workingdir: /var/log/dirsrv/slapd-DEV-mydomain-NET > nsslapd-maxthreadsperconn: 5 > nsslapd-accesslog-logexpirationtime: 1 > nsslapd-localuser: dirsrv > nsslapd-errorlog-logrotationsync-enabled: off > nsslapd-errorlog-logrotationsynchour: 0 > nsslapd-errorlog-logrotationsyncmin: 0 > nsslapd-errorlog-logrotationtime: 1 > passwordInHistory: 6 > passwordUnlock: on > passwordGraceLimit: 0 > nsslapd-accesslog-logrotationsync-enabled: off > nsslapd-accesslog-logrotationsynchour: 0 > nsslapd-accesslog-logrotationsyncmin: 0 > nsslapd-accesslog-logrotationtime: 1 > passwordMustChange: off > nsslapd-pwpolicy-local: off > nsslapd-auditlog-logmaxdiskspace: 100 > nsslapd-sizelimit: 2000 > nsslapd-auditlog-maxlogsize: 100 > passwordWarning: 86400 > nsslapd-readonly: off > nsslapd-sasl-mapping-fallback: on > nsslapd-threadnumber: 30 > passwordLockout: off > nsslapd-enquote-sup-oc: off > nsslapd-localhost: dc2-ipa-dev-nvan.dev-mydomain.net > nsslapd-ioblocktimeout: 1800000 > nsslapd-max-filter-nest-level: 40 > nsslapd-errorlog-logmaxdiskspace: 100 > passwordMinLength: 8 > passwordMinDigits: 0 > passwordMinAlphas: 0 > passwordMinUppers: 0 > passwordMinLowers: 0 > passwordMinSpecials: 0 > passwordMin8bit: 0 > passwordMaxRepeats: 0 > passwordMinCategories: 3 > passwordMinTokenLength: 3 > nsslapd-errorlog: /var/log/dirsrv/slapd-DEV-mydomain-NET/errors > nsslapd-auditlog-logexpirationtime: 1 > nsslapd-schemacheck: on > nsslapd-schemamod: on > nsslapd-syntaxcheck: on > nsslapd-syntaxlogging: off > nsslapd-dn-validate-strict: off > nsslapd-ds4-compatible-schema: off > nsslapd-schema-ignore-trailing-spaces: off > nsslapd-schemareplace: replication-only > nsslapd-accesslog-logmaxdiskspace: 500 > passwordMaxFailure: 3 > nsslapd-accesslog: /var/log/dirsrv/slapd-DEV-mydomain-NET/access > nsslapd-lastmod: on > nsslapd-security: on > passwordMaxAge: 8640000 > nsslapd-auditlog-logrotationtimeunit: day > passwordResetFailureCount: 600 > passwordIsGlobalPolicy: off > passwordLegacyPolicy: on > passwordTrackUpdateTime: off > nsslapd-auditlog-maxlogsperdir: 1 > nsslapd-errorlog-logexpirationtimeunit: month > nsslapd-groupevalnestlevel: 0 > nsslapd-accesslog-logexpirationtimeunit: month > nsslapd-rootpw: {SSHA}dVkYQwrJNWRuX/ErfQCCtcEE1pOjkpm8sIUgDw== > passwordChange: on > nsslapd-accesslog-level: 256 > nsslapd-errorlog-logrotationtimeunit: week > nsslapd-securePort: 636 > nsslapd-certmap-basedn: > nsslapd-timelimit: 3600 > nsslapd-errorlog-maxlogsize: 100 > nsslapd-reservedescriptors: 64 > nsslapd-svrtab: > passwordExp: off > nsslapd-accesscontrol: on > nsslapd-accesslog-logrotationtimeunit: day > passwordLockoutDuration: 3600 > nsslapd-accesslog-maxlogsize: 100 > nsslapd-idletimeout: 0 > nsslapd-nagle: on > nsslapd-errorlog-logminfreediskspace: 5 > nsslapd-auditlog-logging-enabled: off > nsslapd-auditlog-logging-hide-unhashed-pw: on > nsslapd-accesslog-logbuffering: on > nsslapd-csnlogging: on > nsslapd-auditlog-logexpirationtimeunit: month > nsslapd-allow-hashed-passwords: on > passwordCheckSyntax: off > nsslapd-listenhost: > nsslapd-snmp-index: 0 > nsslapd-ldapifilepath: /var/run/slapd-DEV-mydomain-NET.socket > nsslapd-ldapilisten: on > nsslapd-ldapiautobind: on > nsslapd-ldapimaprootdn: cn=Directory Manager > nsslapd-ldapimaptoentries: on > nsslapd-ldapiuidnumbertype: uidNumber > nsslapd-ldapigidnumbertype: gidNumber > nsslapd-ldapientrysearchbase: dc=example,dc=com > nsslapd-anonlimitsdn: cn=anonymous-limits,cn=etc,dc=dev-mydomain,dc=net > nsslapd-counters: on > nsslapd-accesslog-logminfreediskspace: 5 > nsslapd-errorlog-maxlogsperdir: 2 > nsslapd-securelistenhost: > nsslapd-auditlog-logminfreediskspace: 5 > nsslapd-rootdn: cn=Directory Manager > passwordMinAge: 0 > nsslapd-auditlog: /var/log/dirsrv/slapd-DEV-mydomain-NET/audit > nsslapd-return-exact-case: on > nsslapd-result-tweak: off > nsslapd-plugin-binddn-tracking: off > nsslapd-moddn-aci: on > nsslapd-attribute-name-exceptions: off > nsslapd-maxbersize: 209715200 > nsslapd-maxsasliosize: 2097152 > nsslapd-versionstring: 389-Directory/1.3.4.5 > nsslapd-referralmode: > nsslapd-maxdescriptors: 8192 > nsslapd-conntablesize: 8192 > nsslapd-SSLclientAuth: allowed > nsslapd-config: cn=config > nsslapd-instancedir: /var/lib/dirsrv/scripts-DEV-mydomain-NET > nsslapd-schemadir: /etc/dirsrv/slapd-DEV-mydomain-NET/schema > nsslapd-lockdir: /var/lock/dirsrv/slapd-DEV-mydomain-NET > nsslapd-tmpdir: /tmp > nsslapd-certdir: /etc/dirsrv/slapd-DEV-mydomain-NET > nsslapd-ldifdir: /var/lib/dirsrv/slapd-DEV-mydomain-NET/ldif > nsslapd-bakdir: /var/lib/dirsrv/slapd-DEV-mydomain-NET/bak > nsslapd-saslpath: > nsslapd-rundir: /var/run/dirsrv > nsslapd-rewrite-rfc1274: off > nsslapd-outbound-ldap-io-timeout: 300000 > nsslapd-allow-unauthenticated-binds: off > nsslapd-require-secure-binds: off > nsslapd-allow-anonymous-access: on > nsslapd-localssf: 71 > nsslapd-minssf: 0 > nsslapd-minssf-exclude-rootdse: on > nsslapd-force-sasl-external: off > nsslapd-entryusn-global: on > nsslapd-entryusn-import-initval: next > nsslapd-allowed-to-delete-attrs: passwordadmindn nsslapd-listenhost nsslapd-se > curelistenhost nsslapd-defaultnamingcontext > nsslapd-validate-cert: warn > nsslapd-pagedsizelimit: 0 > nsslapd-defaultnamingcontext: dc=dev-mydomain,dc=net > nsslapd-disk-monitoring: off > nsslapd-disk-monitoring-threshold: 2097152 > nsslapd-disk-monitoring-grace-period: 60 > nsslapd-disk-monitoring-logging-critical: off > nsslapd-ndn-cache-enabled: on > nsslapd-ndn-cache-max-size: 20971520 > nsslapd-allowed-sasl-mechanisms: > nsslapd-ignore-virtual-attrs: off > nsslapd-unhashed-pw-switch: on > nsslapd-sasl-max-buffer-size: 2097152 > nsslapd-search-return-original-type-switch: off > nsslapd-enable-turbo-mode: on > nsslapd-connection-buffer: 1 > nsslapd-connection-nocanon: on > nsslapd-plugin-logging: off > nsslapd-listen-backlog-size: 128 > nsslapd-dynamic-plugins: off > nsslapd-cn-uses-dn-syntax-in-dns: off > nsslapd-malloc-mxfast: -10 > nsslapd-malloc-trim-threshold: -10 > nsslapd-malloc-mmap-threshold: -10 > nsslapd-ignore-time-skew: off > nsslapd-global-backend-lock: off > nsslapd-maxsimplepaged-per-conn: -1 > nsslapd-enable-nunc-stans: off > passwordStorageScheme: SSHA > passwordAdminDN: > nsslapd-rootpwstoragescheme: SSHA > nsslapd-errorlog-list: > nsslapd-accesslog-list: /var/log/dirsrv/slapd-DEV-mydomain-NET/access.20160121-071658 > nsslapd-accesslog-list: /var/log/dirsrv/slapd-DEV-mydomain-NET/access.20160121-022556 > nsslapd-accesslog-list: /var/log/dirsrv/slapd-DEV-mydomain-NET/access.20160120-191523 > nsslapd-accesslog-list: /var/log/dirsrv/slapd-DEV-mydomain-NET/access.20160120-091819 > nsslapd-accesslog-list: /var/log/dirsrv/slapd-DEV-mydomain-NET/access.20160120-021415 > nsslapd-accesslog-list: /var/log/dirsrv/slapd-DEV-mydomain-NET/access.20160119-165941 > nsslapd-accesslog-list: /var/log/dirsrv/slapd-DEV-mydomain-NET/access.20160119-065036 > nsslapd-accesslog-list: /var/log/dirsrv/slapd-DEV-mydomain-NET/access.20160119-023133 > nsslapd-accesslog-list: /var/log/dirsrv/slapd-DEV-mydomain-NET/access.20160118-205128 > nsslapd-auditlog-list: > nsslapd-ssl-check-hostname: on > nsslapd-hash-filters: off > > # mapping tree, config > dn: cn=mapping tree,cn=config > cn: mapping tree > objectClass: top > objectClass: extensibleObject > > # SNMP, config > dn: cn=SNMP,cn=config > cn: SNMP > nsSNMPEnabled: on > objectClass: top > objectClass: nsSNMP > > # tasks, config > dn: cn=tasks,cn=config > cn: tasks > objectClass: top > objectClass: extensibleObject > > # csusers, config > dn: ou=csusers,cn=config > objectClass: top > objectClass: organizationalUnit > ou: csusers > > # 1.3.6.1.4.1.4203.1.9.1.1, features, config > dn: oid=1.3.6.1.4.1.4203.1.9.1.1,cn=features,cn=config > cn: Sync Request Control > objectClass: top > objectClass: directoryServerFeature > oid: 1.3.6.1.4.1.4203.1.9.1.1 > > # 2.16.840.1.113730.3.4.9, features, config > dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config > cn: VLV Request Control > objectClass: top > objectClass: directoryServerFeature > oid: 2.16.840.1.113730.3.4.9 > > # dc\3Ddev-mydomain\2Cdc\3Dnet, mapping tree, config > dn: cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config > cn: dc=dev-mydomain,dc=net > cn: "dc=dev-mydomain,dc=net" > nsslapd-backend: userRoot > nsslapd-referral: ldap://dc1-ipa-dev-van.dev-mydomain.net:389/dc%3Ddev-mydomain%2Cdc%3Dnet > nsslapd-referral: ldap://dc1-ipa-dev-nvan.dev-mydomain.net:389/dc%3Ddev-mydomain%2Cdc%3Dnet > nsslapd-state: backend > objectClass: top > objectClass: extensibleObject > objectClass: nsMappingTree > > # o\3Dipaca, mapping tree, config > dn: cn=o\3Dipaca,cn=mapping tree,cn=config > cn: o=ipaca > nsslapd-backend: ipaca > nsslapd-referral: ldap://dc1-ipa-dev-nvan.dev-mydomain.net:389/o%3Dipaca > nsslapd-referral: ldap://dc1-ipa-dev-van.dev-mydomain.net:389/o%3Dipaca > nsslapd-state: Backend > objectClass: top > objectClass: extensibleObject > objectClass: nsMappingTree > > # ldbm database, plugins, config > dn: cn=ldbm database,cn=plugins,cn=config > cn: ldbm database > nsslapd-plugin-depends-on-type: Syntax > nsslapd-plugin-depends-on-type: matchingRule > nsslapd-pluginDescription: high-performance LDAP backend database plugin > nsslapd-pluginEnabled: on > nsslapd-pluginId: ldbm-backend > nsslapd-pluginInitfunc: ldbm_back_init > nsslapd-pluginPath: libback-ldbm > nsslapd-pluginType: database > nsslapd-pluginVendor: 389 Project > nsslapd-pluginVersion: 1.3.4.5 > objectClass: top > objectClass: nsSlapdPlugin > objectClass: extensibleObject > > # Posix IDs, Distributed Numeric Assignment Plugin, plugins, config > dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config > cn: Posix IDs > dnaExcludeScope: cn=provisioning,dc=dev-mydomain,dc=net > dnaFilter: (|(objectClass=posixAccount)(objectClass=posixGroup)(objectClass=ipaIDobject)) > dnaMagicRegen: -1 > dnaMaxValue: 1100 > dnaNextValue: 1101 > dnaScope: dc=dev-mydomain,dc=net > dnaSharedCfgDN: cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=dev-mydomain,dc=net > dnaThreshold: 500 > dnaType: uidNumber > dnaType: gidNumber > objectClass: top > objectClass: extensibleObject > > # userRoot, ldbm database, plugins, config > dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config > cn: userRoot > objectClass: top > objectClass: extensibleObject > objectClass: nsBackendInstance > nsslapd-suffix: dc=dev-mydomain,dc=net > nsslapd-cachesize: -1 > nsslapd-cachememsize: 10485760 > nsslapd-readonly: off > nsslapd-require-index: off > nsslapd-directory: /var/lib/dirsrv/slapd-DEV-mydomain-NET/db/userRoot > nsslapd-dncachememsize: 10485760 > > # search result > search: 2 > result: 0 Success > > # numResponses: 13 > # numEntries: 12 > > > -----Original Message----- > From: Rich Megginson [mailto:rmeggins at redhat.com] > Sent: January-21-16 7:29 AM > To: Nathan Peters; freeipa-users at redhat.com > Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists > > On 01/21/2016 12:50 AM, Nathan Peters wrote: >> I don't know if this makes a difference too, but I performed the same checks on a different completely working and joined FreeIPA master, against other masters, and even against itself directly. >> >> It seems that no account, no keytab, and no host can see that mapping tree branch no matter who they search from or against if GSSAPI is used. >> >> >> -----Original Message----- >> From: freeipa-users-bounces at redhat.com >> [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Nathan Peters >> Sent: January-20-16 11:41 PM >> To: Rich Megginson; freeipa-users at redhat.com >> Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails >> with DuplicateEntry: This entry already exists >> >> All checks below were performed from the host we are trying to turn >> into a replica and they were performed against the master who logs I >> also show >> >> The first check was to kinit admin and try the search. Surprisingly, the GSSAPI bind returns no results when we search that. In my previous email you can see that the standard bind gets a result as admin for that search. >> >> Next, I tried as the host by kinit with its keytab. Same result, nothing back. >> >> Finally I tried as my own personal admin user. Same result, nothing back. >> >> For good measure, I tried a broad search against the base "cn=mydomain,cn=net" as each user as well and I'll spare you the ten thousand lines of screenshot but the results were as expected, several thousand entries in that tree. >> Although the output differed slightly. This is the total as admin or >> my personal user # numResponses: 3372 # numEntries: 3371 >> >> and this is the total as the host keytab account >> >> # numResponses: 3371 >> # numEntries: 3370 >> >> To be even more thorough, I did searches farther and farther up the config tree using GSSAPI until I found something. The only thing that is visible through GSSAPI searches is the base of the config tree. Even the mapping tree branch doesn't seem to be visible. >> >> At the very bottom of this email is the results of the search against cn=config directly as the attempted new replica and as admin. Admin gets about 50 results and the host only gets about 30 for some reason. I get the same results as admin on my personal account so I've excluded those. >> >> So if I got all that right I was able to determine that only the base of the config tree is available using GSSAPI for any account, users for some reason get slightly more results than hosts, and all accounts can see the dc=mydomain,dc=net tree just fine using GSSAPI. >> >> So does that help shed some light on what the cause of this might be or why the server is not answering as expected? >> >> Is there some way I can adjust this so everyone can see the results they do using regular binds as they do using GSSAPI binds ? >> >> Is there some way I can check ACLS on stuff ? > https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Access_Control-Viewing_the_ACIs_for_an_Entry.html > > Note: There is a bug in the docs. You have to also specify the suffix e.g. "-b cn=config", and make sure the search filter is quoted e.g. > '(aci=*)' > > If it is not aci related, I have no idea why you would get different results depending on if you did a simple bind vs. a gssapi bind with the same user that mapped to the same bind DN. From datakid at gmail.com Fri Jan 22 00:17:09 2016 From: datakid at gmail.com (Lachlan Musicman) Date: Fri, 22 Jan 2016 11:17:09 +1100 Subject: [Freeipa-users] idoverride-add gives incorrect, inconsistant results? In-Reply-To: <20160120084225.GA3391@hendrix> References: <0137003026EBE54FBEC540C5600C03C432DB61@PMC-EXMBX02.petermac.org.au> <20160119074936.GD3391@hendrix> <20160120084225.GA3391@hendrix> Message-ID: No, I've not updated to 1.13.0-41 - I do the "yum upgrades" relatively frequently, I don't think it's in the repos yet. cheers L. ------ The most dangerous phrase in the language is, "We've always done it this way." - Grace Hopper On 20 January 2016 at 19:42, Jakub Hrozek wrote: > On Wed, Jan 20, 2016 at 09:15:47AM +1100, Lachlan Musicman wrote: > > 1.13.0 > > I suspect it's 7.2, then. Did you alrady update to the latest available > version (1.13.0-41)? If yes, do you have logfiles? > > See https://fedorahosted.org/sssd/wiki/Troubleshooting > -------------- next part -------------- An HTML attachment was scrubbed... URL: From datakid at gmail.com Fri Jan 22 00:25:04 2016 From: datakid at gmail.com (Lachlan Musicman) Date: Fri, 22 Jan 2016 11:25:04 +1100 Subject: [Freeipa-users] idoverride-add gives incorrect, inconsistant results? In-Reply-To: References: <0137003026EBE54FBEC540C5600C03C432DB61@PMC-EXMBX02.petermac.org.au> <20160119074936.GD3391@hendrix> <20160120084225.GA3391@hendrix> Message-ID: The /var/log/sssd/ldap_child.log have one line repeated: [[sssd[ldap_child[9738]]]] [ldap_child_get_tgt_sync] (0x0010): Failed to init credentials: Cannot contact any KDC for realm UNIX.CO.ORG.AU All other log files are 0 size. cheers L. ------ The most dangerous phrase in the language is, "We've always done it this way." - Grace Hopper On 22 January 2016 at 11:17, Lachlan Musicman wrote: > No, I've not updated to 1.13.0-41 - I do the "yum upgrades" relatively > frequently, I don't think it's in the repos yet. > > cheers > L. > > ------ > The most dangerous phrase in the language is, "We've always done it this > way." > > - Grace Hopper > > On 20 January 2016 at 19:42, Jakub Hrozek wrote: > >> On Wed, Jan 20, 2016 at 09:15:47AM +1100, Lachlan Musicman wrote: >> > 1.13.0 >> >> I suspect it's 7.2, then. Did you alrady update to the latest available >> version (1.13.0-41)? If yes, do you have logfiles? >> >> See https://fedorahosted.org/sssd/wiki/Troubleshooting >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From visakh.mv at sisplc.net Fri Jan 22 15:22:26 2016 From: visakh.mv at sisplc.net (Visakh MV) Date: Fri, 22 Jan 2016 20:52:26 +0530 Subject: [Freeipa-users] Freeipa deployment request In-Reply-To: References: Message-ID: Hi team, We have plan to integrate windows ad and openshift origin with freeipa. We have doubt about that DNS working between those. And also needs configuration details of replication between those. If guys you provide any kind of information for above, I am really would like to go for with Redhat 7. Your kindly responses as soon as good for us. -------------- next part -------------- An HTML attachment was scrubbed... URL: From abokovoy at redhat.com Fri Jan 22 15:39:03 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Fri, 22 Jan 2016 17:39:03 +0200 Subject: [Freeipa-users] Samba crashes with recent F23 update In-Reply-To: <20160122081425.GN4316@redhat.com> References: <20160122081425.GN4316@redhat.com> Message-ID: <20160122153903.GS4316@redhat.com> On Fri, 22 Jan 2016, Alexander Bokovoy wrote: >On Fri, 22 Jan 2016, John Obaterspok wrote: >>Hello, >> >>I'm running F23 and now IPA fails to start due to crash in smb: >> >> >>-- Unit smb.service has begun starting up. >>jan 22 08:38:52 ipa.win.lan audit[7037]: ANOM_ABEND auid=4294967295 uid=0 >>gid=0 ses=4294967295 subj=system_u:system_r:smbd_t:s0 pid=7037 comm="smbd" >>exe="/usr/sbin/smbd" sig=6 >>jan 22 08:38:58 ipa.win.lan systemd-coredump[7038]: Process 7037 (smbd) of >>user 0 dumped core. >> >> Stack trace of thread >>7037: >> #0 >>0x00007f1cb7bc8a98 raise (libc.so.6) >> #1 >>0x00007f1cb7bca69a abort (libc.so.6) >> #2 >>0x00007f1cbb5c060c smb_panic (libsamba-util.so.0) >> #3 >>0x00007f1cb8168675 _talloc_free (libtalloc.so.2) >> #4 >>0x00007f1cb87a206c lpcfg_string_free (libsamba-hostconfig.so.0) >> #5 >>0x00007f1cb87a20a5 lpcfg_string_set (libsamba-hostconfig.so.0) >> #6 >>0x00007f1cb9541208 lp_load_ex (libsmbconf.so.0) >> #7 >>0x00007f1cb9540d5d lp_load_ex (libsmbconf.so.0) >> #8 >>0x00007f1cb95415c0 lp_load_initial_only (libsmbconf.so.0) >> #9 >>0x000055df01d405fb main (smbd) >> #10 >>0x00007f1cb7bb4580 __libc_start_main (libc.so.6) >> #11 >>0x000055df01d41b79 _start (smbd) >>-- Subject: Process 7037 (smbd) dumped core >> >>Anyone seen this? >> >>samba-4.3.4-0.fc23.x86_64 >>freeipa-server-4.2.3-1.1.fc23.x86_64 >Yes, there is a bug about it. >https://bugzilla.redhat.com/show_bug.cgi?id=1300038 I've submitted an update https://bodhi.fedoraproject.org/updates/FEDORA-2016-1826c5843b that should solve the problem. Please add your karma. -- / Alexander Bokovoy From Nathan.Peters at globalrelay.net Fri Jan 22 17:15:37 2016 From: Nathan.Peters at globalrelay.net (Nathan Peters) Date: Fri, 22 Jan 2016 17:15:37 +0000 Subject: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists In-Reply-To: <56A23BDB.1020608@redhat.com> References: <569DF522.4090505@redhat.com> <569E687D.5040006@redhat.com> <569E9D5F.9070801@redhat.com> <569EC761.9090306@redhat.com> <569F5B19.50009@redhat.com> <569FE2EC.5080307@redhat.com> <56A0F93E.3000406@redhat.com> <56A23BDB.1020608@redhat.com> Message-ID: [root at dc2-ipa-dev-nvan ~]# ldapsearch -D "cn=directory manager" -W -b "cn=config" "(aci=*)" aci Enter LDAP Password: # extended LDIF # # LDAPv3 # base with scope subtree # filter: (aci=*) # requesting: aci # # config dn: cn=config aci: (targetattr != aci)(version 3.0; aci "cert manager read access"; allow (r ead, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) aci: (target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")( targetattr=*)(version 3.0;acl "permission:Add Automember Rebuild Membership T ask";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task ,cn=permissions,cn=pbac,dc=dev-mydomain,dc=net";) aci: (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || ob jectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plu gins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configura tion";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Manager s Configuration,cn=permissions,cn=pbac,dc=dev-mydomain,dc=net";) aci: (targetattr = "passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop, cn=plugins,cn=config")(version 3.0;acl "permission:Modify PassSync Managers C onfiguration";allow (write) groupdn = "ldap:///cn=Modify PassSync Managers Co nfiguration,cn=permissions,cn=pbac,dc=dev-mydomain,dc=net";) aci: (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || ns slapd-directory* || objectclass")(target = "ldap:///cn=config,cn=ldbm databas e,cn=plugins,cn=config")(version 3.0;acl "permission:Read LDBM Database Confi guration";allow (compare,read,search) groupdn = "ldap:///cn=Read LDBM Databas e Configuration,cn=permissions,cn=pbac,dc=dev-mydomain,dc=net";) aci: (version 3.0;acl "permission:Add Configuration Sub-Entries";allow (add) g roupdn = "ldap:///cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc= dev-mydomain,dc=net";) # mapping tree, config dn: cn=mapping tree,cn=config aci: (target = "ldap:///cn=meTo($dn),cn=*,cn=mapping tree,cn=config")(targetat tr = "objectclass || cn")(version 3.0; acl "Allow hosts to read their replica tion agreements"; allow(read, search, compare) userdn = "ldap:///fqdn=($dn),c n=computers,cn=accounts,dc=dev-mydomain,dc=net";) # SNMP, config dn: cn=SNMP,cn=config aci: (target="ldap:///cn=SNMP,cn=config")(targetattr !="aci")(version 3.0;acl "snmp";allow (read, search, compare)(userdn = "ldap:///anyone");) # tasks, config dn: cn=tasks,cn=config aci: (targetattr=*)(version 3.0; acl "Run tasks after replica re-initializatio n"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permis sions,cn=pbac,dc=dev-mydomain,dc=net";) aci: (targetattr=*)(version 3.0; acl "cert manager: Run tasks after replica re -initialization"; allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipa ca";) aci: (targetattr="*")(version 3.0; acl "Admin can read all tasks"; allow (read , compare, search) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=dev- mydomain,dc=net";) # csusers, config dn: ou=csusers,cn=config aci: (targetattr != aci)(version 3.0; aci "cert manager manage replication use rs"; allow (all) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) # 1.3.6.1.4.1.4203.1.9.1.1, features, config dn: oid=1.3.6.1.4.1.4203.1.9.1.1,cn=features,cn=config aci: (targetattr != "aci")(version 3.0; acl "Sync Request Control"; allow( rea d, search ) userdn = "ldap:///all";) # 2.16.840.1.113730.3.4.9, features, config dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config aci: (targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; ) # dc\3Ddev-mydomain\2Cdc\3Dnet, mapping tree, config dn: cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Rem ove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Repli cation Agreements,cn=permissions,cn=pbac,dc=dev-mydomain,dc=net";) # o\3Dipaca, mapping tree, config dn: cn=o\3Dipaca,cn=mapping tree,cn=config aci: (targetattr=*)(version 3.0;acl "cert manager: Add Replication Agreements" ;allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl ass=nsMappingTree))")(version 3.0; acl "cert manager: Modify Replication Agre ements"; allow (read, write, search) userdn = "ldap:///uid=pkidbuser,ou=peopl e,o=ipaca";) aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "cert manager: Remove Replication Agreements";allow (delete) userdn = "ldap:///uid=pkidbuser ,ou=people,o=ipaca";) # ldbm database, plugins, config dn: cn=ldbm database,cn=plugins,cn=config aci: (targetattr=*)(version 3.0; acl "Cert Manager access for VLV searches"; a llow (read) userdn="ldap:///uid=pkidbuser,ou=people,o=ipaca";) # Posix IDs, Distributed Numeric Assignment Plugin, plugins, config dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config aci: (targetattr=dnaNextRange || dnaNextValue || dnaMaxValue)(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=dev-mydomain,dc=net";) aci: (targetattr=cn || dnaMaxValue || dnaNextRange || dnaNextValue || dnaThre shold || dnaType || objectclass)(version 3.0;acl "permission:Read DNA Range"; allow (read, search, compare) groupdn = "ldap:///cn=Read DNA Range,cn=permiss ions,cn=pbac,dc=dev-mydomain,dc=net";) # userRoot, ldbm database, plugins, config dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config aci: (targetattr=nsslapd-readonly)(version 3.0; acl "Allow marking the databas e readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreement s,cn=permissions,cn=pbac,dc=dev-mydomain,dc=net";) # search result search: 2 result: 0 Success # numResponses: 13 # numEntries: 12 -----Original Message----- From: Rich Megginson [mailto:rmeggins at redhat.com] Sent: January-22-16 6:26 AM To: Nathan Peters; freeipa-users at redhat.com Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists On 01/21/2016 08:48 PM, Nathan Peters wrote: > Here are the results for that aci search using a non gssapi bind by directory manager on the old master that we are attempting to join agains. I don't see anything in this list that would indicate that some users should or should not have access through a certain method. Unless one of those sasl config settings is doing it ? > > [root at dc2-ipa-dev-nvan ~]# ldapsearch -D "cn=directory manager" -W -b "cn=config" "(aci=*)" You almost got it. You left out the most important part, at the end of the command, specifying the "aci" attribute: https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Access_Control-Viewing_the_ACIs_for_an_Entry.html # ldapsearch -D "cn=directory manager" -W -b "cn=config" "(aci=*)" aci From rmeggins at redhat.com Fri Jan 22 17:41:03 2016 From: rmeggins at redhat.com (Rich Megginson) Date: Fri, 22 Jan 2016 10:41:03 -0700 Subject: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists In-Reply-To: References: <569E687D.5040006@redhat.com> <569E9D5F.9070801@redhat.com> <569EC761.9090306@redhat.com> <569F5B19.50009@redhat.com> <569FE2EC.5080307@redhat.com> <56A0F93E.3000406@redhat.com> <56A23BDB.1020608@redhat.com> Message-ID: <56A269AF.8050104@redhat.com> On 01/22/2016 10:15 AM, Nathan Peters wrote: > [root at dc2-ipa-dev-nvan ~]# ldapsearch -D "cn=directory manager" -W -b "cn=config" "(aci=*)" aci > Enter LDAP Password: > # extended LDIF > # > # LDAPv3 > # base with scope subtree > # filter: (aci=*) > # requesting: aci > # > > # config > dn: cn=config > aci: (targetattr != aci)(version 3.0; aci "cert manager read access"; allow (r > ead, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) > aci: (target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")( > targetattr=*)(version 3.0;acl "permission:Add Automember Rebuild Membership T > ask";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task > ,cn=permissions,cn=pbac,dc=dev-mydomain,dc=net";) > aci: (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || ob > jectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plu > gins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configura > tion";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Manager > s Configuration,cn=permissions,cn=pbac,dc=dev-mydomain,dc=net";) > aci: (targetattr = "passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop, > cn=plugins,cn=config")(version 3.0;acl "permission:Modify PassSync Managers C > onfiguration";allow (write) groupdn = "ldap:///cn=Modify PassSync Managers Co > nfiguration,cn=permissions,cn=pbac,dc=dev-mydomain,dc=net";) > aci: (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || ns > slapd-directory* || objectclass")(target = "ldap:///cn=config,cn=ldbm databas > e,cn=plugins,cn=config")(version 3.0;acl "permission:Read LDBM Database Confi > guration";allow (compare,read,search) groupdn = "ldap:///cn=Read LDBM Databas > e Configuration,cn=permissions,cn=pbac,dc=dev-mydomain,dc=net";) > aci: (version 3.0;acl "permission:Add Configuration Sub-Entries";allow (add) g > roupdn = "ldap:///cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc= > dev-mydomain,dc=net";) > > # mapping tree, config > dn: cn=mapping tree,cn=config > aci: (target = "ldap:///cn=meTo($dn),cn=*,cn=mapping tree,cn=config")(targetat > tr = "objectclass || cn")(version 3.0; acl "Allow hosts to read their replica > tion agreements"; allow(read, search, compare) userdn = "ldap:///fqdn=($dn),c > n=computers,cn=accounts,dc=dev-mydomain,dc=net";) I don't see any acis to allow the IPA admin user to have access to cn=config or any entries below it. Looks like the host principal should be able to read the replication agreements that replicate to it from other hosts. > > # SNMP, config > dn: cn=SNMP,cn=config > aci: (target="ldap:///cn=SNMP,cn=config")(targetattr !="aci")(version 3.0;acl > "snmp";allow (read, search, compare)(userdn = "ldap:///anyone");) > > # tasks, config > dn: cn=tasks,cn=config > aci: (targetattr=*)(version 3.0; acl "Run tasks after replica re-initializatio > n"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permis > sions,cn=pbac,dc=dev-mydomain,dc=net";) > aci: (targetattr=*)(version 3.0; acl "cert manager: Run tasks after replica re > -initialization"; allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipa > ca";) > aci: (targetattr="*")(version 3.0; acl "Admin can read all tasks"; allow (read > , compare, search) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=dev- > mydomain,dc=net";) > > # csusers, config > dn: ou=csusers,cn=config > aci: (targetattr != aci)(version 3.0; aci "cert manager manage replication use > rs"; allow (all) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) > > # 1.3.6.1.4.1.4203.1.9.1.1, features, config > dn: oid=1.3.6.1.4.1.4203.1.9.1.1,cn=features,cn=config > aci: (targetattr != "aci")(version 3.0; acl "Sync Request Control"; allow( rea > d, search ) userdn = "ldap:///all";) > > # 2.16.840.1.113730.3.4.9, features, config > dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config > aci: (targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, > search, compare, proxy) userdn = "ldap:///anyone"; ) > > # dc\3Ddev-mydomain\2Cdc\3Dnet, mapping tree, config > dn: cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config > aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob > jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Rem > ove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Repli > cation Agreements,cn=permissions,cn=pbac,dc=dev-mydomain,dc=net";) > > # o\3Dipaca, mapping tree, config > dn: cn=o\3Dipaca,cn=mapping tree,cn=config > aci: (targetattr=*)(version 3.0;acl "cert manager: Add Replication Agreements" > ;allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) > aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd > s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl > ass=nsMappingTree))")(version 3.0; acl "cert manager: Modify Replication Agre > ements"; allow (read, write, search) userdn = "ldap:///uid=pkidbuser,ou=peopl > e,o=ipaca";) > aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob > jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "cert manager: > Remove Replication Agreements";allow (delete) userdn = "ldap:///uid=pkidbuser > ,ou=people,o=ipaca";) > > # ldbm database, plugins, config > dn: cn=ldbm database,cn=plugins,cn=config > aci: (targetattr=*)(version 3.0; acl "Cert Manager access for VLV searches"; a > llow (read) userdn="ldap:///uid=pkidbuser,ou=people,o=ipaca";) > > # Posix IDs, Distributed Numeric Assignment Plugin, plugins, config > dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config > aci: (targetattr=dnaNextRange || dnaNextValue || dnaMaxValue)(version 3.0;acl > "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA > Range,cn=permissions,cn=pbac,dc=dev-mydomain,dc=net";) > aci: (targetattr=cn || dnaMaxValue || dnaNextRange || dnaNextValue || dnaThre > shold || dnaType || objectclass)(version 3.0;acl "permission:Read DNA Range"; > allow (read, search, compare) groupdn = "ldap:///cn=Read DNA Range,cn=permiss > ions,cn=pbac,dc=dev-mydomain,dc=net";) > > # userRoot, ldbm database, plugins, config > dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config > aci: (targetattr=nsslapd-readonly)(version 3.0; acl "Allow marking the databas > e readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreement > s,cn=permissions,cn=pbac,dc=dev-mydomain,dc=net";) > > # search result > search: 2 > result: 0 Success > > # numResponses: 13 > # numEntries: 12 > > > > -----Original Message----- > From: Rich Megginson [mailto:rmeggins at redhat.com] > Sent: January-22-16 6:26 AM > To: Nathan Peters; freeipa-users at redhat.com > Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists > > On 01/21/2016 08:48 PM, Nathan Peters wrote: >> Here are the results for that aci search using a non gssapi bind by directory manager on the old master that we are attempting to join agains. I don't see anything in this list that would indicate that some users should or should not have access through a certain method. Unless one of those sasl config settings is doing it ? >> >> [root at dc2-ipa-dev-nvan ~]# ldapsearch -D "cn=directory manager" -W -b "cn=config" "(aci=*)" > You almost got it. You left out the most important part, at the end of the command, specifying the "aci" attribute: > https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Access_Control-Viewing_the_ACIs_for_an_Entry.html > > # ldapsearch -D "cn=directory manager" -W -b "cn=config" "(aci=*)" aci > From Nathan.Peters at globalrelay.net Fri Jan 22 18:04:47 2016 From: Nathan.Peters at globalrelay.net (Nathan Peters) Date: Fri, 22 Jan 2016 18:04:47 +0000 Subject: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists In-Reply-To: References: <569DF522.4090505@redhat.com> <569E687D.5040006@redhat.com> <569E9D5F.9070801@redhat.com> <569EC761.9090306@redhat.com> <569F5B19.50009@redhat.com> <569FE2EC.5080307@redhat.com> <56A0F93E.3000406@redhat.com> <56A23BDB.1020608@redhat.com> Message-ID: Wow, strange stuff, the search I linked in the last email for our non working dev environment seems short some entries. For comparison, here is the same search run against our currently working prod environment. As you can see, our prod environment has a huge aci on the config tree. For reference, our prod and dev environments were identical (FreeIPA 4.1.4/CentOS7.1) before I updated our dev environment to CentOS7.2/FreeIPA4.2.0 -> Fedora23/FreeIPA4.2.3 -> Fedora23/FreeIPA4.3.0. So at some point during this upgrade process I assume maybe one of the installers deleted acis on our tree? That sounds like the kind of thing that would happen when introducing the new domain level functionality in 4.3, like if someone accidentally thought "oh this replica branch is now in a globally replicated section, we can remove these acis for this local stuff..." and then put that logic into the installer or something... The real question is, is there some good way of getting those aci's back, like a fixaci command? ========================= Prod aci's that do work for comparison ========================= [root at dc1-ipa-prod-nvan ~]$ ldapsearch -D "cn=directory manager" -W -b "cn=config" "(aci=*)" aci Enter LDAP Password: # extended LDIF # # LDAPv3 # base with scope subtree # filter: (aci=*) # requesting: aci # # config dn: cn=config aci: (targetattr != aci)(version 3.0; aci "cert manager read access"; allow (r ead, search, compare) userdn = "ldap:///uid=pkidbuser,ou= people,o=ipaca";) aci: (target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")( targetattr=*)(version 3.0;acl "permission:Add Automember Rebuild Membership T ask";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task ,cn=permissions,cn=pbac,dc=myproddomain,dc=net";) aci: (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || ob jectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plu gins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configura tion";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Manager s Configuration,cn=permissions,cn=pbac,dc=myproddomain,dc=net";) aci: (targetattr = "passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop, cn=plugins,cn=config")(version 3.0;acl "permission:Modify PassSync Managers C onfiguration";allow (write) groupdn = "ldap:///cn=Modify PassSync Managers Co nfiguration,cn=permissions,cn=pbac,dc=myproddomain,dc=net";) aci: (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || ns slapd-directory* || objectclass")(target = "ldap:///cn=config,cn=ldbm databas e,cn=plugins,cn=config")(version 3.0;acl "permission:Read LDBM Database Confi guration";allow (compare,read,search) groupdn = "ldap:///cn=Read LDBM Databas e Configuration,cn=permissions,cn=pbac,dc=myproddomain,dc=net";) aci: (version 3.0;acl "permission:Add Configuration Sub-Entries";allow (add) g roupdn = "ldap:///cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc= myproddomain,dc=net";) aci: (targetattr = "cn || createtimestamp || description || entryusn || modify timestamp || nsds50ruv || nsds5beginreplicarefresh || nsds5debugreplicatimeou t || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || n sds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds 5replicabindmethod || nsds5replicabusywaittime || nsds5replicachangecount || nsds5replicachangessentsincestartup || nsds5replicacleanruv || nsds5replicacl eanruvnotified || nsds5replicacredentials || nsds5replicaenabled || nsds5repl icahost || nsds5replicaid || nsds5replicalastinitend || nsds5replicalastinits tart || nsds5replicalastinitstatus || nsds5replicalastupdateend || nsds5repli calastupdatestart || nsds5replicalastupdatestatus || nsds5replicalegacyconsum er || nsds5replicaname || nsds5replicaport || nsds5replicaprotocoltimeout || nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5re plicasessionpausetime || nsds5replicastripattrs || nsds5replicatedattributeli st || nsds5replicatedattributelisttotal || nsds5replicatimeout || nsds5replic atombstonepurgeinterval || nsds5replicatransportinfo || nsds5replicatype || n sds5replicaupdateinprogress || nsds5replicaupdateschedule || nsds5task || nsd s7directoryreplicasubtree || nsds7dirsynccookie || nsds7newwingroupsyncenable d || nsds7newwinusersyncenabled || nsds7windowsdomain || nsds7windowsreplicas ubtree || nsruvreplicalastmodified || nsstate || objectclass || onewaysync || winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction || winsyncsub treepair || winsyncwindowsfilter")(targetfilter = "(|(objectclass=nsds5Replic a)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationA greement)(objectClass=nsMappingTree))")(version 3.0;acl "permission:System: R ead Replication Agreements";allow (compare,read,search) groupdn = "ldap:///cn =System: Read Replication Agreements,cn=permissions,cn=pbac,dc=myproddomain,dc =net";) # SNMP, config dn: cn=SNMP,cn=config aci: (target="ldap:///cn=SNMP,cn=config")(targetattr !="aci")(version 3.0;acl "snmp";allow (read, search, compare)(userdn = "ldap:///anyone");) # tasks, config dn: cn=tasks,cn=config aci: (targetattr=*)(version 3.0; acl "Run tasks after replica re-initializatio n"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permis sions,cn=pbac,dc=myproddomain,dc=net";) aci: (targetattr=*)(version 3.0; acl "cert manager: Run tasks after replica re -initialization"; allow (add) userdn = "ldap:///uid=pkidbuser,ou= people,o=ip aca";) aci: (targetattr="*")(version 3.0; acl "Admin can read all tasks"; allow (read , compare, search) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=myproddomain,dc=net";) aci: (targetattr = "*")(target = "ldap:///cn=*,cn=automember rebuild membershi p,cn=tasks,cn=config")(version 3.0;acl "permission:System: Read Automember Ta sks";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Automembe r Tasks,cn=permissions,cn=pbac,dc=myproddomain,dc=net";) # csusers, config dn: ou=csusers,cn=config aci: (targetattr != aci)(version 3.0; aci "cert manager manage replication use rs"; allow (all) userdn = "ldap:///uid=pkidbuser,ou= people,o=ipaca";) # 1.3.6.1.4.1.4203.1.9.1.1, features, config dn: oid=1.3.6.1.4.1.4203.1.9.1.1,cn=features,cn=config aci: (targetattr != "aci")(version 3.0; acl "Sync Request Control"; allow( rea d, search ) userdn = "ldap:///all";) # 2.16.840.1.113730.3.4.9, features, config dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config aci: (targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; ) # dc\3Dmyproddomain\2Cdc\3Dnet, mapping tree, config dn: cn=dc\3Dmyproddomain\2Cdc\3Dnet,cn=mapping tree,cn=config aci: (targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";al low (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn= pbac,dc=myproddomain,dc=net";) aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl ass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreeme nts"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Ag reements,cn=permissions,cn=pbac,dc=myproddomain,dc=net";) aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Rem ove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Repli cation Agreements,cn=permissions,cn=pbac,dc=myproddomain,dc=net";) # o\3Dipaca, mapping tree, config dn: cn=o\3Dipaca,cn=mapping tree,cn=config aci: (targetattr=*)(version 3.0;acl "cert manager: Add Replication Agreements" ;allow (add) userdn = "ldap:///uid=pkidbuser,ou= people,o=ipaca";) aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl ass=nsMappingTree))")(version 3.0; acl "cert manager: Modify Replication Agre ements"; allow (read, write, search) userdn = "ldap:///uid=pkidbuser,ou= peop le,o=ipaca";) aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "cert manager: Remove Replication Agreements";allow (delete) userdn = "ldap:///uid=pkidbuser ,ou= people,o=ipaca";) # ldbm database, plugins, config dn: cn=ldbm database,cn=plugins,cn=config aci: (targetattr=*)(version 3.0; acl "Cert Manager access for VLV searches"; a llow (read) userdn="ldap:///uid=pkidbuser,ou= people,o=ipaca";) # Posix IDs, Distributed Numeric Assignment Plugin, plugins, config dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config aci: (targetattr=dnaNextRange || dnaNextValue || dnaMaxValue)(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=myproddomain,dc=net";) aci: (targetattr=cn || dnaMaxValue || dnaNextRange || dnaNextValue || dnaThre shold || dnaType || objectclass)(version 3.0;acl "permission:Read DNA Range"; allow (read, search, compare) groupdn = "ldap:///cn=Read DNA Range,cn=permiss ions,cn=pbac,dc=myproddomain,dc=net";) # userRoot, ldbm database, plugins, config dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config aci: (targetattr=nsslapd-readonly)(version 3.0; acl "Allow marking the databas e readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreement s,cn=permissions,cn=pbac,dc=myproddomain,dc=net";) # search result search: 2 result: 0 Success # numResponses: 12 # numEntries: 11 -----Original Message----- From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Nathan Peters Sent: January-22-16 9:18 AM To: Rich Megginson; freeipa-users at redhat.com Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists [root at dc2-ipa-dev-nvan ~]# ldapsearch -D "cn=directory manager" -W -b "cn=config" "(aci=*)" aci Enter LDAP Password: # extended LDIF # # LDAPv3 # base with scope subtree # filter: (aci=*) # requesting: aci # # config dn: cn=config aci: (targetattr != aci)(version 3.0; aci "cert manager read access"; allow (r ead, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) aci: (target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")( targetattr=*)(version 3.0;acl "permission:Add Automember Rebuild Membership T ask";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task ,cn=permissions,cn=pbac,dc=dev-mydomain,dc=net";) aci: (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || ob jectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plu gins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configura tion";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Manager s Configuration,cn=permissions,cn=pbac,dc=dev-mydomain,dc=net";) aci: (targetattr = "passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop, cn=plugins,cn=config")(version 3.0;acl "permission:Modify PassSync Managers C onfiguration";allow (write) groupdn = "ldap:///cn=Modify PassSync Managers Co nfiguration,cn=permissions,cn=pbac,dc=dev-mydomain,dc=net";) aci: (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || ns slapd-directory* || objectclass")(target = "ldap:///cn=config,cn=ldbm databas e,cn=plugins,cn=config")(version 3.0;acl "permission:Read LDBM Database Confi guration";allow (compare,read,search) groupdn = "ldap:///cn=Read LDBM Databas e Configuration,cn=permissions,cn=pbac,dc=dev-mydomain,dc=net";) aci: (version 3.0;acl "permission:Add Configuration Sub-Entries";allow (add) g roupdn = "ldap:///cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc= dev-mydomain,dc=net";) # mapping tree, config dn: cn=mapping tree,cn=config aci: (target = "ldap:///cn=meTo($dn),cn=*,cn=mapping tree,cn=config")(targetat tr = "objectclass || cn")(version 3.0; acl "Allow hosts to read their replica tion agreements"; allow(read, search, compare) userdn = "ldap:///fqdn=($dn),c n=computers,cn=accounts,dc=dev-mydomain,dc=net";) # SNMP, config dn: cn=SNMP,cn=config aci: (target="ldap:///cn=SNMP,cn=config")(targetattr !="aci")(version 3.0;acl "snmp";allow (read, search, compare)(userdn = "ldap:///anyone");) # tasks, config dn: cn=tasks,cn=config aci: (targetattr=*)(version 3.0; acl "Run tasks after replica re-initializatio n"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permis sions,cn=pbac,dc=dev-mydomain,dc=net";) aci: (targetattr=*)(version 3.0; acl "cert manager: Run tasks after replica re -initialization"; allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipa ca";) aci: (targetattr="*")(version 3.0; acl "Admin can read all tasks"; allow (read , compare, search) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=dev- mydomain,dc=net";) # csusers, config dn: ou=csusers,cn=config aci: (targetattr != aci)(version 3.0; aci "cert manager manage replication use rs"; allow (all) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) # 1.3.6.1.4.1.4203.1.9.1.1, features, config dn: oid=1.3.6.1.4.1.4203.1.9.1.1,cn=features,cn=config aci: (targetattr != "aci")(version 3.0; acl "Sync Request Control"; allow( rea d, search ) userdn = "ldap:///all";) # 2.16.840.1.113730.3.4.9, features, config dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config aci: (targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; ) # dc\3Ddev-mydomain\2Cdc\3Dnet, mapping tree, config dn: cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Rem ove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Repli cation Agreements,cn=permissions,cn=pbac,dc=dev-mydomain,dc=net";) # o\3Dipaca, mapping tree, config dn: cn=o\3Dipaca,cn=mapping tree,cn=config aci: (targetattr=*)(version 3.0;acl "cert manager: Add Replication Agreements" ;allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl ass=nsMappingTree))")(version 3.0; acl "cert manager: Modify Replication Agre ements"; allow (read, write, search) userdn = "ldap:///uid=pkidbuser,ou=peopl e,o=ipaca";) aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "cert manager: Remove Replication Agreements";allow (delete) userdn = "ldap:///uid=pkidbuser ,ou=people,o=ipaca";) # ldbm database, plugins, config dn: cn=ldbm database,cn=plugins,cn=config aci: (targetattr=*)(version 3.0; acl "Cert Manager access for VLV searches"; a llow (read) userdn="ldap:///uid=pkidbuser,ou=people,o=ipaca";) # Posix IDs, Distributed Numeric Assignment Plugin, plugins, config dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config aci: (targetattr=dnaNextRange || dnaNextValue || dnaMaxValue)(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=dev-mydomain,dc=net";) aci: (targetattr=cn || dnaMaxValue || dnaNextRange || dnaNextValue || dnaThre shold || dnaType || objectclass)(version 3.0;acl "permission:Read DNA Range"; allow (read, search, compare) groupdn = "ldap:///cn=Read DNA Range,cn=permiss ions,cn=pbac,dc=dev-mydomain,dc=net";) # userRoot, ldbm database, plugins, config dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config aci: (targetattr=nsslapd-readonly)(version 3.0; acl "Allow marking the databas e readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreement s,cn=permissions,cn=pbac,dc=dev-mydomain,dc=net";) # search result search: 2 result: 0 Success # numResponses: 13 # numEntries: 12 -----Original Message----- From: Rich Megginson [mailto:rmeggins at redhat.com] Sent: January-22-16 6:26 AM To: Nathan Peters; freeipa-users at redhat.com Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists On 01/21/2016 08:48 PM, Nathan Peters wrote: > Here are the results for that aci search using a non gssapi bind by directory manager on the old master that we are attempting to join agains. I don't see anything in this list that would indicate that some users should or should not have access through a certain method. Unless one of those sasl config settings is doing it ? > > [root at dc2-ipa-dev-nvan ~]# ldapsearch -D "cn=directory manager" -W -b "cn=config" "(aci=*)" You almost got it. You left out the most important part, at the end of the command, specifying the "aci" attribute: https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Access_Control-Viewing_the_ACIs_for_an_Entry.html # ldapsearch -D "cn=directory manager" -W -b "cn=config" "(aci=*)" aci -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project From rmeggins at redhat.com Fri Jan 22 18:23:31 2016 From: rmeggins at redhat.com (Rich Megginson) Date: Fri, 22 Jan 2016 11:23:31 -0700 Subject: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists In-Reply-To: References: <569E9D5F.9070801@redhat.com> <569EC761.9090306@redhat.com> <569F5B19.50009@redhat.com> <569FE2EC.5080307@redhat.com> <56A0F93E.3000406@redhat.com> <56A23BDB.1020608@redhat.com> Message-ID: <56A273A3.4010600@redhat.com> On 01/22/2016 11:04 AM, Nathan Peters wrote: > Wow, strange stuff, the search I linked in the last email for our non working dev environment seems short some entries. > > For comparison, here is the same search run against our currently working prod environment. > > As you can see, our prod environment has a huge aci on the config tree. > > For reference, our prod and dev environments were identical (FreeIPA 4.1.4/CentOS7.1) before I updated our dev environment to CentOS7.2/FreeIPA4.2.0 -> Fedora23/FreeIPA4.2.3 -> Fedora23/FreeIPA4.3.0. So at some point during this upgrade process I assume maybe one of the installers deleted acis on our tree? That sounds like the kind of thing that would happen when introducing the new domain level functionality in 4.3, like if someone accidentally thought "oh this replica branch is now in a globally replicated section, we can remove these acis for this local stuff..." and then put that logic into the installer or something... > > The real question is, is there some good way of getting those aci's back, like a fixaci command? I don't know. > > ========================= > Prod aci's that do work for comparison > ========================= > > [root at dc1-ipa-prod-nvan ~]$ ldapsearch -D "cn=directory manager" -W -b "cn=config" "(aci=*)" aci > Enter LDAP Password: > # extended LDIF > # > # LDAPv3 > # base with scope subtree > # filter: (aci=*) > # requesting: aci > # > > # config > dn: cn=config > aci: (targetattr != aci)(version 3.0; aci "cert manager read access"; allow (r > ead, search, compare) userdn = "ldap:///uid=pkidbuser,ou= people,o=ipaca";) > aci: (target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")( > targetattr=*)(version 3.0;acl "permission:Add Automember Rebuild Membership T > ask";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task > ,cn=permissions,cn=pbac,dc=myproddomain,dc=net";) > aci: (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || ob > jectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plu > gins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configura > tion";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Manager > s Configuration,cn=permissions,cn=pbac,dc=myproddomain,dc=net";) > aci: (targetattr = "passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop, > cn=plugins,cn=config")(version 3.0;acl "permission:Modify PassSync Managers C > onfiguration";allow (write) groupdn = "ldap:///cn=Modify PassSync Managers Co > nfiguration,cn=permissions,cn=pbac,dc=myproddomain,dc=net";) > aci: (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || ns > slapd-directory* || objectclass")(target = "ldap:///cn=config,cn=ldbm databas > e,cn=plugins,cn=config")(version 3.0;acl "permission:Read LDBM Database Confi > guration";allow (compare,read,search) groupdn = "ldap:///cn=Read LDBM Databas > e Configuration,cn=permissions,cn=pbac,dc=myproddomain,dc=net";) > aci: (version 3.0;acl "permission:Add Configuration Sub-Entries";allow (add) g > roupdn = "ldap:///cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc= > myproddomain,dc=net";) > aci: (targetattr = "cn || createtimestamp || description || entryusn || modify > timestamp || nsds50ruv || nsds5beginreplicarefresh || nsds5debugreplicatimeou > t || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || n > sds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds > 5replicabindmethod || nsds5replicabusywaittime || nsds5replicachangecount || > nsds5replicachangessentsincestartup || nsds5replicacleanruv || nsds5replicacl > eanruvnotified || nsds5replicacredentials || nsds5replicaenabled || nsds5repl > icahost || nsds5replicaid || nsds5replicalastinitend || nsds5replicalastinits > tart || nsds5replicalastinitstatus || nsds5replicalastupdateend || nsds5repli > calastupdatestart || nsds5replicalastupdatestatus || nsds5replicalegacyconsum > er || nsds5replicaname || nsds5replicaport || nsds5replicaprotocoltimeout || > nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5re > plicasessionpausetime || nsds5replicastripattrs || nsds5replicatedattributeli > st || nsds5replicatedattributelisttotal || nsds5replicatimeout || nsds5replic > atombstonepurgeinterval || nsds5replicatransportinfo || nsds5replicatype || n > sds5replicaupdateinprogress || nsds5replicaupdateschedule || nsds5task || nsd > s7directoryreplicasubtree || nsds7dirsynccookie || nsds7newwingroupsyncenable > d || nsds7newwinusersyncenabled || nsds7windowsdomain || nsds7windowsreplicas > ubtree || nsruvreplicalastmodified || nsstate || objectclass || onewaysync || > winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction || winsyncsub > treepair || winsyncwindowsfilter")(targetfilter = "(|(objectclass=nsds5Replic > a)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationA > greement)(objectClass=nsMappingTree))")(version 3.0;acl "permission:System: R > ead Replication Agreements";allow (compare,read,search) groupdn = "ldap:///cn > =System: Read Replication Agreements,cn=permissions,cn=pbac,dc=myproddomain,dc > =net";) > > # SNMP, config > dn: cn=SNMP,cn=config > aci: (target="ldap:///cn=SNMP,cn=config")(targetattr !="aci")(version 3.0;acl > "snmp";allow (read, search, compare)(userdn = "ldap:///anyone");) > > # tasks, config > dn: cn=tasks,cn=config > aci: (targetattr=*)(version 3.0; acl "Run tasks after replica re-initializatio > n"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permis > sions,cn=pbac,dc=myproddomain,dc=net";) > aci: (targetattr=*)(version 3.0; acl "cert manager: Run tasks after replica re > -initialization"; allow (add) userdn = "ldap:///uid=pkidbuser,ou= people,o=ip > aca";) > aci: (targetattr="*")(version 3.0; acl "Admin can read all tasks"; allow (read > , compare, search) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=myproddomain,dc=net";) > aci: (targetattr = "*")(target = "ldap:///cn=*,cn=automember rebuild membershi > p,cn=tasks,cn=config")(version 3.0;acl "permission:System: Read Automember Ta > sks";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Automembe > r Tasks,cn=permissions,cn=pbac,dc=myproddomain,dc=net";) > > # csusers, config > dn: ou=csusers,cn=config > aci: (targetattr != aci)(version 3.0; aci "cert manager manage replication use > rs"; allow (all) userdn = "ldap:///uid=pkidbuser,ou= people,o=ipaca";) > > # 1.3.6.1.4.1.4203.1.9.1.1, features, config > dn: oid=1.3.6.1.4.1.4203.1.9.1.1,cn=features,cn=config > aci: (targetattr != "aci")(version 3.0; acl "Sync Request Control"; allow( rea > d, search ) userdn = "ldap:///all";) > > # 2.16.840.1.113730.3.4.9, features, config > dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config > aci: (targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, > search, compare, proxy) userdn = "ldap:///anyone"; ) > > # dc\3Dmyproddomain\2Cdc\3Dnet, mapping tree, config > dn: cn=dc\3Dmyproddomain\2Cdc\3Dnet,cn=mapping tree,cn=config > aci: (targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";al > low (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn= > pbac,dc=myproddomain,dc=net";) > aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd > s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl > ass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreeme > nts"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Ag > reements,cn=permissions,cn=pbac,dc=myproddomain,dc=net";) > aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob > jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Rem > ove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Repli > cation Agreements,cn=permissions,cn=pbac,dc=myproddomain,dc=net";) > > # o\3Dipaca, mapping tree, config > dn: cn=o\3Dipaca,cn=mapping tree,cn=config > aci: (targetattr=*)(version 3.0;acl "cert manager: Add Replication Agreements" > ;allow (add) userdn = "ldap:///uid=pkidbuser,ou= people,o=ipaca";) > aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd > s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl > ass=nsMappingTree))")(version 3.0; acl "cert manager: Modify Replication Agre > ements"; allow (read, write, search) userdn = "ldap:///uid=pkidbuser,ou= peop > le,o=ipaca";) > aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob > jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "cert manager: > Remove Replication Agreements";allow (delete) userdn = "ldap:///uid=pkidbuser > ,ou= people,o=ipaca";) > > # ldbm database, plugins, config > dn: cn=ldbm database,cn=plugins,cn=config > aci: (targetattr=*)(version 3.0; acl "Cert Manager access for VLV searches"; a > llow (read) userdn="ldap:///uid=pkidbuser,ou= people,o=ipaca";) > > # Posix IDs, Distributed Numeric Assignment Plugin, plugins, config > dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config > aci: (targetattr=dnaNextRange || dnaNextValue || dnaMaxValue)(version 3.0;acl > "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA > Range,cn=permissions,cn=pbac,dc=myproddomain,dc=net";) > aci: (targetattr=cn || dnaMaxValue || dnaNextRange || dnaNextValue || dnaThre > shold || dnaType || objectclass)(version 3.0;acl "permission:Read DNA Range"; > allow (read, search, compare) groupdn = "ldap:///cn=Read DNA Range,cn=permiss > ions,cn=pbac,dc=myproddomain,dc=net";) > > # userRoot, ldbm database, plugins, config > dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config > aci: (targetattr=nsslapd-readonly)(version 3.0; acl "Allow marking the databas > e readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreement > s,cn=permissions,cn=pbac,dc=myproddomain,dc=net";) > > # search result > search: 2 > result: 0 Success > > # numResponses: 12 > # numEntries: 11 > > > -----Original Message----- > From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Nathan Peters > Sent: January-22-16 9:18 AM > To: Rich Megginson; freeipa-users at redhat.com > Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists > > [root at dc2-ipa-dev-nvan ~]# ldapsearch -D "cn=directory manager" -W -b "cn=config" "(aci=*)" aci Enter LDAP Password: > # extended LDIF > # > # LDAPv3 > # base with scope subtree > # filter: (aci=*) > # requesting: aci > # > > # config > dn: cn=config > aci: (targetattr != aci)(version 3.0; aci "cert manager read access"; allow (r ead, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) > aci: (target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")( targetattr=*)(version 3.0;acl "permission:Add Automember Rebuild Membership T ask";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task > ,cn=permissions,cn=pbac,dc=dev-mydomain,dc=net";) > aci: (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || ob jectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plu gins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configura tion";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Manager s Configuration,cn=permissions,cn=pbac,dc=dev-mydomain,dc=net";) > aci: (targetattr = "passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop, cn=plugins,cn=config")(version 3.0;acl "permission:Modify PassSync Managers C onfiguration";allow (write) groupdn = "ldap:///cn=Modify PassSync Managers Co > nfiguration,cn=permissions,cn=pbac,dc=dev-mydomain,dc=net";) > aci: (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || ns > slapd-directory* || objectclass")(target = "ldap:///cn=config,cn=ldbm databas e,cn=plugins,cn=config")(version 3.0;acl "permission:Read LDBM Database Confi guration";allow (compare,read,search) groupdn = "ldap:///cn=Read LDBM Databas e Configuration,cn=permissions,cn=pbac,dc=dev-mydomain,dc=net";) > aci: (version 3.0;acl "permission:Add Configuration Sub-Entries";allow (add) g roupdn = "ldap:///cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc= > dev-mydomain,dc=net";) > > # mapping tree, config > dn: cn=mapping tree,cn=config > aci: (target = "ldap:///cn=meTo($dn),cn=*,cn=mapping tree,cn=config")(targetat tr = "objectclass || cn")(version 3.0; acl "Allow hosts to read their replica tion agreements"; allow(read, search, compare) userdn = "ldap:///fqdn=($dn),c > n=computers,cn=accounts,dc=dev-mydomain,dc=net";) > > # SNMP, config > dn: cn=SNMP,cn=config > aci: (target="ldap:///cn=SNMP,cn=config")(targetattr !="aci")(version 3.0;acl "snmp";allow (read, search, compare)(userdn = "ldap:///anyone");) > > # tasks, config > dn: cn=tasks,cn=config > aci: (targetattr=*)(version 3.0; acl "Run tasks after replica re-initializatio n"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permis > sions,cn=pbac,dc=dev-mydomain,dc=net";) > aci: (targetattr=*)(version 3.0; acl "cert manager: Run tasks after replica re -initialization"; allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipa > ca";) > aci: (targetattr="*")(version 3.0; acl "Admin can read all tasks"; allow (read , compare, search) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=dev- > mydomain,dc=net";) > > # csusers, config > dn: ou=csusers,cn=config > aci: (targetattr != aci)(version 3.0; aci "cert manager manage replication use rs"; allow (all) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) > > # 1.3.6.1.4.1.4203.1.9.1.1, features, config > dn: oid=1.3.6.1.4.1.4203.1.9.1.1,cn=features,cn=config > aci: (targetattr != "aci")(version 3.0; acl "Sync Request Control"; allow( rea d, search ) userdn = "ldap:///all";) > > # 2.16.840.1.113730.3.4.9, features, config > dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config > aci: (targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, > search, compare, proxy) userdn = "ldap:///anyone"; ) > > # dc\3Ddev-mydomain\2Cdc\3Dnet, mapping tree, config > dn: cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config > aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob > jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Rem ove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Repli cation Agreements,cn=permissions,cn=pbac,dc=dev-mydomain,dc=net";) > > # o\3Dipaca, mapping tree, config > dn: cn=o\3Dipaca,cn=mapping tree,cn=config > aci: (targetattr=*)(version 3.0;acl "cert manager: Add Replication Agreements" > ;allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) > aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd > s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl > ass=nsMappingTree))")(version 3.0; acl "cert manager: Modify Replication Agre ements"; allow (read, write, search) userdn = "ldap:///uid=pkidbuser,ou=peopl > e,o=ipaca";) > aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob > jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "cert manager: > Remove Replication Agreements";allow (delete) userdn = "ldap:///uid=pkidbuser > ,ou=people,o=ipaca";) > > # ldbm database, plugins, config > dn: cn=ldbm database,cn=plugins,cn=config > aci: (targetattr=*)(version 3.0; acl "Cert Manager access for VLV searches"; a llow (read) userdn="ldap:///uid=pkidbuser,ou=people,o=ipaca";) > > # Posix IDs, Distributed Numeric Assignment Plugin, plugins, config > dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config > aci: (targetattr=dnaNextRange || dnaNextValue || dnaMaxValue)(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA > Range,cn=permissions,cn=pbac,dc=dev-mydomain,dc=net";) > aci: (targetattr=cn || dnaMaxValue || dnaNextRange || dnaNextValue || dnaThre shold || dnaType || objectclass)(version 3.0;acl "permission:Read DNA Range"; allow (read, search, compare) groupdn = "ldap:///cn=Read DNA Range,cn=permiss > ions,cn=pbac,dc=dev-mydomain,dc=net";) > > # userRoot, ldbm database, plugins, config > dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config > aci: (targetattr=nsslapd-readonly)(version 3.0; acl "Allow marking the databas e readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreement > s,cn=permissions,cn=pbac,dc=dev-mydomain,dc=net";) > > # search result > search: 2 > result: 0 Success > > # numResponses: 13 > # numEntries: 12 > > > > -----Original Message----- > From: Rich Megginson [mailto:rmeggins at redhat.com] > Sent: January-22-16 6:26 AM > To: Nathan Peters; freeipa-users at redhat.com > Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists > > On 01/21/2016 08:48 PM, Nathan Peters wrote: >> Here are the results for that aci search using a non gssapi bind by directory manager on the old master that we are attempting to join agains. I don't see anything in this list that would indicate that some users should or should not have access through a certain method. Unless one of those sasl config settings is doing it ? >> >> [root at dc2-ipa-dev-nvan ~]# ldapsearch -D "cn=directory manager" -W -b "cn=config" "(aci=*)" > You almost got it. You left out the most important part, at the end of the command, specifying the "aci" attribute: > https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Access_Control-Viewing_the_ACIs_for_an_Entry.html > > # ldapsearch -D "cn=directory manager" -W -b "cn=config" "(aci=*)" aci > > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project From firstyear at redhat.com Sat Jan 23 00:54:03 2016 From: firstyear at redhat.com (William Brown) Date: Sat, 23 Jan 2016 10:54:03 +1000 Subject: [Freeipa-users] Support status of additional OU's / acis in ipa ds Message-ID: <1453510443.6533.2.camel@redhat.com> Hi, I'm wondering about what the freeipa support policy is on adding an extra OU to the root of my domain, as well as my own acis. Will FreeIPA ignore this? Or will it potentially cause future issues?? IE adding ou=contacts,dc=ipa,dc=example,dc=com -- Sincerely, William Brown Software Engineer Red Hat, Brisbane -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: This is a digitally signed message part URL: From abokovoy at redhat.com Sat Jan 23 04:18:19 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Sat, 23 Jan 2016 06:18:19 +0200 Subject: [Freeipa-users] Support status of additional OU's / acis in ipa ds In-Reply-To: <1453510443.6533.2.camel@redhat.com> References: <1453510443.6533.2.camel@redhat.com> Message-ID: <20160123041819.GU4316@redhat.com> On Sat, 23 Jan 2016, William Brown wrote: >Hi, > >I'm wondering about what the freeipa support policy is on adding an >extra OU to the root of my domain, as well as my own acis. Will FreeIPA >ignore this? Or will it potentially cause future issues?? > >IE adding ou=contacts,dc=ipa,dc=example,dc=com There are currently no plans on introducing OUs. -- / Alexander Bokovoy From rcritten at redhat.com Sat Jan 23 14:55:23 2016 From: rcritten at redhat.com (Rob Crittenden) Date: Sat, 23 Jan 2016 09:55:23 -0500 Subject: [Freeipa-users] Support status of additional OU's / acis in ipa ds In-Reply-To: <20160123041819.GU4316@redhat.com> References: <1453510443.6533.2.camel@redhat.com> <20160123041819.GU4316@redhat.com> Message-ID: <56A3945B.1090400@redhat.com> Alexander Bokovoy wrote: > On Sat, 23 Jan 2016, William Brown wrote: >> Hi, >> >> I'm wondering about what the freeipa support policy is on adding an >> extra OU to the root of my domain, as well as my own acis. Will FreeIPA >> ignore this? Or will it potentially cause future issues? >> >> IE adding ou=contacts,dc=ipa,dc=example,dc=com > There are currently no plans on introducing OUs. > I think he just wants to add his own container as an OU. If that's the case then yeah, IPA shouldn't even notice it. No guarantee that this will be true forever. Similarly I think any acis on that dn will be ignored simply because IPA would have no reason to operate there. rob From firstyear at redhat.com Sat Jan 23 21:35:12 2016 From: firstyear at redhat.com (William Brown) Date: Sun, 24 Jan 2016 07:35:12 +1000 Subject: [Freeipa-users] Support status of additional OU's / acis in ipa ds In-Reply-To: <56A3945B.1090400@redhat.com> References: <1453510443.6533.2.camel@redhat.com> <20160123041819.GU4316@redhat.com> <56A3945B.1090400@redhat.com> Message-ID: <1453584912.6533.5.camel@redhat.com> On Sat, 2016-01-23 at 09:55 -0500, Rob Crittenden wrote: > Alexander Bokovoy wrote: > > On Sat, 23 Jan 2016, William Brown wrote: > > > Hi, > > > > > > I'm wondering about what the freeipa support policy is on adding > > > an > > > extra OU to the root of my domain, as well as my own acis. Will > > > FreeIPA > > > ignore this? Or will it potentially cause future issues?? > > > > > > IE adding ou=contacts,dc=ipa,dc=example,dc=com > > There are currently no plans on introducing OUs. > > > > I think he just wants to add his own container as an OU. If that's > the > case then yeah, IPA shouldn't even notice it. No guarantee that this > will be true forever. Similarly I think any acis on that dn will be > ignored simply because IPA would have no reason to operate there. > Yep, that is exactly what I want to do. I'll give it a go, and will just have to be careful and watch out on upgrades from now on then I guess.? -- Sincerely, William Brown Software Engineer Red Hat, Brisbane -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: This is a digitally signed message part URL: From gjn at gjn.priv.at Sat Jan 23 22:08:07 2016 From: gjn at gjn.priv.at (=?ISO-8859-1?Q?G=FCnther_J=2E?= Niederwimmer) Date: Sat, 23 Jan 2016 23:08:07 +0100 Subject: [Freeipa-users] Replica Error with freeIPA Centos 7.2 Message-ID: <1498162.qxHDUWiMKF@techz> Hello, I have installed freeIPA from a CentOS 7.2 with a replica Server, but I have on all two masters a Error. NSMMReplicationPlugin - replication keep alive entry already exists This Error i have all two Hours? Have any a Idea what I can change ? -- mit freundlichen Gr??en / best regards, G?nther J. Niederwimmer From Nathan.Peters at globalrelay.net Sun Jan 24 02:22:00 2016 From: Nathan.Peters at globalrelay.net (Nathan Peters) Date: Sun, 24 Jan 2016 02:22:00 +0000 Subject: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists In-Reply-To: <56A273A3.4010600@redhat.com> References: <569E9D5F.9070801@redhat.com> <569EC761.9090306@redhat.com> <569F5B19.50009@redhat.com> <569FE2EC.5080307@redhat.com> <56A0F93E.3000406@redhat.com> <56A23BDB.1020608@redhat.com> <56A273A3.4010600@redhat.com> Message-ID: I can now confirm that this is a 100% reproducible bug, and a pretty severe one at that. You should be able to reproduce this issue at will if you follow these steps. It may actually be possible with less servers and less steps, but here is what I did in a test lab today: 1. Create a brand new FreeIPA domain in CentOS 7.2 / FreeIPA 4.2.0 with 3 servers, dc1, dc2, dc3, replicating any way you want. 3. Use ipa-replica-manage del dc2.ipatestdomain.net, and then delete the server / vm / whatever you have it running on 3. Install Fedora 23 on the same IP address and hostname (dc2.ipatestdomain.net). Install FreeIPA server 4.2.3 from replica file created on CA master (dc1). Check aci on dc2. You will notice it's now missing a bunch of stuff. So basically, all it takes to lose that ACL is to create a Fedora FreeIPA server and join it to a CentOS domain. After I had upgraded all 3 to Fedora, that ACLS was lost permanently as it no longer existed on any server because there were no CentOS servers left. I'm assuming since this is so easy to reproduce, that you don't actually need my log files. ACL comparisons below for reference : 1. ACL on dc1 when its on FreeIPA 4.2.0 on CentOS 7.2 and the domain consists of only CentOS servers 2. ACL on dc1 when its still on FreeIPA 4.2.0 on CentOS 7.2 but there is now a Fedora 23 FreeIPA 4.2.3 server in the domain (for reference that the CentOS ACL hasn't changed yet) 3. ACL on dc2 when it's now a Fedora 23 FreeIPA 4.2.3 server created from a replica file made from dc1, the centOS 7.2 CA master(missing some stuff) 4. ACL on dc1 when it's now a Fedora 23 FreeIPA 4.2.3 server (now missing some stuff) ============================================================================ 1. ACL on dc1 when its on FreeIPA 4.2.0 on CentOS 7.2 and the domain consists of only CentOS servers ============================================================================ [root at dc1 ~]# ldapsearch -D "cn=directory manager" -W -b "cn=config" "(aci=*)" aci Enter LDAP Password: # extended LDIF # # LDAPv3 # base with scope subtree # filter: (aci=*) # requesting: aci # # config dn: cn=config aci: (targetattr != aci)(version 3.0; aci "cert manager read access"; allow (r ead, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) aci: (target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")( targetattr=*)(version 3.0;acl "permission:Add Automember Rebuild Membership T ask";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task ,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) aci: (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || ob jectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plu gins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configura tion";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Manager s Configuration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) aci: (targetattr = "passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop, cn=plugins,cn=config")(version 3.0;acl "permission:Modify PassSync Managers C onfiguration";allow (write) groupdn = "ldap:///cn=Modify PassSync Managers Co nfiguration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) aci: (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || ns slapd-directory* || objectclass")(target = "ldap:///cn=config,cn=ldbm databas e,cn=plugins,cn=config")(version 3.0;acl "permission:Read LDBM Database Confi guration";allow (compare,read,search) groupdn = "ldap:///cn=Read LDBM Databas e Configuration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) aci: (version 3.0;acl "permission:Add Configuration Sub-Entries";allow (add) g roupdn = "ldap:///cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc= ipatestdomain,dc=net";) aci: (targetattr = "cn || createtimestamp || description || entryusn || modify timestamp || nsds50ruv || nsds5beginreplicarefresh || nsds5debugreplicatimeou t || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || n sds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds 5replicabindmethod || nsds5replicabusywaittime || nsds5replicachangecount || nsds5replicachangessentsincestartup || nsds5replicacleanruv || nsds5replicacl eanruvnotified || nsds5replicacredentials || nsds5replicaenabled || nsds5repl icahost || nsds5replicaid || nsds5replicalastinitend || nsds5replicalastinits tart || nsds5replicalastinitstatus || nsds5replicalastupdateend || nsds5repli calastupdatestart || nsds5replicalastupdatestatus || nsds5replicalegacyconsum er || nsds5replicaname || nsds5replicaport || nsds5replicaprotocoltimeout || nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5re plicasessionpausetime || nsds5replicastripattrs || nsds5replicatedattributeli st || nsds5replicatedattributelisttotal || nsds5replicatimeout || nsds5replic atombstonepurgeinterval || nsds5replicatransportinfo || nsds5replicatype || n sds5replicaupdateinprogress || nsds5replicaupdateschedule || nsds5task || nsd s7directoryreplicasubtree || nsds7dirsynccookie || nsds7newwingroupsyncenable d || nsds7newwinusersyncenabled || nsds7windowsdomain || nsds7windowsreplicas ubtree || nsruvreplicalastmodified || nsstate || objectclass || onewaysync || winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction || winsyncsub treepair || winsyncwindowsfilter")(targetfilter = "(|(objectclass=nsds5Replic a)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationA greement)(objectClass=nsMappingTree))")(version 3.0;acl "permission:System: R ead Replication Agreements";allow (compare,read,search) groupdn = "ldap:///cn =System: Read Replication Agreements,cn=permissions,cn=pbac,dc=ipatestdomai n,dc=net";) # SNMP, config dn: cn=SNMP,cn=config aci: (target="ldap:///cn=SNMP,cn=config")(targetattr !="aci")(version 3.0;acl "snmp";allow (read, search, compare)(userdn = "ldap:///anyone");) # tasks, config dn: cn=tasks,cn=config aci: (targetattr=*)(version 3.0; acl "Run tasks after replica re-initializatio n"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permis sions,cn=pbac,dc=ipatestdomain,dc=net";) aci: (targetattr=*)(version 3.0; acl "cert manager: Run tasks after replica re -initialization"; allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipa ca";) aci: (targetattr="*")(version 3.0; acl "Admin can read all tasks"; allow (read , compare, search) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=grip atestdomain,dc=net";) aci: (targetattr = "*")(target = "ldap:///cn=*,cn=automember rebuild membershi p,cn=tasks,cn=config")(version 3.0;acl "permission:System: Read Automember Ta sks";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Automembe r Tasks,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) # csusers, config dn: ou=csusers,cn=config aci: (targetattr != aci)(version 3.0; aci "cert manager manage replication use rs"; allow (all) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) # 1.3.6.1.4.1.4203.1.9.1.1, features, config dn: oid=1.3.6.1.4.1.4203.1.9.1.1,cn=features,cn=config aci: (targetattr != "aci")(version 3.0; acl "Sync Request Control"; allow( rea d, search ) userdn = "ldap:///all";) # 2.16.840.1.113730.3.4.9, features, config dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config aci: (targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; ) # dc\3Dipatestdomain\2Cdc\3Dnet, mapping tree, config dn: cn=dc\3Dipatestdomain\2Cdc\3Dnet,cn=mapping tree,cn=config aci: (targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";al low (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn= pbac,dc=ipatestdomain,dc=net";) aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl ass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreeme nts"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Ag reements,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Rem ove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Repli cation Agreements,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) # o\3Dipaca, mapping tree, config dn: cn=o\3Dipaca,cn=mapping tree,cn=config aci: (targetattr=*)(version 3.0;acl "cert manager: Add Replication Agreements" ;allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl ass=nsMappingTree))")(version 3.0; acl "cert manager: Modify Replication Agre ements"; allow (read, write, search) userdn = "ldap:///uid=pkidbuser,ou=peopl e,o=ipaca";) aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "cert manager: Remove Replication Agreements";allow (delete) userdn = "ldap:///uid=pkidbuser ,ou=people,o=ipaca";) # ldbm database, plugins, config dn: cn=ldbm database,cn=plugins,cn=config aci: (targetattr=*)(version 3.0; acl "Cert Manager access for VLV searches"; a llow (read) userdn="ldap:///uid=pkidbuser,ou=people,o=ipaca";) # Posix IDs, Distributed Numeric Assignment Plugin, plugins, config dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config aci: (targetattr=dnaNextRange || dnaNextValue || dnaMaxValue)(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) aci: (targetattr=cn || dnaMaxValue || dnaNextRange || dnaNextValue || dnaThre shold || dnaType || objectclass)(version 3.0;acl "permission:Read DNA Range"; allow (read, search, compare) groupdn = "ldap:///cn=Read DNA Range,cn=permiss ions,cn=pbac,dc=ipatestdomain,dc=net";) # userRoot, ldbm database, plugins, config dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config aci: (targetattr=nsslapd-readonly)(version 3.0; acl "Allow marking the databas e readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreement s,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) # search result search: 2 result: 0 Success # numResponses: 12 # numEntries: 11 ============================================================================ 2. ACL on dc1 when its still on FreeIPA 4.2.0 on CentOS 7.2 but there is now a Fedora 23 FreeIPA 4.2.3 server in the domain (for reference that the CentOS ACL hasn't changed yet) ============================================================================ ================ after reinstallation of dc2 in fedora 23 / ipa 4.2.3 ========================= [root at dc1 ~]# ldapsearch -b "cn=config" -D "uid=admin,cn=users,cn=accounts,dc=ipatestdomain,dc=net" -W Enter LDAP Password: # config dn: cn=config aci: (targetattr != aci)(version 3.0; aci "cert manager read access"; allow (r ead, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) aci: (target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")( targetattr=*)(version 3.0;acl "permission:Add Automember Rebuild Membership T ask";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task ,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) aci: (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || ob jectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plu gins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configura tion";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Manager s Configuration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) aci: (targetattr = "passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop, cn=plugins,cn=config")(version 3.0;acl "permission:Modify PassSync Managers C onfiguration";allow (write) groupdn = "ldap:///cn=Modify PassSync Managers Co nfiguration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) aci: (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || ns slapd-directory* || objectclass")(target = "ldap:///cn=config,cn=ldbm databas e,cn=plugins,cn=config")(version 3.0;acl "permission:Read LDBM Database Confi guration";allow (compare,read,search) groupdn = "ldap:///cn=Read LDBM Databas e Configuration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) aci: (version 3.0;acl "permission:Add Configuration Sub-Entries";allow (add) g roupdn = "ldap:///cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc= ipatestdomain,dc=net";) aci: (targetattr = "cn || createtimestamp || description || entryusn || modify timestamp || nsds50ruv || nsds5beginreplicarefresh || nsds5debugreplicatimeou t || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || n sds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds 5replicabindmethod || nsds5replicabusywaittime || nsds5replicachangecount || nsds5replicachangessentsincestartup || nsds5replicacleanruv || nsds5replicacl eanruvnotified || nsds5replicacredentials || nsds5replicaenabled || nsds5repl icahost || nsds5replicaid || nsds5replicalastinitend || nsds5replicalastinits tart || nsds5replicalastinitstatus || nsds5replicalastupdateend || nsds5repli calastupdatestart || nsds5replicalastupdatestatus || nsds5replicalegacyconsum er || nsds5replicaname || nsds5replicaport || nsds5replicaprotocoltimeout || nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5re plicasessionpausetime || nsds5replicastripattrs || nsds5replicatedattributeli st || nsds5replicatedattributelisttotal || nsds5replicatimeout || nsds5replic atombstonepurgeinterval || nsds5replicatransportinfo || nsds5replicatype || n sds5replicaupdateinprogress || nsds5replicaupdateschedule || nsds5task || nsd s7directoryreplicasubtree || nsds7dirsynccookie || nsds7newwingroupsyncenable d || nsds7newwinusersyncenabled || nsds7windowsdomain || nsds7windowsreplicas ubtree || nsruvreplicalastmodified || nsstate || objectclass || onewaysync || winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction || winsyncsub treepair || winsyncwindowsfilter")(targetfilter = "(|(objectclass=nsds5Replic a)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationA greement)(objectClass=nsMappingTree))")(version 3.0;acl "permission:System: R ead Replication Agreements";allow (compare,read,search) groupdn = "ldap:///cn =System: Read Replication Agreements,cn=permissions,cn=pbac,dc=ipatestdomai n,dc=net";) # SNMP, config dn: cn=SNMP,cn=config aci: (target="ldap:///cn=SNMP,cn=config")(targetattr !="aci")(version 3.0;acl "snmp";allow (read, search, compare)(userdn = "ldap:///anyone");) # tasks, config dn: cn=tasks,cn=config aci: (targetattr=*)(version 3.0; acl "Run tasks after replica re-initializatio n"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permis sions,cn=pbac,dc=ipatestdomain,dc=net";) aci: (targetattr=*)(version 3.0; acl "cert manager: Run tasks after replica re -initialization"; allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipa ca";) aci: (targetattr="*")(version 3.0; acl "Admin can read all tasks"; allow (read , compare, search) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=grip atestdomain,dc=net";) aci: (targetattr = "*")(target = "ldap:///cn=*,cn=automember rebuild membershi p,cn=tasks,cn=config")(version 3.0;acl "permission:System: Read Automember Ta sks";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Automembe r Tasks,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) # csusers, config dn: ou=csusers,cn=config aci: (targetattr != aci)(version 3.0; aci "cert manager manage replication use rs"; allow (all) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) # 1.3.6.1.4.1.4203.1.9.1.1, features, config dn: oid=1.3.6.1.4.1.4203.1.9.1.1,cn=features,cn=config aci: (targetattr != "aci")(version 3.0; acl "Sync Request Control"; allow( rea d, search ) userdn = "ldap:///all";) # 2.16.840.1.113730.3.4.9, features, config dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config aci: (targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; ) # dc\3Dipatestdomain\2Cdc\3Dnet, mapping tree, config dn: cn=dc\3Dipatestdomain\2Cdc\3Dnet,cn=mapping tree,cn=config aci: (targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";al low (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn= pbac,dc=ipatestdomain,dc=net";) aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl ass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreeme nts"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Ag reements,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Rem ove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Repli cation Agreements,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) # o\3Dipaca, mapping tree, config dn: cn=o\3Dipaca,cn=mapping tree,cn=config aci: (targetattr=*)(version 3.0;acl "cert manager: Add Replication Agreements" ;allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl ass=nsMappingTree))")(version 3.0; acl "cert manager: Modify Replication Agre ements"; allow (read, write, search) userdn = "ldap:///uid=pkidbuser,ou=peopl e,o=ipaca";) aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "cert manager: Remove Replication Agreements";allow (delete) userdn = "ldap:///uid=pkidbuser ,ou=people,o=ipaca";) # ldbm database, plugins, config dn: cn=ldbm database,cn=plugins,cn=config aci: (targetattr=*)(version 3.0; acl "Cert Manager access for VLV searches"; a llow (read) userdn="ldap:///uid=pkidbuser,ou=people,o=ipaca";) # Posix IDs, Distributed Numeric Assignment Plugin, plugins, config dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config aci: (targetattr=dnaNextRange || dnaNextValue || dnaMaxValue)(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) aci: (targetattr=cn || dnaMaxValue || dnaNextRange || dnaNextValue || dnaThre shold || dnaType || objectclass)(version 3.0;acl "permission:Read DNA Range"; allow (read, search, compare) groupdn = "ldap:///cn=Read DNA Range,cn=permiss ions,cn=pbac,dc=ipatestdomain,dc=net";) # userRoot, ldbm database, plugins, config dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config aci: (targetattr=nsslapd-readonly)(version 3.0; acl "Allow marking the databas e readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreement s,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) # search result search: 2 result: 0 Success # numResponses: 12 # numEntries: 11 ============================================================================ 3. ACL on dc2 when it's now a Fedora 23 FreeIPA 4.2.3 server and the replica file was made from dc1 which is a CentOS server that still has the acls(missing some stuff) ============================================================================ aci list on dc2 [root at dc2 ~]# ldapsearch -D "cn=directory manager" -W -b "cn=config" "(aci=*)" aci Enter LDAP Password: # extended LDIF # # LDAPv3 # base with scope subtree # filter: (aci=*) # requesting: aci # # config dn: cn=config aci: (targetattr != aci)(version 3.0; aci "cert manager read access"; allow (r ead, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) aci: (target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")( targetattr=*)(version 3.0;acl "permission:Add Automember Rebuild Membership T ask";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task ,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) aci: (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || ob jectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plu gins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configura tion";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Manager s Configuration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) aci: (targetattr = "passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop, cn=plugins,cn=config")(version 3.0;acl "permission:Modify PassSync Managers C onfiguration";allow (write) groupdn = "ldap:///cn=Modify PassSync Managers Co nfiguration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) aci: (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || ns slapd-directory* || objectclass")(target = "ldap:///cn=config,cn=ldbm databas e,cn=plugins,cn=config")(version 3.0;acl "permission:Read LDBM Database Confi guration";allow (compare,read,search) groupdn = "ldap:///cn=Read LDBM Databas e Configuration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) aci: (version 3.0;acl "permission:Add Configuration Sub-Entries";allow (add) g roupdn = "ldap:///cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc= ipatestdomain,dc=net";) # SNMP, config dn: cn=SNMP,cn=config aci: (target="ldap:///cn=SNMP,cn=config")(targetattr !="aci")(version 3.0;acl "snmp";allow (read, search, compare)(userdn = "ldap:///anyone");) # tasks, config dn: cn=tasks,cn=config aci: (targetattr=*)(version 3.0; acl "Run tasks after replica re-initializatio n"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permis sions,cn=pbac,dc=ipatestdomain,dc=net";) aci: (targetattr=*)(version 3.0; acl "cert manager: Run tasks after replica re -initialization"; allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipa ca";) aci: (targetattr="*")(version 3.0; acl "Admin can read all tasks"; allow (read , compare, search) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=grip atestdomain,dc=net";) # csusers, config dn: ou=csusers,cn=config aci: (targetattr != aci)(version 3.0; aci "cert manager manage replication use rs"; allow (all) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) # 1.3.6.1.4.1.4203.1.9.1.1, features, config dn: oid=1.3.6.1.4.1.4203.1.9.1.1,cn=features,cn=config aci: (targetattr != "aci")(version 3.0; acl "Sync Request Control"; allow( rea d, search ) userdn = "ldap:///all";) # 2.16.840.1.113730.3.4.9, features, config dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config aci: (targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; ) # dc\3Dipatestdomain\2Cdc\3Dnet, mapping tree, config dn: cn=dc\3Dipatestdomain\2Cdc\3Dnet,cn=mapping tree,cn=config aci: (targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";al low (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn= pbac,dc=ipatestdomain,dc=net";) aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl ass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreeme nts"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Ag reements,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Rem ove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Repli cation Agreements,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) # o\3Dipaca, mapping tree, config dn: cn=o\3Dipaca,cn=mapping tree,cn=config aci: (targetattr=*)(version 3.0;acl "cert manager: Add Replication Agreements" ;allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl ass=nsMappingTree))")(version 3.0; acl "cert manager: Modify Replication Agre ements"; allow (read, write, search) userdn = "ldap:///uid=pkidbuser,ou=peopl e,o=ipaca";) aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "cert manager: Remove Replication Agreements";allow (delete) userdn = "ldap:///uid=pkidbuser ,ou=people,o=ipaca";) # ldbm database, plugins, config dn: cn=ldbm database,cn=plugins,cn=config aci: (targetattr=*)(version 3.0; acl "Cert Manager access for VLV searches"; a llow (read) userdn="ldap:///uid=pkidbuser,ou=people,o=ipaca";) # Posix IDs, Distributed Numeric Assignment Plugin, plugins, config dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config aci: (targetattr=dnaNextRange || dnaNextValue || dnaMaxValue)(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) aci: (targetattr=cn || dnaMaxValue || dnaNextRange || dnaNextValue || dnaThre shold || dnaType || objectclass)(version 3.0;acl "permission:Read DNA Range"; allow (read, search, compare) groupdn = "ldap:///cn=Read DNA Range,cn=permiss ions,cn=pbac,dc=ipatestdomain,dc=net";) # userRoot, ldbm database, plugins, config dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config aci: (targetattr=nsslapd-readonly)(version 3.0; acl "Allow marking the databas e readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreement s,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) # search result search: 2 result: 0 Success # numResponses: 12 # numEntries: 11 ============================================================================ 4. ACL on dc1 when it's now a Fedora 23 FreeIPA 4.2.3 server (now missing some stuff) ============================================================================ [root at dc1 yum.repos.d]# ldapsearch -D "cn=directory manager" -W -b "cn=config" "(aci=*)" aci Enter LDAP Password: # extended LDIF # # LDAPv3 # base with scope subtree # filter: (aci=*) # requesting: aci # # config dn: cn=config aci: (targetattr != aci)(version 3.0; aci "cert manager read access"; allow (r ead, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) aci: (target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")( targetattr=*)(version 3.0;acl "permission:Add Automember Rebuild Membership T ask";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task ,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) aci: (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || ob jectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plu gins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configura tion";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Manager s Configuration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) aci: (targetattr = "passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop, cn=plugins,cn=config")(version 3.0;acl "permission:Modify PassSync Managers C onfiguration";allow (write) groupdn = "ldap:///cn=Modify PassSync Managers Co nfiguration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) aci: (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || ns slapd-directory* || objectclass")(target = "ldap:///cn=config,cn=ldbm databas e,cn=plugins,cn=config")(version 3.0;acl "permission:Read LDBM Database Confi guration";allow (compare,read,search) groupdn = "ldap:///cn=Read LDBM Databas e Configuration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) aci: (version 3.0;acl "permission:Add Configuration Sub-Entries";allow (add) g roupdn = "ldap:///cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc= ipatestdomain,dc=net";) # SNMP, config dn: cn=SNMP,cn=config aci: (target="ldap:///cn=SNMP,cn=config")(targetattr !="aci")(version 3.0;acl "snmp";allow (read, search, compare)(userdn = "ldap:///anyone");) # tasks, config dn: cn=tasks,cn=config aci: (targetattr=*)(version 3.0; acl "Run tasks after replica re-initializatio n"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permis sions,cn=pbac,dc=ipatestdomain,dc=net";) aci: (targetattr=*)(version 3.0; acl "cert manager: Run tasks after replica re -initialization"; allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipa ca";) aci: (targetattr="*")(version 3.0; acl "Admin can read all tasks"; allow (read , compare, search) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=grip atestdomain,dc=net";) # csusers, config dn: ou=csusers,cn=config aci: (targetattr != aci)(version 3.0; aci "cert manager manage replication use rs"; allow (all) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) # 1.3.6.1.4.1.4203.1.9.1.1, features, config dn: oid=1.3.6.1.4.1.4203.1.9.1.1,cn=features,cn=config aci: (targetattr != "aci")(version 3.0; acl "Sync Request Control"; allow( rea d, search ) userdn = "ldap:///all";) # 2.16.840.1.113730.3.4.9, features, config dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config aci: (targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; ) # dc\3Dipatestdomain\2Cdc\3Dnet, mapping tree, config dn: cn=dc\3Dipatestdomain\2Cdc\3Dnet,cn=mapping tree,cn=config aci: (targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";al low (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn= pbac,dc=ipatestdomain,dc=net";) aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl ass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreeme nts"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Ag reements,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Rem ove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Repli cation Agreements,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) # o\3Dipaca, mapping tree, config dn: cn=o\3Dipaca,cn=mapping tree,cn=config aci: (targetattr=*)(version 3.0;acl "cert manager: Add Replication Agreements" ;allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl ass=nsMappingTree))")(version 3.0; acl "cert manager: Modify Replication Agre ements"; allow (read, write, search) userdn = "ldap:///uid=pkidbuser,ou=peopl e,o=ipaca";) aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "cert manager: Remove Replication Agreements";allow (delete) userdn = "ldap:///uid=pkidbuser ,ou=people,o=ipaca";) # ldbm database, plugins, config dn: cn=ldbm database,cn=plugins,cn=config aci: (targetattr=*)(version 3.0; acl "Cert Manager access for VLV searches"; a llow (read) userdn="ldap:///uid=pkidbuser,ou=people,o=ipaca";) # Posix IDs, Distributed Numeric Assignment Plugin, plugins, config dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config aci: (targetattr=dnaNextRange || dnaNextValue || dnaMaxValue)(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) aci: (targetattr=cn || dnaMaxValue || dnaNextRange || dnaNextValue || dnaThre shold || dnaType || objectclass)(version 3.0;acl "permission:Read DNA Range"; allow (read, search, compare) groupdn = "ldap:///cn=Read DNA Range,cn=permiss ions,cn=pbac,dc=ipatestdomain,dc=net";) # userRoot, ldbm database, plugins, config dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config aci: (targetattr=nsslapd-readonly)(version 3.0; acl "Allow marking the databas e readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreement s,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) # search result search: 2 result: 0 Success # numResponses: 12 # numEntries: 11 -----Original Message----- From: Rich Megginson [mailto:rmeggins at redhat.com] Sent: January-22-16 10:24 AM To: Nathan Peters; freeipa-users at redhat.com Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists On 01/22/2016 11:04 AM, Nathan Peters wrote: > Wow, strange stuff, the search I linked in the last email for our non working dev environment seems short some entries. > > For comparison, here is the same search run against our currently working prod environment. > > As you can see, our prod environment has a huge aci on the config tree. > > For reference, our prod and dev environments were identical (FreeIPA 4.1.4/CentOS7.1) before I updated our dev environment to CentOS7.2/FreeIPA4.2.0 -> Fedora23/FreeIPA4.2.3 -> Fedora23/FreeIPA4.3.0. So at some point during this upgrade process I assume maybe one of the installers deleted acis on our tree? That sounds like the kind of thing that would happen when introducing the new domain level functionality in 4.3, like if someone accidentally thought "oh this replica branch is now in a globally replicated section, we can remove these acis for this local stuff..." and then put that logic into the installer or something... > > The real question is, is there some good way of getting those aci's back, like a fixaci command? I don't know. From rob.verduijn at gmail.com Sun Jan 24 11:00:30 2016 From: rob.verduijn at gmail.com (Rob Verduijn) Date: Sun, 24 Jan 2016 12:00:30 +0100 Subject: [Freeipa-users] Default shell for AD-domain accounts Message-ID: Hello, I'm trying to get an ipa server to trust a microsoft AD-domain. So far I've managed to get the trust to work and I can login with an active directory user on the ipa clients. Now I see the default shell is set to /bin/sh. Since the preffered shel is bash for me I wish to change this. It doesn't help to set this in the ipa server config since these accounts are external ms accounts. In the goog old days we used to have posix attributes schemas in the AD one of them being the shell. Sadly this is a thing of the past. https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/ex.sssd-ad-posix.html How do I define a new default shell for all ms-AD accounts in ipa ? Cheers Rob Verduijn From abokovoy at redhat.com Sun Jan 24 14:40:43 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Sun, 24 Jan 2016 16:40:43 +0200 Subject: [Freeipa-users] Default shell for AD-domain accounts In-Reply-To: References: Message-ID: <20160124144043.GW4316@redhat.com> On Sun, 24 Jan 2016, Rob Verduijn wrote: >Hello, > >I'm trying to get an ipa server to trust a microsoft AD-domain. > >So far I've managed to get the trust to work and I can login with an >active directory user on the ipa clients. > >Now I see the default shell is set to /bin/sh. >Since the preffered shel is bash for me I wish to change this. >It doesn't help to set this in the ipa server config since these >accounts are external ms accounts. > >In the goog old days we used to have posix attributes schemas in the >AD one of them being the shell. > >Sadly this is a thing of the past. >https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/ex.sssd-ad-posix.html > >How do I define a new default shell for all ms-AD accounts in ipa ? You can use ID overrides per user to add shell override. We don't have templated overrides, though, so these are individual, per user. -- / Alexander Bokovoy From abokovoy at redhat.com Sun Jan 24 14:42:05 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Sun, 24 Jan 2016 16:42:05 +0200 Subject: [Freeipa-users] Support status of additional OU's / acis in ipa ds In-Reply-To: <1453584912.6533.5.camel@redhat.com> References: <1453510443.6533.2.camel@redhat.com> <20160123041819.GU4316@redhat.com> <56A3945B.1090400@redhat.com> <1453584912.6533.5.camel@redhat.com> Message-ID: <20160124144205.GX4316@redhat.com> On Sun, 24 Jan 2016, William Brown wrote: >On Sat, 2016-01-23 at 09:55 -0500, Rob Crittenden wrote: >> Alexander Bokovoy wrote: >> > On Sat, 23 Jan 2016, William Brown wrote: >> > > Hi, >> > > >> > > I'm wondering about what the freeipa support policy is on adding >> > > an >> > > extra OU to the root of my domain, as well as my own acis. Will >> > > FreeIPA >> > > ignore this? Or will it potentially cause future issues?? >> > > >> > > IE adding ou=contacts,dc=ipa,dc=example,dc=com >> > There are currently no plans on introducing OUs. >> > >> >> I think he just wants to add his own container as an OU. If that's >> the >> case then yeah, IPA shouldn't even notice it. No guarantee that this >> will be true forever. Similarly I think any acis on that dn will be >> ignored simply because IPA would have no reason to operate there. >> > >Yep, that is exactly what I want to do. > >I'll give it a go, and will just have to be careful and watch out on >upgrades from now on then I guess.? Yep. I was a bit concise in my response but that's our reality -- we don't plan to have OUs yet so there is nothing we can guarantee on both being able to cause issues and not being able to cause issues. -- / Alexander Bokovoy From rob.verduijn at gmail.com Sun Jan 24 14:59:35 2016 From: rob.verduijn at gmail.com (Rob Verduijn) Date: Sun, 24 Jan 2016 15:59:35 +0100 Subject: [Freeipa-users] Default shell for AD-domain accounts In-Reply-To: <20160124144043.GW4316@redhat.com> References: <20160124144043.GW4316@redhat.com> Message-ID: Doing this on a per user basis is nice when you have only a few users. Since I expect this to become a source of frustration in the future for new users., is there any way to automate this with a workaround ? ie somehow pull the groups from the ad and automagically create the user view override ? Cheers Rob Verduijn 2016-01-24 15:40 GMT+01:00 Alexander Bokovoy : > On Sun, 24 Jan 2016, Rob Verduijn wrote: >> >> Hello, >> >> I'm trying to get an ipa server to trust a microsoft AD-domain. >> >> So far I've managed to get the trust to work and I can login with an >> active directory user on the ipa clients. >> >> Now I see the default shell is set to /bin/sh. >> Since the preffered shel is bash for me I wish to change this. >> It doesn't help to set this in the ipa server config since these >> accounts are external ms accounts. >> >> In the goog old days we used to have posix attributes schemas in the >> AD one of them being the shell. >> >> Sadly this is a thing of the past. >> >> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/ex.sssd-ad-posix.html >> >> How do I define a new default shell for all ms-AD accounts in ipa ? > > You can use ID overrides per user to add shell override. > > We don't have templated overrides, though, so these are individual, per > user. > -- > / Alexander Bokovoy From jhrozek at redhat.com Sun Jan 24 15:02:59 2016 From: jhrozek at redhat.com (Jakub Hrozek) Date: Sun, 24 Jan 2016 16:02:59 +0100 Subject: [Freeipa-users] Default shell for AD-domain accounts In-Reply-To: References: Message-ID: > On 24 Jan 2016, at 12:00, Rob Verduijn wrote: > > Hello, > > I'm trying to get an ipa server to trust a microsoft AD-domain. > > So far I've managed to get the trust to work and I can login with an > active directory user on the ipa clients. > > Now I see the default shell is set to /bin/sh. > Since the preffered shel is bash for me I wish to change this. > It doesn't help to set this in the ipa server config since these > accounts are external ms accounts. > > In the goog old days we used to have posix attributes schemas in the > AD one of them being the shell. > > Sadly this is a thing of the past. ~~~~~~~~~~~~ Are you referring to IMU being deprecated? IIRC the attributes should work..even though MS is deprecating the UI.. Alternatively, since the clients read the ID info via the server, overrinding the shell in IPA server's sssd.conf should work as well. > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/ex.sssd-ad-posix.html > > How do I define a new default shell for all ms-AD accounts in ipa ? > > Cheers > Rob Verduijn > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project From rob.verduijn at gmail.com Sun Jan 24 19:03:09 2016 From: rob.verduijn at gmail.com (Rob Verduijn) Date: Sun, 24 Jan 2016 20:03:09 +0100 Subject: [Freeipa-users] Default shell for AD-domain accounts In-Reply-To: References: Message-ID: Hi, Hmmmm microsoft removes the UI, but leaves the schema extension. Does not really make sense, but after some googling this does seem to be the case. Your comment made me check google with some different keywords and I found that there was this irritation that was solved by somebody. (at microsoft) http://blogs.technet.com/b/sfu/archive/2013/07/08/ldap-calls-made-from-the-unix-client-query-incorrect-login-shell.aspx That explains why modifying the loginShell attribute did not work. I put the 'ldap_user_shell=msSFU30LoginShell' in the [domain/ipadomain] section from sssd.conf. This is required I guess on all ipa-clients that AD-accounts get access to. And now all users seem to get the /bin/bash that can be set in the AD-user attribute loginShell ( glad to see the keep their camel case in sync everywhere in the AD ) Thanks for thinking along on this one. Rob Verduijn 2016-01-24 16:02 GMT+01:00 Jakub Hrozek : > >> On 24 Jan 2016, at 12:00, Rob Verduijn wrote: >> >> Hello, >> >> I'm trying to get an ipa server to trust a microsoft AD-domain. >> >> So far I've managed to get the trust to work and I can login with an >> active directory user on the ipa clients. >> >> Now I see the default shell is set to /bin/sh. >> Since the preffered shel is bash for me I wish to change this. >> It doesn't help to set this in the ipa server config since these >> accounts are external ms accounts. >> >> In the goog old days we used to have posix attributes schemas in the >> AD one of them being the shell. >> >> Sadly this is a thing of the past. > ~~~~~~~~~~~~ > > Are you referring to IMU being deprecated? IIRC the attributes should work..even though MS is deprecating the UI.. > > Alternatively, since the clients read the ID info via the server, overrinding the shell in IPA server's sssd.conf should work as well. > >> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/ex.sssd-ad-posix.html >> >> How do I define a new default shell for all ms-AD accounts in ipa ? >> >> Cheers >> Rob Verduijn >> >> -- >> Manage your subscription for the Freeipa-users mailing list: >> https://www.redhat.com/mailman/listinfo/freeipa-users >> Go to http://freeipa.org for more info on the project > From peter at pakos.pl Sun Jan 24 22:19:02 2016 From: peter at pakos.pl (Peter Pakos) Date: Sun, 24 Jan 2016 22:19:02 +0000 Subject: [Freeipa-users] Using 3rd party certificates for HTTP/LDAP In-Reply-To: <569C9F3C.8010504@redhat.com> References: <56782C27.3000102@pakos.pl> <568A6921.6000708@redhat.com> <5697E464.5040907@pakos.pl> <5697EE18.1090406@redhat.com> <56981097.4070501@pakos.pl> <56990A77.3020000@redhat.com> <56990D65.405@pakos.pl> <56991675.5010405@redhat.com> <56991F9E.9050104@pakos.pl> <569C9D45.1070209@redhat.com> <569C9F3C.8010504@redhat.com> Message-ID: <56A54DD6.4090909@pakos.pl> Hi, I now have 3rd party SSL certificate successfully installed for LDAP and HTTP but I'm having issues with joining new clients to FreeIPA servers. When I run "ipa-client-install --mkhomedir" on Centos 6 machine I get the following error: "Joining realm failed: libcurl failed to execute the HTTP POST transaction. Peer certificate cannot be authenticated with known CA certificates" /var/log/ipaclient-install.log shows: "2016-01-24T22:06:26Z ERROR Joining realm failed: libcurl failed to execute the HTTP POST transaction. Peer certificate cannot be authenticated with known CA certificates" I was under the impression that the 3rd party certificate's chain will be included in the CA certificate that the client gets from the servers and that it will successfully join the realm. I specified the root certificate using --ca-cert-file= option and the install completed OK but is this really necessary? I do hope there is a better solution. Many thanks. -- Kind regards, Peter Pakos From wdh at dds.nl Mon Jan 25 07:17:23 2016 From: wdh at dds.nl (Winfried de Heiden) Date: Mon, 25 Jan 2016 08:17:23 +0100 Subject: [Freeipa-users] IPA KDC Proxy In-Reply-To: <56A20D14.8050800@redhat.com> References: <56A203AB.6090509@dds.nl> <1607578959.16647901.1453460238287.JavaMail.zimbra@redhat.com> <56A20D14.8050800@redhat.com> Message-ID: <56A5CC03.8040104@dds.nl> An HTML attachment was scrubbed... URL: From abokovoy at redhat.com Mon Jan 25 07:36:46 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Mon, 25 Jan 2016 02:36:46 -0500 (EST) Subject: [Freeipa-users] IPA KDC Proxy In-Reply-To: <56A5CC03.8040104@dds.nl> References: <56A203AB.6090509@dds.nl> <1607578959.16647901.1453460238287.JavaMail.zimbra@redhat.com> <56A20D14.8050800@redhat.com> <56A5CC03.8040104@dds.nl> Message-ID: <1541501118.17334483.1453707406201.JavaMail.zimbra@redhat.com> ----- Original Message ----- > Great, > > Changing > > /etc/ipa/kdcproxy/kdcproxy.conf > [global] > configs = mit > use_dns = false > > to > > # cat /etc/ipa/kdcproxy/kdcproxy.conf > [global] > configs = mit > use_dns = true > > along with adding the windows realm to krb5.conf on the clients did the > trick; I am able to obtain aan AD TGT ticket by using the KDC proxy > > Is there a special reason why "use_dns = false" was used in kdcproxy.conf? Yes -- it allows to explicitly control what gets proxied, with no surprises. > Will this work on CentosOS /RHEL 6 as well? No. RHEL 6.x libkrb5 has no support for KDC proxy and it is non-trivial to backport. -- / Alexander Bokovoy From jhrozek at redhat.com Mon Jan 25 08:24:08 2016 From: jhrozek at redhat.com (Jakub Hrozek) Date: Mon, 25 Jan 2016 09:24:08 +0100 Subject: [Freeipa-users] Default shell for AD-domain accounts In-Reply-To: References: Message-ID: <20160125082408.GA5872@hendrix.arn.redhat.com> On Sun, Jan 24, 2016 at 08:03:09PM +0100, Rob Verduijn wrote: > Hi, > > Hmmmm microsoft removes the UI, but leaves the schema extension. > Does not really make sense, but after some googling this does seem to > be the case. > > Your comment made me check google with some different keywords and I > found that there was this irritation that was solved by somebody. (at > microsoft) > > http://blogs.technet.com/b/sfu/archive/2013/07/08/ldap-calls-made-from-the-unix-client-query-incorrect-login-shell.aspx > > That explains why modifying the loginShell attribute did not work. > > I put the 'ldap_user_shell=msSFU30LoginShell' in the > [domain/ipadomain] section from sssd.conf. > This is required I guess on all ipa-clients that AD-accounts get access to. Hmm, is this really required? The thing is that the IPA clients get their information through an extended operation and it's the SSSD on the IPA server that does the heavy lifting and just passes the info to the clients. I'll try to find some time later to test this.. > > And now all users seem to get the /bin/bash that can be set in the > AD-user attribute loginShell > > ( glad to see the keep their camel case in sync everywhere in the AD ) > > Thanks for thinking along on this one. > Rob Verduijn > > 2016-01-24 16:02 GMT+01:00 Jakub Hrozek : > > > >> On 24 Jan 2016, at 12:00, Rob Verduijn wrote: > >> > >> Hello, > >> > >> I'm trying to get an ipa server to trust a microsoft AD-domain. > >> > >> So far I've managed to get the trust to work and I can login with an > >> active directory user on the ipa clients. > >> > >> Now I see the default shell is set to /bin/sh. > >> Since the preffered shel is bash for me I wish to change this. > >> It doesn't help to set this in the ipa server config since these > >> accounts are external ms accounts. > >> > >> In the goog old days we used to have posix attributes schemas in the > >> AD one of them being the shell. > >> > >> Sadly this is a thing of the past. > > ~~~~~~~~~~~~ > > > > Are you referring to IMU being deprecated? IIRC the attributes should work..even though MS is deprecating the UI.. > > > > Alternatively, since the clients read the ID info via the server, overrinding the shell in IPA server's sssd.conf should work as well. > > > >> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/ex.sssd-ad-posix.html > >> > >> How do I define a new default shell for all ms-AD accounts in ipa ? > >> > >> Cheers > >> Rob Verduijn > >> > >> -- > >> Manage your subscription for the Freeipa-users mailing list: > >> https://www.redhat.com/mailman/listinfo/freeipa-users > >> Go to http://freeipa.org for more info on the project > > From cheimes at redhat.com Mon Jan 25 08:45:30 2016 From: cheimes at redhat.com (Christian Heimes) Date: Mon, 25 Jan 2016 09:45:30 +0100 Subject: [Freeipa-users] IPA KDC Proxy In-Reply-To: <56A5CC03.8040104@dds.nl> References: <56A203AB.6090509@dds.nl> <1607578959.16647901.1453460238287.JavaMail.zimbra@redhat.com> <56A20D14.8050800@redhat.com> <56A5CC03.8040104@dds.nl> Message-ID: <56A5E0AA.3050206@redhat.com> On 2016-01-25 08:17, Winfried de Heiden wrote: > Great, > > Changing > > /etc/ipa/kdcproxy/kdcproxy.conf > [global] > configs = mit > use_dns = false > > to > > # cat /etc/ipa/kdcproxy/kdcproxy.conf > [global] > configs = mit > use_dns = true > > along with adding the windows realm to krb5.conf on the clients did the > trick; I am able to obtain aan AD TGT ticket by using the KDC proxy > > Is there a special reason why "use_dns = false" was used in kdcproxy.conf? The current implementation of the DNS configuration feature is slow and reduce performance of KDC proxy requests. Every request has to fetch multiple SRV records and then resolve each entry in each record again. There is neither caching nor async DNS support, too. A co-worker has written a RFC to address the problem. The RFC hasn't been approved yet. https://tools.ietf.org/html/draft-mccallum-kitten-krb-service-discovery-00 Do you need dynamic configuration or can you get by with static configuration in krb5.conf? Christian -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: OpenPGP digital signature URL: From pspacek at redhat.com Mon Jan 25 08:47:57 2016 From: pspacek at redhat.com (Petr Spacek) Date: Mon, 25 Jan 2016 09:47:57 +0100 Subject: [Freeipa-users] Freeipa deployment request In-Reply-To: References: Message-ID: <56A5E13D.4070300@redhat.com> On 22.1.2016 16:22, Visakh MV wrote: > Hi team, > > We have plan to integrate windows ad and openshift origin with freeipa. We > have doubt about that DNS working between those. And also needs > configuration details of replication between those. If guys you provide any > kind of information for above, I am really would like to go for with Redhat > 7. Your kindly responses as soon as good for us. Please see official documentation. DNS configuration required for FreeIPA: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html#dns-reqs DNS requirements for AD trusts: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/trust-requirements.html#dns-realm-settings This guide includes procedure to verify that FreeIPA can see AD's DNS and the other way around. -- Petr^2 Spacek From rob.verduijn at gmail.com Mon Jan 25 09:44:04 2016 From: rob.verduijn at gmail.com (Rob Verduijn) Date: Mon, 25 Jan 2016 10:44:04 +0100 Subject: [Freeipa-users] Default shell for AD-domain accounts In-Reply-To: <20160125082408.GA5872@hendrix.arn.redhat.com> References: <20160125082408.GA5872@hendrix.arn.redhat.com> Message-ID: Maybe the difference was that I used a fresh demo installation from windows 2012r2 server. I only added the ad-controller, dns and ntp functionality for testing. (and all the patches...which literaly takes a day to complete on a system with 4 cores and 4G ram) I also found out that dnsseq is not default, so I disabled dnsseq validation on the ipa server in the named.conf. Because this already cost me a day's work debugging and not to mention lack of knowledge on how to do this in ad. Minor side note, according to : https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/trust-requirements.html#dns-realm-settings In the dns verification checks it tells you to verify the kerberos udp record dig +short -t SRV _kerberos._udp.dc._msdcs.ad.example.com. This yields no response There is no udp record in the ad , but there is a tcp record. dig +short -t SRV _kerberos._tcp.dc._msdcs.ad.example.com. This gives a response I also validated the trust on the AD side, I'm not sure this is needed. After doing this I can issue the command : 'id AD.DOMAIN\\ADUSER' and I get a response telling me the uid/gid/ad-id/ad-group etc. Rob Verduijn 2016-01-25 9:24 GMT+01:00 Jakub Hrozek : > On Sun, Jan 24, 2016 at 08:03:09PM +0100, Rob Verduijn wrote: >> Hi, >> >> Hmmmm microsoft removes the UI, but leaves the schema extension. >> Does not really make sense, but after some googling this does seem to >> be the case. >> >> Your comment made me check google with some different keywords and I >> found that there was this irritation that was solved by somebody. (at >> microsoft) >> >> http://blogs.technet.com/b/sfu/archive/2013/07/08/ldap-calls-made-from-the-unix-client-query-incorrect-login-shell.aspx >> >> That explains why modifying the loginShell attribute did not work. >> >> I put the 'ldap_user_shell=msSFU30LoginShell' in the >> [domain/ipadomain] section from sssd.conf. >> This is required I guess on all ipa-clients that AD-accounts get access to. > > Hmm, is this really required? The thing is that the IPA clients get > their information through an extended operation and it's the SSSD on the > IPA server that does the heavy lifting and just passes the info to the > clients. > > I'll try to find some time later to test this.. > >> >> And now all users seem to get the /bin/bash that can be set in the >> AD-user attribute loginShell >> >> ( glad to see the keep their camel case in sync everywhere in the AD ) >> >> Thanks for thinking along on this one. >> Rob Verduijn >> >> 2016-01-24 16:02 GMT+01:00 Jakub Hrozek : >> > >> >> On 24 Jan 2016, at 12:00, Rob Verduijn wrote: >> >> >> >> Hello, >> >> >> >> I'm trying to get an ipa server to trust a microsoft AD-domain. >> >> >> >> So far I've managed to get the trust to work and I can login with an >> >> active directory user on the ipa clients. >> >> >> >> Now I see the default shell is set to /bin/sh. >> >> Since the preffered shel is bash for me I wish to change this. >> >> It doesn't help to set this in the ipa server config since these >> >> accounts are external ms accounts. >> >> >> >> In the goog old days we used to have posix attributes schemas in the >> >> AD one of them being the shell. >> >> >> >> Sadly this is a thing of the past. >> > ~~~~~~~~~~~~ >> > >> > Are you referring to IMU being deprecated? IIRC the attributes should work..even though MS is deprecating the UI.. >> > >> > Alternatively, since the clients read the ID info via the server, overrinding the shell in IPA server's sssd.conf should work as well. >> > >> >> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/ex.sssd-ad-posix.html >> >> >> >> How do I define a new default shell for all ms-AD accounts in ipa ? >> >> >> >> Cheers >> >> Rob Verduijn >> >> >> >> -- >> >> Manage your subscription for the Freeipa-users mailing list: >> >> https://www.redhat.com/mailman/listinfo/freeipa-users >> >> Go to http://freeipa.org for more info on the project >> > From zeal at freecharge.com Mon Jan 25 09:47:07 2016 From: zeal at freecharge.com (Zeal Vora) Date: Mon, 25 Jan 2016 15:17:07 +0530 Subject: [Freeipa-users] How to reference to IPA Server in Multi-Master Setup ? Message-ID: Hi I have setup a multi-master IPA and it seems to be working fine. The clients ( laptops and servers ) are not using the DNS of IPA. I was wondering, while configuring ipa-client, which server do I reference to when it asks the ipa-server hostname ? Both the master server has different hostnames. master1.example.com ( Master 1 ) master2.example.com ( Master 2 ) Any help will be appreciated Thanks Zeal -------------- next part -------------- An HTML attachment was scrubbed... URL: From wdh at dds.nl Mon Jan 25 10:17:50 2016 From: wdh at dds.nl (Winfried de Heiden) Date: Mon, 25 Jan 2016 11:17:50 +0100 Subject: [Freeipa-users] IPA KDC Proxy In-Reply-To: <56A5E0AA.3050206@redhat.com> References: <56A203AB.6090509@dds.nl> <1607578959.16647901.1453460238287.JavaMail.zimbra@redhat.com> <56A20D14.8050800@redhat.com> <56A5CC03.8040104@dds.nl> <56A5E0AA.3050206@redhat.com> Message-ID: <56A5F64E.2000807@dds.nl> An HTML attachment was scrubbed... URL: From wdh at dds.nl Mon Jan 25 10:18:29 2016 From: wdh at dds.nl (Winfried de Heiden) Date: Mon, 25 Jan 2016 11:18:29 +0100 Subject: [Freeipa-users] IPA KDC Proxy In-Reply-To: <1541501118.17334483.1453707406201.JavaMail.zimbra@redhat.com> References: <56A203AB.6090509@dds.nl> <1607578959.16647901.1453460238287.JavaMail.zimbra@redhat.com> <56A20D14.8050800@redhat.com> <56A5CC03.8040104@dds.nl> <1541501118.17334483.1453707406201.JavaMail.zimbra@redhat.com> Message-ID: <56A5F675.1090103@dds.nl> An HTML attachment was scrubbed... URL: From pspacek at redhat.com Mon Jan 25 11:04:33 2016 From: pspacek at redhat.com (Petr Spacek) Date: Mon, 25 Jan 2016 12:04:33 +0100 Subject: [Freeipa-users] How to reference to IPA Server in Multi-Master Setup ? In-Reply-To: References: Message-ID: <56A60141.6090606@redhat.com> On 25.1.2016 10:47, Zeal Vora wrote: > Hi > > I have setup a multi-master IPA and it seems to be working fine. > > The clients ( laptops and servers ) are not using the DNS of IPA. > > I was wondering, while configuring ipa-client, which server do I reference > to when it asks the ipa-server hostname ? > > Both the master server has different hostnames. > > master1.example.com ( Master 1 ) > master2.example.com ( Master 2 ) Specify only --domain option and do not use --server option at all. In will enable server auto-detection using DNS SRV records and you will not need to worry about adding/removing servers because all clients will automatically pick the new list up. -- Petr^2 Spacek From zeal at freecharge.com Mon Jan 25 11:08:24 2016 From: zeal at freecharge.com (Zeal Vora) Date: Mon, 25 Jan 2016 16:38:24 +0530 Subject: [Freeipa-users] How to reference to IPA Server in Multi-Master Setup ? In-Reply-To: <56A60141.6090606@redhat.com> References: <56A60141.6090606@redhat.com> Message-ID: Thanks Petr. So if the domain is example.com, in DNS, what would be the IP associated with it ? As there are 2 master servers, each of them will have different IP address. On Mon, Jan 25, 2016 at 4:34 PM, Petr Spacek wrote: > On 25.1.2016 10:47, Zeal Vora wrote: > > Hi > > > > I have setup a multi-master IPA and it seems to be working fine. > > > > The clients ( laptops and servers ) are not using the DNS of IPA. > > > > I was wondering, while configuring ipa-client, which server do I > reference > > to when it asks the ipa-server hostname ? > > > > Both the master server has different hostnames. > > > > master1.example.com ( Master 1 ) > > master2.example.com ( Master 2 ) > > Specify only --domain option and do not use --server option at all. In will > enable server auto-detection using DNS SRV records and you will not need to > worry about adding/removing servers because all clients will automatically > pick the new list up. > > -- > Petr^2 Spacek > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project > -------------- next part -------------- An HTML attachment was scrubbed... URL: From bahanw042014 at gmail.com Mon Jan 25 11:08:52 2016 From: bahanw042014 at gmail.com (bahan w) Date: Mon, 25 Jan 2016 12:08:52 +0100 Subject: [Freeipa-users] Incremental update failed and requires administrator action Message-ID: Hello ! I recently installed a replica (master2) in addition of my master (master1) with IPA 3.0.0-47 on RHEL6.6. I don't know from when exactly, but the dirsrv (and the whole ipa service) on master1 crashes regularly with the following logs. ### [22/Jan/2016:15:38:20 +0100] - 389-Directory/1.2.11.15 B2015.279.183 starting up [22/Jan/2016:15:38:20 +0100] schema-compat-plugin - warning: no entries set up under cn=computers, cn=compat,dc= [22/Jan/2016:15:38:21 +0100] schema-compat-plugin - warning: no entries set up under cn=ng, cn=compat,dc= [22/Jan/2016:15:38:21 +0100] schema-compat-plugin - warning: no entries set up under ou=sudoers,dc= [22/Jan/2016:15:38:21 +0100] - slapd started. Listening on All Interfaces port 389 for LDAP requests [22/Jan/2016:15:38:21 +0100] - Listening on All Interfaces port 636 for LDAPS requests [22/Jan/2016:15:38:21 +0100] - Listening on /var/run/slapd-.socket for LDAPI requests [22/Jan/2016:17:04:03 +0100] NSMMReplicationPlugin - changelog program - _cl5WriteOperationTxn: retry (49) the transaction (csn=56a252ef000000040000) failed (rc=-30994 (DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock)) [22/Jan/2016:17:04:03 +0100] NSMMReplicationPlugin - changelog program - _cl5WriteOperationTxn: failed to write entry with csn (56a252ef000000040000); db error - -30994 DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock [22/Jan/2016:17:04:03 +0100] NSMMReplicationPlugin - write_changelog_and_ruv: can't add a change for uid=,cn=users,cn=accounts,dc= (uniqid: a7ebd403-c12111e5-9c84c092-9a5deb81, optype: 16) to changelog csn 56a252ef000000040000 [22/Jan/2016:17:04:03 +0100] NSMMReplicationPlugin - agmt="cn=meTo" (:389): Missing data encountered [22/Jan/2016:17:04:03 +0100] NSMMReplicationPlugin - agmt="cn=meTo" (:389): Incremental update failed and requires administrator action ### Then the dirsrv, I mean the whole ipa server, is down. When I restart the service, here is what is see : ### [22/Jan/2016:17:06:18 +0100] - 389-Directory/1.2.11.15 B2015.279.183 starting up [22/Jan/2016:17:06:18 +0100] - Detected Disorderly Shutdown last time Directory Server was running, recovering database. [22/Jan/2016:17:06:18 +0100] schema-compat-plugin - warning: no entries set up under cn=computers, cn=compat,dc= [22/Jan/2016:17:06:19 +0100] schema-compat-plugin - warning: no entries set up under cn=ng, cn=compat,dc= [22/Jan/2016:17:06:19 +0100] schema-compat-plugin - warning: no entries set up under ou=sudoers,dc= [22/Jan/2016:17:06:20 +0100] set_krb5_creds - Could not get initial credentials for principal [ldap/@] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328324 (Generic error (see e-text)) [22/Jan/2016:17:06:20 +0100] - slapd started. Listening on All Interfaces port 389 for LDAP requests [22/Jan/2016:17:06:20 +0100] - Listening on All Interfaces port 636 for LDAPS requests [22/Jan/2016:17:06:20 +0100] - Listening on /var/run/slapd-.socket for LDAPI requests [22/Jan/2016:17:06:20 +0100] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Credentials cache file '/tmp/krb5cc_244' not found)) errno 0 (Success) [22/Jan/2016:17:06:20 +0100] slapi_ldap_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: error -2 (Local error) [22/Jan/2016:17:06:20 +0100] NSMMReplicationPlugin - agmt="cn=meTo" (:389): Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Credentials cache file '/tmp/krb5cc_244' not found)) [22/Jan/2016:17:06:23 +0100] NSMMReplicationPlugin - agmt="cn=meTo" (:389): Replication bind with GSSAPI auth resumed ### It seems that there is a problem to write an entry in the DB ? Do you know how I can solve this problem please ? Furthermore, it seems that there is a second problem with the keytab /etc/dirsrv/ds.keytab. The keytab is good for me : ### #ls -l /etc/dirsrv/ds.keytab -rw------- 1 dirsrv dirsrv 362 Jan 21 14:12 /etc/dirsrv/ds.keytab # kinit -kt /etc/dirsrv/ds.keytab ldap/@ # klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: ldap/@ Valid starting Expires Service principal 01/25/16 11:54:23 01/26/16 11:54:23 krbtgt/@ ### I wonder if this second problem does not come from the user dirsrv who would not be able to use this keytab. I cannot test this because this user dirsrv has been created with nologin. ### # su - dirsrv -c "kinit -kt /etc/dirsrv/ds.keytab ldap/@" This account is currently not available. # grep dirsrv /etc/passwd dirsrv:x:244:497::/var/lib/dirsrv:/sbin/nologin pkisrv:x:246:497::/var/lib/dirsrv:/sbin/nologin ### Just for my information, is it normal that these users are created with nologin ? Best regards. Bahan -------------- next part -------------- An HTML attachment was scrubbed... URL: From rob.verduijn at gmail.com Mon Jan 25 11:28:27 2016 From: rob.verduijn at gmail.com (Rob Verduijn) Date: Mon, 25 Jan 2016 12:28:27 +0100 Subject: [Freeipa-users] multimaster ad one way trust setup Message-ID: Hi all, When you have an ipa 4.2 server with an one way trust to the ad. What steps are needed to install a second ipa master that also has a one way trust to the ad ? Rob Verduijn From abokovoy at redhat.com Mon Jan 25 11:41:52 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Mon, 25 Jan 2016 13:41:52 +0200 Subject: [Freeipa-users] multimaster ad one way trust setup In-Reply-To: References: Message-ID: <20160125114152.GZ4316@redhat.com> On Mon, 25 Jan 2016, Rob Verduijn wrote: >Hi all, > >When you have an ipa 4.2 server with an one way trust to the ad. >What steps are needed to install a second ipa master that also has a >one way trust to the ad ? Depends on what you want to achieve. If you want second IPA master to be able to resolve AD users, just install the master and run 'ipa-adtrust-install --add-agents' on the *first* master. This will prompt you to be asked on adding the second master to the list of hosts allowed to use cross-forest trust credentials. If you want to use the second IPA master to *manage* trust, you'd need to run 'ipa-adtrust-install' on the it. No need to specify '--add-agents' because the master where 'ipa-adtrust-install' is being run will be automatically added to the list. -- / Alexander Bokovoy From pspacek at redhat.com Mon Jan 25 11:42:26 2016 From: pspacek at redhat.com (Petr Spacek) Date: Mon, 25 Jan 2016 12:42:26 +0100 Subject: [Freeipa-users] How to reference to IPA Server in Multi-Master Setup ? In-Reply-To: References: <56A60141.6090606@redhat.com> Message-ID: <56A60A22.4080606@redhat.com> On 25.1.2016 12:08, Zeal Vora wrote: > Thanks Petr. > > So if the domain is example.com, in DNS, what would be the IP associated > with it ? > > As there are 2 master servers, each of them will have different IP address. Please see following text about DNS SRV records: https://en.wikipedia.org/wiki/SRV_record I hope it helps. Petr^2 Spacek > > On Mon, Jan 25, 2016 at 4:34 PM, Petr Spacek wrote: > >> On 25.1.2016 10:47, Zeal Vora wrote: >>> Hi >>> >>> I have setup a multi-master IPA and it seems to be working fine. >>> >>> The clients ( laptops and servers ) are not using the DNS of IPA. >>> >>> I was wondering, while configuring ipa-client, which server do I >> reference >>> to when it asks the ipa-server hostname ? >>> >>> Both the master server has different hostnames. >>> >>> master1.example.com ( Master 1 ) >>> master2.example.com ( Master 2 ) >> >> Specify only --domain option and do not use --server option at all. In will >> enable server auto-detection using DNS SRV records and you will not need to >> worry about adding/removing servers because all clients will automatically >> pick the new list up. >> >> -- >> Petr^2 Spacek From dkupka at redhat.com Mon Jan 25 11:46:36 2016 From: dkupka at redhat.com (David Kupka) Date: Mon, 25 Jan 2016 12:46:36 +0100 Subject: [Freeipa-users] How to reference to IPA Server in Multi-Master Setup ? In-Reply-To: References: <56A60141.6090606@redhat.com> Message-ID: <56A60B1C.6070503@redhat.com> On 25/01/16 12:08, Zeal Vora wrote: > Thanks Petr. > > So if the domain is example.com, in DNS, what would be the IP associated > with it ? > > As there are 2 master servers, each of them will have different IP address. > > On Mon, Jan 25, 2016 at 4:34 PM, Petr Spacek wrote: > >> On 25.1.2016 10:47, Zeal Vora wrote: >>> Hi >>> >>> I have setup a multi-master IPA and it seems to be working fine. >>> >>> The clients ( laptops and servers ) are not using the DNS of IPA. >>> >>> I was wondering, while configuring ipa-client, which server do I >> reference >>> to when it asks the ipa-server hostname ? >>> >>> Both the master server has different hostnames. >>> >>> master1.example.com ( Master 1 ) >>> master2.example.com ( Master 2 ) >> >> Specify only --domain option and do not use --server option at all. In will >> enable server auto-detection using DNS SRV records and you will not need to >> worry about adding/removing servers because all clients will automatically >> pick the new list up. >> >> -- >> Petr^2 Spacek >> >> -- >> Manage your subscription for the Freeipa-users mailing list: >> https://www.redhat.com/mailman/listinfo/freeipa-users >> Go to http://freeipa.org for more info on the project >> > > > The '--domain' parameter is for client installer to form DNS request. Request that is sent is the same as one sent by this command: dig -t SRV _ldap._tcp. It then receiver list of records similar to this one: 100 0 389 100 0 389 Installer then goes through the list and checks if it's really FreeIPA server and first one that passes is used. When IP address is needed it can be resolved from the name included in SRV response. HTH, -- David Kupka From rob.verduijn at gmail.com Mon Jan 25 11:47:36 2016 From: rob.verduijn at gmail.com (Rob Verduijn) Date: Mon, 25 Jan 2016 12:47:36 +0100 Subject: [Freeipa-users] multimaster ad one way trust setup In-Reply-To: <20160125114152.GZ4316@redhat.com> References: <20160125114152.GZ4316@redhat.com> Message-ID: Since the first option has less impact, that one sounds the most interesting. However, does this also remain functional when the first ipa server is taken offline ? Rob Verduijn 2016-01-25 12:41 GMT+01:00 Alexander Bokovoy : > On Mon, 25 Jan 2016, Rob Verduijn wrote: >> >> Hi all, >> >> When you have an ipa 4.2 server with an one way trust to the ad. >> What steps are needed to install a second ipa master that also has a >> one way trust to the ad ? > > Depends on what you want to achieve. > > If you want second IPA master to be able to resolve AD users, just > install the master and run 'ipa-adtrust-install --add-agents' on the > *first* master. This will prompt you to be asked on adding the second > master to the list of hosts allowed to use cross-forest trust > credentials. > > If you want to use the second IPA master to *manage* trust, you'd need > to run 'ipa-adtrust-install' on the it. No need to specify > '--add-agents' because the master where 'ipa-adtrust-install' is being > run will be automatically added to the list. > -- > / Alexander Bokovoy From lkrispen at redhat.com Mon Jan 25 11:55:52 2016 From: lkrispen at redhat.com (Ludwig Krispenz) Date: Mon, 25 Jan 2016 12:55:52 +0100 Subject: [Freeipa-users] Incremental update failed and requires administrator action In-Reply-To: References: Message-ID: <56A60D48.8090801@redhat.com> could you get a core dump from the crash: http://www.port389.org/docs/389ds/FAQ/faq.html#debugging-crashes Ludwig On 01/25/2016 12:08 PM, bahan w wrote: > Hello ! > > I recently installed a replica (master2) in addition of my master > (master1) with IPA 3.0.0-47 on RHEL6.6. > I don't know from when exactly, but the dirsrv (and the whole ipa > service) on master1 crashes regularly with the following logs. > > ### > [22/Jan/2016:15:38:20 +0100] - 389-Directory/1.2.11.15 > B2015.279.183 starting up > [22/Jan/2016:15:38:20 +0100] schema-compat-plugin - warning: no > entries set up under cn=computers, cn=compat,dc= > [22/Jan/2016:15:38:21 +0100] schema-compat-plugin - warning: no > entries set up under cn=ng, cn=compat,dc= > [22/Jan/2016:15:38:21 +0100] schema-compat-plugin - warning: no > entries set up under ou=sudoers,dc= > [22/Jan/2016:15:38:21 +0100] - slapd started. Listening on All > Interfaces port 389 for LDAP requests > [22/Jan/2016:15:38:21 +0100] - Listening on All Interfaces port 636 > for LDAPS requests > [22/Jan/2016:15:38:21 +0100] - Listening on > /var/run/slapd-.socket for LDAPI requests > [22/Jan/2016:17:04:03 +0100] NSMMReplicationPlugin - changelog program > - _cl5WriteOperationTxn: retry (49) the transaction > (csn=56a252ef000000040000) failed (rc=-30994 (DB_LOCK_DEADLOCK: Locker > killed to resolve a deadlock)) > [22/Jan/2016:17:04:03 +0100] NSMMReplicationPlugin - changelog program > - _cl5WriteOperationTxn: failed to write entry with csn > (56a252ef000000040000); db error - -30994 DB_LOCK_DEADLOCK: Locker > killed to resolve a deadlock > [22/Jan/2016:17:04:03 +0100] NSMMReplicationPlugin - > write_changelog_and_ruv: can't add a change for > uid=,cn=users,cn=accounts,dc= (uniqid: > a7ebd403-c12111e5-9c84c092-9a5deb81, optype: 16) to changelog csn > 56a252ef000000040000 > [22/Jan/2016:17:04:03 +0100] NSMMReplicationPlugin - > agmt="cn=meTo" (:389): Missing data > encountered > [22/Jan/2016:17:04:03 +0100] NSMMReplicationPlugin - > agmt="cn=meTo" (:389): Incremental update > failed and requires administrator action > ### > > Then the dirsrv, I mean the whole ipa server, is down. > When I restart the service, here is what is see : > > ### > [22/Jan/2016:17:06:18 +0100] - 389-Directory/1.2.11.15 > B2015.279.183 starting up > [22/Jan/2016:17:06:18 +0100] - Detected Disorderly Shutdown last time > Directory Server was running, recovering database. > [22/Jan/2016:17:06:18 +0100] schema-compat-plugin - warning: no > entries set up under cn=computers, cn=compat,dc= > [22/Jan/2016:17:06:19 +0100] schema-compat-plugin - warning: no > entries set up under cn=ng, cn=compat,dc= > [22/Jan/2016:17:06:19 +0100] schema-compat-plugin - warning: no > entries set up under ou=sudoers,dc= > [22/Jan/2016:17:06:20 +0100] set_krb5_creds - Could not get initial > credentials for principal [ldap/@] in keytab > [FILE:/etc/dirsrv/ds.keytab]: -1765328324 (Generic error (see e-text)) > [22/Jan/2016:17:06:20 +0100] - slapd started. Listening on All > Interfaces port 389 for LDAP requests > [22/Jan/2016:17:06:20 +0100] - Listening on All Interfaces port 636 > for LDAPS requests > [22/Jan/2016:17:06:20 +0100] - Listening on > /var/run/slapd-.socket for LDAPI requests > [22/Jan/2016:17:06:20 +0100] slapd_ldap_sasl_interactive_bind - Error: > could not perform interactive bind for id [] mech [GSSAPI]: LDAP error > -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified > GSS failure. Minor code may provide more information (Credentials > cache file '/tmp/krb5cc_244' not found)) errno 0 (Success) > [22/Jan/2016:17:06:20 +0100] slapi_ldap_bind - Error: could not > perform interactive bind for id [] mech [GSSAPI]: error -2 (Local error) > [22/Jan/2016:17:06:20 +0100] NSMMReplicationPlugin - > agmt="cn=meTo" (:389): Replication bind > with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): > generic failure: GSSAPI Error: Unspecified GSS failure. Minor code > may provide more information (Credentials cache file '/tmp/krb5cc_244' > not found)) > [22/Jan/2016:17:06:23 +0100] NSMMReplicationPlugin - > agmt="cn=meTo" (:389): Replication bind > with GSSAPI auth resumed > ### > > It seems that there is a problem to write an entry in the DB ? Do you > know how I can solve this problem please ? > > Furthermore, it seems that there is a second problem with the keytab > /etc/dirsrv/ds.keytab. > > The keytab is good for me : > ### > #ls -l /etc/dirsrv/ds.keytab > -rw------- 1 dirsrv dirsrv 362 Jan 21 14:12 /etc/dirsrv/ds.keytab > # kinit -kt /etc/dirsrv/ds.keytab ldap/@ > # klist > Ticket cache: FILE:/tmp/krb5cc_0 > Default principal: ldap/@ > > Valid starting Expires Service principal > 01/25/16 11:54:23 01/26/16 11:54:23 krbtgt/@ > ### > > I wonder if this second problem does not come from the user dirsrv who > would not be able to use this keytab. > I cannot test this because this user dirsrv has been created with nologin. > ### > # su - dirsrv -c "kinit -kt /etc/dirsrv/ds.keytab > ldap/@" > This account is currently not available. > > # grep dirsrv /etc/passwd > dirsrv:x:244:497::/var/lib/dirsrv:/sbin/nologin > pkisrv:x:246:497::/var/lib/dirsrv:/sbin/nologin > ### > > Just for my information, is it normal that these users are created > with nologin ? > > Best regards. > > Bahan > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From abokovoy at redhat.com Mon Jan 25 11:59:39 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Mon, 25 Jan 2016 13:59:39 +0200 Subject: [Freeipa-users] multimaster ad one way trust setup In-Reply-To: References: <20160125114152.GZ4316@redhat.com> Message-ID: <20160125115939.GA4316@redhat.com> On Mon, 25 Jan 2016, Rob Verduijn wrote: >Since the first option has less impact, that one sounds the most interesting. >However, does this also remain functional when the first ipa server is >taken offline ? Yes. What this option enables is to allow IPA master to become 'trust agent' which means SSSD on that master will be able to use cross-forest trust credentials to talk to AD for user/group information and authentication purposes. It does not allow that master to *manage* the trust itself. > >Rob Verduijn > >2016-01-25 12:41 GMT+01:00 Alexander Bokovoy : >> On Mon, 25 Jan 2016, Rob Verduijn wrote: >>> >>> Hi all, >>> >>> When you have an ipa 4.2 server with an one way trust to the ad. >>> What steps are needed to install a second ipa master that also has a >>> one way trust to the ad ? >> >> Depends on what you want to achieve. >> >> If you want second IPA master to be able to resolve AD users, just >> install the master and run 'ipa-adtrust-install --add-agents' on the >> *first* master. This will prompt you to be asked on adding the second >> master to the list of hosts allowed to use cross-forest trust >> credentials. >> >> If you want to use the second IPA master to *manage* trust, you'd need >> to run 'ipa-adtrust-install' on the it. No need to specify >> '--add-agents' because the master where 'ipa-adtrust-install' is being >> run will be automatically added to the list. >> -- >> / Alexander Bokovoy > >-- >Manage your subscription for the Freeipa-users mailing list: >https://www.redhat.com/mailman/listinfo/freeipa-users >Go to http://freeipa.org for more info on the project -- / Alexander Bokovoy From lkrispen at redhat.com Mon Jan 25 12:32:22 2016 From: lkrispen at redhat.com (Ludwig Krispenz) Date: Mon, 25 Jan 2016 13:32:22 +0100 Subject: [Freeipa-users] Replica Error with freeIPA Centos 7.2 In-Reply-To: <1498162.qxHDUWiMKF@techz> References: <1498162.qxHDUWiMKF@techz> Message-ID: <56A615D6.2000505@redhat.com> On 01/23/2016 11:08 PM, G?nther J. Niederwimmer wrote: > Hello, > > I have installed freeIPA from a CentOS 7.2 with a replica Server, but I have > on all two masters a Error. > > NSMMReplicationPlugin - replication keep alive entry 3,dc=gjn,dc=xxx> already exists This is not an error, unfortunately the message is logged at the error level. The "keep alive" entries have been introduced to overcome scenarios with fractional replication where for a long time no updates were replicated. > > This Error i have all two Hours? > > Have any a Idea what I can change ? Ignore for the moment, it should be changed in a future release From tbordaz at redhat.com Mon Jan 25 12:34:45 2016 From: tbordaz at redhat.com (thierry bordaz) Date: Mon, 25 Jan 2016 13:34:45 +0100 Subject: [Freeipa-users] Replica Error with freeIPA Centos 7.2 In-Reply-To: <1498162.qxHDUWiMKF@techz> References: <1498162.qxHDUWiMKF@techz> Message-ID: <56A61665.9030101@redhat.com> On 01/23/2016 11:08 PM, G?nther J. Niederwimmer wrote: > Hello, > > I have installed freeIPA from a CentOS 7.2 with a replica Server, but I have > on all two masters a Error. > > NSMMReplicationPlugin - replication keep alive entry 3,dc=gjn,dc=xxx> already exists > > This Error i have all two Hours? > > Have any a Idea what I can change ? Helle G?nther, Actually this error message is harmless. It was introduced with the fixhttps://fedorahosted.org/389/ticket/48266. This message was a debug message but unfortunately logged at the wrong level (fatal). Thanks thierry -------------- next part -------------- An HTML attachment was scrubbed... URL: From mkosek at redhat.com Mon Jan 25 12:43:14 2016 From: mkosek at redhat.com (Martin Kosek) Date: Mon, 25 Jan 2016 13:43:14 +0100 Subject: [Freeipa-users] Replica Error with freeIPA Centos 7.2 In-Reply-To: <56A61665.9030101@redhat.com> References: <1498162.qxHDUWiMKF@techz> <56A61665.9030101@redhat.com> Message-ID: <56A61862.1050201@redhat.com> On 01/25/2016 01:34 PM, thierry bordaz wrote: > On 01/23/2016 11:08 PM, G?nther J. Niederwimmer wrote: >> Hello, >> >> I have installed freeIPA from a CentOS 7.2 with a replica Server, but I have >> on all two masters a Error. >> >> NSMMReplicationPlugin - replication keep alive entry > 3,dc=gjn,dc=xxx> already exists >> >> This Error i have all two Hours? >> >> Have any a Idea what I can change ? > Helle G?nther, > > Actually this error message is harmless. It was introduced with the > fixhttps://fedorahosted.org/389/ticket/48266. > This message was a debug message but unfortunately logged at the > wrong level (fatal). There will then be the logical question if the log level of the message was fixed, in 389 DS :-) From lkrispen at redhat.com Mon Jan 25 12:47:41 2016 From: lkrispen at redhat.com (Ludwig Krispenz) Date: Mon, 25 Jan 2016 13:47:41 +0100 Subject: [Freeipa-users] Replica Error with freeIPA Centos 7.2 In-Reply-To: <56A61862.1050201@redhat.com> References: <1498162.qxHDUWiMKF@techz> <56A61665.9030101@redhat.com> <56A61862.1050201@redhat.com> Message-ID: <56A6196D.2010509@redhat.com> On 01/25/2016 01:43 PM, Martin Kosek wrote: > On 01/25/2016 01:34 PM, thierry bordaz wrote: >> On 01/23/2016 11:08 PM, G?nther J. Niederwimmer wrote: >>> Hello, >>> >>> I have installed freeIPA from a CentOS 7.2 with a replica Server, but I have >>> on all two masters a Error. >>> >>> NSMMReplicationPlugin - replication keep alive entry >> 3,dc=gjn,dc=xxx> already exists >>> >>> This Error i have all two Hours? >>> >>> Have any a Idea what I can change ? >> Helle G?nther, >> >> Actually this error message is harmless. It was introduced with the >> fixhttps://fedorahosted.org/389/ticket/48266. >> This message was a debug message but unfortunately logged at the >> wrong level (fatal). > There will then be the logical question if the log level of the message was > fixed, in 389 DS :-) It will: https://fedorahosted.org/389/ticket/48420 From mbasti at redhat.com Mon Jan 25 12:56:40 2016 From: mbasti at redhat.com (Martin Basti) Date: Mon, 25 Jan 2016 13:56:40 +0100 Subject: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists In-Reply-To: References: <569E9D5F.9070801@redhat.com> <569EC761.9090306@redhat.com> <569F5B19.50009@redhat.com> <569FE2EC.5080307@redhat.com> <56A0F93E.3000406@redhat.com> <56A23BDB.1020608@redhat.com> <56A273A3.4010600@redhat.com> Message-ID: <56A61B88.7010205@redhat.com> Thank you, I found root cause why "System: Read Replication Agreements" ACI is not on replica. https://fedorahosted.org/freeipa/ticket/5631 I have to figure out why this permission is added on centos7.2, because IMO this bug is there from 4.0. On 24.01.2016 03:22, Nathan Peters wrote: > I can now confirm that this is a 100% reproducible bug, and a pretty severe one at that. You should be able to reproduce this issue at will if you follow these steps. It may actually be possible with less servers and less steps, but here is what I did in a test lab today: > > 1. Create a brand new FreeIPA domain in CentOS 7.2 / FreeIPA 4.2.0 with 3 servers, dc1, dc2, dc3, replicating any way you want. > 3. Use ipa-replica-manage del dc2.ipatestdomain.net, and then delete the server / vm / whatever you have it running on > 3. Install Fedora 23 on the same IP address and hostname (dc2.ipatestdomain.net). Install FreeIPA server 4.2.3 from replica file created on CA master (dc1). > > Check aci on dc2. You will notice it's now missing a bunch of stuff. So basically, all it takes to lose that ACL is to create a Fedora FreeIPA server and join it to a CentOS domain. > After I had upgraded all 3 to Fedora, that ACLS was lost permanently as it no longer existed on any server because there were no CentOS servers left. > > I'm assuming since this is so easy to reproduce, that you don't actually need my log files. > > ACL comparisons below for reference : > 1. ACL on dc1 when its on FreeIPA 4.2.0 on CentOS 7.2 and the domain consists of only CentOS servers > 2. ACL on dc1 when its still on FreeIPA 4.2.0 on CentOS 7.2 but there is now a Fedora 23 FreeIPA 4.2.3 server in the domain (for reference that the CentOS ACL hasn't changed yet) > 3. ACL on dc2 when it's now a Fedora 23 FreeIPA 4.2.3 server created from a replica file made from dc1, the centOS 7.2 CA master(missing some stuff) > 4. ACL on dc1 when it's now a Fedora 23 FreeIPA 4.2.3 server (now missing some stuff) > > ============================================================================ > 1. ACL on dc1 when its on FreeIPA 4.2.0 on CentOS 7.2 and the domain consists of only CentOS servers > ============================================================================ > [root at dc1 ~]# ldapsearch -D "cn=directory manager" -W -b "cn=config" "(aci=*)" aci > Enter LDAP Password: > # extended LDIF > # > # LDAPv3 > # base with scope subtree > # filter: (aci=*) > # requesting: aci > # > > # config > dn: cn=config > aci: (targetattr != aci)(version 3.0; aci "cert manager read access"; allow (r > ead, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) > aci: (target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")( > targetattr=*)(version 3.0;acl "permission:Add Automember Rebuild Membership T > ask";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task > ,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > aci: (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || ob > jectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plu > gins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configura > tion";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Manager > s Configuration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > aci: (targetattr = "passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop, > cn=plugins,cn=config")(version 3.0;acl "permission:Modify PassSync Managers C > onfiguration";allow (write) groupdn = "ldap:///cn=Modify PassSync Managers Co > nfiguration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > aci: (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || ns > slapd-directory* || objectclass")(target = "ldap:///cn=config,cn=ldbm databas > e,cn=plugins,cn=config")(version 3.0;acl "permission:Read LDBM Database Confi > guration";allow (compare,read,search) groupdn = "ldap:///cn=Read LDBM Databas > e Configuration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > aci: (version 3.0;acl "permission:Add Configuration Sub-Entries";allow (add) g > roupdn = "ldap:///cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc= > ipatestdomain,dc=net";) > aci: (targetattr = "cn || createtimestamp || description || entryusn || modify > timestamp || nsds50ruv || nsds5beginreplicarefresh || nsds5debugreplicatimeou > t || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || n > sds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds > 5replicabindmethod || nsds5replicabusywaittime || nsds5replicachangecount || > nsds5replicachangessentsincestartup || nsds5replicacleanruv || nsds5replicacl > eanruvnotified || nsds5replicacredentials || nsds5replicaenabled || nsds5repl > icahost || nsds5replicaid || nsds5replicalastinitend || nsds5replicalastinits > tart || nsds5replicalastinitstatus || nsds5replicalastupdateend || nsds5repli > calastupdatestart || nsds5replicalastupdatestatus || nsds5replicalegacyconsum > er || nsds5replicaname || nsds5replicaport || nsds5replicaprotocoltimeout || > nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5re > plicasessionpausetime || nsds5replicastripattrs || nsds5replicatedattributeli > st || nsds5replicatedattributelisttotal || nsds5replicatimeout || nsds5replic > atombstonepurgeinterval || nsds5replicatransportinfo || nsds5replicatype || n > sds5replicaupdateinprogress || nsds5replicaupdateschedule || nsds5task || nsd > s7directoryreplicasubtree || nsds7dirsynccookie || nsds7newwingroupsyncenable > d || nsds7newwinusersyncenabled || nsds7windowsdomain || nsds7windowsreplicas > ubtree || nsruvreplicalastmodified || nsstate || objectclass || onewaysync || > winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction || winsyncsub > treepair || winsyncwindowsfilter")(targetfilter = "(|(objectclass=nsds5Replic > a)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationA > greement)(objectClass=nsMappingTree))")(version 3.0;acl "permission:System: R > ead Replication Agreements";allow (compare,read,search) groupdn = "ldap:///cn > =System: Read Replication Agreements,cn=permissions,cn=pbac,dc=ipatestdomai > n,dc=net";) > > # SNMP, config > dn: cn=SNMP,cn=config > aci: (target="ldap:///cn=SNMP,cn=config")(targetattr !="aci")(version 3.0;acl > "snmp";allow (read, search, compare)(userdn = "ldap:///anyone");) > > # tasks, config > dn: cn=tasks,cn=config > aci: (targetattr=*)(version 3.0; acl "Run tasks after replica re-initializatio > n"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permis > sions,cn=pbac,dc=ipatestdomain,dc=net";) > aci: (targetattr=*)(version 3.0; acl "cert manager: Run tasks after replica re > -initialization"; allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipa > ca";) > aci: (targetattr="*")(version 3.0; acl "Admin can read all tasks"; allow (read > , compare, search) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=grip > atestdomain,dc=net";) > aci: (targetattr = "*")(target = "ldap:///cn=*,cn=automember rebuild membershi > p,cn=tasks,cn=config")(version 3.0;acl "permission:System: Read Automember Ta > sks";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Automembe > r Tasks,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > > # csusers, config > dn: ou=csusers,cn=config > aci: (targetattr != aci)(version 3.0; aci "cert manager manage replication use > rs"; allow (all) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) > > # 1.3.6.1.4.1.4203.1.9.1.1, features, config > dn: oid=1.3.6.1.4.1.4203.1.9.1.1,cn=features,cn=config > aci: (targetattr != "aci")(version 3.0; acl "Sync Request Control"; allow( rea > d, search ) userdn = "ldap:///all";) > > # 2.16.840.1.113730.3.4.9, features, config > dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config > aci: (targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, > search, compare, proxy) userdn = "ldap:///anyone"; ) > > # dc\3Dipatestdomain\2Cdc\3Dnet, mapping tree, config > dn: cn=dc\3Dipatestdomain\2Cdc\3Dnet,cn=mapping tree,cn=config > aci: (targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";al > low (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn= > pbac,dc=ipatestdomain,dc=net";) > aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd > s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl > ass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreeme > nts"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Ag > reements,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob > jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Rem > ove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Repli > cation Agreements,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > > # o\3Dipaca, mapping tree, config > dn: cn=o\3Dipaca,cn=mapping tree,cn=config > aci: (targetattr=*)(version 3.0;acl "cert manager: Add Replication Agreements" > ;allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) > aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd > s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl > ass=nsMappingTree))")(version 3.0; acl "cert manager: Modify Replication Agre > ements"; allow (read, write, search) userdn = "ldap:///uid=pkidbuser,ou=peopl > e,o=ipaca";) > aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob > jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "cert manager: > Remove Replication Agreements";allow (delete) userdn = "ldap:///uid=pkidbuser > ,ou=people,o=ipaca";) > > # ldbm database, plugins, config > dn: cn=ldbm database,cn=plugins,cn=config > aci: (targetattr=*)(version 3.0; acl "Cert Manager access for VLV searches"; a > llow (read) userdn="ldap:///uid=pkidbuser,ou=people,o=ipaca";) > > # Posix IDs, Distributed Numeric Assignment Plugin, plugins, config > dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config > aci: (targetattr=dnaNextRange || dnaNextValue || dnaMaxValue)(version 3.0;acl > "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA > Range,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > aci: (targetattr=cn || dnaMaxValue || dnaNextRange || dnaNextValue || dnaThre > shold || dnaType || objectclass)(version 3.0;acl "permission:Read DNA Range"; > allow (read, search, compare) groupdn = "ldap:///cn=Read DNA Range,cn=permiss > ions,cn=pbac,dc=ipatestdomain,dc=net";) > > # userRoot, ldbm database, plugins, config > dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config > aci: (targetattr=nsslapd-readonly)(version 3.0; acl "Allow marking the databas > e readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreement > s,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > > # search result > search: 2 > result: 0 Success > > # numResponses: 12 > # numEntries: 11 > > > ============================================================================ > 2. ACL on dc1 when its still on FreeIPA 4.2.0 on CentOS 7.2 but there is now a Fedora 23 FreeIPA 4.2.3 server in the domain (for reference that the CentOS ACL hasn't changed yet) > ============================================================================ > ================ after reinstallation of dc2 in fedora 23 / ipa 4.2.3 ========================= > > [root at dc1 ~]# ldapsearch -b "cn=config" -D "uid=admin,cn=users,cn=accounts,dc=ipatestdomain,dc=net" -W > Enter LDAP Password: > # config > dn: cn=config > aci: (targetattr != aci)(version 3.0; aci "cert manager read access"; allow (r > ead, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) > aci: (target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")( > targetattr=*)(version 3.0;acl "permission:Add Automember Rebuild Membership T > ask";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task > ,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > aci: (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || ob > jectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plu > gins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configura > tion";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Manager > s Configuration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > aci: (targetattr = "passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop, > cn=plugins,cn=config")(version 3.0;acl "permission:Modify PassSync Managers C > onfiguration";allow (write) groupdn = "ldap:///cn=Modify PassSync Managers Co > nfiguration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > aci: (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || ns > slapd-directory* || objectclass")(target = "ldap:///cn=config,cn=ldbm databas > e,cn=plugins,cn=config")(version 3.0;acl "permission:Read LDBM Database Confi > guration";allow (compare,read,search) groupdn = "ldap:///cn=Read LDBM Databas > e Configuration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > aci: (version 3.0;acl "permission:Add Configuration Sub-Entries";allow (add) g > roupdn = "ldap:///cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc= > ipatestdomain,dc=net";) > aci: (targetattr = "cn || createtimestamp || description || entryusn || modify > timestamp || nsds50ruv || nsds5beginreplicarefresh || nsds5debugreplicatimeou > t || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || n > sds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds > 5replicabindmethod || nsds5replicabusywaittime || nsds5replicachangecount || > nsds5replicachangessentsincestartup || nsds5replicacleanruv || nsds5replicacl > eanruvnotified || nsds5replicacredentials || nsds5replicaenabled || nsds5repl > icahost || nsds5replicaid || nsds5replicalastinitend || nsds5replicalastinits > tart || nsds5replicalastinitstatus || nsds5replicalastupdateend || nsds5repli > calastupdatestart || nsds5replicalastupdatestatus || nsds5replicalegacyconsum > er || nsds5replicaname || nsds5replicaport || nsds5replicaprotocoltimeout || > nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5re > plicasessionpausetime || nsds5replicastripattrs || nsds5replicatedattributeli > st || nsds5replicatedattributelisttotal || nsds5replicatimeout || nsds5replic > atombstonepurgeinterval || nsds5replicatransportinfo || nsds5replicatype || n > sds5replicaupdateinprogress || nsds5replicaupdateschedule || nsds5task || nsd > s7directoryreplicasubtree || nsds7dirsynccookie || nsds7newwingroupsyncenable > d || nsds7newwinusersyncenabled || nsds7windowsdomain || nsds7windowsreplicas > ubtree || nsruvreplicalastmodified || nsstate || objectclass || onewaysync || > winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction || winsyncsub > treepair || winsyncwindowsfilter")(targetfilter = "(|(objectclass=nsds5Replic > a)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationA > greement)(objectClass=nsMappingTree))")(version 3.0;acl "permission:System: R > ead Replication Agreements";allow (compare,read,search) groupdn = "ldap:///cn > =System: Read Replication Agreements,cn=permissions,cn=pbac,dc=ipatestdomai > n,dc=net";) > > # SNMP, config > dn: cn=SNMP,cn=config > aci: (target="ldap:///cn=SNMP,cn=config")(targetattr !="aci")(version 3.0;acl > "snmp";allow (read, search, compare)(userdn = "ldap:///anyone");) > > # tasks, config > dn: cn=tasks,cn=config > aci: (targetattr=*)(version 3.0; acl "Run tasks after replica re-initializatio > n"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permis > sions,cn=pbac,dc=ipatestdomain,dc=net";) > aci: (targetattr=*)(version 3.0; acl "cert manager: Run tasks after replica re > -initialization"; allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipa > ca";) > aci: (targetattr="*")(version 3.0; acl "Admin can read all tasks"; allow (read > , compare, search) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=grip > atestdomain,dc=net";) > aci: (targetattr = "*")(target = "ldap:///cn=*,cn=automember rebuild membershi > p,cn=tasks,cn=config")(version 3.0;acl "permission:System: Read Automember Ta > sks";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Automembe > r Tasks,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > > # csusers, config > dn: ou=csusers,cn=config > aci: (targetattr != aci)(version 3.0; aci "cert manager manage replication use > rs"; allow (all) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) > > # 1.3.6.1.4.1.4203.1.9.1.1, features, config > dn: oid=1.3.6.1.4.1.4203.1.9.1.1,cn=features,cn=config > aci: (targetattr != "aci")(version 3.0; acl "Sync Request Control"; allow( rea > d, search ) userdn = "ldap:///all";) > > # 2.16.840.1.113730.3.4.9, features, config > dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config > aci: (targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, > search, compare, proxy) userdn = "ldap:///anyone"; ) > > # dc\3Dipatestdomain\2Cdc\3Dnet, mapping tree, config > dn: cn=dc\3Dipatestdomain\2Cdc\3Dnet,cn=mapping tree,cn=config > aci: (targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";al > low (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn= > pbac,dc=ipatestdomain,dc=net";) > aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd > s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl > ass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreeme > nts"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Ag > reements,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob > jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Rem > ove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Repli > cation Agreements,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > > # o\3Dipaca, mapping tree, config > dn: cn=o\3Dipaca,cn=mapping tree,cn=config > aci: (targetattr=*)(version 3.0;acl "cert manager: Add Replication Agreements" > ;allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) > aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd > s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl > ass=nsMappingTree))")(version 3.0; acl "cert manager: Modify Replication Agre > ements"; allow (read, write, search) userdn = "ldap:///uid=pkidbuser,ou=peopl > e,o=ipaca";) > aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob > jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "cert manager: > Remove Replication Agreements";allow (delete) userdn = "ldap:///uid=pkidbuser > ,ou=people,o=ipaca";) > > # ldbm database, plugins, config > dn: cn=ldbm database,cn=plugins,cn=config > aci: (targetattr=*)(version 3.0; acl "Cert Manager access for VLV searches"; a > llow (read) userdn="ldap:///uid=pkidbuser,ou=people,o=ipaca";) > > # Posix IDs, Distributed Numeric Assignment Plugin, plugins, config > dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config > aci: (targetattr=dnaNextRange || dnaNextValue || dnaMaxValue)(version 3.0;acl > "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA > Range,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > aci: (targetattr=cn || dnaMaxValue || dnaNextRange || dnaNextValue || dnaThre > shold || dnaType || objectclass)(version 3.0;acl "permission:Read DNA Range"; > allow (read, search, compare) groupdn = "ldap:///cn=Read DNA Range,cn=permiss > ions,cn=pbac,dc=ipatestdomain,dc=net";) > > # userRoot, ldbm database, plugins, config > dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config > aci: (targetattr=nsslapd-readonly)(version 3.0; acl "Allow marking the databas > e readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreement > s,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > > # search result > search: 2 > result: 0 Success > > # numResponses: 12 > # numEntries: 11 > > > > ============================================================================ > 3. ACL on dc2 when it's now a Fedora 23 FreeIPA 4.2.3 server and the replica file was made from dc1 which is a CentOS server that still has the acls(missing some stuff) > ============================================================================ > aci list on dc2 > > [root at dc2 ~]# ldapsearch -D "cn=directory manager" -W -b "cn=config" "(aci=*)" aci > Enter LDAP Password: > # extended LDIF > # > # LDAPv3 > # base with scope subtree > # filter: (aci=*) > # requesting: aci > # > > # config > dn: cn=config > aci: (targetattr != aci)(version 3.0; aci "cert manager read access"; allow (r > ead, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) > aci: (target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")( > targetattr=*)(version 3.0;acl "permission:Add Automember Rebuild Membership T > ask";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task > ,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > aci: (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || ob > jectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plu > gins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configura > tion";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Manager > s Configuration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > aci: (targetattr = "passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop, > cn=plugins,cn=config")(version 3.0;acl "permission:Modify PassSync Managers C > onfiguration";allow (write) groupdn = "ldap:///cn=Modify PassSync Managers Co > nfiguration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > aci: (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || ns > slapd-directory* || objectclass")(target = "ldap:///cn=config,cn=ldbm databas > e,cn=plugins,cn=config")(version 3.0;acl "permission:Read LDBM Database Confi > guration";allow (compare,read,search) groupdn = "ldap:///cn=Read LDBM Databas > e Configuration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > aci: (version 3.0;acl "permission:Add Configuration Sub-Entries";allow (add) g > roupdn = "ldap:///cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc= > ipatestdomain,dc=net";) > > # SNMP, config > dn: cn=SNMP,cn=config > aci: (target="ldap:///cn=SNMP,cn=config")(targetattr !="aci")(version 3.0;acl > "snmp";allow (read, search, compare)(userdn = "ldap:///anyone");) > > # tasks, config > dn: cn=tasks,cn=config > aci: (targetattr=*)(version 3.0; acl "Run tasks after replica re-initializatio > n"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permis > sions,cn=pbac,dc=ipatestdomain,dc=net";) > aci: (targetattr=*)(version 3.0; acl "cert manager: Run tasks after replica re > -initialization"; allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipa > ca";) > aci: (targetattr="*")(version 3.0; acl "Admin can read all tasks"; allow (read > , compare, search) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=grip > atestdomain,dc=net";) > > # csusers, config > dn: ou=csusers,cn=config > aci: (targetattr != aci)(version 3.0; aci "cert manager manage replication use > rs"; allow (all) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) > > # 1.3.6.1.4.1.4203.1.9.1.1, features, config > dn: oid=1.3.6.1.4.1.4203.1.9.1.1,cn=features,cn=config > aci: (targetattr != "aci")(version 3.0; acl "Sync Request Control"; allow( rea > d, search ) userdn = "ldap:///all";) > > # 2.16.840.1.113730.3.4.9, features, config > dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config > aci: (targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, > search, compare, proxy) userdn = "ldap:///anyone"; ) > > # dc\3Dipatestdomain\2Cdc\3Dnet, mapping tree, config > dn: cn=dc\3Dipatestdomain\2Cdc\3Dnet,cn=mapping tree,cn=config > aci: (targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";al > low (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn= > pbac,dc=ipatestdomain,dc=net";) > aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd > s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl > ass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreeme > nts"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Ag > reements,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob > jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Rem > ove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Repli > cation Agreements,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > > # o\3Dipaca, mapping tree, config > dn: cn=o\3Dipaca,cn=mapping tree,cn=config > aci: (targetattr=*)(version 3.0;acl "cert manager: Add Replication Agreements" > ;allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) > aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd > s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl > ass=nsMappingTree))")(version 3.0; acl "cert manager: Modify Replication Agre > ements"; allow (read, write, search) userdn = "ldap:///uid=pkidbuser,ou=peopl > e,o=ipaca";) > aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob > jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "cert manager: > Remove Replication Agreements";allow (delete) userdn = "ldap:///uid=pkidbuser > ,ou=people,o=ipaca";) > > # ldbm database, plugins, config > dn: cn=ldbm database,cn=plugins,cn=config > aci: (targetattr=*)(version 3.0; acl "Cert Manager access for VLV searches"; a > llow (read) userdn="ldap:///uid=pkidbuser,ou=people,o=ipaca";) > > # Posix IDs, Distributed Numeric Assignment Plugin, plugins, config > dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config > aci: (targetattr=dnaNextRange || dnaNextValue || dnaMaxValue)(version 3.0;acl > "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA > Range,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > aci: (targetattr=cn || dnaMaxValue || dnaNextRange || dnaNextValue || dnaThre > shold || dnaType || objectclass)(version 3.0;acl "permission:Read DNA Range"; > allow (read, search, compare) groupdn = "ldap:///cn=Read DNA Range,cn=permiss > ions,cn=pbac,dc=ipatestdomain,dc=net";) > > # userRoot, ldbm database, plugins, config > dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config > aci: (targetattr=nsslapd-readonly)(version 3.0; acl "Allow marking the databas > e readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreement > s,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > > # search result > search: 2 > result: 0 Success > > # numResponses: 12 > # numEntries: 11 > > ============================================================================ > 4. ACL on dc1 when it's now a Fedora 23 FreeIPA 4.2.3 server (now missing some stuff) > ============================================================================ > [root at dc1 yum.repos.d]# ldapsearch -D "cn=directory manager" -W -b "cn=config" "(aci=*)" aci > Enter LDAP Password: > # extended LDIF > # > # LDAPv3 > # base with scope subtree > # filter: (aci=*) > # requesting: aci > # > > # config > dn: cn=config > aci: (targetattr != aci)(version 3.0; aci "cert manager read access"; allow (r > ead, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) > aci: (target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")( > targetattr=*)(version 3.0;acl "permission:Add Automember Rebuild Membership T > ask";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task > ,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > aci: (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || ob > jectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plu > gins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configura > tion";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Manager > s Configuration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > aci: (targetattr = "passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop, > cn=plugins,cn=config")(version 3.0;acl "permission:Modify PassSync Managers C > onfiguration";allow (write) groupdn = "ldap:///cn=Modify PassSync Managers Co > nfiguration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > aci: (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || ns > slapd-directory* || objectclass")(target = "ldap:///cn=config,cn=ldbm databas > e,cn=plugins,cn=config")(version 3.0;acl "permission:Read LDBM Database Confi > guration";allow (compare,read,search) groupdn = "ldap:///cn=Read LDBM Databas > e Configuration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > aci: (version 3.0;acl "permission:Add Configuration Sub-Entries";allow (add) g > roupdn = "ldap:///cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc= > ipatestdomain,dc=net";) > > # SNMP, config > dn: cn=SNMP,cn=config > aci: (target="ldap:///cn=SNMP,cn=config")(targetattr !="aci")(version 3.0;acl > "snmp";allow (read, search, compare)(userdn = "ldap:///anyone");) > > # tasks, config > dn: cn=tasks,cn=config > aci: (targetattr=*)(version 3.0; acl "Run tasks after replica re-initializatio > n"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permis > sions,cn=pbac,dc=ipatestdomain,dc=net";) > aci: (targetattr=*)(version 3.0; acl "cert manager: Run tasks after replica re > -initialization"; allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipa > ca";) > aci: (targetattr="*")(version 3.0; acl "Admin can read all tasks"; allow (read > , compare, search) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=grip > atestdomain,dc=net";) > > # csusers, config > dn: ou=csusers,cn=config > aci: (targetattr != aci)(version 3.0; aci "cert manager manage replication use > rs"; allow (all) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) > > # 1.3.6.1.4.1.4203.1.9.1.1, features, config > dn: oid=1.3.6.1.4.1.4203.1.9.1.1,cn=features,cn=config > aci: (targetattr != "aci")(version 3.0; acl "Sync Request Control"; allow( rea > d, search ) userdn = "ldap:///all";) > > # 2.16.840.1.113730.3.4.9, features, config > dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config > aci: (targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, > search, compare, proxy) userdn = "ldap:///anyone"; ) > > # dc\3Dipatestdomain\2Cdc\3Dnet, mapping tree, config > dn: cn=dc\3Dipatestdomain\2Cdc\3Dnet,cn=mapping tree,cn=config > aci: (targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";al > low (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn= > pbac,dc=ipatestdomain,dc=net";) > aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd > s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl > ass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreeme > nts"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Ag > reements,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob > jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Rem > ove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Repli > cation Agreements,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > > # o\3Dipaca, mapping tree, config > dn: cn=o\3Dipaca,cn=mapping tree,cn=config > aci: (targetattr=*)(version 3.0;acl "cert manager: Add Replication Agreements" > ;allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) > aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd > s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl > ass=nsMappingTree))")(version 3.0; acl "cert manager: Modify Replication Agre > ements"; allow (read, write, search) userdn = "ldap:///uid=pkidbuser,ou=peopl > e,o=ipaca";) > aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob > jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "cert manager: > Remove Replication Agreements";allow (delete) userdn = "ldap:///uid=pkidbuser > ,ou=people,o=ipaca";) > > # ldbm database, plugins, config > dn: cn=ldbm database,cn=plugins,cn=config > aci: (targetattr=*)(version 3.0; acl "Cert Manager access for VLV searches"; a > llow (read) userdn="ldap:///uid=pkidbuser,ou=people,o=ipaca";) > > # Posix IDs, Distributed Numeric Assignment Plugin, plugins, config > dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config > aci: (targetattr=dnaNextRange || dnaNextValue || dnaMaxValue)(version 3.0;acl > "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA > Range,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > aci: (targetattr=cn || dnaMaxValue || dnaNextRange || dnaNextValue || dnaThre > shold || dnaType || objectclass)(version 3.0;acl "permission:Read DNA Range"; > allow (read, search, compare) groupdn = "ldap:///cn=Read DNA Range,cn=permiss > ions,cn=pbac,dc=ipatestdomain,dc=net";) > > # userRoot, ldbm database, plugins, config > dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config > aci: (targetattr=nsslapd-readonly)(version 3.0; acl "Allow marking the databas > e readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreement > s,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > > # search result > search: 2 > result: 0 Success > > # numResponses: 12 > # numEntries: 11 > > > > -----Original Message----- > From: Rich Megginson [mailto:rmeggins at redhat.com] > Sent: January-22-16 10:24 AM > To: Nathan Peters; freeipa-users at redhat.com > Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists > > On 01/22/2016 11:04 AM, Nathan Peters wrote: >> Wow, strange stuff, the search I linked in the last email for our non working dev environment seems short some entries. >> >> For comparison, here is the same search run against our currently working prod environment. >> >> As you can see, our prod environment has a huge aci on the config tree. >> >> For reference, our prod and dev environments were identical (FreeIPA 4.1.4/CentOS7.1) before I updated our dev environment to CentOS7.2/FreeIPA4.2.0 -> Fedora23/FreeIPA4.2.3 -> Fedora23/FreeIPA4.3.0. So at some point during this upgrade process I assume maybe one of the installers deleted acis on our tree? That sounds like the kind of thing that would happen when introducing the new domain level functionality in 4.3, like if someone accidentally thought "oh this replica branch is now in a globally replicated section, we can remove these acis for this local stuff..." and then put that logic into the installer or something... >> >> The real question is, is there some good way of getting those aci's back, like a fixaci command? > I don't know. > From rob.verduijn at gmail.com Mon Jan 25 13:03:29 2016 From: rob.verduijn at gmail.com (Rob Verduijn) Date: Mon, 25 Jan 2016 14:03:29 +0100 Subject: [Freeipa-users] multimaster ad one way trust setup In-Reply-To: <20160125115939.GA4316@redhat.com> References: <20160125114152.GZ4316@redhat.com> <20160125115939.GA4316@redhat.com> Message-ID: Cool Thanx Rob Verduijn 2016-01-25 12:59 GMT+01:00 Alexander Bokovoy : > On Mon, 25 Jan 2016, Rob Verduijn wrote: >> >> Since the first option has less impact, that one sounds the most >> interesting. >> However, does this also remain functional when the first ipa server is >> taken offline ? > > Yes. What this option enables is to allow IPA master to become 'trust > agent' which means SSSD on that master will be able to use cross-forest > trust credentials to talk to AD for user/group information and > authentication purposes. It does not allow that master to *manage* the > trust itself. > >> >> Rob Verduijn >> >> 2016-01-25 12:41 GMT+01:00 Alexander Bokovoy : >>> >>> On Mon, 25 Jan 2016, Rob Verduijn wrote: >>>> >>>> >>>> Hi all, >>>> >>>> When you have an ipa 4.2 server with an one way trust to the ad. >>>> What steps are needed to install a second ipa master that also has a >>>> one way trust to the ad ? >>> >>> >>> Depends on what you want to achieve. >>> >>> If you want second IPA master to be able to resolve AD users, just >>> install the master and run 'ipa-adtrust-install --add-agents' on the >>> *first* master. This will prompt you to be asked on adding the second >>> master to the list of hosts allowed to use cross-forest trust >>> credentials. >>> >>> If you want to use the second IPA master to *manage* trust, you'd need >>> to run 'ipa-adtrust-install' on the it. No need to specify >>> '--add-agents' because the master where 'ipa-adtrust-install' is being >>> run will be automatically added to the list. >>> -- >>> / Alexander Bokovoy >> >> >> -- >> Manage your subscription for the Freeipa-users mailing list: >> https://www.redhat.com/mailman/listinfo/freeipa-users >> Go to http://freeipa.org for more info on the project > > > -- > / Alexander Bokovoy From vpha at webstaurantstore.com Fri Jan 22 16:13:30 2016 From: vpha at webstaurantstore.com (Vang Pha) Date: Fri, 22 Jan 2016 16:13:30 +0000 Subject: [Freeipa-users] Authentication Issues Message-ID: <98e530c8d0e94f96b366f0023bfa6d3c@LZ-EX-01.therestaurantstore.com> Hello All, Installation Notes: - ipa-server-4.2.0-15.el7.centos.3.x86_64 - ipa-server-trust-ad-4.2.0-15.el7.centos.3.x86_64 Configured it as a non-dns server install with a trust to server.dev, but after I established the trust and rebooted the machine. It's looking for krbtgt/server.dev now and I can't kinit admin. I'm not understanding why it's elsewhere to kinit now after the trust and not itself? Any help would be appreciated! Thanks! Jan 22 11:02:45 l-freeipa101.server.dev smbd[3126]: GSSAPI client step 1 Jan 22 11:02:45 l-freeipa101.server.dev smbd[3126]: GSSAPI client step 1 Jan 22 11:02:45 l-freeipa101.server.dev smbd[3126]: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server krbtgt/server.DEV at IPA.server.DEV not fo...os database) Jan 22 11:02:45 l-freeipa101.server.dev smbd[3126]: GSSAPI client step 1 Jan 22 11:02:45 l-freeipa101.server.dev smbd[3126]: GSSAPI client step 1 Jan 22 11:02:45 l-freeipa101.server.dev smbd[3126]: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server krbtgt/server.DEV at IPA.server.DEV not fo...os database) Jan 22 11:02:46 l-freeipa101.server.dev systemd[1]: smb.service: main process exited, code=exited, status=1/FAILURE Jan 22 11:02:46 l-freeipa101.server.dev systemd[1]: Failed to start Samba SMB Daemon. Jan 22 11:02:46 l-freeipa101.server.dev systemd[1]: Unit smb.service entered failed state. Jan 22 11:02:46 l-freeipa101.server.dev systemd[1]: smb.service failed. ------------ Vang Pha Systems Administrator - Web Operations - Lititz, PA [cid:image002.png at 01D0BE16.94D6FDE0] 717-381-4842 x2006 -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.png Type: image/png Size: 7364 bytes Desc: image001.png URL: From cameron.christensen at uk2group.com Mon Jan 25 17:15:42 2016 From: cameron.christensen at uk2group.com (Cameron Christensen) Date: Mon, 25 Jan 2016 10:15:42 -0700 Subject: [Freeipa-users] Active Directory and IPA Client Message-ID: <1453742142.6235.20.camel@uk2group.com> Hello, I have a trust established between Windows Active Directory and IPA. From the IPA server I can get details about AD users but not from a server configured as an IPA client. [root at ipa_server ~]# getent passwd ad_user at ad_domain ad_user at ad_domain:*:1869402973:1869402973:ADUser Name:/home/ad_domain/ad_user: Trying to access details about AD users from a server configured as an IPA client, no results. [root at ipa_client server ~]# getent passwd ad_user at ad_domain [root at ipa_client server ~]# I've enabled debugging of sssd. I believe this is the relevant information from /var/log/sssd/sssd_.log (Mon Jan 25 09:37:39 2016) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [getAccountInfo] (Mon Jan 25 09:37:39 2016) [sssd[be[ipa_domain]]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit (Mon Jan 25 09:37:39 2016) [sssd[be[ipa_domain]]] [sbus_handler_got_caller_id] (0x4000): Received SBUS method [getAccountInfo] (Mon Jan 25 09:37:39 2016) [sssd[be[ipa_domain]]] [be_get_account_info] (0x0200): Got request for [0x1001][1][name=ad_user] (Mon Jan 25 09:37:39 2016) [sssd[be[ipa_domain]]] [be_req_set_domain] (0x0400): Changing request domain from [ipa_domain] to [ad_domain] (Mon Jan 25 09:37:39 2016) [sssd[be[ipa_domain]]] [sdap_id_op_connect_step] (0x4000): reusing cached connection (Mon Jan 25 09:37:39 2016) [sssd[be[ipa_domain]]] [sdap_id_op_connect_step] (0x4000): reusing cached connection (Mon Jan 25 09:37:39 2016) [sssd[be[ipa_domain]]] [ipa_get_ad_override_connect_done] (0x4000): Searching for overrides in view [Default Trust View] with filter [(&(objectClass=ipaUserOverride)(uid=ad_user))]. (Mon Jan 25 09:37:39 2016) [sssd[be[ipa_domain]]] [sdap_print_server] (0x2000): Searching (Mon Jan 25 09:37:39 2016) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectClass=ipaUserOverride)(uid=ad_user))][cn=Default Trust View,cn=views,cn=accounts,d c=sub_domain,dc=domain]. (Mon Jan 25 09:37:39 2016) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 9 (Mon Jan 25 09:37:40 2016) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0xa88e70], connected[1], ops[0xa957b0], ldap[0xa8a650] (Mon Jan 25 09:37:40 2016) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Mon Jan 25 09:37:40 2016) [sssd[be[ipa_domain]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Mon Jan 25 09:37:40 2016) [sssd[be[ipa_domain]]] [ipa_get_ad_override_done] (0x4000): No override found with filter [(&(objectClass=ipaUserOverride)(uid=ad_user))]. (Mon Jan 25 09:37:40 2016) [sssd[be[ipa_domain]]] [sdap_id_op_destroy] (0x4000): releasing operation connection (Mon Jan 25 09:37:40 2016) [sssd[be[ipa_domain]]] [sdap_id_op_connect_step] (0x4000): reusing cached connection (Mon Jan 25 09:37:40 2016) [sssd[be[ipa_domain]]] [ipa_s2n_exop_send] (0x0400): Executing extended operation (Mon Jan 25 09:37:40 2016) [sssd[be[ipa_domain]]] [ipa_s2n_exop_send] (0x2000): ldap_extended_operation sent, msgid = 10 (Mon Jan 25 09:37:40 2016) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0xa88e70], connected[1], ops[0xa9d0c0], ldap[0xa8a650] (Mon Jan 25 09:37:40 2016) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Mon Jan 25 09:37:40 2016) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0xa88e70], connected[1], ops[0xa9d0c0], ldap[0xa8a650] (Mon Jan 25 09:37:40 2016) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_EXTENDED] (Mon Jan 25 09:37:40 2016) [sssd[be[ipa_domain]]] [ipa_s2n_exop_done] (0x0040): ldap_extended_operation result: No such object(32), (null). (Mon Jan 25 09:37:40 2016) [sssd[be[ipa_domain]]] [ipa_s2n_get_user_done] (0x0040): s2n exop request failed. (Mon Jan 25 09:37:40 2016) [sssd[be[ipa_domain]]] [sdap_id_op_done] (0x4000): releasing operation connection (Mon Jan 25 09:37:40 2016) [sssd[be[ipa_domain]]] [sdap_id_op_destroy] (0x4000): releasing operation connection (Mon Jan 25 09:37:40 2016) [sssd[be[ipa_domain]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Mon Jan 25 09:37:40 2016) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0xa88e70], connected[1], ops[(nil)], ldap[0xa8a650] (Mon Jan 25 09:37:40 2016) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing! I see two issues, " ldap_extended_operation result: No such object(32), (null)" and "ldap_result found nothing!" Using ldapsearch to execute the query from the ipa_server or the ipa_client_server produces no results: [root at ipa_client_server sssd]# ldapsearch -Y GSSAPI "(&(objectClass=ipaUserOverride)(uid=ad_user))" SASL/GSSAPI authentication started SASL username: admin@ SASL SSF: 56 SASL data security layer installed. # extended LDIF # # LDAPv3 # base (default) with scope subtree # filter: (&(objectClass=ipaUserOverride)(uid=ad_user)) # requesting: ALL # # search result search: 4 result: 0 Success # numResponses: 1 Any help would be greatly appreciated. Cameron -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 473 bytes Desc: This is a digitally signed message part URL: From sbose at redhat.com Mon Jan 25 17:26:21 2016 From: sbose at redhat.com (Sumit Bose) Date: Mon, 25 Jan 2016 18:26:21 +0100 Subject: [Freeipa-users] Active Directory and IPA Client In-Reply-To: <1453742142.6235.20.camel@uk2group.com> References: <1453742142.6235.20.camel@uk2group.com> Message-ID: <20160125172621.GH19151@p.redhat.com> On Mon, Jan 25, 2016 at 10:15:42AM -0700, Cameron Christensen wrote: > Hello, > > I have a trust established between Windows Active Directory and IPA. > From the IPA server I can get details about AD users but not from a > server configured as an IPA client. > > [root at ipa_server ~]# getent passwd ad_user at ad_domain > ad_user at ad_domain:*:1869402973:1869402973:ADUser > Name:/home/ad_domain/ad_user: > > Trying to access details about AD users from a server configured as an > IPA client, no results. > > [root at ipa_client server ~]# getent passwd ad_user at ad_domain > [root at ipa_client server ~]# > > I've enabled debugging of sssd. I believe this is the relevant > information from /var/log/sssd/sssd_.log > > (Mon Jan 25 09:37:39 2016) [sssd[be[ipa_domain]]] > [sbus_message_handler] (0x4000): Received SBUS method [getAccountInfo] > (Mon Jan 25 09:37:39 2016) [sssd[be[ipa_domain]]] > [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit > (Mon Jan 25 09:37:39 2016) [sssd[be[ipa_domain]]] > [sbus_handler_got_caller_id] (0x4000): Received SBUS method > [getAccountInfo] > (Mon Jan 25 09:37:39 2016) [sssd[be[ipa_domain]]] [be_get_account_info] > (0x0200): Got request for [0x1001][1][name=ad_user] > (Mon Jan 25 09:37:39 2016) [sssd[be[ipa_domain]]] [be_req_set_domain] > (0x0400): Changing request domain from [ipa_domain] to [ad_domain] > (Mon Jan 25 09:37:39 2016) [sssd[be[ipa_domain]]] > [sdap_id_op_connect_step] (0x4000): reusing cached connection > (Mon Jan 25 09:37:39 2016) [sssd[be[ipa_domain]]] > [sdap_id_op_connect_step] (0x4000): reusing cached connection > (Mon Jan 25 09:37:39 2016) [sssd[be[ipa_domain]]] > [ipa_get_ad_override_connect_done] (0x4000): Searching for overrides in > view [Default Trust View] with filter > [(&(objectClass=ipaUserOverride)(uid=ad_user))]. > (Mon Jan 25 09:37:39 2016) [sssd[be[ipa_domain]]] [sdap_print_server] > (0x2000): Searching > (Mon Jan 25 09:37:39 2016) [sssd[be[ipa_domain]]] > [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with > [(&(objectClass=ipaUserOverride)(uid=ad_user))][cn=Default Trust > View,cn=views,cn=accounts,d > c=sub_domain,dc=domain]. > (Mon Jan 25 09:37:39 2016) [sssd[be[ipa_domain]]] > [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 9 > (Mon Jan 25 09:37:40 2016) [sssd[be[ipa_domain]]] [sdap_process_result] > (0x2000): Trace: sh[0xa88e70], connected[1], ops[0xa957b0], > ldap[0xa8a650] > (Mon Jan 25 09:37:40 2016) [sssd[be[ipa_domain]]] > [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] > (Mon Jan 25 09:37:40 2016) [sssd[be[ipa_domain]]] > [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no > errmsg set > (Mon Jan 25 09:37:40 2016) [sssd[be[ipa_domain]]] > [ipa_get_ad_override_done] (0x4000): No override found with filter > [(&(objectClass=ipaUserOverride)(uid=ad_user))]. > (Mon Jan 25 09:37:40 2016) [sssd[be[ipa_domain]]] [sdap_id_op_destroy] > (0x4000): releasing operation connection > (Mon Jan 25 09:37:40 2016) [sssd[be[ipa_domain]]] > [sdap_id_op_connect_step] (0x4000): reusing cached connection > (Mon Jan 25 09:37:40 2016) [sssd[be[ipa_domain]]] [ipa_s2n_exop_send] > (0x0400): Executing extended operation > (Mon Jan 25 09:37:40 2016) [sssd[be[ipa_domain]]] [ipa_s2n_exop_send] > (0x2000): ldap_extended_operation sent, msgid = 10 > (Mon Jan 25 09:37:40 2016) [sssd[be[ipa_domain]]] [sdap_process_result] > (0x2000): Trace: sh[0xa88e70], connected[1], ops[0xa9d0c0], > ldap[0xa8a650] > (Mon Jan 25 09:37:40 2016) [sssd[be[ipa_domain]]] [sdap_process_result] > (0x2000): Trace: ldap_result found nothing! > (Mon Jan 25 09:37:40 2016) [sssd[be[ipa_domain]]] [sdap_process_result] > (0x2000): Trace: sh[0xa88e70], connected[1], ops[0xa9d0c0], > ldap[0xa8a650] > (Mon Jan 25 09:37:40 2016) [sssd[be[ipa_domain]]] > [sdap_process_message] (0x4000): Message type: [LDAP_RES_EXTENDED] > (Mon Jan 25 09:37:40 2016) [sssd[be[ipa_domain]]] [ipa_s2n_exop_done] > (0x0040): ldap_extended_operation result: No such object(32), (null). > (Mon Jan 25 09:37:40 2016) [sssd[be[ipa_domain]]] > [ipa_s2n_get_user_done] (0x0040): s2n exop request failed. > (Mon Jan 25 09:37:40 2016) [sssd[be[ipa_domain]]] [sdap_id_op_done] > (0x4000): releasing operation connection > (Mon Jan 25 09:37:40 2016) [sssd[be[ipa_domain]]] [sdap_id_op_destroy] > (0x4000): releasing operation connection > (Mon Jan 25 09:37:40 2016) [sssd[be[ipa_domain]]] [acctinfo_callback] > (0x0100): Request processed. Returned 0,0,Success > (Mon Jan 25 09:37:40 2016) [sssd[be[ipa_domain]]] [sdap_process_result] > (0x2000): Trace: sh[0xa88e70], connected[1], ops[(nil)], ldap[0xa8a650] > (Mon Jan 25 09:37:40 2016) [sssd[be[ipa_domain]]] [sdap_process_result] > (0x2000): Trace: ldap_result found nothing! > > I see two issues, " ldap_extended_operation result: No such object(32), > (null)" and "ldap_result found nothing!" The IPA client cannot talk to AD directly to look up the user data, but request the data from the IPA server with an extended operation. Please check if 'getent passwd ad_user at ad_domain' can look up the user on the server and check the SSSD logs on the server if not. HTH bye, Sumit > > Using ldapsearch to execute the query from the ipa_server or the > ipa_client_server produces no results: > > [root at ipa_client_server sssd]# ldapsearch -Y GSSAPI > "(&(objectClass=ipaUserOverride)(uid=ad_user))" > SASL/GSSAPI authentication started > SASL username: admin@ > SASL SSF: 56 > SASL data security layer installed. > # extended LDIF > # > # LDAPv3 > # base (default) with scope subtree > # filter: (&(objectClass=ipaUserOverride)(uid=ad_user)) > # requesting: ALL > # > > # search result > search: 4 > result: 0 Success > > # numResponses: 1 > > Any help would be greatly appreciated. > > Cameron > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project From Warren.Birnbaum at nike.com Mon Jan 25 21:26:55 2016 From: Warren.Birnbaum at nike.com (Birnbaum, Warren (ETW)) Date: Mon, 25 Jan 2016 21:26:55 +0000 Subject: [Freeipa-users] Active Directory users are not controlled by HBAC In-Reply-To: <20160122134438.GP4316@redhat.com> References: <20160122125155.GE7092@hendrix.redhat.com> <20160122134438.GP4316@redhat.com> Message-ID: Thanks Alexander. Is there a place where there are example pam stacks that work with active directory and hbac? ___________________ Warren Birnbaum : Infrastructure Services Web Automation Engineer Europe CDT Techn. Operations Nike Inc. : Mobile +31 6 23902697 On 1/22/16, 2:44 PM, "Alexander Bokovoy" wrote: >On Fri, 22 Jan 2016, Birnbaum, Warren (ETW) wrote: >>Thanks for you reply. I understand what you are saying but don?t see how >>this would work because Allow_All is my current situation (even with this >>rule disabled). My understand is you can?t restrict through a rule, only >>limit. I am missing something? >Yes. > >First, lack of HBAC rule that allows to access a service means pam_sss >will deny access to this service. HBAC rules only give you means to >_allow_ access, not to limit it as when no rules are in place, >everything is disallowed. 'allow_all' HBAC rule is provided exactly to >allow starting with a fresh working ground -- you would then remove >'allow_all' rule after creating specific allow rules. > >Second, while pam_sss evaluates HBAC rules, it is only one module in a >PAM stack. There might be other PAM modules that could make own >decisions to allow access to a specific service. You need to see what is >in your configuration. > >On RHEL and Fedora we configure PAM stack in such way that apart from >root and wheel group the rest is managed by SSSD via pam_sss. If your >configuration is different, it is up to you to ensure everything is >tightened up. > >> >> >> >> >>On 1/22/16, 1:51 PM, "freeipa-users-bounces at redhat.com on behalf of Jakub >>Hrozek" >jhrozek at redhat.com> >>wrote: >> >>>On Fri, Jan 22, 2016 at 09:27:40AM +0000, Birnbaum, Warren (ETW) wrote: >>>> Hi. >>>> >>>> I have a been successful using Freeipa 4.1 configuring active >>>>directory >>>>users and with sudo. The problem I am having is that the HBAC rules >>>>are >>>>not applying to my active directory users. They have access to all >>>>systems even if I disable my Allow_ALL rule. Is there something >>>>special >>>>I should be doing to domain? >>> >>>Normally HBAC for AD users should be done through an external group you >>>add the AD users or groups to, then add the external group to a regular >>>IPA group and reference this IPA group from HBAC rules. >>> >>>There have been bugs related to external groups resolution, so please >>>update to the latest IPA and SSSD packages also. >>> >>>-- >>>Manage your subscription for the Freeipa-users mailing list: >>>https://www.redhat.com/mailman/listinfo/freeipa-users >>>Go to http://freeipa.org for more info on the project >> >> >>-- >>Manage your subscription for the Freeipa-users mailing list: >>https://www.redhat.com/mailman/listinfo/freeipa-users >>Go to http://freeipa.org for more info on the project > >-- >/ Alexander Bokovoy From Warren.Birnbaum at nike.com Mon Jan 25 22:05:45 2016 From: Warren.Birnbaum at nike.com (Birnbaum, Warren (ETW)) Date: Mon, 25 Jan 2016 22:05:45 +0000 Subject: [Freeipa-users] Active Directory users are not controlled by HBAC In-Reply-To: References: <20160122125155.GE7092@hendrix.redhat.com> <20160122134438.GP4316@redhat.com> Message-ID: My system-auth-ac files looks like: auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 1000 quiet_success auth sufficient pam_sss.so use_first_pass auth required pam_deny.so account required pam_access.so account required pam_unix.so account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 1000 quiet account [default=bad success=ok user_unknown=ignore] pam_sss.so account required pam_permit.so password requisite pam_pwquality.so try_first_pass retry=3 type= password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok password sufficient pam_sss.so use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so -session optional pam_systemd.so session optional pam_mkhomedir.so umask=0077 session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_sss.so ___________________ Warren Birnbaum : Infrastructure Services Web Automation Engineer Europe CDT Techn. Operations Nike Inc. : Mobile +31 6 23902697 On 1/25/16, 1:26 PM, "Birnbaum, Warren (ETW)" wrote: >Thanks Alexander. Is there a place where there are example pam stacks >that work with active directory and hbac? > >___________________ >Warren Birnbaum : Infrastructure Services >Web Automation Engineer >Europe CDT Techn. Operations >Nike Inc. : Mobile +31 6 23902697 > > > > > > >On 1/22/16, 2:44 PM, "Alexander Bokovoy" wrote: > >>On Fri, 22 Jan 2016, Birnbaum, Warren (ETW) wrote: >>>Thanks for you reply. I understand what you are saying but don?t see >>>how >>>this would work because Allow_All is my current situation (even with >>>this >>>rule disabled). My understand is you can?t restrict through a rule, >>>only >>>limit. I am missing something? >>Yes. >> >>First, lack of HBAC rule that allows to access a service means pam_sss >>will deny access to this service. HBAC rules only give you means to >>_allow_ access, not to limit it as when no rules are in place, >>everything is disallowed. 'allow_all' HBAC rule is provided exactly to >>allow starting with a fresh working ground -- you would then remove >>'allow_all' rule after creating specific allow rules. >> >>Second, while pam_sss evaluates HBAC rules, it is only one module in a >>PAM stack. There might be other PAM modules that could make own >>decisions to allow access to a specific service. You need to see what is >>in your configuration. >> >>On RHEL and Fedora we configure PAM stack in such way that apart from >>root and wheel group the rest is managed by SSSD via pam_sss. If your >>configuration is different, it is up to you to ensure everything is >>tightened up. >> >>> >>> >>> >>> >>>On 1/22/16, 1:51 PM, "freeipa-users-bounces at redhat.com on behalf of >>>Jakub >>>Hrozek" >>jhrozek at redhat.com> >>>wrote: >>> >>>>On Fri, Jan 22, 2016 at 09:27:40AM +0000, Birnbaum, Warren (ETW) wrote: >>>>> Hi. >>>>> >>>>> I have a been successful using Freeipa 4.1 configuring active >>>>>directory >>>>>users and with sudo. The problem I am having is that the HBAC rules >>>>>are >>>>>not applying to my active directory users. They have access to all >>>>>systems even if I disable my Allow_ALL rule. Is there something >>>>>special >>>>>I should be doing to domain? >>>> >>>>Normally HBAC for AD users should be done through an external group you >>>>add the AD users or groups to, then add the external group to a regular >>>>IPA group and reference this IPA group from HBAC rules. >>>> >>>>There have been bugs related to external groups resolution, so please >>>>update to the latest IPA and SSSD packages also. >>>> >>>>-- >>>>Manage your subscription for the Freeipa-users mailing list: >>>>https://www.redhat.com/mailman/listinfo/freeipa-users >>>>Go to http://freeipa.org for more info on the project >>> >>> >>>-- >>>Manage your subscription for the Freeipa-users mailing list: >>>https://www.redhat.com/mailman/listinfo/freeipa-users >>>Go to http://freeipa.org for more info on the project >> >>-- >>/ Alexander Bokovoy > From abokovoy at redhat.com Mon Jan 25 22:11:11 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Tue, 26 Jan 2016 00:11:11 +0200 Subject: [Freeipa-users] Active Directory users are not controlled by HBAC In-Reply-To: References: <20160122125155.GE7092@hendrix.redhat.com> <20160122134438.GP4316@redhat.com> Message-ID: <20160125221111.GB4316@redhat.com> On Mon, 25 Jan 2016, Birnbaum, Warren (ETW) wrote: >Thanks Alexander. Is there a place where there are example pam stacks >that work with active directory and hbac? Defaults in RHEL/Fedora should be enough: - install RHEL/Fedora, - apply ipa-client-install, then you get proper setup. That's what is tested and supported. ipa-client-install would run authconfig utility with correct parameters to set PAM stack properly. -- / Alexander Bokovoy From Warren.Birnbaum at nike.com Mon Jan 25 22:35:05 2016 From: Warren.Birnbaum at nike.com (Birnbaum, Warren (ETW)) Date: Mon, 25 Jan 2016 22:35:05 +0000 Subject: [Freeipa-users] Active Directory users are not controlled by HBAC In-Reply-To: <20160125221111.GB4316@redhat.com> References: <20160122125155.GE7092@hendrix.redhat.com> <20160122134438.GP4316@redhat.com> <20160125221111.GB4316@redhat.com> Message-ID: OK. I have done this and am using the pam stack that is the result of what you here describe. A few threads back you mentioned that this could be a reason why my hbac are not restricting access. I have no hbac rules currently and any active directory user can access any host. Is there something else I could look at to see why this is happening? Thanks. ___________________ Warren Birnbaum : Infrastructure Services Web Automation Engineer Europe CDT Techn. Operations Nike Inc. : Mobile +31 6 23902697 On 1/25/16, 2:11 PM, "Alexander Bokovoy" wrote: >On Mon, 25 Jan 2016, Birnbaum, Warren (ETW) wrote: >>Thanks Alexander. Is there a place where there are example pam stacks >>that work with active directory and hbac? >Defaults in RHEL/Fedora should be enough: > - install RHEL/Fedora, > - apply ipa-client-install, > >then you get proper setup. That's what is tested and supported. > >ipa-client-install would run authconfig utility with correct parameters >to set PAM stack properly. > >-- >/ Alexander Bokovoy From abokovoy at redhat.com Mon Jan 25 22:47:42 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Tue, 26 Jan 2016 00:47:42 +0200 Subject: [Freeipa-users] Active Directory users are not controlled by HBAC In-Reply-To: References: <20160122125155.GE7092@hendrix.redhat.com> <20160122134438.GP4316@redhat.com> <20160125221111.GB4316@redhat.com> Message-ID: <20160125224742.GC4316@redhat.com> On Mon, 25 Jan 2016, Birnbaum, Warren (ETW) wrote: >OK. I have done this and am using the pam stack that is the result of >what you here describe. > >A few threads back you mentioned that this could be a reason why my hbac >are not restricting access. I have no hbac rules currently and any active >directory user can access any host. Is there something else I could look >at to see why this is happening? https://fedorahosted.org/sssd/wiki/Troubleshooting is your friend. -- / Alexander Bokovoy From gjn at gjn.priv.at Tue Jan 26 08:45:26 2016 From: gjn at gjn.priv.at (=?ISO-8859-1?Q?G=FCnther_J=2E?= Niederwimmer) Date: Tue, 26 Jan 2016 09:45:26 +0100 Subject: [Freeipa-users] Master Error with two Master CentOS 7.2 Message-ID: <1970762.0GSgUyMVQY@techz> Hello List, I set up a CentOS 7.2 System with two master Server now I found this 1000 x Error on my first master? attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.xxxxxxx.at:389/ o%3Dipaca) failed. the second is harmless I read ;-) NSMMReplicationPlugin - replication keep alive entry already exists Is this a bad Error ? Can I do anything Thanks for a answer, -- mit freundlichen Gr??en / best regards, G?nther J. Niederwimmer From wodel.youchi at gmail.com Tue Jan 26 09:16:30 2016 From: wodel.youchi at gmail.com (wodel youchi) Date: Tue, 26 Jan 2016 10:16:30 +0100 Subject: [Freeipa-users] Migration from openLDAP to FreeIPA with qmail.schema Message-ID: Hi, I am a newbie in freeipa. I am trying to use it with our mail server. Our mail server uses openldap with one external schema : qmail.schema, we use it especially for mailQuota, mailAlternateAddress, mailForwardingAddress and AccountStatus. I tried to import this schema to freeipa using ipa-ldap-updater. I am not sure if I succeeded, but when I tried : ipa config-mod --addattr=ipaGroupObjectClasses=qmailUser it worked and I can see the objectClass. [root at ipamaster work]# ipa config-show --all dn: cn=ipaConfig,cn=etc,dc=example,dc=com Longueur maximale du nom d'utilisateur: 32 Base du r?pertoire utilisateur: /home Interpr?teur par d?faut: /bin/sh Groupe utilisateur par d?faut: ipausers Domaine par d?faut pour les courriels: example.com Limite de temps d'une recherche: 2 Limite de taille d'une recherche: 100 Champs de recherche utilisateur: uid,givenname,sn,telephonenumber,ou,title Group search fields: cn,description Activer le mode migration: TRUE Base de sujet de certificat: O=EXAMPLE.COM Classes d'objets de groupe par d?faut: top, ipaobject, groupofnames, ipausergroup, nestedgroup Classes d'objets utilisateur par d?faut: ipaobject, person, top, ipasshuser, inetorgperson, organizationalperson, krbticketpolicyaux, krbprincipalaux, *qmailUser*, inetuser, posixaccount Notification d'expiration de mot de passe (jours): 4 Fonctionnalit?s du greffon mots de passe: AllowNThash Ordre de la mappe des utilisateurs SELinux: guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023 Utilisateur SELinux par d?faut: unconfined_u:s0-s0:c0.c1023 Types de PAC par d?faut: nfs:NONE, MS-PAC aci: (targetattr = "cn || createtimestamp || entryusn || ipacertificatesubjectbase || ipaconfigstring || ipacustomfields || ipadefaultemaildomain || ipadefaultloginshell || ipadefaultprimarygroup || ipagroupobjectclasses || ipagroupsearchfields || ipahomesrootdir || ipakrbauthzdata || ipamaxusernamelength || ipamigrationenabled || ipapwdexpadvnotify || ipasearchrecordslimit || ipasearchtimelimit || ipaselinuxusermapdefault || ipaselinuxusermaporder || ipauserauthtype || ipauserobjectclasses || ipausersearchfields || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaguiconfig)")(version 3.0;acl "permission:System: Read Global Configuration";allow (compare,read,search) userdn = "ldap:///all";) cn: ipaConfig objectclass: ipaConfigObject, nsContainer, top, ipaGuiConfig, ipaUserAuthTypeClass Then I tried to migrate openldap's accounts, but without luck so far #ipa -v migrate-ds --with-compat --bind-dn "cn=admin,dc=example,dc=com" --continue ldap://192.168.1.121:389 ----------- migrate-ds: ----------- Migrated: Failed user: jean.doe: Type or value exists: jeane.doe: Type or value exists: Failed group: ---------- No users/groups were migrated from ldap://192.168.1.121:389 Here is an entry from openldap dn: uid=jeane.doe,ou=people,dc=example,dc=com loginShell: /bin/bash gidNumber: 1000 objectClass: top objectClass: qmailUser objectClass: inetOrgPerson objectClass: posixAccount objectClass: person objectClass: shadowAccount objectClass: organizationalPerson mail: jeane.doe at example.com givenName: DOE uid: jeane.doe uidNumber: 1002 displayName: Jeane Doe homeDirectory: /var/vmail/jeane.doe accountStatus: yes mailMessageStore: /var/vmail/jeane.doe structuralObjectClass: inetOrgPerson entryUUID: 3e8ee290-166f-1035-94d7-ef8fa27fbe71 creatorsName: cn=admin,dc=example,dc=com createTimestamp: 20151103120748Z userPassword:: e1NTSEF9K2ZYQnQrMnZsbmVURlVEaG5FdjlZdkhTNFpvNjVMSVQ= mailQuotaSize: 1024000 sn: Jeane cn: DOE entryCSN: 20160125162455.613052Z#000000#000#000000 modifiersName: cn=admin,dc=example,dc=com modifyTimestamp: 20160125162455Z What does "Type or value exists" means? PS: the qmail.schema presents two other objectClasses, but I didn't add use them (qldapAdmin, qmailGroup) Regards -------------- next part -------------- An HTML attachment was scrubbed... URL: From mkosek at redhat.com Tue Jan 26 09:53:05 2016 From: mkosek at redhat.com (Martin Kosek) Date: Tue, 26 Jan 2016 10:53:05 +0100 Subject: [Freeipa-users] Migration from openLDAP to FreeIPA with qmail.schema In-Reply-To: References: Message-ID: <56A74201.6010306@redhat.com> On 01/26/2016 10:16 AM, wodel youchi wrote: > Hi, > > I am a newbie in freeipa. I am trying to use it with our mail server. Cool! What is your version of the FreeIPA server? It will be important for further investigation. > Our mail server uses openldap with one external schema : qmail.schema, we > use it especially for mailQuota, mailAlternateAddress, > mailForwardingAddress and AccountStatus. > > I tried to import this schema to freeipa using ipa-ldap-updater. > I am not sure if I succeeded, but when I tried : ipa config-mod > --addattr=ipaGroupObjectClasses=qmailUser it worked and I can see the > objectClass. > > > [root at ipamaster work]# ipa config-show --all > dn: cn=ipaConfig,cn=etc,dc=example,dc=com > Longueur maximale du nom d'utilisateur: 32 > Base du r?pertoire utilisateur: /home > Interpr?teur par d?faut: /bin/sh > Groupe utilisateur par d?faut: ipausers > Domaine par d?faut pour les courriels: example.com > Limite de temps d'une recherche: 2 > Limite de taille d'une recherche: 100 > Champs de recherche utilisateur: uid,givenname,sn,telephonenumber,ou,title > Group search fields: cn,description > Activer le mode migration: TRUE > Base de sujet de certificat: O=EXAMPLE.COM > Classes d'objets de groupe par d?faut: top, ipaobject, groupofnames, > ipausergroup, nestedgroup > Classes d'objets utilisateur par d?faut: ipaobject, person, top, > ipasshuser, inetorgperson, organizationalperson, > krbticketpolicyaux, > krbprincipalaux, *qmailUser*, inetuser, posixaccount > Notification d'expiration de mot de passe (jours): 4 > Fonctionnalit?s du greffon mots de passe: AllowNThash > Ordre de la mappe des utilisateurs SELinux: > guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023 > Utilisateur SELinux par d?faut: unconfined_u:s0-s0:c0.c1023 > Types de PAC par d?faut: nfs:NONE, MS-PAC > aci: (targetattr = "cn || createtimestamp || entryusn || > ipacertificatesubjectbase || ipaconfigstring || ipacustomfields || > ipadefaultemaildomain || ipadefaultloginshell || > ipadefaultprimarygroup || ipagroupobjectclasses || > ipagroupsearchfields || ipahomesrootdir || ipakrbauthzdata || > ipamaxusernamelength || ipamigrationenabled || > ipapwdexpadvnotify || ipasearchrecordslimit || ipasearchtimelimit || > ipaselinuxusermapdefault || > ipaselinuxusermaporder || ipauserauthtype || ipauserobjectclasses || > ipausersearchfields || modifytimestamp || > objectclass")(targetfilter = "(objectclass=ipaguiconfig)")(version > 3.0;acl "permission:System: Read Global > Configuration";allow (compare,read,search) userdn = "ldap:///all";) > cn: ipaConfig > objectclass: ipaConfigObject, nsContainer, top, ipaGuiConfig, > ipaUserAuthTypeClass > > Then I tried to migrate openldap's accounts, but without luck so far > #ipa -v migrate-ds --with-compat --bind-dn "cn=admin,dc=example,dc=com" > --continue ldap://192.168.1.121:389 > ----------- > migrate-ds: > ----------- > Migrated: > Failed user: > jean.doe: Type or value exists: > jeane.doe: Type or value exists: > Failed group: > ---------- > No users/groups were migrated from ldap://192.168.1.121:389 > > > Here is an entry from openldap > dn: uid=jeane.doe,ou=people,dc=example,dc=com > loginShell: /bin/bash > gidNumber: 1000 > objectClass: top > objectClass: qmailUser > objectClass: inetOrgPerson > objectClass: posixAccount > objectClass: person > objectClass: shadowAccount > objectClass: organizationalPerson > mail: jeane.doe at example.com > givenName: DOE > uid: jeane.doe > uidNumber: 1002 > displayName: Jeane Doe > homeDirectory: /var/vmail/jeane.doe > accountStatus: yes > mailMessageStore: /var/vmail/jeane.doe > structuralObjectClass: inetOrgPerson > entryUUID: 3e8ee290-166f-1035-94d7-ef8fa27fbe71 > creatorsName: cn=admin,dc=example,dc=com > createTimestamp: 20151103120748Z > userPassword:: e1NTSEF9K2ZYQnQrMnZsbmVURlVEaG5FdjlZdkhTNFpvNjVMSVQ= > mailQuotaSize: 1024000 > sn: Jeane > cn: DOE > entryCSN: 20160125162455.613052Z#000000#000#000000 > modifiersName: cn=admin,dc=example,dc=com > modifyTimestamp: 20160125162455Z > > What does "Type or value exists" means? That normally means that you have the same value for LDAP attribute twice or that you are trying to add multiple values for a single valued attribute. I wonder if we could get better logging, like how exactly the entry looks like before it is added to LDAP. But right now, I cannot think about a better way than to updating /usr/lib/python2.7/site-packages/ipalib/plugins/migration.py on the FreeIPA server the following way (new print statement) try: print entry_attrs ldap.add_entry(entry_attrs) except errors.ExecutionError, e: , restarting the httpd service and sending us the /var/log/httpd/error_log after the next migration attempt. Maybe Jan (CCed) knows a better way. > PS: the qmail.schema presents two other objectClasses, but I didn't add use > them (qldapAdmin, qmailGroup) > > Regards > > > From lkrispen at redhat.com Tue Jan 26 10:03:27 2016 From: lkrispen at redhat.com (Ludwig Krispenz) Date: Tue, 26 Jan 2016 11:03:27 +0100 Subject: [Freeipa-users] Master Error with two Master CentOS 7.2 In-Reply-To: <1970762.0GSgUyMVQY@techz> References: <1970762.0GSgUyMVQY@techz> Message-ID: <56A7446F.6070005@redhat.com> On 01/26/2016 09:45 AM, G?nther J. Niederwimmer wrote: > Hello List, > > I set up a CentOS 7.2 System with two master Server now I found this 1000 x > Error on my first master? > > attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.xxxxxxx.at:389/ > o%3Dipaca) failed. did you install and reinstall the replica on the same machine ? The message is usually related to removed replicaid, which was not properly cleaned. can you do some searches ?. On both masters check which is the replicaID in use and which are the known ruvs: ldapsearch -b "cn=config" .... "objectclass=nsds5replica" replicaid nsds50ruv Ludwig > > the second is harmless I read ;-) > NSMMReplicationPlugin - replication keep alive entry 4,dc=xxxxxxxxx,dc=at> already exists > > Is this a bad Error ? > > Can I do anything > > Thanks for a answer, > From wodel.youchi at gmail.com Tue Jan 26 10:22:56 2016 From: wodel.youchi at gmail.com (wodel youchi) Date: Tue, 26 Jan 2016 11:22:56 +0100 Subject: [Freeipa-users] Migration from openLDAP to FreeIPA with qmail.schema In-Reply-To: <56A74201.6010306@redhat.com> References: <56A74201.6010306@redhat.com> Message-ID: Thanks I will try and report back. I am using Centos 7.2x64 with latest updates and ipa-server-4.2.0-15.el7.centos.3.x86_64 Regards 2016-01-26 10:53 GMT+01:00 Martin Kosek : > On 01/26/2016 10:16 AM, wodel youchi wrote: > > Hi, > > > > I am a newbie in freeipa. I am trying to use it with our mail server. > > Cool! What is your version of the FreeIPA server? It will be important for > further investigation. > > > Our mail server uses openldap with one external schema : qmail.schema, we > > use it especially for mailQuota, mailAlternateAddress, > > mailForwardingAddress and AccountStatus. > > > > I tried to import this schema to freeipa using ipa-ldap-updater. > > I am not sure if I succeeded, but when I tried : ipa config-mod > > --addattr=ipaGroupObjectClasses=qmailUser it worked and I can see the > > objectClass. > > > > > > [root at ipamaster work]# ipa config-show --all > > dn: cn=ipaConfig,cn=etc,dc=example,dc=com > > Longueur maximale du nom d'utilisateur: 32 > > Base du r?pertoire utilisateur: /home > > Interpr?teur par d?faut: /bin/sh > > Groupe utilisateur par d?faut: ipausers > > Domaine par d?faut pour les courriels: example.com > > Limite de temps d'une recherche: 2 > > Limite de taille d'une recherche: 100 > > Champs de recherche utilisateur: > uid,givenname,sn,telephonenumber,ou,title > > Group search fields: cn,description > > Activer le mode migration: TRUE > > Base de sujet de certificat: O=EXAMPLE.COM > > Classes d'objets de groupe par d?faut: top, ipaobject, groupofnames, > > ipausergroup, nestedgroup > > Classes d'objets utilisateur par d?faut: ipaobject, person, top, > > ipasshuser, inetorgperson, organizationalperson, > > krbticketpolicyaux, > > krbprincipalaux, *qmailUser*, inetuser, posixaccount > > Notification d'expiration de mot de passe (jours): 4 > > Fonctionnalit?s du greffon mots de passe: AllowNThash > > Ordre de la mappe des utilisateurs SELinux: > > > guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023 > > Utilisateur SELinux par d?faut: unconfined_u:s0-s0:c0.c1023 > > Types de PAC par d?faut: nfs:NONE, MS-PAC > > aci: (targetattr = "cn || createtimestamp || entryusn || > > ipacertificatesubjectbase || ipaconfigstring || ipacustomfields || > > ipadefaultemaildomain || ipadefaultloginshell || > > ipadefaultprimarygroup || ipagroupobjectclasses || > > ipagroupsearchfields || ipahomesrootdir || ipakrbauthzdata || > > ipamaxusernamelength || ipamigrationenabled || > > ipapwdexpadvnotify || ipasearchrecordslimit || ipasearchtimelimit > || > > ipaselinuxusermapdefault || > > ipaselinuxusermaporder || ipauserauthtype || ipauserobjectclasses > || > > ipausersearchfields || modifytimestamp || > > objectclass")(targetfilter = "(objectclass=ipaguiconfig)")(version > > 3.0;acl "permission:System: Read Global > > Configuration";allow (compare,read,search) userdn = > "ldap:///all";) > > cn: ipaConfig > > objectclass: ipaConfigObject, nsContainer, top, ipaGuiConfig, > > ipaUserAuthTypeClass > > > > Then I tried to migrate openldap's accounts, but without luck so far > > #ipa -v migrate-ds --with-compat --bind-dn "cn=admin,dc=example,dc=com" > > --continue ldap://192.168.1.121:389 > > ----------- > > migrate-ds: > > ----------- > > Migrated: > > Failed user: > > jean.doe: Type or value exists: > > jeane.doe: Type or value exists: > > Failed group: > > ---------- > > No users/groups were migrated from ldap://192.168.1.121:389 > > > > > > Here is an entry from openldap > > dn: uid=jeane.doe,ou=people,dc=example,dc=com > > loginShell: /bin/bash > > gidNumber: 1000 > > objectClass: top > > objectClass: qmailUser > > objectClass: inetOrgPerson > > objectClass: posixAccount > > objectClass: person > > objectClass: shadowAccount > > objectClass: organizationalPerson > > mail: jeane.doe at example.com > > givenName: DOE > > uid: jeane.doe > > uidNumber: 1002 > > displayName: Jeane Doe > > homeDirectory: /var/vmail/jeane.doe > > accountStatus: yes > > mailMessageStore: /var/vmail/jeane.doe > > structuralObjectClass: inetOrgPerson > > entryUUID: 3e8ee290-166f-1035-94d7-ef8fa27fbe71 > > creatorsName: cn=admin,dc=example,dc=com > > createTimestamp: 20151103120748Z > > userPassword:: e1NTSEF9K2ZYQnQrMnZsbmVURlVEaG5FdjlZdkhTNFpvNjVMSVQ= > > mailQuotaSize: 1024000 > > sn: Jeane > > cn: DOE > > entryCSN: 20160125162455.613052Z#000000#000#000000 > > modifiersName: cn=admin,dc=example,dc=com > > modifyTimestamp: 20160125162455Z > > > > What does "Type or value exists" means? > > That normally means that you have the same value for LDAP attribute twice > or > that you are trying to add multiple values for a single valued attribute. I > wonder if we could get better logging, like how exactly the entry looks > like > before it is added to LDAP. > > But right now, I cannot think about a better way than to updating > /usr/lib/python2.7/site-packages/ipalib/plugins/migration.py > on the FreeIPA server the following way (new print statement) > > try: > print entry_attrs > ldap.add_entry(entry_attrs) > except errors.ExecutionError, e: > > , restarting the httpd service and sending us the /var/log/httpd/error_log > after the next migration attempt. Maybe Jan (CCed) knows a better way. > > > PS: the qmail.schema presents two other objectClasses, but I didn't add > use > > them (qldapAdmin, qmailGroup) > > > > Regards > > > > > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From gjn at gjn.priv.at Tue Jan 26 11:30:23 2016 From: gjn at gjn.priv.at (=?ISO-8859-1?Q?G=FCnther_J=2E?= Niederwimmer) Date: Tue, 26 Jan 2016 12:30:23 +0100 Subject: [Freeipa-users] Master Error with two Master CentOS 7.2 In-Reply-To: <56A7446F.6070005@redhat.com> References: <1970762.0GSgUyMVQY@techz> <56A7446F.6070005@redhat.com> Message-ID: <8170971.eP25qLtyVt@techz> Hello Ludwig, Am Dienstag, 26. Januar 2016, 11:03:27 CET schrieb Ludwig Krispenz: > On 01/26/2016 09:45 AM, G?nther J. Niederwimmer wrote: > > Hello List, > > > > I set up a CentOS 7.2 System with two master Server now I found this 1000 > > x > > Error on my first master? > > > > attrlist_replace - attr_replace (nsslapd-referral, > > ldap://ipa1.xxxxxxx.at:389/ o%3Dipaca) failed. > > did you install and reinstall the replica on the same machine ? The > message is usually related to removed replicaid, which was not properly > cleaned. Yes, I must delete and reinstall the Replica but I have all cleanup I found in the DOC ipa-replica-manage del ipa1.xxxxxxxx.at ipa-csreplica-manage del ipa1.xxxxxxxx..at and create a new ipa-replica-prepare ipa1.xxxxxxx.at the system for ipa1 is a new installed KVM guest., with the same name ipa1.xxxxxxxx.at > can you do some searches ?. On both masters check which is the replicaID > in use and which are the known ruvs: > ldapsearch -b "cn=config" .... "objectclass=nsds5replica" replicaid > nsds50ruv Please can you give me the full command I am not a professional for LDAP Thanks > > the second is harmless I read ;-) > > NSMMReplicationPlugin - replication keep alive entry > 4,dc=xxxxxxxxx,dc=at> already exists > > > > Is this a bad Error ? > > > > Can I do anything > > > > Thanks for a answer, -- mit freundlichen Gr??en / best regards, G?nther J. Niederwimmer From zeal at freecharge.com Tue Jan 26 12:18:49 2016 From: zeal at freecharge.com (Zeal Vora) Date: Tue, 26 Jan 2016 17:48:49 +0530 Subject: [Freeipa-users] How to reference to IPA Server in Multi-Master Setup ? In-Reply-To: <56A60B1C.6070503@redhat.com> References: <56A60141.6090606@redhat.com> <56A60B1C.6070503@redhat.com> Message-ID: Thanks David. Generally for Operating systems like Amazon Linux etc which does not have a IPA-Client, we generally use SSSD to get things working. In such cases, what would be optimal way to configure the SRV records as --domain parameter won't be present. On Mon, Jan 25, 2016 at 5:16 PM, David Kupka wrote: > On 25/01/16 12:08, Zeal Vora wrote: > >> Thanks Petr. >> >> So if the domain is example.com, in DNS, what would be the IP associated >> with it ? >> >> As there are 2 master servers, each of them will have different IP >> address. >> >> On Mon, Jan 25, 2016 at 4:34 PM, Petr Spacek wrote: >> >> On 25.1.2016 10:47, Zeal Vora wrote: >>> >>>> Hi >>>> >>>> I have setup a multi-master IPA and it seems to be working fine. >>>> >>>> The clients ( laptops and servers ) are not using the DNS of IPA. >>>> >>>> I was wondering, while configuring ipa-client, which server do I >>>> >>> reference >>> >>>> to when it asks the ipa-server hostname ? >>>> >>>> Both the master server has different hostnames. >>>> >>>> master1.example.com ( Master 1 ) >>>> master2.example.com ( Master 2 ) >>>> >>> >>> Specify only --domain option and do not use --server option at all. In >>> will >>> enable server auto-detection using DNS SRV records and you will not need >>> to >>> worry about adding/removing servers because all clients will >>> automatically >>> pick the new list up. >>> >>> -- >>> Petr^2 Spacek >>> >>> -- >>> Manage your subscription for the Freeipa-users mailing list: >>> https://www.redhat.com/mailman/listinfo/freeipa-users >>> Go to http://freeipa.org for more info on the project >>> >>> >> >> >> > The '--domain' parameter is for client installer to form DNS request. > Request that is sent is the same as one sent by this command: > dig -t SRV _ldap._tcp. > > It then receiver list of records similar to this one: > 100 0 389 > 100 0 389 > > Installer then goes through the list and checks if it's really FreeIPA > server and first one that passes is used. When IP address is needed it can > be resolved from the name included in SRV response. > > HTH, > -- > David Kupka > -------------- next part -------------- An HTML attachment was scrubbed... URL: From wodel.youchi at gmail.com Tue Jan 26 12:42:10 2016 From: wodel.youchi at gmail.com (wodel youchi) Date: Tue, 26 Jan 2016 13:42:10 +0100 Subject: [Freeipa-users] Migration from openLDAP to FreeIPA with qmail.schema In-Reply-To: References: <56A74201.6010306@redhat.com> Message-ID: Hi again, This is what I get from httpd error_log [Tue Jan 26 13:38:02.394757 2016] [:error] [pid 7427] ipa: WARNING: GID number 1000 of migrated user jean.doe does not point to a known group. [Tue Jan 26 13:38:02.397928 2016] [:error] [pid 7427] LDAPEntry(ipapython.dn.DN('uid=jean.doe,cn=users,cn=accounts,dc=example,dc=com'), {u'mailQuotaSize': ['2048000'], u'cn': ['DOE'], u'uid': [u'jean.doe'], u'objectClass': [u'ipaobject', u'organizationalperson', u'qmailuser', u'top', u'ipasshuser', u'inetorgperson', u'person', u'krbticketpolicyaux', u'krbprincipalaux', u'shadowaccount', u'qmailUser', u'inetuser', u'posixaccount'], u'loginShell': ['/bin/bash'], u'uidNumber': ['1001'], u'gidNumber': [u'1000'], u'ipauniqueid': ['autogenerate'], u'krbprincipalname': [u'jean.doe at EXAMPLE.COM'], u'mailMessageStore': ['/var/vmail/jean.doe'], u'description': ['__no_upg__'], u'displayName': ['Jean Doe'], u'userPassword': ['{SSHA}NIxCImzQDagloyVdMtheC4wDMUImxW85'], u'accountStatus': ['yes'], u'mailAlternateAddress': ['root at example.com', ' postmaster at example.com'], u'sn': ['Jean'], u'homeDirectory': ['/var/vmail/jean.doe'], u'mail': ['jean.doe at example.com'], u'givenName': ['DOE']}) [Tue Jan 26 13:38:02.398937 2016] [:error] [pid 7427] ipa: WARNING: GID number 1000 of migrated user jeane.doe does not point to a known group. [Tue Jan 26 13:38:02.399703 2016] [:error] [pid 7427] LDAPEntry(ipapython.dn.DN('uid=jeane.doe,cn=users,cn=accounts,dc=example,dc=com'), {u'mailQuotaSize': ['1024000'], u'cn': ['DOE'], u'uid': [u'jeane.doe'], u'objectClass': [u'ipaobject', u'organizationalperson', u'qmailuser', u'top', u'ipasshuser', u'inetorgperson', u'person', u'krbticketpolicyaux', u'krbprincipalaux', u'shadowaccount', u'qmailUser', u'inetuser', u'posixaccount'], u'loginShell': ['/bin/bash'], u'uidNumber': ['1002'], u'gidNumber': [u'1000'], u'ipauniqueid': ['autogenerate'], u'krbprincipalname': [u'jeane.doe at EXAMPLE.COM'], u'mailMessageStore': ['/var/vmail/jeane.doe'], u'description': ['__no_upg__'], u'displayName': ['Jeane Doe'], u'userPassword': ['{SSHA}+fXBt+2vlneTFUDhnEv9YvHS4Zo65LIT'], u'accountStatus': ['yes'], u'sn': ['Jeane'], u'homeDirectory': ['/var/vmail/jeane.doe'], u'mail': ['jeane.doe at example.com'], u'givenName': ['DOE']}) Regards. 2016-01-26 11:22 GMT+01:00 wodel youchi : > Thanks I will try and report back. > > I am using Centos 7.2x64 with latest updates > > and ipa-server-4.2.0-15.el7.centos.3.x86_64 > > Regards > > 2016-01-26 10:53 GMT+01:00 Martin Kosek : > >> On 01/26/2016 10:16 AM, wodel youchi wrote: >> > Hi, >> > >> > I am a newbie in freeipa. I am trying to use it with our mail server. >> >> Cool! What is your version of the FreeIPA server? It will be important for >> further investigation. >> >> > Our mail server uses openldap with one external schema : qmail.schema, >> we >> > use it especially for mailQuota, mailAlternateAddress, >> > mailForwardingAddress and AccountStatus. >> > >> > I tried to import this schema to freeipa using ipa-ldap-updater. >> > I am not sure if I succeeded, but when I tried : ipa config-mod >> > --addattr=ipaGroupObjectClasses=qmailUser it worked and I can see the >> > objectClass. >> > >> > >> > [root at ipamaster work]# ipa config-show --all >> > dn: cn=ipaConfig,cn=etc,dc=example,dc=com >> > Longueur maximale du nom d'utilisateur: 32 >> > Base du r?pertoire utilisateur: /home >> > Interpr?teur par d?faut: /bin/sh >> > Groupe utilisateur par d?faut: ipausers >> > Domaine par d?faut pour les courriels: example.com >> > Limite de temps d'une recherche: 2 >> > Limite de taille d'une recherche: 100 >> > Champs de recherche utilisateur: >> uid,givenname,sn,telephonenumber,ou,title >> > Group search fields: cn,description >> > Activer le mode migration: TRUE >> > Base de sujet de certificat: O=EXAMPLE.COM >> > Classes d'objets de groupe par d?faut: top, ipaobject, groupofnames, >> > ipausergroup, nestedgroup >> > Classes d'objets utilisateur par d?faut: ipaobject, person, top, >> > ipasshuser, inetorgperson, organizationalperson, >> > krbticketpolicyaux, >> > krbprincipalaux, *qmailUser*, inetuser, posixaccount >> > Notification d'expiration de mot de passe (jours): 4 >> > Fonctionnalit?s du greffon mots de passe: AllowNThash >> > Ordre de la mappe des utilisateurs SELinux: >> > >> guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023 >> > Utilisateur SELinux par d?faut: unconfined_u:s0-s0:c0.c1023 >> > Types de PAC par d?faut: nfs:NONE, MS-PAC >> > aci: (targetattr = "cn || createtimestamp || entryusn || >> > ipacertificatesubjectbase || ipaconfigstring || ipacustomfields || >> > ipadefaultemaildomain || ipadefaultloginshell || >> > ipadefaultprimarygroup || ipagroupobjectclasses || >> > ipagroupsearchfields || ipahomesrootdir || ipakrbauthzdata || >> > ipamaxusernamelength || ipamigrationenabled || >> > ipapwdexpadvnotify || ipasearchrecordslimit || >> ipasearchtimelimit || >> > ipaselinuxusermapdefault || >> > ipaselinuxusermaporder || ipauserauthtype || >> ipauserobjectclasses || >> > ipausersearchfields || modifytimestamp || >> > objectclass")(targetfilter = >> "(objectclass=ipaguiconfig)")(version >> > 3.0;acl "permission:System: Read Global >> > Configuration";allow (compare,read,search) userdn = >> "ldap:///all";) >> > cn: ipaConfig >> > objectclass: ipaConfigObject, nsContainer, top, ipaGuiConfig, >> > ipaUserAuthTypeClass >> > >> > Then I tried to migrate openldap's accounts, but without luck so far >> > #ipa -v migrate-ds --with-compat --bind-dn "cn=admin,dc=example,dc=com" >> > --continue ldap://192.168.1.121:389 >> > ----------- >> > migrate-ds: >> > ----------- >> > Migrated: >> > Failed user: >> > jean.doe: Type or value exists: >> > jeane.doe: Type or value exists: >> > Failed group: >> > ---------- >> > No users/groups were migrated from ldap://192.168.1.121:389 >> > >> > >> > Here is an entry from openldap >> > dn: uid=jeane.doe,ou=people,dc=example,dc=com >> > loginShell: /bin/bash >> > gidNumber: 1000 >> > objectClass: top >> > objectClass: qmailUser >> > objectClass: inetOrgPerson >> > objectClass: posixAccount >> > objectClass: person >> > objectClass: shadowAccount >> > objectClass: organizationalPerson >> > mail: jeane.doe at example.com >> > givenName: DOE >> > uid: jeane.doe >> > uidNumber: 1002 >> > displayName: Jeane Doe >> > homeDirectory: /var/vmail/jeane.doe >> > accountStatus: yes >> > mailMessageStore: /var/vmail/jeane.doe >> > structuralObjectClass: inetOrgPerson >> > entryUUID: 3e8ee290-166f-1035-94d7-ef8fa27fbe71 >> > creatorsName: cn=admin,dc=example,dc=com >> > createTimestamp: 20151103120748Z >> > userPassword:: e1NTSEF9K2ZYQnQrMnZsbmVURlVEaG5FdjlZdkhTNFpvNjVMSVQ= >> > mailQuotaSize: 1024000 >> > sn: Jeane >> > cn: DOE >> > entryCSN: 20160125162455.613052Z#000000#000#000000 >> > modifiersName: cn=admin,dc=example,dc=com >> > modifyTimestamp: 20160125162455Z >> > >> > What does "Type or value exists" means? >> >> That normally means that you have the same value for LDAP attribute twice >> or >> that you are trying to add multiple values for a single valued attribute. >> I >> wonder if we could get better logging, like how exactly the entry looks >> like >> before it is added to LDAP. >> >> But right now, I cannot think about a better way than to updating >> /usr/lib/python2.7/site-packages/ipalib/plugins/migration.py >> on the FreeIPA server the following way (new print statement) >> >> try: >> print entry_attrs >> ldap.add_entry(entry_attrs) >> except errors.ExecutionError, e: >> >> , restarting the httpd service and sending us the /var/log/httpd/error_log >> after the next migration attempt. Maybe Jan (CCed) knows a better way. >> >> > PS: the qmail.schema presents two other objectClasses, but I didn't add >> use >> > them (qldapAdmin, qmailGroup) >> > >> > Regards >> > >> > >> > >> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From wodel.youchi at gmail.com Tue Jan 26 13:20:20 2016 From: wodel.youchi at gmail.com (wodel youchi) Date: Tue, 26 Jan 2016 14:20:20 +0100 Subject: [Freeipa-users] Migration from openLDAP to FreeIPA with qmail.schema In-Reply-To: References: <56A74201.6010306@redhat.com> Message-ID: Hi, In the above log (httpd log) the LDAPEntry contains qmailuser and qmailUser objectClasses, I don't know if this is what is causing the problem. Another thing, I can't import groups as well, I did add a simple group to my ldap dn: ou=groups,dc=example,dc=com objectClass: organizationalUnit objectClass: top ou: groups structuralObjectClass: organizationalUnit dn: cn=vmail,ou=groups,dc=example,dc=com objectClass: top objectClass: posixGroup gidNumber: 5000 structuralObjectClass: posixGroup cn: vmail When I launch the migration command I get ipa: ERROR: La recherche LDAP group ne renvoie aucun r?sultat (base de recherche : ou=groups,dc=example,dc=com, classe d'objet : groupofuniquenames, groupofnames) any idea? Regards. 2016-01-26 13:42 GMT+01:00 wodel youchi : > Hi again, > > This is what I get from httpd error_log > > [Tue Jan 26 13:38:02.394757 2016] [:error] [pid 7427] ipa: WARNING: GID > number 1000 of migrated user jean.doe does not point to a known group. > [Tue Jan 26 13:38:02.397928 2016] [:error] [pid 7427] > LDAPEntry(ipapython.dn.DN('uid=jean.doe,cn=users,cn=accounts,dc=example,dc=com'), > {u'mailQuotaSize': ['2048000'], u'cn': ['DOE'], u'uid': [u'jean.doe'], > u'objectClass': [u'ipaobject', u'organizationalperson', u'qmailuser', > u'top', u'ipasshuser', u'inetorgperson', u'person', u'krbticketpolicyaux', > u'krbprincipalaux', u'shadowaccount', u'qmailUser', u'inetuser', > u'posixaccount'], u'loginShell': ['/bin/bash'], u'uidNumber': ['1001'], > u'gidNumber': [u'1000'], u'ipauniqueid': ['autogenerate'], > u'krbprincipalname': [u'jean.doe at EXAMPLE.COM'], u'mailMessageStore': > ['/var/vmail/jean.doe'], u'description': ['__no_upg__'], u'displayName': > ['Jean Doe'], u'userPassword': ['{SSHA}NIxCImzQDagloyVdMtheC4wDMUImxW85'], > u'accountStatus': ['yes'], u'mailAlternateAddress': ['root at example.com', ' > postmaster at example.com'], u'sn': ['Jean'], u'homeDirectory': > ['/var/vmail/jean.doe'], u'mail': ['jean.doe at example.com'], u'givenName': > ['DOE']}) > [Tue Jan 26 13:38:02.398937 2016] [:error] [pid 7427] ipa: WARNING: GID > number 1000 of migrated user jeane.doe does not point to a known group. > [Tue Jan 26 13:38:02.399703 2016] [:error] [pid 7427] > LDAPEntry(ipapython.dn.DN('uid=jeane.doe,cn=users,cn=accounts,dc=example,dc=com'), > {u'mailQuotaSize': ['1024000'], u'cn': ['DOE'], u'uid': [u'jeane.doe'], > u'objectClass': [u'ipaobject', u'organizationalperson', u'qmailuser', > u'top', u'ipasshuser', u'inetorgperson', u'person', u'krbticketpolicyaux', > u'krbprincipalaux', u'shadowaccount', u'qmailUser', u'inetuser', > u'posixaccount'], u'loginShell': ['/bin/bash'], u'uidNumber': ['1002'], > u'gidNumber': [u'1000'], u'ipauniqueid': ['autogenerate'], > u'krbprincipalname': [u'jeane.doe at EXAMPLE.COM'], u'mailMessageStore': > ['/var/vmail/jeane.doe'], u'description': ['__no_upg__'], u'displayName': > ['Jeane Doe'], u'userPassword': ['{SSHA}+fXBt+2vlneTFUDhnEv9YvHS4Zo65LIT'], > u'accountStatus': ['yes'], u'sn': ['Jeane'], u'homeDirectory': > ['/var/vmail/jeane.doe'], u'mail': ['jeane.doe at example.com'], > u'givenName': ['DOE']}) > > Regards. > > 2016-01-26 11:22 GMT+01:00 wodel youchi : > >> Thanks I will try and report back. >> >> I am using Centos 7.2x64 with latest updates >> >> and ipa-server-4.2.0-15.el7.centos.3.x86_64 >> >> Regards >> >> 2016-01-26 10:53 GMT+01:00 Martin Kosek : >> >>> On 01/26/2016 10:16 AM, wodel youchi wrote: >>> > Hi, >>> > >>> > I am a newbie in freeipa. I am trying to use it with our mail server. >>> >>> Cool! What is your version of the FreeIPA server? It will be important >>> for >>> further investigation. >>> >>> > Our mail server uses openldap with one external schema : qmail.schema, >>> we >>> > use it especially for mailQuota, mailAlternateAddress, >>> > mailForwardingAddress and AccountStatus. >>> > >>> > I tried to import this schema to freeipa using ipa-ldap-updater. >>> > I am not sure if I succeeded, but when I tried : ipa config-mod >>> > --addattr=ipaGroupObjectClasses=qmailUser it worked and I can see the >>> > objectClass. >>> > >>> > >>> > [root at ipamaster work]# ipa config-show --all >>> > dn: cn=ipaConfig,cn=etc,dc=example,dc=com >>> > Longueur maximale du nom d'utilisateur: 32 >>> > Base du r?pertoire utilisateur: /home >>> > Interpr?teur par d?faut: /bin/sh >>> > Groupe utilisateur par d?faut: ipausers >>> > Domaine par d?faut pour les courriels: example.com >>> > Limite de temps d'une recherche: 2 >>> > Limite de taille d'une recherche: 100 >>> > Champs de recherche utilisateur: >>> uid,givenname,sn,telephonenumber,ou,title >>> > Group search fields: cn,description >>> > Activer le mode migration: TRUE >>> > Base de sujet de certificat: O=EXAMPLE.COM >>> > Classes d'objets de groupe par d?faut: top, ipaobject, groupofnames, >>> > ipausergroup, nestedgroup >>> > Classes d'objets utilisateur par d?faut: ipaobject, person, top, >>> > ipasshuser, inetorgperson, organizationalperson, >>> > krbticketpolicyaux, >>> > krbprincipalaux, *qmailUser*, inetuser, posixaccount >>> > Notification d'expiration de mot de passe (jours): 4 >>> > Fonctionnalit?s du greffon mots de passe: AllowNThash >>> > Ordre de la mappe des utilisateurs SELinux: >>> > >>> guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023 >>> > Utilisateur SELinux par d?faut: unconfined_u:s0-s0:c0.c1023 >>> > Types de PAC par d?faut: nfs:NONE, MS-PAC >>> > aci: (targetattr = "cn || createtimestamp || entryusn || >>> > ipacertificatesubjectbase || ipaconfigstring || ipacustomfields || >>> > ipadefaultemaildomain || ipadefaultloginshell || >>> > ipadefaultprimarygroup || ipagroupobjectclasses || >>> > ipagroupsearchfields || ipahomesrootdir || ipakrbauthzdata || >>> > ipamaxusernamelength || ipamigrationenabled || >>> > ipapwdexpadvnotify || ipasearchrecordslimit || >>> ipasearchtimelimit || >>> > ipaselinuxusermapdefault || >>> > ipaselinuxusermaporder || ipauserauthtype || >>> ipauserobjectclasses || >>> > ipausersearchfields || modifytimestamp || >>> > objectclass")(targetfilter = >>> "(objectclass=ipaguiconfig)")(version >>> > 3.0;acl "permission:System: Read Global >>> > Configuration";allow (compare,read,search) userdn = >>> "ldap:///all";) >>> > cn: ipaConfig >>> > objectclass: ipaConfigObject, nsContainer, top, ipaGuiConfig, >>> > ipaUserAuthTypeClass >>> > >>> > Then I tried to migrate openldap's accounts, but without luck so far >>> > #ipa -v migrate-ds --with-compat --bind-dn "cn=admin,dc=example,dc=com" >>> > --continue ldap://192.168.1.121:389 >>> > ----------- >>> > migrate-ds: >>> > ----------- >>> > Migrated: >>> > Failed user: >>> > jean.doe: Type or value exists: >>> > jeane.doe: Type or value exists: >>> > Failed group: >>> > ---------- >>> > No users/groups were migrated from ldap://192.168.1.121:389 >>> > >>> > >>> > Here is an entry from openldap >>> > dn: uid=jeane.doe,ou=people,dc=example,dc=com >>> > loginShell: /bin/bash >>> > gidNumber: 1000 >>> > objectClass: top >>> > objectClass: qmailUser >>> > objectClass: inetOrgPerson >>> > objectClass: posixAccount >>> > objectClass: person >>> > objectClass: shadowAccount >>> > objectClass: organizationalPerson >>> > mail: jeane.doe at example.com >>> > givenName: DOE >>> > uid: jeane.doe >>> > uidNumber: 1002 >>> > displayName: Jeane Doe >>> > homeDirectory: /var/vmail/jeane.doe >>> > accountStatus: yes >>> > mailMessageStore: /var/vmail/jeane.doe >>> > structuralObjectClass: inetOrgPerson >>> > entryUUID: 3e8ee290-166f-1035-94d7-ef8fa27fbe71 >>> > creatorsName: cn=admin,dc=example,dc=com >>> > createTimestamp: 20151103120748Z >>> > userPassword:: e1NTSEF9K2ZYQnQrMnZsbmVURlVEaG5FdjlZdkhTNFpvNjVMSVQ= >>> > mailQuotaSize: 1024000 >>> > sn: Jeane >>> > cn: DOE >>> > entryCSN: 20160125162455.613052Z#000000#000#000000 >>> > modifiersName: cn=admin,dc=example,dc=com >>> > modifyTimestamp: 20160125162455Z >>> > >>> > What does "Type or value exists" means? >>> >>> That normally means that you have the same value for LDAP attribute >>> twice or >>> that you are trying to add multiple values for a single valued >>> attribute. I >>> wonder if we could get better logging, like how exactly the entry looks >>> like >>> before it is added to LDAP. >>> >>> But right now, I cannot think about a better way than to updating >>> /usr/lib/python2.7/site-packages/ipalib/plugins/migration.py >>> on the FreeIPA server the following way (new print statement) >>> >>> try: >>> print entry_attrs >>> ldap.add_entry(entry_attrs) >>> except errors.ExecutionError, e: >>> >>> , restarting the httpd service and sending us the >>> /var/log/httpd/error_log >>> after the next migration attempt. Maybe Jan (CCed) knows a better way. >>> >>> > PS: the qmail.schema presents two other objectClasses, but I didn't >>> add use >>> > them (qldapAdmin, qmailGroup) >>> > >>> > Regards >>> > >>> > >>> > >>> >>> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From lkrispen at redhat.com Tue Jan 26 13:48:31 2016 From: lkrispen at redhat.com (Ludwig Krispenz) Date: Tue, 26 Jan 2016 14:48:31 +0100 Subject: [Freeipa-users] Master Error with two Master CentOS 7.2 In-Reply-To: <8170971.eP25qLtyVt@techz> References: <1970762.0GSgUyMVQY@techz> <56A7446F.6070005@redhat.com> <8170971.eP25qLtyVt@techz> Message-ID: <56A7792F.6080307@redhat.com> On 01/26/2016 12:30 PM, G?nther J. Niederwimmer wrote: > Hello Ludwig, > > Am Dienstag, 26. Januar 2016, 11:03:27 CET schrieb Ludwig Krispenz: >> On 01/26/2016 09:45 AM, G?nther J. Niederwimmer wrote: >>> Hello List, >>> >>> I set up a CentOS 7.2 System with two master Server now I found this 1000 >>> x >>> Error on my first master? >>> >>> attrlist_replace - attr_replace (nsslapd-referral, >>> ldap://ipa1.xxxxxxx.at:389/ o%3Dipaca) failed. >> did you install and reinstall the replica on the same machine ? The >> message is usually related to removed replicaid, which was not properly >> cleaned. > Yes, I must delete and reinstall the Replica but I have all cleanup I found in > the DOC > > ipa-replica-manage del ipa1.xxxxxxxx.at > ipa-csreplica-manage del ipa1.xxxxxxxx..at > > and create a new > > ipa-replica-prepare ipa1.xxxxxxx.at > > the system for ipa1 is a new installed KVM guest., with the same name > ipa1.xxxxxxxx.at > >> can you do some searches ?. On both masters check which is the replicaID >> in use and which are the known ruvs: >> ldapsearch -b "cn=config" .... "objectclass=nsds5replica" replicaid >> nsds50ruv > Please can you give me the full command I am not a professional for LDAP ldapsearch -LLL -o ldif-wrap=no -x -h -p 389 -D "cn=directory manager" -W -b "cn=config" "objectclass=nsds5replica" nsds5replicaid nsds50ruv for host insert your masters > > Thanks > >>> the second is harmless I read ;-) >>> NSMMReplicationPlugin - replication keep alive entry >> 4,dc=xxxxxxxxx,dc=at> already exists >>> >>> Is this a bad Error ? >>> >>> Can I do anything >>> >>> Thanks for a answer, > From mkosek at redhat.com Tue Jan 26 15:15:55 2016 From: mkosek at redhat.com (Martin Kosek) Date: Tue, 26 Jan 2016 16:15:55 +0100 Subject: [Freeipa-users] Migration from openLDAP to FreeIPA with qmail.schema In-Reply-To: References: <56A74201.6010306@redhat.com> Message-ID: <56A78DAB.90509@redhat.com> On 01/26/2016 02:20 PM, wodel youchi wrote: > Hi, > > In the above log (httpd log) the LDAPEntry contains qmailuser and qmailUser > objectClasses, I don't know if this is what is causing the problem. That's probably it. Can you please try to lowercaser 'qmailUser' in the FreeIPA config and try the migration again? > Another thing, I can't import groups as well, I did add a simple group to > my ldap > dn: ou=groups,dc=example,dc=com > objectClass: organizationalUnit > objectClass: top > ou: groups > structuralObjectClass: organizationalUnit > > dn: cn=vmail,ou=groups,dc=example,dc=com > objectClass: top > objectClass: posixGroup > gidNumber: 5000 > structuralObjectClass: posixGroup > cn: vmail > > When I launch the migration command I get > > ipa: ERROR: La recherche LDAP group ne renvoie aucun r?sultat (base de > recherche : ou=groups,dc=example,dc=com, classe d'objet : > groupofuniquenames, groupofnames) > > any idea? I cannot really read French, but I suspect you could use the option --group-objectclass=STR Objectclasses used to search for group entries in DS to specify the objectclass the migration should search (posixGroup in your case) > > Regards. > > 2016-01-26 13:42 GMT+01:00 wodel youchi : > >> Hi again, >> >> This is what I get from httpd error_log >> >> [Tue Jan 26 13:38:02.394757 2016] [:error] [pid 7427] ipa: WARNING: GID >> number 1000 of migrated user jean.doe does not point to a known group. >> [Tue Jan 26 13:38:02.397928 2016] [:error] [pid 7427] >> LDAPEntry(ipapython.dn.DN('uid=jean.doe,cn=users,cn=accounts,dc=example,dc=com'), >> {u'mailQuotaSize': ['2048000'], u'cn': ['DOE'], u'uid': [u'jean.doe'], >> u'objectClass': [u'ipaobject', u'organizationalperson', u'qmailuser', >> u'top', u'ipasshuser', u'inetorgperson', u'person', u'krbticketpolicyaux', >> u'krbprincipalaux', u'shadowaccount', u'qmailUser', u'inetuser', >> u'posixaccount'], u'loginShell': ['/bin/bash'], u'uidNumber': ['1001'], >> u'gidNumber': [u'1000'], u'ipauniqueid': ['autogenerate'], >> u'krbprincipalname': [u'jean.doe at EXAMPLE.COM'], u'mailMessageStore': >> ['/var/vmail/jean.doe'], u'description': ['__no_upg__'], u'displayName': >> ['Jean Doe'], u'userPassword': ['{SSHA}NIxCImzQDagloyVdMtheC4wDMUImxW85'], >> u'accountStatus': ['yes'], u'mailAlternateAddress': ['root at example.com', ' >> postmaster at example.com'], u'sn': ['Jean'], u'homeDirectory': >> ['/var/vmail/jean.doe'], u'mail': ['jean.doe at example.com'], u'givenName': >> ['DOE']}) >> [Tue Jan 26 13:38:02.398937 2016] [:error] [pid 7427] ipa: WARNING: GID >> number 1000 of migrated user jeane.doe does not point to a known group. >> [Tue Jan 26 13:38:02.399703 2016] [:error] [pid 7427] >> LDAPEntry(ipapython.dn.DN('uid=jeane.doe,cn=users,cn=accounts,dc=example,dc=com'), >> {u'mailQuotaSize': ['1024000'], u'cn': ['DOE'], u'uid': [u'jeane.doe'], >> u'objectClass': [u'ipaobject', u'organizationalperson', u'qmailuser', >> u'top', u'ipasshuser', u'inetorgperson', u'person', u'krbticketpolicyaux', >> u'krbprincipalaux', u'shadowaccount', u'qmailUser', u'inetuser', >> u'posixaccount'], u'loginShell': ['/bin/bash'], u'uidNumber': ['1002'], >> u'gidNumber': [u'1000'], u'ipauniqueid': ['autogenerate'], >> u'krbprincipalname': [u'jeane.doe at EXAMPLE.COM'], u'mailMessageStore': >> ['/var/vmail/jeane.doe'], u'description': ['__no_upg__'], u'displayName': >> ['Jeane Doe'], u'userPassword': ['{SSHA}+fXBt+2vlneTFUDhnEv9YvHS4Zo65LIT'], >> u'accountStatus': ['yes'], u'sn': ['Jeane'], u'homeDirectory': >> ['/var/vmail/jeane.doe'], u'mail': ['jeane.doe at example.com'], >> u'givenName': ['DOE']}) >> >> Regards. >> >> 2016-01-26 11:22 GMT+01:00 wodel youchi : >> >>> Thanks I will try and report back. >>> >>> I am using Centos 7.2x64 with latest updates >>> >>> and ipa-server-4.2.0-15.el7.centos.3.x86_64 >>> >>> Regards >>> >>> 2016-01-26 10:53 GMT+01:00 Martin Kosek : >>> >>>> On 01/26/2016 10:16 AM, wodel youchi wrote: >>>>> Hi, >>>>> >>>>> I am a newbie in freeipa. I am trying to use it with our mail server. >>>> >>>> Cool! What is your version of the FreeIPA server? It will be important >>>> for >>>> further investigation. >>>> >>>>> Our mail server uses openldap with one external schema : qmail.schema, >>>> we >>>>> use it especially for mailQuota, mailAlternateAddress, >>>>> mailForwardingAddress and AccountStatus. >>>>> >>>>> I tried to import this schema to freeipa using ipa-ldap-updater. >>>>> I am not sure if I succeeded, but when I tried : ipa config-mod >>>>> --addattr=ipaGroupObjectClasses=qmailUser it worked and I can see the >>>>> objectClass. >>>>> >>>>> >>>>> [root at ipamaster work]# ipa config-show --all >>>>> dn: cn=ipaConfig,cn=etc,dc=example,dc=com >>>>> Longueur maximale du nom d'utilisateur: 32 >>>>> Base du r?pertoire utilisateur: /home >>>>> Interpr?teur par d?faut: /bin/sh >>>>> Groupe utilisateur par d?faut: ipausers >>>>> Domaine par d?faut pour les courriels: example.com >>>>> Limite de temps d'une recherche: 2 >>>>> Limite de taille d'une recherche: 100 >>>>> Champs de recherche utilisateur: >>>> uid,givenname,sn,telephonenumber,ou,title >>>>> Group search fields: cn,description >>>>> Activer le mode migration: TRUE >>>>> Base de sujet de certificat: O=EXAMPLE.COM >>>>> Classes d'objets de groupe par d?faut: top, ipaobject, groupofnames, >>>>> ipausergroup, nestedgroup >>>>> Classes d'objets utilisateur par d?faut: ipaobject, person, top, >>>>> ipasshuser, inetorgperson, organizationalperson, >>>>> krbticketpolicyaux, >>>>> krbprincipalaux, *qmailUser*, inetuser, posixaccount >>>>> Notification d'expiration de mot de passe (jours): 4 >>>>> Fonctionnalit?s du greffon mots de passe: AllowNThash >>>>> Ordre de la mappe des utilisateurs SELinux: >>>>> >>>> guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023 >>>>> Utilisateur SELinux par d?faut: unconfined_u:s0-s0:c0.c1023 >>>>> Types de PAC par d?faut: nfs:NONE, MS-PAC >>>>> aci: (targetattr = "cn || createtimestamp || entryusn || >>>>> ipacertificatesubjectbase || ipaconfigstring || ipacustomfields || >>>>> ipadefaultemaildomain || ipadefaultloginshell || >>>>> ipadefaultprimarygroup || ipagroupobjectclasses || >>>>> ipagroupsearchfields || ipahomesrootdir || ipakrbauthzdata || >>>>> ipamaxusernamelength || ipamigrationenabled || >>>>> ipapwdexpadvnotify || ipasearchrecordslimit || >>>> ipasearchtimelimit || >>>>> ipaselinuxusermapdefault || >>>>> ipaselinuxusermaporder || ipauserauthtype || >>>> ipauserobjectclasses || >>>>> ipausersearchfields || modifytimestamp || >>>>> objectclass")(targetfilter = >>>> "(objectclass=ipaguiconfig)")(version >>>>> 3.0;acl "permission:System: Read Global >>>>> Configuration";allow (compare,read,search) userdn = >>>> "ldap:///all";) >>>>> cn: ipaConfig >>>>> objectclass: ipaConfigObject, nsContainer, top, ipaGuiConfig, >>>>> ipaUserAuthTypeClass >>>>> >>>>> Then I tried to migrate openldap's accounts, but without luck so far >>>>> #ipa -v migrate-ds --with-compat --bind-dn "cn=admin,dc=example,dc=com" >>>>> --continue ldap://192.168.1.121:389 >>>>> ----------- >>>>> migrate-ds: >>>>> ----------- >>>>> Migrated: >>>>> Failed user: >>>>> jean.doe: Type or value exists: >>>>> jeane.doe: Type or value exists: >>>>> Failed group: >>>>> ---------- >>>>> No users/groups were migrated from ldap://192.168.1.121:389 >>>>> >>>>> >>>>> Here is an entry from openldap >>>>> dn: uid=jeane.doe,ou=people,dc=example,dc=com >>>>> loginShell: /bin/bash >>>>> gidNumber: 1000 >>>>> objectClass: top >>>>> objectClass: qmailUser >>>>> objectClass: inetOrgPerson >>>>> objectClass: posixAccount >>>>> objectClass: person >>>>> objectClass: shadowAccount >>>>> objectClass: organizationalPerson >>>>> mail: jeane.doe at example.com >>>>> givenName: DOE >>>>> uid: jeane.doe >>>>> uidNumber: 1002 >>>>> displayName: Jeane Doe >>>>> homeDirectory: /var/vmail/jeane.doe >>>>> accountStatus: yes >>>>> mailMessageStore: /var/vmail/jeane.doe >>>>> structuralObjectClass: inetOrgPerson >>>>> entryUUID: 3e8ee290-166f-1035-94d7-ef8fa27fbe71 >>>>> creatorsName: cn=admin,dc=example,dc=com >>>>> createTimestamp: 20151103120748Z >>>>> userPassword:: e1NTSEF9K2ZYQnQrMnZsbmVURlVEaG5FdjlZdkhTNFpvNjVMSVQ= >>>>> mailQuotaSize: 1024000 >>>>> sn: Jeane >>>>> cn: DOE >>>>> entryCSN: 20160125162455.613052Z#000000#000#000000 >>>>> modifiersName: cn=admin,dc=example,dc=com >>>>> modifyTimestamp: 20160125162455Z >>>>> >>>>> What does "Type or value exists" means? >>>> >>>> That normally means that you have the same value for LDAP attribute >>>> twice or >>>> that you are trying to add multiple values for a single valued >>>> attribute. I >>>> wonder if we could get better logging, like how exactly the entry looks >>>> like >>>> before it is added to LDAP. >>>> >>>> But right now, I cannot think about a better way than to updating >>>> /usr/lib/python2.7/site-packages/ipalib/plugins/migration.py >>>> on the FreeIPA server the following way (new print statement) >>>> >>>> try: >>>> print entry_attrs >>>> ldap.add_entry(entry_attrs) >>>> except errors.ExecutionError, e: >>>> >>>> , restarting the httpd service and sending us the >>>> /var/log/httpd/error_log >>>> after the next migration attempt. Maybe Jan (CCed) knows a better way. >>>> >>>>> PS: the qmail.schema presents two other objectClasses, but I didn't >>>> add use >>>>> them (qldapAdmin, qmailGroup) >>>>> >>>>> Regards >>>>> >>>>> >>>>> >>>> >>>> >>> >> > From aizzo01 at harris.com Tue Jan 26 15:22:00 2016 From: aizzo01 at harris.com (Izzo, Anthony) Date: Tue, 26 Jan 2016 15:22:00 +0000 Subject: [Freeipa-users] ipa-admintools version incompatibility Message-ID: I have a FreeIPA 4.2 server (on RHEL7) and a FreeIPA 3.0 client (on RHEL6). I am aware of the incompatibility between versions for ipa-admintools (in my case I'm trying to use ipa dnsrecord-del). I was just wondering if there is a workaround that would allow me, from my 3.0 client, to delete a DNS PTR record on the 4.2 server, since I can't use the ipa dnsrecord-del command (the APIs are different, and the server responds that I've sent an invalid option). Thanks. Tony -------------- next part -------------- An HTML attachment was scrubbed... URL: From aalam at paperlesspost.com Tue Jan 26 15:38:03 2016 From: aalam at paperlesspost.com (Ash Alam) Date: Tue, 26 Jan 2016 10:38:03 -0500 Subject: [Freeipa-users] Upgrading from 3.0.0 CentOS6 to 4.2.3 CentOS7 In-Reply-To: <564F46BB.8060906@redhat.com> References: <564EE884.6060909@redhat.com> <564F46BB.8060906@redhat.com> Message-ID: I wanted to follow up on this as i finally gotten around to doing the upgrade. I an running into this error. I also found a bugzilla ticket. Do you have to do some type of schema upgrade like you do with active directory? https://bugzilla.redhat.com/show_bug.cgi?id=1235766 STDERR: ipa : CRITICAL The master CA directory server does not have necessary schema. Please copy the following script to all CA masters and run it on them: /usr/share/ipa/copy-schema-to-ca.py If you are certain that this is a false positive, use --skip-schema-check. ipa.ipapython.install.cli.install_tool(Replica): ERROR IPA schema missing on master CA directory server Thank You On Fri, Nov 20, 2015 at 11:13 AM, Martin Kosek wrote: > On 11/20/2015 04:08 PM, Ash Alam wrote: > >> Most of the clients in my env are centos 6.6 with ipa 3.0.0 client >> installed. I >> if bring up a replica on centos 7.2 with ipa 4.2.3 server and then start >> phasing out the older 3.0.0 servers. Will the client that are still >> running the >> older client software still work? >> > > It should, yes. It is expected that there are RHEL/CentOS-6 clients with > RHEL-7 FreeIPA servers. The older clients just won't be able to use the > newest features. > > >> On Fri, Nov 20, 2015 at 4:31 AM, Martin Kosek > > wrote: >> >> On 11/19/2015 11:03 PM, Ash Alam wrote: >> >> Hello All >> >> I am looking for some advice on upgrading. Currently our FreeIPA >> servers are >> 3.0.0 on centos 6.6. We are looking to go to 4.2.3 Centos7. This >> upgrade path >> is not possible per IPA documentation. Minimum version required >> is 3.3.x. I >> have also found that cenos6 does not provide anything past 3.0.0. >> >> >> And it won't. There are no plans in updating FreeIPA version in >> RHEL/CentOS-6.x, we encourage people who want the new features to >> migrate >> to RHEL-7.x: >> >> >> http://www.freeipa.org/page/Howto/Migration#Migrating_Identity_Management_in_RHEL.2FCentOS >> >> >> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/upgrading.html#migrating-ipa-proc >> >> If you want to wait on CentOS-7.2, it should be in works now: >> http://seven.centos.org/2015/11/rhel-7-2-released-today/ >> >> One idea is to upgrade to 3.3.x first and then upgrade to 4.2.3 >> on centos7. >> This is harder since centos does not provide this. The other >> issue is if >> 3.0/3.3 client will be supported with 4.2.3 server. >> >> >> The right way is to migrate via creating replicas in RHEL/CentOS-7.x >> and >> slowly deprecating RHEL/CentOS-6 ones. Detailed procedure in the >> links above. >> >> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From gjn at gjn.priv.at Tue Jan 26 15:52:38 2016 From: gjn at gjn.priv.at (=?ISO-8859-1?Q?G=FCnther_J=2E?= Niederwimmer) Date: Tue, 26 Jan 2016 16:52:38 +0100 Subject: [Freeipa-users] Master Error with two Master CentOS 7.2 In-Reply-To: <56A7792F.6080307@redhat.com> References: <1970762.0GSgUyMVQY@techz> <8170971.eP25qLtyVt@techz> <56A7792F.6080307@redhat.com> Message-ID: <20771447.rIEroOEK5h@techz> Hello Ludwig, Am Dienstag, 26. Januar 2016, 14:48:31 CET schrieb Ludwig Krispenz: > On 01/26/2016 12:30 PM, G?nther J. Niederwimmer wrote: > > Am Dienstag, 26. Januar 2016, 11:03:27 CET schrieb Ludwig Krispenz: > >> On 01/26/2016 09:45 AM, G?nther J. Niederwimmer wrote: > >>> I set up a CentOS 7.2 System with two master Server now I found this > >>> 1000 > >>> x > >>> Error on my first master? > >>> > >>> attrlist_replace - attr_replace (nsslapd-referral, > >>> ldap://ipa1.xxxxxxx.at:389/ o%3Dipaca) failed. > >> > >> did you install and reinstall the replica on the same machine ? The > >> message is usually related to removed replicaid, which was not properly > >> cleaned. > > > > Yes, I must delete and reinstall the Replica but I have all cleanup I > > found in the DOC > > > > ipa-replica-manage del ipa1.xxxxxxxx.at > > ipa-csreplica-manage del ipa1.xxxxxxxx..at > > > > and create a new > > > > ipa-replica-prepare ipa1.xxxxxxx.at > > > > the system for ipa1 is a new installed KVM guest., with the same name > > ipa1.xxxxxxxx.at > > > >> can you do some searches ?. On both masters check which is the replicaID > >> in use and which are the known ruvs: > >> ldapsearch -b "cn=config" .... "objectclass=nsds5replica" replicaid > >> nsds50ruv > > > > Please can you give me the full command I am not a professional for LDAP > > ldapsearch -LLL -o ldif-wrap=no -x -h -p 389 -D "cn=directory > manager" -W -b "cn=config" "objectclass=nsds5replica" nsds5replicaid > nsds50ruv > for host insert your masters Thanks for the help. The original master dn: cn=replica,cn=dc\3Desslmaier\2Cdc\3Dat,cn=mapping tree,cn=config nsds5replicaid: 4 nsds50ruv: {replicageneration} 562f579c000000040000 nsds50ruv: {replica 4 ldap://ipa.esslmaier.at:389} 562f57b7000000040000 56a79264000000040000 nsds50ruv: {replica 5 ldap://ipa1.esslmaier.at:389} 568a1fa2000000050000 56a5cf73000200050000 dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config nsds5replicaid: 96 nsds50ruv: {replicageneration} 562f57e3000000600000 nsds50ruv: {replica 96 ldap://ipa.esslmaier.at:389} 562f5804000000600000 56a79021000000600000 nsds50ruv: {replica 91 ldap://ipa1.esslmaier.at:389} 568a1ff70000005b0000 568a20250006005b0000 nsds50ruv: {replica 97 ldap://ipa1.esslmaier.at:389} 562f5811000000610000 5630a9c4000000610000 The first replica master. nsds5replicaid: 5 nsds50ruv: {replicageneration} 562f579c000000040000 nsds50ruv: {replica 5 ldap://ipa1.esslmaier.at:389} 568a1fa2000000050000 56a793fc000000050000 nsds50ruv: {replica 4 ldap://ipa.esslmaier.at:389} 562f57b7000000040000 56a79264000000040000 dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config nsds5replicaid: 91 nsds50ruv: {replicageneration} 562f57e3000000600000 nsds50ruv: {replica 91 ldap://ipa1.esslmaier.at:389} 568a1ff70000005b0000 568a20250006005b0000 nsds50ruv: {replica 96 ldap://ipa.esslmaier.at:389} 562f5804000000600000 56a793a5000000600000 nsds50ruv: {replica 97 ldap://ipa1.esslmaier.at:389} 562f5811000000610000 5630a9c4000000610000 > >>> Is this a bad Error ? > >>> > >>> Can I do anything > >>> > >>> Thanks for a answer, -- mit freundlichen Gr??en / best regards, G?nther J. Niederwimmer From mkosek at redhat.com Tue Jan 26 15:56:49 2016 From: mkosek at redhat.com (Martin Kosek) Date: Tue, 26 Jan 2016 16:56:49 +0100 Subject: [Freeipa-users] Upgrading from 3.0.0 CentOS6 to 4.2.3 CentOS7 In-Reply-To: References: <564EE884.6060909@redhat.com> <564F46BB.8060906@redhat.com> Message-ID: <56A79741.30707@redhat.com> Did you follow the instructions in the error message? There is also a longer description here: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/upgrading.html#migrating-ipa-proc Martin On 01/26/2016 04:38 PM, Ash Alam wrote: > I wanted to follow up on this as i finally gotten around to doing the > upgrade. I an running into this error. I also found a bugzilla ticket. Do > you have to do some type of schema upgrade like you do with active > directory? > > https://bugzilla.redhat.com/show_bug.cgi?id=1235766 > > STDERR: ipa : CRITICAL The master CA directory server does not > have necessary schema. Please copy the following script to all CA masters > and run it on them: /usr/share/ipa/copy-schema-to-ca.py > > If you are certain that this is a false positive, use > --skip-schema-check. > > ipa.ipapython.install.cli.install_tool(Replica): ERROR IPA schema > missing on master CA directory server > > > > Thank You > > > > > On Fri, Nov 20, 2015 at 11:13 AM, Martin Kosek wrote: > >> On 11/20/2015 04:08 PM, Ash Alam wrote: >> >>> Most of the clients in my env are centos 6.6 with ipa 3.0.0 client >>> installed. I >>> if bring up a replica on centos 7.2 with ipa 4.2.3 server and then start >>> phasing out the older 3.0.0 servers. Will the client that are still >>> running the >>> older client software still work? >>> >> >> It should, yes. It is expected that there are RHEL/CentOS-6 clients with >> RHEL-7 FreeIPA servers. The older clients just won't be able to use the >> newest features. >> >> >>> On Fri, Nov 20, 2015 at 4:31 AM, Martin Kosek >> > wrote: >>> >>> On 11/19/2015 11:03 PM, Ash Alam wrote: >>> >>> Hello All >>> >>> I am looking for some advice on upgrading. Currently our FreeIPA >>> servers are >>> 3.0.0 on centos 6.6. We are looking to go to 4.2.3 Centos7. This >>> upgrade path >>> is not possible per IPA documentation. Minimum version required >>> is 3.3.x. I >>> have also found that cenos6 does not provide anything past 3.0.0. >>> >>> >>> And it won't. There are no plans in updating FreeIPA version in >>> RHEL/CentOS-6.x, we encourage people who want the new features to >>> migrate >>> to RHEL-7.x: >>> >>> >>> http://www.freeipa.org/page/Howto/Migration#Migrating_Identity_Management_in_RHEL.2FCentOS >>> >>> >>> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/upgrading.html#migrating-ipa-proc >>> >>> If you want to wait on CentOS-7.2, it should be in works now: >>> http://seven.centos.org/2015/11/rhel-7-2-released-today/ >>> >>> One idea is to upgrade to 3.3.x first and then upgrade to 4.2.3 >>> on centos7. >>> This is harder since centos does not provide this. The other >>> issue is if >>> 3.0/3.3 client will be supported with 4.2.3 server. >>> >>> >>> The right way is to migrate via creating replicas in RHEL/CentOS-7.x >>> and >>> slowly deprecating RHEL/CentOS-6 ones. Detailed procedure in the >>> links above. >>> >>> >>> >> > From mkosek at redhat.com Tue Jan 26 16:09:43 2016 From: mkosek at redhat.com (Martin Kosek) Date: Tue, 26 Jan 2016 17:09:43 +0100 Subject: [Freeipa-users] ipa-admintools version incompatibility In-Reply-To: References: Message-ID: <56A79A47.7050900@redhat.com> On 01/26/2016 04:22 PM, Izzo, Anthony wrote: > I have a FreeIPA 4.2 server (on RHEL7) and a FreeIPA 3.0 client (on RHEL6). I am aware of the incompatibility between versions for ipa-admintools (in my case I'm trying to use ipa dnsrecord-del). I was just wondering if there is a workaround that would allow me, from my 3.0 client, to delete a DNS PTR record on the 4.2 server, since I can't use the ipa dnsrecord-del command (the APIs are different, and the server responds that I've sent an invalid option). Thanks. That's strange, client should be forward compatible already: http://www.freeipa.org/page/Client#IPA_management_tool , i.e. RHEL-6 clients should be able to update RHEL-7 servers. We would know more if you send us the error. Anyway, given you are only updating DNS, maybe you could just use standard Kerberos-authenticated DNS update (nsupdate tool), to delete that PTR record? From lkrispen at redhat.com Tue Jan 26 16:13:03 2016 From: lkrispen at redhat.com (Ludwig Krispenz) Date: Tue, 26 Jan 2016 17:13:03 +0100 Subject: [Freeipa-users] Master Error with two Master CentOS 7.2 In-Reply-To: <20771447.rIEroOEK5h@techz> References: <1970762.0GSgUyMVQY@techz> <8170971.eP25qLtyVt@techz> <56A7792F.6080307@redhat.com> <20771447.rIEroOEK5h@techz> Message-ID: <56A79B0F.3040703@redhat.com> Hi, you got a replicaid (97) leftover form the previous install for the o=ipaca backend. The other backend is ok, ipa-replica-manage del did the cleanup, but ipa-csreplica-manage doesn't. So you have to clean it manually by an ldap command. Execute the following mod on one of the servers: ldapmodify -D "cn=directory manager" -W -a dn: cn=clean 97, cn=cleanallruv, cn=tasks, cn=config objectclass: extensibleObject replica-base-dn: o=ipaca replica-id: 97 cn: clean 97 Ludwig On 01/26/2016 04:52 PM, G?nther J. Niederwimmer wrote: > Hello Ludwig, > > Am Dienstag, 26. Januar 2016, 14:48:31 CET schrieb Ludwig Krispenz: >> On 01/26/2016 12:30 PM, G?nther J. Niederwimmer wrote: >>> Am Dienstag, 26. Januar 2016, 11:03:27 CET schrieb Ludwig Krispenz: >>>> On 01/26/2016 09:45 AM, G?nther J. Niederwimmer wrote: >>>>> I set up a CentOS 7.2 System with two master Server now I found this >>>>> 1000 >>>>> x >>>>> Error on my first master? >>>>> >>>>> attrlist_replace - attr_replace (nsslapd-referral, >>>>> ldap://ipa1.xxxxxxx.at:389/ o%3Dipaca) failed. >>>> did you install and reinstall the replica on the same machine ? The >>>> message is usually related to removed replicaid, which was not properly >>>> cleaned. >>> Yes, I must delete and reinstall the Replica but I have all cleanup I >>> found in the DOC >>> >>> ipa-replica-manage del ipa1.xxxxxxxx.at >>> ipa-csreplica-manage del ipa1.xxxxxxxx..at >>> >>> and create a new >>> >>> ipa-replica-prepare ipa1.xxxxxxx.at >>> >>> the system for ipa1 is a new installed KVM guest., with the same name >>> ipa1.xxxxxxxx.at >>> >>>> can you do some searches ?. On both masters check which is the replicaID >>>> in use and which are the known ruvs: >>>> ldapsearch -b "cn=config" .... "objectclass=nsds5replica" replicaid >>>> nsds50ruv >>> Please can you give me the full command I am not a professional for LDAP >> ldapsearch -LLL -o ldif-wrap=no -x -h -p 389 -D "cn=directory >> manager" -W -b "cn=config" "objectclass=nsds5replica" nsds5replicaid >> nsds50ruv > >> for host insert your masters > Thanks for the help. > > The original master > > dn: cn=replica,cn=dc\3Desslmaier\2Cdc\3Dat,cn=mapping tree,cn=config > nsds5replicaid: 4 > nsds50ruv: {replicageneration} 562f579c000000040000 > nsds50ruv: {replica 4 ldap://ipa.esslmaier.at:389} 562f57b7000000040000 > 56a79264000000040000 > nsds50ruv: {replica 5 ldap://ipa1.esslmaier.at:389} 568a1fa2000000050000 > 56a5cf73000200050000 > > dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config > nsds5replicaid: 96 > nsds50ruv: {replicageneration} 562f57e3000000600000 > nsds50ruv: {replica 96 ldap://ipa.esslmaier.at:389} 562f5804000000600000 > 56a79021000000600000 > nsds50ruv: {replica 91 ldap://ipa1.esslmaier.at:389} 568a1ff70000005b0000 > 568a20250006005b0000 > nsds50ruv: {replica 97 ldap://ipa1.esslmaier.at:389} 562f5811000000610000 > 5630a9c4000000610000 > > The first replica master. > > nsds5replicaid: 5 > nsds50ruv: {replicageneration} 562f579c000000040000 > nsds50ruv: {replica 5 ldap://ipa1.esslmaier.at:389} 568a1fa2000000050000 > 56a793fc000000050000 > nsds50ruv: {replica 4 ldap://ipa.esslmaier.at:389} 562f57b7000000040000 > 56a79264000000040000 > > dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config > nsds5replicaid: 91 > nsds50ruv: {replicageneration} 562f57e3000000600000 > nsds50ruv: {replica 91 ldap://ipa1.esslmaier.at:389} 568a1ff70000005b0000 > 568a20250006005b0000 > nsds50ruv: {replica 96 ldap://ipa.esslmaier.at:389} 562f5804000000600000 > 56a793a5000000600000 > nsds50ruv: {replica 97 ldap://ipa1.esslmaier.at:389} 562f5811000000610000 > 5630a9c4000000610000 > > >>>>> Is this a bad Error ? >>>>> >>>>> Can I do anything >>>>> >>>>> Thanks for a answer, > From wodel.youchi at gmail.com Tue Jan 26 16:13:14 2016 From: wodel.youchi at gmail.com (wodel youchi) Date: Tue, 26 Jan 2016 17:13:14 +0100 Subject: [Freeipa-users] Migration from openLDAP to FreeIPA with qmail.schema In-Reply-To: <56A78DAB.90509@redhat.com> References: <56A74201.6010306@redhat.com> <56A78DAB.90509@redhat.com> Message-ID: Hi, For the first problem I redid the import using this syntax ipa -d -v migrate-ds --bind-dn "cn=admin,dc=example,dc=com" --with-compat --user-ignore-objectclass qmailuser --continue ldap://192.168.1.121:389 and it worked, all accounts were imported successfully. The thing I don't know where the query is getting qmailuser, since the objectclass imported is qmailUser!!! About the second problem, the error say (sorry for the french btw) : Error : the search for LDAP group do not return any result (search base ou=groups,dc=example,dc=com, objectClass : groupofuniquenames, groupofnames)) And I tested with this command ipa -d -v migrate-ds --bind-dn "cn=admin,dc=example,dc=com" --with-compat --group-objectclass=posixGroup --user-ignore-objectclass qmailuser ldap:// 192.168.1.121:389 and it worked, as you said I had to add --group-objectclass=posixGroup Now, I need to added some of attributes to the Webui when creating a new user, for example mailQuotaSize, is there a way to do that? Thanks for your help. Regards. 2016-01-26 16:15 GMT+01:00 Martin Kosek : > On 01/26/2016 02:20 PM, wodel youchi wrote: > > Hi, > > > > In the above log (httpd log) the LDAPEntry contains qmailuser and > qmailUser > > objectClasses, I don't know if this is what is causing the problem. > > That's probably it. Can you please try to lowercaser 'qmailUser' in the > FreeIPA > config and try the migration again? > > > Another thing, I can't import groups as well, I did add a simple group to > > my ldap > > dn: ou=groups,dc=example,dc=com > > objectClass: organizationalUnit > > objectClass: top > > ou: groups > > structuralObjectClass: organizationalUnit > > > > dn: cn=vmail,ou=groups,dc=example,dc=com > > objectClass: top > > objectClass: posixGroup > > gidNumber: 5000 > > structuralObjectClass: posixGroup > > cn: vmail > > > > When I launch the migration command I get > > > > ipa: ERROR: La recherche LDAP group ne renvoie aucun r?sultat (base de > > recherche : ou=groups,dc=example,dc=com, classe d'objet : > > groupofuniquenames, groupofnames) > > > > any idea? > > I cannot really read French, but I suspect you could use the option > > --group-objectclass=STR > Objectclasses used to search for group entries in > DS > > to specify the objectclass the migration should search (posixGroup in your > case) > > > > > Regards. > > > > 2016-01-26 13:42 GMT+01:00 wodel youchi : > > > >> Hi again, > >> > >> This is what I get from httpd error_log > >> > >> [Tue Jan 26 13:38:02.394757 2016] [:error] [pid 7427] ipa: WARNING: GID > >> number 1000 of migrated user jean.doe does not point to a known group. > >> [Tue Jan 26 13:38:02.397928 2016] [:error] [pid 7427] > >> > LDAPEntry(ipapython.dn.DN('uid=jean.doe,cn=users,cn=accounts,dc=example,dc=com'), > >> {u'mailQuotaSize': ['2048000'], u'cn': ['DOE'], u'uid': [u'jean.doe'], > >> u'objectClass': [u'ipaobject', u'organizationalperson', u'qmailuser', > >> u'top', u'ipasshuser', u'inetorgperson', u'person', > u'krbticketpolicyaux', > >> u'krbprincipalaux', u'shadowaccount', u'qmailUser', u'inetuser', > >> u'posixaccount'], u'loginShell': ['/bin/bash'], u'uidNumber': ['1001'], > >> u'gidNumber': [u'1000'], u'ipauniqueid': ['autogenerate'], > >> u'krbprincipalname': [u'jean.doe at EXAMPLE.COM'], u'mailMessageStore': > >> ['/var/vmail/jean.doe'], u'description': ['__no_upg__'], u'displayName': > >> ['Jean Doe'], u'userPassword': > ['{SSHA}NIxCImzQDagloyVdMtheC4wDMUImxW85'], > >> u'accountStatus': ['yes'], u'mailAlternateAddress': ['root at example.com', > ' > >> postmaster at example.com'], u'sn': ['Jean'], u'homeDirectory': > >> ['/var/vmail/jean.doe'], u'mail': ['jean.doe at example.com'], > u'givenName': > >> ['DOE']}) > >> [Tue Jan 26 13:38:02.398937 2016] [:error] [pid 7427] ipa: WARNING: GID > >> number 1000 of migrated user jeane.doe does not point to a known group. > >> [Tue Jan 26 13:38:02.399703 2016] [:error] [pid 7427] > >> > LDAPEntry(ipapython.dn.DN('uid=jeane.doe,cn=users,cn=accounts,dc=example,dc=com'), > >> {u'mailQuotaSize': ['1024000'], u'cn': ['DOE'], u'uid': [u'jeane.doe'], > >> u'objectClass': [u'ipaobject', u'organizationalperson', u'qmailuser', > >> u'top', u'ipasshuser', u'inetorgperson', u'person', > u'krbticketpolicyaux', > >> u'krbprincipalaux', u'shadowaccount', u'qmailUser', u'inetuser', > >> u'posixaccount'], u'loginShell': ['/bin/bash'], u'uidNumber': ['1002'], > >> u'gidNumber': [u'1000'], u'ipauniqueid': ['autogenerate'], > >> u'krbprincipalname': [u'jeane.doe at EXAMPLE.COM'], u'mailMessageStore': > >> ['/var/vmail/jeane.doe'], u'description': ['__no_upg__'], > u'displayName': > >> ['Jeane Doe'], u'userPassword': > ['{SSHA}+fXBt+2vlneTFUDhnEv9YvHS4Zo65LIT'], > >> u'accountStatus': ['yes'], u'sn': ['Jeane'], u'homeDirectory': > >> ['/var/vmail/jeane.doe'], u'mail': ['jeane.doe at example.com'], > >> u'givenName': ['DOE']}) > >> > >> Regards. > >> > >> 2016-01-26 11:22 GMT+01:00 wodel youchi : > >> > >>> Thanks I will try and report back. > >>> > >>> I am using Centos 7.2x64 with latest updates > >>> > >>> and ipa-server-4.2.0-15.el7.centos.3.x86_64 > >>> > >>> Regards > >>> > >>> 2016-01-26 10:53 GMT+01:00 Martin Kosek : > >>> > >>>> On 01/26/2016 10:16 AM, wodel youchi wrote: > >>>>> Hi, > >>>>> > >>>>> I am a newbie in freeipa. I am trying to use it with our mail server. > >>>> > >>>> Cool! What is your version of the FreeIPA server? It will be important > >>>> for > >>>> further investigation. > >>>> > >>>>> Our mail server uses openldap with one external schema : > qmail.schema, > >>>> we > >>>>> use it especially for mailQuota, mailAlternateAddress, > >>>>> mailForwardingAddress and AccountStatus. > >>>>> > >>>>> I tried to import this schema to freeipa using ipa-ldap-updater. > >>>>> I am not sure if I succeeded, but when I tried : ipa config-mod > >>>>> --addattr=ipaGroupObjectClasses=qmailUser it worked and I can see the > >>>>> objectClass. > >>>>> > >>>>> > >>>>> [root at ipamaster work]# ipa config-show --all > >>>>> dn: cn=ipaConfig,cn=etc,dc=example,dc=com > >>>>> Longueur maximale du nom d'utilisateur: 32 > >>>>> Base du r?pertoire utilisateur: /home > >>>>> Interpr?teur par d?faut: /bin/sh > >>>>> Groupe utilisateur par d?faut: ipausers > >>>>> Domaine par d?faut pour les courriels: example.com > >>>>> Limite de temps d'une recherche: 2 > >>>>> Limite de taille d'une recherche: 100 > >>>>> Champs de recherche utilisateur: > >>>> uid,givenname,sn,telephonenumber,ou,title > >>>>> Group search fields: cn,description > >>>>> Activer le mode migration: TRUE > >>>>> Base de sujet de certificat: O=EXAMPLE.COM > >>>>> Classes d'objets de groupe par d?faut: top, ipaobject, > groupofnames, > >>>>> ipausergroup, nestedgroup > >>>>> Classes d'objets utilisateur par d?faut: ipaobject, person, top, > >>>>> ipasshuser, inetorgperson, organizationalperson, > >>>>> krbticketpolicyaux, > >>>>> krbprincipalaux, *qmailUser*, inetuser, posixaccount > >>>>> Notification d'expiration de mot de passe (jours): 4 > >>>>> Fonctionnalit?s du greffon mots de passe: AllowNThash > >>>>> Ordre de la mappe des utilisateurs SELinux: > >>>>> > >>>> > guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023 > >>>>> Utilisateur SELinux par d?faut: unconfined_u:s0-s0:c0.c1023 > >>>>> Types de PAC par d?faut: nfs:NONE, MS-PAC > >>>>> aci: (targetattr = "cn || createtimestamp || entryusn || > >>>>> ipacertificatesubjectbase || ipaconfigstring || ipacustomfields || > >>>>> ipadefaultemaildomain || ipadefaultloginshell || > >>>>> ipadefaultprimarygroup || ipagroupobjectclasses || > >>>>> ipagroupsearchfields || ipahomesrootdir || ipakrbauthzdata || > >>>>> ipamaxusernamelength || ipamigrationenabled || > >>>>> ipapwdexpadvnotify || ipasearchrecordslimit || > >>>> ipasearchtimelimit || > >>>>> ipaselinuxusermapdefault || > >>>>> ipaselinuxusermaporder || ipauserauthtype || > >>>> ipauserobjectclasses || > >>>>> ipausersearchfields || modifytimestamp || > >>>>> objectclass")(targetfilter = > >>>> "(objectclass=ipaguiconfig)")(version > >>>>> 3.0;acl "permission:System: Read Global > >>>>> Configuration";allow (compare,read,search) userdn = > >>>> "ldap:///all";) > >>>>> cn: ipaConfig > >>>>> objectclass: ipaConfigObject, nsContainer, top, ipaGuiConfig, > >>>>> ipaUserAuthTypeClass > >>>>> > >>>>> Then I tried to migrate openldap's accounts, but without luck so far > >>>>> #ipa -v migrate-ds --with-compat --bind-dn > "cn=admin,dc=example,dc=com" > >>>>> --continue ldap://192.168.1.121:389 > >>>>> ----------- > >>>>> migrate-ds: > >>>>> ----------- > >>>>> Migrated: > >>>>> Failed user: > >>>>> jean.doe: Type or value exists: > >>>>> jeane.doe: Type or value exists: > >>>>> Failed group: > >>>>> ---------- > >>>>> No users/groups were migrated from ldap://192.168.1.121:389 > >>>>> > >>>>> > >>>>> Here is an entry from openldap > >>>>> dn: uid=jeane.doe,ou=people,dc=example,dc=com > >>>>> loginShell: /bin/bash > >>>>> gidNumber: 1000 > >>>>> objectClass: top > >>>>> objectClass: qmailUser > >>>>> objectClass: inetOrgPerson > >>>>> objectClass: posixAccount > >>>>> objectClass: person > >>>>> objectClass: shadowAccount > >>>>> objectClass: organizationalPerson > >>>>> mail: jeane.doe at example.com > >>>>> givenName: DOE > >>>>> uid: jeane.doe > >>>>> uidNumber: 1002 > >>>>> displayName: Jeane Doe > >>>>> homeDirectory: /var/vmail/jeane.doe > >>>>> accountStatus: yes > >>>>> mailMessageStore: /var/vmail/jeane.doe > >>>>> structuralObjectClass: inetOrgPerson > >>>>> entryUUID: 3e8ee290-166f-1035-94d7-ef8fa27fbe71 > >>>>> creatorsName: cn=admin,dc=example,dc=com > >>>>> createTimestamp: 20151103120748Z > >>>>> userPassword:: e1NTSEF9K2ZYQnQrMnZsbmVURlVEaG5FdjlZdkhTNFpvNjVMSVQ= > >>>>> mailQuotaSize: 1024000 > >>>>> sn: Jeane > >>>>> cn: DOE > >>>>> entryCSN: 20160125162455.613052Z#000000#000#000000 > >>>>> modifiersName: cn=admin,dc=example,dc=com > >>>>> modifyTimestamp: 20160125162455Z > >>>>> > >>>>> What does "Type or value exists" means? > >>>> > >>>> That normally means that you have the same value for LDAP attribute > >>>> twice or > >>>> that you are trying to add multiple values for a single valued > >>>> attribute. I > >>>> wonder if we could get better logging, like how exactly the entry > looks > >>>> like > >>>> before it is added to LDAP. > >>>> > >>>> But right now, I cannot think about a better way than to updating > >>>> /usr/lib/python2.7/site-packages/ipalib/plugins/migration.py > >>>> on the FreeIPA server the following way (new print statement) > >>>> > >>>> try: > >>>> print entry_attrs > >>>> ldap.add_entry(entry_attrs) > >>>> except errors.ExecutionError, e: > >>>> > >>>> , restarting the httpd service and sending us the > >>>> /var/log/httpd/error_log > >>>> after the next migration attempt. Maybe Jan (CCed) knows a better way. > >>>> > >>>>> PS: the qmail.schema presents two other objectClasses, but I didn't > >>>> add use > >>>>> them (qldapAdmin, qmailGroup) > >>>>> > >>>>> Regards > >>>>> > >>>>> > >>>>> > >>>> > >>>> > >>> > >> > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mkosek at redhat.com Tue Jan 26 16:19:16 2016 From: mkosek at redhat.com (Martin Kosek) Date: Tue, 26 Jan 2016 17:19:16 +0100 Subject: [Freeipa-users] Migration from openLDAP to FreeIPA with qmail.schema In-Reply-To: References: <56A74201.6010306@redhat.com> <56A78DAB.90509@redhat.com> Message-ID: <56A79C84.7030102@redhat.com> On 01/26/2016 05:13 PM, wodel youchi wrote: > Hi, > > For the first problem I redid the import using this syntax > ipa -d -v migrate-ds --bind-dn "cn=admin,dc=example,dc=com" --with-compat > --user-ignore-objectclass qmailuser --continue ldap://192.168.1.121:389 > > and it worked, all accounts were imported successfully. Good! > The thing I don't know where the query is getting qmailuser, since the > objectclass imported is qmailUser!!! > > About the second problem, the error say (sorry for the french btw) : > Error : the search for LDAP group do not return any result (search > base ou=groups,dc=example,dc=com, > objectClass : groupofuniquenames, groupofnames)) > > And I tested with this command > ipa -d -v migrate-ds --bind-dn "cn=admin,dc=example,dc=com" --with-compat > --group-objectclass=posixGroup --user-ignore-objectclass qmailuser ldap:// > 192.168.1.121:389 > > and it worked, as you said I had to add --group-objectclass=posixGroup Good! > Now, I need to added some of attributes to the Webui when creating a new > user, for example mailQuotaSize, is there a way to do that? There is a way, although you still need to code a little in JavaScript. We have a HowTo here: https://www.freeipa.org/images/5/5b/FreeIPA33-extending-freeipa.pdf There is some example in "Extending the Web UI" section. If it does not work, Petr Vobornik should be able to advise. > > Thanks for your help. > Regards. > > > 2016-01-26 16:15 GMT+01:00 Martin Kosek : > >> On 01/26/2016 02:20 PM, wodel youchi wrote: >>> Hi, >>> >>> In the above log (httpd log) the LDAPEntry contains qmailuser and >> qmailUser >>> objectClasses, I don't know if this is what is causing the problem. >> >> That's probably it. Can you please try to lowercaser 'qmailUser' in the >> FreeIPA >> config and try the migration again? >> >>> Another thing, I can't import groups as well, I did add a simple group to >>> my ldap >>> dn: ou=groups,dc=example,dc=com >>> objectClass: organizationalUnit >>> objectClass: top >>> ou: groups >>> structuralObjectClass: organizationalUnit >>> >>> dn: cn=vmail,ou=groups,dc=example,dc=com >>> objectClass: top >>> objectClass: posixGroup >>> gidNumber: 5000 >>> structuralObjectClass: posixGroup >>> cn: vmail >>> >>> When I launch the migration command I get >>> >>> ipa: ERROR: La recherche LDAP group ne renvoie aucun r?sultat (base de >>> recherche : ou=groups,dc=example,dc=com, classe d'objet : >>> groupofuniquenames, groupofnames) >>> >>> any idea? >> >> I cannot really read French, but I suspect you could use the option >> >> --group-objectclass=STR >> Objectclasses used to search for group entries in >> DS >> >> to specify the objectclass the migration should search (posixGroup in your >> case) >> >>> >>> Regards. >>> >>> 2016-01-26 13:42 GMT+01:00 wodel youchi : >>> >>>> Hi again, >>>> >>>> This is what I get from httpd error_log >>>> >>>> [Tue Jan 26 13:38:02.394757 2016] [:error] [pid 7427] ipa: WARNING: GID >>>> number 1000 of migrated user jean.doe does not point to a known group. >>>> [Tue Jan 26 13:38:02.397928 2016] [:error] [pid 7427] >>>> >> LDAPEntry(ipapython.dn.DN('uid=jean.doe,cn=users,cn=accounts,dc=example,dc=com'), >>>> {u'mailQuotaSize': ['2048000'], u'cn': ['DOE'], u'uid': [u'jean.doe'], >>>> u'objectClass': [u'ipaobject', u'organizationalperson', u'qmailuser', >>>> u'top', u'ipasshuser', u'inetorgperson', u'person', >> u'krbticketpolicyaux', >>>> u'krbprincipalaux', u'shadowaccount', u'qmailUser', u'inetuser', >>>> u'posixaccount'], u'loginShell': ['/bin/bash'], u'uidNumber': ['1001'], >>>> u'gidNumber': [u'1000'], u'ipauniqueid': ['autogenerate'], >>>> u'krbprincipalname': [u'jean.doe at EXAMPLE.COM'], u'mailMessageStore': >>>> ['/var/vmail/jean.doe'], u'description': ['__no_upg__'], u'displayName': >>>> ['Jean Doe'], u'userPassword': >> ['{SSHA}NIxCImzQDagloyVdMtheC4wDMUImxW85'], >>>> u'accountStatus': ['yes'], u'mailAlternateAddress': ['root at example.com', >> ' >>>> postmaster at example.com'], u'sn': ['Jean'], u'homeDirectory': >>>> ['/var/vmail/jean.doe'], u'mail': ['jean.doe at example.com'], >> u'givenName': >>>> ['DOE']}) >>>> [Tue Jan 26 13:38:02.398937 2016] [:error] [pid 7427] ipa: WARNING: GID >>>> number 1000 of migrated user jeane.doe does not point to a known group. >>>> [Tue Jan 26 13:38:02.399703 2016] [:error] [pid 7427] >>>> >> LDAPEntry(ipapython.dn.DN('uid=jeane.doe,cn=users,cn=accounts,dc=example,dc=com'), >>>> {u'mailQuotaSize': ['1024000'], u'cn': ['DOE'], u'uid': [u'jeane.doe'], >>>> u'objectClass': [u'ipaobject', u'organizationalperson', u'qmailuser', >>>> u'top', u'ipasshuser', u'inetorgperson', u'person', >> u'krbticketpolicyaux', >>>> u'krbprincipalaux', u'shadowaccount', u'qmailUser', u'inetuser', >>>> u'posixaccount'], u'loginShell': ['/bin/bash'], u'uidNumber': ['1002'], >>>> u'gidNumber': [u'1000'], u'ipauniqueid': ['autogenerate'], >>>> u'krbprincipalname': [u'jeane.doe at EXAMPLE.COM'], u'mailMessageStore': >>>> ['/var/vmail/jeane.doe'], u'description': ['__no_upg__'], >> u'displayName': >>>> ['Jeane Doe'], u'userPassword': >> ['{SSHA}+fXBt+2vlneTFUDhnEv9YvHS4Zo65LIT'], >>>> u'accountStatus': ['yes'], u'sn': ['Jeane'], u'homeDirectory': >>>> ['/var/vmail/jeane.doe'], u'mail': ['jeane.doe at example.com'], >>>> u'givenName': ['DOE']}) >>>> >>>> Regards. >>>> >>>> 2016-01-26 11:22 GMT+01:00 wodel youchi : >>>> >>>>> Thanks I will try and report back. >>>>> >>>>> I am using Centos 7.2x64 with latest updates >>>>> >>>>> and ipa-server-4.2.0-15.el7.centos.3.x86_64 >>>>> >>>>> Regards >>>>> >>>>> 2016-01-26 10:53 GMT+01:00 Martin Kosek : >>>>> >>>>>> On 01/26/2016 10:16 AM, wodel youchi wrote: >>>>>>> Hi, >>>>>>> >>>>>>> I am a newbie in freeipa. I am trying to use it with our mail server. >>>>>> >>>>>> Cool! What is your version of the FreeIPA server? It will be important >>>>>> for >>>>>> further investigation. >>>>>> >>>>>>> Our mail server uses openldap with one external schema : >> qmail.schema, >>>>>> we >>>>>>> use it especially for mailQuota, mailAlternateAddress, >>>>>>> mailForwardingAddress and AccountStatus. >>>>>>> >>>>>>> I tried to import this schema to freeipa using ipa-ldap-updater. >>>>>>> I am not sure if I succeeded, but when I tried : ipa config-mod >>>>>>> --addattr=ipaGroupObjectClasses=qmailUser it worked and I can see the >>>>>>> objectClass. >>>>>>> >>>>>>> >>>>>>> [root at ipamaster work]# ipa config-show --all >>>>>>> dn: cn=ipaConfig,cn=etc,dc=example,dc=com >>>>>>> Longueur maximale du nom d'utilisateur: 32 >>>>>>> Base du r?pertoire utilisateur: /home >>>>>>> Interpr?teur par d?faut: /bin/sh >>>>>>> Groupe utilisateur par d?faut: ipausers >>>>>>> Domaine par d?faut pour les courriels: example.com >>>>>>> Limite de temps d'une recherche: 2 >>>>>>> Limite de taille d'une recherche: 100 >>>>>>> Champs de recherche utilisateur: >>>>>> uid,givenname,sn,telephonenumber,ou,title >>>>>>> Group search fields: cn,description >>>>>>> Activer le mode migration: TRUE >>>>>>> Base de sujet de certificat: O=EXAMPLE.COM >>>>>>> Classes d'objets de groupe par d?faut: top, ipaobject, >> groupofnames, >>>>>>> ipausergroup, nestedgroup >>>>>>> Classes d'objets utilisateur par d?faut: ipaobject, person, top, >>>>>>> ipasshuser, inetorgperson, organizationalperson, >>>>>>> krbticketpolicyaux, >>>>>>> krbprincipalaux, *qmailUser*, inetuser, posixaccount >>>>>>> Notification d'expiration de mot de passe (jours): 4 >>>>>>> Fonctionnalit?s du greffon mots de passe: AllowNThash >>>>>>> Ordre de la mappe des utilisateurs SELinux: >>>>>>> >>>>>> >> guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023 >>>>>>> Utilisateur SELinux par d?faut: unconfined_u:s0-s0:c0.c1023 >>>>>>> Types de PAC par d?faut: nfs:NONE, MS-PAC >>>>>>> aci: (targetattr = "cn || createtimestamp || entryusn || >>>>>>> ipacertificatesubjectbase || ipaconfigstring || ipacustomfields || >>>>>>> ipadefaultemaildomain || ipadefaultloginshell || >>>>>>> ipadefaultprimarygroup || ipagroupobjectclasses || >>>>>>> ipagroupsearchfields || ipahomesrootdir || ipakrbauthzdata || >>>>>>> ipamaxusernamelength || ipamigrationenabled || >>>>>>> ipapwdexpadvnotify || ipasearchrecordslimit || >>>>>> ipasearchtimelimit || >>>>>>> ipaselinuxusermapdefault || >>>>>>> ipaselinuxusermaporder || ipauserauthtype || >>>>>> ipauserobjectclasses || >>>>>>> ipausersearchfields || modifytimestamp || >>>>>>> objectclass")(targetfilter = >>>>>> "(objectclass=ipaguiconfig)")(version >>>>>>> 3.0;acl "permission:System: Read Global >>>>>>> Configuration";allow (compare,read,search) userdn = >>>>>> "ldap:///all";) >>>>>>> cn: ipaConfig >>>>>>> objectclass: ipaConfigObject, nsContainer, top, ipaGuiConfig, >>>>>>> ipaUserAuthTypeClass >>>>>>> >>>>>>> Then I tried to migrate openldap's accounts, but without luck so far >>>>>>> #ipa -v migrate-ds --with-compat --bind-dn >> "cn=admin,dc=example,dc=com" >>>>>>> --continue ldap://192.168.1.121:389 >>>>>>> ----------- >>>>>>> migrate-ds: >>>>>>> ----------- >>>>>>> Migrated: >>>>>>> Failed user: >>>>>>> jean.doe: Type or value exists: >>>>>>> jeane.doe: Type or value exists: >>>>>>> Failed group: >>>>>>> ---------- >>>>>>> No users/groups were migrated from ldap://192.168.1.121:389 >>>>>>> >>>>>>> >>>>>>> Here is an entry from openldap >>>>>>> dn: uid=jeane.doe,ou=people,dc=example,dc=com >>>>>>> loginShell: /bin/bash >>>>>>> gidNumber: 1000 >>>>>>> objectClass: top >>>>>>> objectClass: qmailUser >>>>>>> objectClass: inetOrgPerson >>>>>>> objectClass: posixAccount >>>>>>> objectClass: person >>>>>>> objectClass: shadowAccount >>>>>>> objectClass: organizationalPerson >>>>>>> mail: jeane.doe at example.com >>>>>>> givenName: DOE >>>>>>> uid: jeane.doe >>>>>>> uidNumber: 1002 >>>>>>> displayName: Jeane Doe >>>>>>> homeDirectory: /var/vmail/jeane.doe >>>>>>> accountStatus: yes >>>>>>> mailMessageStore: /var/vmail/jeane.doe >>>>>>> structuralObjectClass: inetOrgPerson >>>>>>> entryUUID: 3e8ee290-166f-1035-94d7-ef8fa27fbe71 >>>>>>> creatorsName: cn=admin,dc=example,dc=com >>>>>>> createTimestamp: 20151103120748Z >>>>>>> userPassword:: e1NTSEF9K2ZYQnQrMnZsbmVURlVEaG5FdjlZdkhTNFpvNjVMSVQ= >>>>>>> mailQuotaSize: 1024000 >>>>>>> sn: Jeane >>>>>>> cn: DOE >>>>>>> entryCSN: 20160125162455.613052Z#000000#000#000000 >>>>>>> modifiersName: cn=admin,dc=example,dc=com >>>>>>> modifyTimestamp: 20160125162455Z >>>>>>> >>>>>>> What does "Type or value exists" means? >>>>>> >>>>>> That normally means that you have the same value for LDAP attribute >>>>>> twice or >>>>>> that you are trying to add multiple values for a single valued >>>>>> attribute. I >>>>>> wonder if we could get better logging, like how exactly the entry >> looks >>>>>> like >>>>>> before it is added to LDAP. >>>>>> >>>>>> But right now, I cannot think about a better way than to updating >>>>>> /usr/lib/python2.7/site-packages/ipalib/plugins/migration.py >>>>>> on the FreeIPA server the following way (new print statement) >>>>>> >>>>>> try: >>>>>> print entry_attrs >>>>>> ldap.add_entry(entry_attrs) >>>>>> except errors.ExecutionError, e: >>>>>> >>>>>> , restarting the httpd service and sending us the >>>>>> /var/log/httpd/error_log >>>>>> after the next migration attempt. Maybe Jan (CCed) knows a better way. >>>>>> >>>>>>> PS: the qmail.schema presents two other objectClasses, but I didn't >>>>>> add use >>>>>>> them (qldapAdmin, qmailGroup) >>>>>>> >>>>>>> Regards >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>> >>>> >>> >> >> > From Terry.John at completeautomotivesolutions.co.uk Tue Jan 26 16:39:54 2016 From: Terry.John at completeautomotivesolutions.co.uk (Terry John) Date: Tue, 26 Jan 2016 16:39:54 +0000 Subject: [Freeipa-users] FREAK Vulnerability In-Reply-To: <56A1FE59.5010407@redhat.com> References: <56A0F065.7050407@redhat.com> <56A1FE59.5010407@redhat.com> Message-ID: Thanks for this. I've had a look today We are running: ipa-server.x86_64 3.0.0-47.el6.centos and some of the directives did not work, namely allowWeakCipher, sslVersionMin and sslVersionMax . So I commented them out The ldapupdater then seems happy but when I went to restart IPA. The ldap server wasn't happy with cipher TLS_RSA_WITH_AES_256_CBC_SHA256 and would not start. Now I can't change anything and it doesn't work. Reaching for my backup..... Terry -----Original Message----- From: Christian Heimes [mailto:cheimes at redhat.com] Sent: 22 January 2016 10:03 To: Terry John; Martin Kosek; freeipa-users at redhat.com Subject: Re: [Freeipa-users] FREAK Vulnerability On 2016-01-21 17:54, Terry John wrote: > Thanks for the info. I have tried nearly all the NSSCipherSuite settings in that ticket but none so far has eliminated the FREAK report. > Christian thanks for the heads up on the syntax, I wasn't sure of what > I was doing > > Each time I've made a change I've run an sslscan from the OpenVAS scanner and I do get a different result each time but the errors still remains in OpenVAS. > Aaargh! Just noticed the port is 636/tcp(!) which is ns-slapd. > > Back to the drawing board :-) Hi Terry, you can give the attached file a try. It's a ldif file for ipa-ldap-updater. You need to run the command on the machine as root and restart 389-DS. The hardened TLS configuration is highly experimental and comes with no warranty whatsoever. The configuration works on my tests systems with Python's ldap client and Apache Directory Studio. It may not work with other clients, especially older clients or clients in FIPS mode. Christian The Manheim group of companies within the UK comprises: Manheim Europe Limited (registered number: 03183918), Manheim Auctions Limited (registered number: 00448761), Manheim Retail Services Limited (registered number: 02838588), Motors.co.uk Limited (registered number: 05975777), Real Time Communications Limited (registered number: 04277845) and Complete Automotive Solutions Limited (registered number: 05302535). Each of these companies is registered in England and Wales with the registered office address of Central House, Leeds Road, Rothwell, Leeds LS26 0JE. The Manheim group of companies operates under various brand/trading names including Manheim Inspection Services, Manheim Auctions, Manheim Direct, Manheim De-fleet and Manheim Aftersales Solutions. V:0CF72C13B2AC From mbasti at redhat.com Tue Jan 26 17:00:38 2016 From: mbasti at redhat.com (Martin Basti) Date: Tue, 26 Jan 2016 18:00:38 +0100 Subject: [Freeipa-users] FREAK Vulnerability In-Reply-To: References: <56A0F065.7050407@redhat.com> <56A1FE59.5010407@redhat.com> Message-ID: <56A7A636.50709@redhat.com> On 26.01.2016 17:39, Terry John wrote: > Thanks for this. I've had a look today > We are running: > > ipa-server.x86_64 3.0.0-47.el6.centos > > and some of the directives did not work, namely allowWeakCipher, sslVersionMin and sslVersionMax . So I commented them out > The ldapupdater then seems happy but when I went to restart IPA. The ldap server wasn't happy with cipher TLS_RSA_WITH_AES_256_CBC_SHA256 and would not start. > > Now I can't change anything and it doesn't work. Reaching for my backup..... IMO you can manually change dse.ldif, remove cipher from there and start DS the file should be in /etc/dirsrv/slapd-/|instance_name|/ > > Terry > > -----Original Message----- > From: Christian Heimes [mailto:cheimes at redhat.com] > Sent: 22 January 2016 10:03 > To: Terry John; Martin Kosek; freeipa-users at redhat.com > Subject: Re: [Freeipa-users] FREAK Vulnerability > > On 2016-01-21 17:54, Terry John wrote: >> Thanks for the info. I have tried nearly all the NSSCipherSuite settings in that ticket but none so far has eliminated the FREAK report. >> Christian thanks for the heads up on the syntax, I wasn't sure of what >> I was doing >> >> Each time I've made a change I've run an sslscan from the OpenVAS scanner and I do get a different result each time but the errors still remains in OpenVAS. >> Aaargh! Just noticed the port is 636/tcp(!) which is ns-slapd. >> >> Back to the drawing board :-) > Hi Terry, > > you can give the attached file a try. It's a ldif file for ipa-ldap-updater. You need to run the command on the machine as root and restart 389-DS. > > The hardened TLS configuration is highly experimental and comes with no warranty whatsoever. The configuration works on my tests systems with Python's ldap client and Apache Directory Studio. It may not work with other clients, especially older clients or clients in FIPS mode. > > Christian > > > > The Manheim group of companies within the UK comprises: Manheim Europe Limited (registered number: 03183918), Manheim Auctions Limited (registered number: 00448761), Manheim Retail Services Limited (registered number: 02838588), Motors.co.uk Limited (registered number: 05975777), Real Time Communications Limited (registered number: 04277845) and Complete Automotive Solutions Limited (registered number: 05302535). Each of these companies is registered in England and Wales with the registered office address of Central House, Leeds Road, Rothwell, Leeds LS26 0JE. The Manheim group of companies operates under various brand/trading names including Manheim Inspection Services, Manheim Auctions, Manheim Direct, Manheim De-fleet and Manheim Aftersales Solutions. > > V:0CF72C13B2AC > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From aalam at paperlesspost.com Tue Jan 26 17:14:06 2016 From: aalam at paperlesspost.com (Ash Alam) Date: Tue, 26 Jan 2016 12:14:06 -0500 Subject: [Freeipa-users] Upgrading from 3.0.0 CentOS6 to 4.2.3 CentOS7 In-Reply-To: <56A79741.30707@redhat.com> References: <564EE884.6060909@redhat.com> <564F46BB.8060906@redhat.com> <56A79741.30707@redhat.com> Message-ID: thank you! Out of curiosity has anyone been able to automate this using chef/puppet etc? On Tue, Jan 26, 2016 at 10:56 AM, Martin Kosek wrote: > Did you follow the instructions in the error message? There is also a > longer > description here: > > > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/upgrading.html#migrating-ipa-proc > > Martin > > On 01/26/2016 04:38 PM, Ash Alam wrote: > > I wanted to follow up on this as i finally gotten around to doing the > > upgrade. I an running into this error. I also found a bugzilla ticket. Do > > you have to do some type of schema upgrade like you do with active > > directory? > > > > https://bugzilla.redhat.com/show_bug.cgi?id=1235766 > > > > STDERR: ipa : CRITICAL The master CA directory server does > not > > have necessary schema. Please copy the following script to all CA masters > > and run it on them: /usr/share/ipa/copy-schema-to-ca.py > > > > If you are certain that this is a false positive, use > > --skip-schema-check. > > > > ipa.ipapython.install.cli.install_tool(Replica): ERROR IPA schema > > missing on master CA directory server > > > > > > > > Thank You > > > > > > > > > > On Fri, Nov 20, 2015 at 11:13 AM, Martin Kosek > wrote: > > > >> On 11/20/2015 04:08 PM, Ash Alam wrote: > >> > >>> Most of the clients in my env are centos 6.6 with ipa 3.0.0 client > >>> installed. I > >>> if bring up a replica on centos 7.2 with ipa 4.2.3 server and then > start > >>> phasing out the older 3.0.0 servers. Will the client that are still > >>> running the > >>> older client software still work? > >>> > >> > >> It should, yes. It is expected that there are RHEL/CentOS-6 clients with > >> RHEL-7 FreeIPA servers. The older clients just won't be able to use the > >> newest features. > >> > >> > >>> On Fri, Nov 20, 2015 at 4:31 AM, Martin Kosek >>> > wrote: > >>> > >>> On 11/19/2015 11:03 PM, Ash Alam wrote: > >>> > >>> Hello All > >>> > >>> I am looking for some advice on upgrading. Currently our > FreeIPA > >>> servers are > >>> 3.0.0 on centos 6.6. We are looking to go to 4.2.3 Centos7. > This > >>> upgrade path > >>> is not possible per IPA documentation. Minimum version required > >>> is 3.3.x. I > >>> have also found that cenos6 does not provide anything past > 3.0.0. > >>> > >>> > >>> And it won't. There are no plans in updating FreeIPA version in > >>> RHEL/CentOS-6.x, we encourage people who want the new features to > >>> migrate > >>> to RHEL-7.x: > >>> > >>> > >>> > http://www.freeipa.org/page/Howto/Migration#Migrating_Identity_Management_in_RHEL.2FCentOS > >>> > >>> > >>> > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/upgrading.html#migrating-ipa-proc > >>> > >>> If you want to wait on CentOS-7.2, it should be in works now: > >>> http://seven.centos.org/2015/11/rhel-7-2-released-today/ > >>> > >>> One idea is to upgrade to 3.3.x first and then upgrade to 4.2.3 > >>> on centos7. > >>> This is harder since centos does not provide this. The other > >>> issue is if > >>> 3.0/3.3 client will be supported with 4.2.3 server. > >>> > >>> > >>> The right way is to migrate via creating replicas in > RHEL/CentOS-7.x > >>> and > >>> slowly deprecating RHEL/CentOS-6 ones. Detailed procedure in the > >>> links above. > >>> > >>> > >>> > >> > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Tue Jan 26 17:24:25 2016 From: rmeggins at redhat.com (Rich Megginson) Date: Tue, 26 Jan 2016 10:24:25 -0700 Subject: [Freeipa-users] FREAK Vulnerability In-Reply-To: <56A7A636.50709@redhat.com> References: <56A0F065.7050407@redhat.com> <56A1FE59.5010407@redhat.com> <56A7A636.50709@redhat.com> Message-ID: <56A7ABC9.8000105@redhat.com> On 01/26/2016 10:00 AM, Martin Basti wrote: > > > On 26.01.2016 17:39, Terry John wrote: >> Thanks for this. I've had a look today >> We are running: >> >> ipa-server.x86_64 3.0.0-47.el6.centos >> >> and some of the directives did not work, namely allowWeakCipher, sslVersionMin and sslVersionMax . So I commented them out >> The ldapupdater then seems happy but when I went to restart IPA. The ldap server wasn't happy with cipher TLS_RSA_WITH_AES_256_CBC_SHA256 and would not start. >> >> Now I can't change anything and it doesn't work. Reaching for my backup..... > IMO you can manually change dse.ldif, remove cipher from there and > start DS > the file should be in /etc/dirsrv/slapd-/|instance_name|/ Make sure slapd is completely shutdown before you edit dse.ldif, or your changes will be wiped out. >> Terry >> >> -----Original Message----- >> From: Christian Heimes [mailto:cheimes at redhat.com] >> Sent: 22 January 2016 10:03 >> To: Terry John; Martin Kosek;freeipa-users at redhat.com >> Subject: Re: [Freeipa-users] FREAK Vulnerability >> >> On 2016-01-21 17:54, Terry John wrote: >>> Thanks for the info. I have tried nearly all the NSSCipherSuite settings in that ticket but none so far has eliminated the FREAK report. >>> Christian thanks for the heads up on the syntax, I wasn't sure of what >>> I was doing >>> >>> Each time I've made a change I've run an sslscan from the OpenVAS scanner and I do get a different result each time but the errors still remains in OpenVAS. >>> Aaargh! Just noticed the port is 636/tcp(!) which is ns-slapd. >>> >>> Back to the drawing board :-) >> Hi Terry, >> >> you can give the attached file a try. It's a ldif file for ipa-ldap-updater. You need to run the command on the machine as root and restart 389-DS. >> >> The hardened TLS configuration is highly experimental and comes with no warranty whatsoever. The configuration works on my tests systems with Python's ldap client and Apache Directory Studio. It may not work with other clients, especially older clients or clients in FIPS mode. >> >> Christian >> >> >> >> The Manheim group of companies within the UK comprises: Manheim Europe Limited (registered number: 03183918), Manheim Auctions Limited (registered number: 00448761), Manheim Retail Services Limited (registered number: 02838588), Motors.co.uk Limited (registered number: 05975777), Real Time Communications Limited (registered number: 04277845) and Complete Automotive Solutions Limited (registered number: 05302535). Each of these companies is registered in England and Wales with the registered office address of Central House, Leeds Road, Rothwell, Leeds LS26 0JE. The Manheim group of companies operates under various brand/trading names including Manheim Inspection Services, Manheim Auctions, Manheim Direct, Manheim De-fleet and Manheim Aftersales Solutions. >> >> V:0CF72C13B2AC >> >> >> > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From gjn at gjn.priv.at Tue Jan 26 17:44:17 2016 From: gjn at gjn.priv.at (=?ISO-8859-1?Q?G=FCnther_J=2E?= Niederwimmer) Date: Tue, 26 Jan 2016 18:44:17 +0100 Subject: [Freeipa-users] Master Error with two Master CentOS 7.2 In-Reply-To: <56A79B0F.3040703@redhat.com> References: <1970762.0GSgUyMVQY@techz> <20771447.rIEroOEK5h@techz> <56A79B0F.3040703@redhat.com> Message-ID: <1584509.suAWgjcQWU@techz> Am Dienstag, 26. Januar 2016, 17:13:03 CET schrieb Ludwig Krispenz: Hello Ludwig, > you got a replicaid (97) leftover form the previous install for the > o=ipaca backend. The other backend is ok, ipa-replica-manage del did the > cleanup, but ipa-csreplica-manage doesn't. So you have to clean it > manually by an ldap command. :-( > Execute the following mod on one of the servers: > > ldapmodify -D "cn=directory manager" -W -a > dn: cn=clean 97, cn=cleanallruv, cn=tasks, cn=config > objectclass: extensibleObject > replica-base-dn: o=ipaca > replica-id: 97 > cn: clean 97 Thanks for the Help but .... I copy all in one line but something is wrong with this mod, i have only the Help screen with the parameters ? > On 01/26/2016 04:52 PM, G?nther J. Niederwimmer wrote: > > Am Dienstag, 26. Januar 2016, 14:48:31 CET schrieb Ludwig Krispenz: > >> On 01/26/2016 12:30 PM, G?nther J. Niederwimmer wrote: > >>> Am Dienstag, 26. Januar 2016, 11:03:27 CET schrieb Ludwig Krispenz: > >>>> On 01/26/2016 09:45 AM, G?nther J. Niederwimmer wrote: > >>>>> I set up a CentOS 7.2 System with two master Server now I found this > >>>>> 1000 > >>>>> x > >>>>> Error on my first master? > >>>>> > >>>>> attrlist_replace - attr_replace (nsslapd-referral, > >>>>> ldap://ipa1.xxxxxxx.at:389/ o%3Dipaca) failed. > >>>> > >>>> did you install and reinstall the replica on the same machine ? The > >>>> message is usually related to removed replicaid, which was not properly > >>>> cleaned. > >>> > >>> Yes, I must delete and reinstall the Replica but I have all cleanup I > >>> found in the DOC > >>> > >>> ipa-replica-manage del ipa1.xxxxxxxx.at > >>> ipa-csreplica-manage del ipa1.xxxxxxxx..at > >>> > >>> and create a new > >>> > >>> ipa-replica-prepare ipa1.xxxxxxx.at > >>> > >>> the system for ipa1 is a new installed KVM guest., with the same name > >>> ipa1.xxxxxxxx.at > >>> > >>>> can you do some searches ?. On both masters check which is the > >>>> replicaID > >>>> in use and which are the known ruvs: > >>>> ldapsearch -b "cn=config" .... "objectclass=nsds5replica" replicaid > >>>> nsds50ruv > >>> > >>> Please can you give me the full command I am not a professional for > >>> LDAP > >> > >> ldapsearch -LLL -o ldif-wrap=no -x -h -p 389 -D "cn=directory > >> manager" -W -b "cn=config" "objectclass=nsds5replica" nsds5replicaid > >> nsds50ruv > >> > >> for host insert your masters > > > > Thanks for the help. > > > > The original master > > > > dn: cn=replica,cn=dc\3Desslmaier\2Cdc\3Dat,cn=mapping tree,cn=config > > nsds5replicaid: 4 > > nsds50ruv: {replicageneration} 562f579c000000040000 > > nsds50ruv: {replica 4 ldap://ipa.esslmaier.at:389} 562f57b7000000040000 > > 56a79264000000040000 > > nsds50ruv: {replica 5 ldap://ipa1.esslmaier.at:389} 568a1fa2000000050000 > > 56a5cf73000200050000 > > > > dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config > > nsds5replicaid: 96 > > nsds50ruv: {replicageneration} 562f57e3000000600000 > > nsds50ruv: {replica 96 ldap://ipa.esslmaier.at:389} 562f5804000000600000 > > 56a79021000000600000 > > nsds50ruv: {replica 91 ldap://ipa1.esslmaier.at:389} 568a1ff70000005b0000 > > 568a20250006005b0000 > > nsds50ruv: {replica 97 ldap://ipa1.esslmaier.at:389} 562f5811000000610000 > > 5630a9c4000000610000 > > > > The first replica master. > > > > nsds5replicaid: 5 > > nsds50ruv: {replicageneration} 562f579c000000040000 > > nsds50ruv: {replica 5 ldap://ipa1.esslmaier.at:389} 568a1fa2000000050000 > > 56a793fc000000050000 > > nsds50ruv: {replica 4 ldap://ipa.esslmaier.at:389} 562f57b7000000040000 > > 56a79264000000040000 > > > > dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config > > nsds5replicaid: 91 > > nsds50ruv: {replicageneration} 562f57e3000000600000 > > nsds50ruv: {replica 91 ldap://ipa1.esslmaier.at:389} 568a1ff70000005b0000 > > 568a20250006005b0000 > > nsds50ruv: {replica 96 ldap://ipa.esslmaier.at:389} 562f5804000000600000 > > 56a793a5000000600000 > > nsds50ruv: {replica 97 ldap://ipa1.esslmaier.at:389} 562f5811000000610000 > > 5630a9c4000000610000 > > > >>>>> Is this a bad Error ? > >>>>> > >>>>> Can I do anything > >>>>> > >>>>> Thanks for a answer, -- mit freundlichen Gr??en / best regards, G?nther J. Niederwimmer From rcritten at redhat.com Tue Jan 26 17:47:48 2016 From: rcritten at redhat.com (Rob Crittenden) Date: Tue, 26 Jan 2016 12:47:48 -0500 Subject: [Freeipa-users] Master Error with two Master CentOS 7.2 In-Reply-To: <1584509.suAWgjcQWU@techz> References: <1970762.0GSgUyMVQY@techz> <20771447.rIEroOEK5h@techz> <56A79B0F.3040703@redhat.com> <1584509.suAWgjcQWU@techz> Message-ID: <56A7B144.3020804@redhat.com> G?nther J. Niederwimmer wrote: > Am Dienstag, 26. Januar 2016, 17:13:03 CET schrieb Ludwig Krispenz: > Hello Ludwig, > >> you got a replicaid (97) leftover form the previous install for the >> o=ipaca backend. The other backend is ok, ipa-replica-manage del did the >> cleanup, but ipa-csreplica-manage doesn't. So you have to clean it >> manually by an ldap command. > :-( > >> Execute the following mod on one of the servers: >> >> ldapmodify -D "cn=directory manager" -W -a >> dn: cn=clean 97, cn=cleanallruv, cn=tasks, cn=config >> objectclass: extensibleObject >> replica-base-dn: o=ipaca >> replica-id: 97 >> cn: clean 97 > > Thanks for the Help but .... > > I copy all in one line but something is wrong with this mod, i have only the > Help screen with the parameters ? Add -x after ldapmodify. After the last line put in an extra linefeed then ctrl-D to submit the request. rob > >> On 01/26/2016 04:52 PM, G?nther J. Niederwimmer wrote: >>> Am Dienstag, 26. Januar 2016, 14:48:31 CET schrieb Ludwig Krispenz: >>>> On 01/26/2016 12:30 PM, G?nther J. Niederwimmer wrote: >>>>> Am Dienstag, 26. Januar 2016, 11:03:27 CET schrieb Ludwig Krispenz: >>>>>> On 01/26/2016 09:45 AM, G?nther J. Niederwimmer wrote: >>>>>>> I set up a CentOS 7.2 System with two master Server now I found this >>>>>>> 1000 >>>>>>> x >>>>>>> Error on my first master? >>>>>>> >>>>>>> attrlist_replace - attr_replace (nsslapd-referral, >>>>>>> ldap://ipa1.xxxxxxx.at:389/ o%3Dipaca) failed. >>>>>> >>>>>> did you install and reinstall the replica on the same machine ? The >>>>>> message is usually related to removed replicaid, which was not properly >>>>>> cleaned. >>>>> >>>>> Yes, I must delete and reinstall the Replica but I have all cleanup I >>>>> found in the DOC >>>>> >>>>> ipa-replica-manage del ipa1.xxxxxxxx.at >>>>> ipa-csreplica-manage del ipa1.xxxxxxxx..at >>>>> >>>>> and create a new >>>>> >>>>> ipa-replica-prepare ipa1.xxxxxxx.at >>>>> >>>>> the system for ipa1 is a new installed KVM guest., with the same name >>>>> ipa1.xxxxxxxx.at >>>>> >>>>>> can you do some searches ?. On both masters check which is the >>>>>> replicaID >>>>>> in use and which are the known ruvs: >>>>>> ldapsearch -b "cn=config" .... "objectclass=nsds5replica" replicaid >>>>>> nsds50ruv >>>>> >>>>> Please can you give me the full command I am not a professional for >>>>> LDAP >>>> >>>> ldapsearch -LLL -o ldif-wrap=no -x -h -p 389 -D "cn=directory >>>> manager" -W -b "cn=config" "objectclass=nsds5replica" nsds5replicaid >>>> nsds50ruv >>>> >>>> for host insert your masters >>> >>> Thanks for the help. >>> >>> The original master >>> >>> dn: cn=replica,cn=dc\3Desslmaier\2Cdc\3Dat,cn=mapping tree,cn=config >>> nsds5replicaid: 4 >>> nsds50ruv: {replicageneration} 562f579c000000040000 >>> nsds50ruv: {replica 4 ldap://ipa.esslmaier.at:389} 562f57b7000000040000 >>> 56a79264000000040000 >>> nsds50ruv: {replica 5 ldap://ipa1.esslmaier.at:389} 568a1fa2000000050000 >>> 56a5cf73000200050000 >>> >>> dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config >>> nsds5replicaid: 96 >>> nsds50ruv: {replicageneration} 562f57e3000000600000 >>> nsds50ruv: {replica 96 ldap://ipa.esslmaier.at:389} 562f5804000000600000 >>> 56a79021000000600000 >>> nsds50ruv: {replica 91 ldap://ipa1.esslmaier.at:389} 568a1ff70000005b0000 >>> 568a20250006005b0000 >>> nsds50ruv: {replica 97 ldap://ipa1.esslmaier.at:389} 562f5811000000610000 >>> 5630a9c4000000610000 >>> >>> The first replica master. >>> >>> nsds5replicaid: 5 >>> nsds50ruv: {replicageneration} 562f579c000000040000 >>> nsds50ruv: {replica 5 ldap://ipa1.esslmaier.at:389} 568a1fa2000000050000 >>> 56a793fc000000050000 >>> nsds50ruv: {replica 4 ldap://ipa.esslmaier.at:389} 562f57b7000000040000 >>> 56a79264000000040000 >>> >>> dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config >>> nsds5replicaid: 91 >>> nsds50ruv: {replicageneration} 562f57e3000000600000 >>> nsds50ruv: {replica 91 ldap://ipa1.esslmaier.at:389} 568a1ff70000005b0000 >>> 568a20250006005b0000 >>> nsds50ruv: {replica 96 ldap://ipa.esslmaier.at:389} 562f5804000000600000 >>> 56a793a5000000600000 >>> nsds50ruv: {replica 97 ldap://ipa1.esslmaier.at:389} 562f5811000000610000 >>> 5630a9c4000000610000 >>> >>>>>>> Is this a bad Error ? >>>>>>> >>>>>>> Can I do anything >>>>>>> >>>>>>> Thanks for a answer, > > From Warren.Birnbaum at nike.com Tue Jan 26 18:49:59 2016 From: Warren.Birnbaum at nike.com (Birnbaum, Warren (ETW)) Date: Tue, 26 Jan 2016 18:49:59 +0000 Subject: [Freeipa-users] Problem adding user Message-ID: Hello, I am trying to add a user into FreeIPA that already exists in /etc/passwd. How can I add him into FreeIPA and employ all the functionality? Thanks, Warren -------------- next part -------------- An HTML attachment was scrubbed... URL: From rcritten at redhat.com Tue Jan 26 19:06:53 2016 From: rcritten at redhat.com (Rob Crittenden) Date: Tue, 26 Jan 2016 14:06:53 -0500 Subject: [Freeipa-users] Problem adding user In-Reply-To: References: Message-ID: <56A7C3CD.6090104@redhat.com> Birnbaum, Warren (ETW) wrote: > Hello, > > I am trying to add a user into FreeIPA that already exists in > /etc/passwd. How can I add him into FreeIPA and employ all the > functionality? What is your goal in keeping the user in both systems? rob From Warren.Birnbaum at nike.com Tue Jan 26 19:12:34 2016 From: Warren.Birnbaum at nike.com (Birnbaum, Warren (ETW)) Date: Tue, 26 Jan 2016 19:12:34 +0000 Subject: [Freeipa-users] Problem adding user In-Reply-To: <56A7C3CD.6090104@redhat.com> References: <56A7C3CD.6090104@redhat.com> Message-ID: The users I have are authenticated off Active Directory. I can remove the user from /etc/passwd but don?t know how to have the user still be authenticated from Active Directory instead of I believe Kerberos. Does that make any sense? Thanks, ___________________ Warren Birnbaum : Infrastructure Services Web Automation Engineer Europe CDT Techn. Operations Nike Inc. : Mobile +31 6 23902697 On 1/26/16, 11:06 AM, "Rob Crittenden" wrote: >Birnbaum, Warren (ETW) wrote: >> Hello, >> >> I am trying to add a user into FreeIPA that already exists in >> /etc/passwd. How can I add him into FreeIPA and employ all the >> functionality? > >What is your goal in keeping the user in both systems? > >rob > From lslebodn at redhat.com Tue Jan 26 19:28:28 2016 From: lslebodn at redhat.com (Lukas Slebodnik) Date: Tue, 26 Jan 2016 20:28:28 +0100 Subject: [Freeipa-users] Master Error with two Master CentOS 7.2 In-Reply-To: <56A7B144.3020804@redhat.com> References: <1970762.0GSgUyMVQY@techz> <20771447.rIEroOEK5h@techz> <56A79B0F.3040703@redhat.com> <1584509.suAWgjcQWU@techz> <56A7B144.3020804@redhat.com> Message-ID: <20160126192827.GA6622@mail.corp.redhat.com> On (26/01/16 12:47), Rob Crittenden wrote: >G?nther J. Niederwimmer wrote: >> Am Dienstag, 26. Januar 2016, 17:13:03 CET schrieb Ludwig Krispenz: >> Hello Ludwig, >> >>> you got a replicaid (97) leftover form the previous install for the >>> o=ipaca backend. The other backend is ok, ipa-replica-manage del did the >>> cleanup, but ipa-csreplica-manage doesn't. So you have to clean it >>> manually by an ldap command. >> :-( >> >>> Execute the following mod on one of the servers: >>> >>> ldapmodify -D "cn=directory manager" -W -a >>> dn: cn=clean 97, cn=cleanallruv, cn=tasks, cn=config >>> objectclass: extensibleObject >>> replica-base-dn: o=ipaca >>> replica-id: 97 >>> cn: clean 97 >> >> Thanks for the Help but .... >> >> I copy all in one line but something is wrong with this mod, i have only the >> Help screen with the parameters ? > >Add -x after ldapmodify. > >After the last line put in an extra linefeed then ctrl-D to submit the >request. > LDIF does not look like for ldapmodify. should it have been a ldapadd? LS From rcritten at redhat.com Tue Jan 26 19:32:39 2016 From: rcritten at redhat.com (Rob Crittenden) Date: Tue, 26 Jan 2016 14:32:39 -0500 Subject: [Freeipa-users] Master Error with two Master CentOS 7.2 In-Reply-To: <20160126192827.GA6622@mail.corp.redhat.com> References: <1970762.0GSgUyMVQY@techz> <20771447.rIEroOEK5h@techz> <56A79B0F.3040703@redhat.com> <1584509.suAWgjcQWU@techz> <56A7B144.3020804@redhat.com> <20160126192827.GA6622@mail.corp.redhat.com> Message-ID: <56A7C9D7.4090602@redhat.com> Lukas Slebodnik wrote: > On (26/01/16 12:47), Rob Crittenden wrote: >> G?nther J. Niederwimmer wrote: >>> Am Dienstag, 26. Januar 2016, 17:13:03 CET schrieb Ludwig Krispenz: >>> Hello Ludwig, >>> >>>> you got a replicaid (97) leftover form the previous install for the >>>> o=ipaca backend. The other backend is ok, ipa-replica-manage del did the >>>> cleanup, but ipa-csreplica-manage doesn't. So you have to clean it >>>> manually by an ldap command. >>> :-( >>> >>>> Execute the following mod on one of the servers: >>>> >>>> ldapmodify -D "cn=directory manager" -W -a >>>> dn: cn=clean 97, cn=cleanallruv, cn=tasks, cn=config >>>> objectclass: extensibleObject >>>> replica-base-dn: o=ipaca >>>> replica-id: 97 >>>> cn: clean 97 >>> >>> Thanks for the Help but .... >>> >>> I copy all in one line but something is wrong with this mod, i have only the >>> Help screen with the parameters ? >> >> Add -x after ldapmodify. >> >> After the last line put in an extra linefeed then ctrl-D to submit the >> request. >> > LDIF does not look like for ldapmodify. > should it have been a ldapadd? The -a tells ldapmodify to assume add. rob From Nathan.Peters at globalrelay.net Tue Jan 26 20:03:50 2016 From: Nathan.Peters at globalrelay.net (Nathan Peters) Date: Tue, 26 Jan 2016 20:03:50 +0000 Subject: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists In-Reply-To: <56A61B88.7010205@redhat.com> References: <569E9D5F.9070801@redhat.com> <569EC761.9090306@redhat.com> <569F5B19.50009@redhat.com> <569FE2EC.5080307@redhat.com> <56A0F93E.3000406@redhat.com> <56A23BDB.1020608@redhat.com> <56A273A3.4010600@redhat.com> <56A61B88.7010205@redhat.com> Message-ID: After some more investigation, it appears that there may be more ACIs missing. I added the missing permission (System: Read Replication Agreements) on all my masters, and then the installation failed at this point : --------------------------- [28/43]: setting up initial replication Starting replication, please wait until this has completed. [error] INSUFFICIENT_ACCESS: {'info': "Insufficient 'write' privilege to the 'nsds5BeginReplicaRefresh' attribute of entry 'cn=metodc2-ipa-dev-van.mydomain.net,cn=replica,cn=dc\\3dmydomain\\2cdc\\3dnet,cn=mapping tree,cn=config'.\n", 'desc': 'Insufficient access'} Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. ipa.ipapython.install.cli.install_tool(Replica): ERROR {'info': "Insufficient 'write' privilege to the 'nsds5BeginReplicaRefresh' attribute of entry 'cn=metodc2-ipa-dev-van.mydomain.net,cn=replica,cn=dc\\3dmydomain\\2cdc\\3dnet,cn=mapping tree,cn=config'.\n", 'desc': 'Insufficient access'} ipa.ipapython.install.cli.install_tool(Replica): ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information Because of that and a comparison of my earlier version of ldif files from earlier versions of FreeIPA, I noticed the following ACI also missing from the mapping tree : -------------------------------------- # dc\3Dipatestdomain\2Cdc\3Dnet, mapping tree, config dn: cn=dc\3Dipatestdomain\2Cdc\3Dnet,cn=mapping tree,cn=config aci: (targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";al low (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn= pbac,dc=mydomain,dc=net";) aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl ass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreeme nts"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Ag reements,cn=permissions,cn=pbac,dc=mydomain,dc=net";) After I added that, I attempted my replica installation again this time it failed on the o=ipaca branch ---------------------------------------- Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes 30 seconds [1/23]: creating certificate server user [2/23]: creating certificate server db [3/23]: setting up initial replication [error] INSUFFICIENT_ACCESS: {'info': "Insufficient 'write' privilege to the 'nsDS5ReplicaBindDN' attribute of entry 'cn=replica,cn=o\\3dipaca,cn=mapping tree,cn=config'.\n", 'desc': 'Insufficient access'} Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. ipa.ipapython.install.cli.install_tool(Replica): ERROR {'info': "Insufficient 'write' privilege to the 'nsDS5ReplicaBindDN' attribute of entry 'cn=replica,cn=o\\3dipaca,cn=mapping tree,cn=config'.\n", 'desc': 'Insufficient access'} ipa.ipapython.install.cli.install_tool(Replica): ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information Looking at that branch of the ldap tree, I noticed some differences --------------------------------------------------------------------------- In the cn=yourdomain,cn=mapping tree,cn=config you will find the following permissions : permission:Add Replication Agreements In the cn=o=ipaca,cn=mapping tree,cn=config you will find the following permissions : cert manager: Add Replication Agreements ========================= So I think there are actually 3 issues : =========================== 1. Missing aci on base cn=config entry 2. Missing aci on dc\3Dipatestdomain\2Cdc\3Dnet, mapping tree, config branch 3. acis are on the o=ipaca branch, but they are wrong as they only apply to cert manager, and not all users -----Original Message----- From: Martin Basti [mailto:mbasti at redhat.com] Sent: January-25-16 4:57 AM To: Nathan Peters; Rich Megginson; freeipa-users at redhat.com Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists Thank you, I found root cause why "System: Read Replication Agreements" ACI is not on replica. https://fedorahosted.org/freeipa/ticket/5631 I have to figure out why this permission is added on centos7.2, because IMO this bug is there from 4.0. On 24.01.2016 03:22, Nathan Peters wrote: > I can now confirm that this is a 100% reproducible bug, and a pretty severe one at that. You should be able to reproduce this issue at will if you follow these steps. It may actually be possible with less servers and less steps, but here is what I did in a test lab today: > > 1. Create a brand new FreeIPA domain in CentOS 7.2 / FreeIPA 4.2.0 with 3 servers, dc1, dc2, dc3, replicating any way you want. > 3. Use ipa-replica-manage del dc2.ipatestdomain.net, and then delete the server / vm / whatever you have it running on > 3. Install Fedora 23 on the same IP address and hostname (dc2.ipatestdomain.net). Install FreeIPA server 4.2.3 from replica file created on CA master (dc1). > > Check aci on dc2. You will notice it's now missing a bunch of stuff. So basically, all it takes to lose that ACL is to create a Fedora FreeIPA server and join it to a CentOS domain. > After I had upgraded all 3 to Fedora, that ACLS was lost permanently as it no longer existed on any server because there were no CentOS servers left. > > I'm assuming since this is so easy to reproduce, that you don't actually need my log files. > > ACL comparisons below for reference : > 1. ACL on dc1 when its on FreeIPA 4.2.0 on CentOS 7.2 and the domain consists of only CentOS servers > 2. ACL on dc1 when its still on FreeIPA 4.2.0 on CentOS 7.2 but there is now a Fedora 23 FreeIPA 4.2.3 server in the domain (for reference that the CentOS ACL hasn't changed yet) > 3. ACL on dc2 when it's now a Fedora 23 FreeIPA 4.2.3 server created from a replica file made from dc1, the centOS 7.2 CA master(missing some stuff) > 4. ACL on dc1 when it's now a Fedora 23 FreeIPA 4.2.3 server (now missing some stuff) > > ============================================================================ > 1. ACL on dc1 when its on FreeIPA 4.2.0 on CentOS 7.2 and the domain consists of only CentOS servers > ============================================================================ > [root at dc1 ~]# ldapsearch -D "cn=directory manager" -W -b "cn=config" "(aci=*)" aci > Enter LDAP Password: > # extended LDIF > # > # LDAPv3 > # base with scope subtree > # filter: (aci=*) > # requesting: aci > # > > # config > dn: cn=config > aci: (targetattr != aci)(version 3.0; aci "cert manager read access"; allow (r > ead, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) > aci: (target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")( > targetattr=*)(version 3.0;acl "permission:Add Automember Rebuild Membership T > ask";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task > ,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > aci: (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || ob > jectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plu > gins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configura > tion";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Manager > s Configuration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > aci: (targetattr = "passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop, > cn=plugins,cn=config")(version 3.0;acl "permission:Modify PassSync Managers C > onfiguration";allow (write) groupdn = "ldap:///cn=Modify PassSync Managers Co > nfiguration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > aci: (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || ns > slapd-directory* || objectclass")(target = "ldap:///cn=config,cn=ldbm databas > e,cn=plugins,cn=config")(version 3.0;acl "permission:Read LDBM Database Confi > guration";allow (compare,read,search) groupdn = "ldap:///cn=Read LDBM Databas > e Configuration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > aci: (version 3.0;acl "permission:Add Configuration Sub-Entries";allow (add) g > roupdn = "ldap:///cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc= > ipatestdomain,dc=net";) > aci: (targetattr = "cn || createtimestamp || description || entryusn || modify > timestamp || nsds50ruv || nsds5beginreplicarefresh || nsds5debugreplicatimeou > t || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || n > sds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds > 5replicabindmethod || nsds5replicabusywaittime || nsds5replicachangecount || > nsds5replicachangessentsincestartup || nsds5replicacleanruv || nsds5replicacl > eanruvnotified || nsds5replicacredentials || nsds5replicaenabled || nsds5repl > icahost || nsds5replicaid || nsds5replicalastinitend || nsds5replicalastinits > tart || nsds5replicalastinitstatus || nsds5replicalastupdateend || nsds5repli > calastupdatestart || nsds5replicalastupdatestatus || nsds5replicalegacyconsum > er || nsds5replicaname || nsds5replicaport || nsds5replicaprotocoltimeout || > nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5re > plicasessionpausetime || nsds5replicastripattrs || nsds5replicatedattributeli > st || nsds5replicatedattributelisttotal || nsds5replicatimeout || nsds5replic > atombstonepurgeinterval || nsds5replicatransportinfo || nsds5replicatype || n > sds5replicaupdateinprogress || nsds5replicaupdateschedule || nsds5task || nsd > s7directoryreplicasubtree || nsds7dirsynccookie || nsds7newwingroupsyncenable > d || nsds7newwinusersyncenabled || nsds7windowsdomain || nsds7windowsreplicas > ubtree || nsruvreplicalastmodified || nsstate || objectclass || onewaysync || > winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction || winsyncsub > treepair || winsyncwindowsfilter")(targetfilter = "(|(objectclass=nsds5Replic > a)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationA > greement)(objectClass=nsMappingTree))")(version 3.0;acl "permission:System: R > ead Replication Agreements";allow (compare,read,search) groupdn = "ldap:///cn > =System: Read Replication Agreements,cn=permissions,cn=pbac,dc=ipatestdomai > n,dc=net";) > > # SNMP, config > dn: cn=SNMP,cn=config > aci: (target="ldap:///cn=SNMP,cn=config")(targetattr !="aci")(version 3.0;acl > "snmp";allow (read, search, compare)(userdn = "ldap:///anyone");) > > # tasks, config > dn: cn=tasks,cn=config > aci: (targetattr=*)(version 3.0; acl "Run tasks after replica re-initializatio > n"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permis > sions,cn=pbac,dc=ipatestdomain,dc=net";) > aci: (targetattr=*)(version 3.0; acl "cert manager: Run tasks after replica re > -initialization"; allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipa > ca";) > aci: (targetattr="*")(version 3.0; acl "Admin can read all tasks"; allow (read > , compare, search) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=grip > atestdomain,dc=net";) > aci: (targetattr = "*")(target = "ldap:///cn=*,cn=automember rebuild membershi > p,cn=tasks,cn=config")(version 3.0;acl "permission:System: Read Automember Ta > sks";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Automembe > r Tasks,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > > # csusers, config > dn: ou=csusers,cn=config > aci: (targetattr != aci)(version 3.0; aci "cert manager manage replication use > rs"; allow (all) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) > > # 1.3.6.1.4.1.4203.1.9.1.1, features, config > dn: oid=1.3.6.1.4.1.4203.1.9.1.1,cn=features,cn=config > aci: (targetattr != "aci")(version 3.0; acl "Sync Request Control"; allow( rea > d, search ) userdn = "ldap:///all";) > > # 2.16.840.1.113730.3.4.9, features, config > dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config > aci: (targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, > search, compare, proxy) userdn = "ldap:///anyone"; ) > > # dc\3Dipatestdomain\2Cdc\3Dnet, mapping tree, config > dn: cn=dc\3Dipatestdomain\2Cdc\3Dnet,cn=mapping tree,cn=config > aci: (targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";al > low (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn= > pbac,dc=ipatestdomain,dc=net";) > aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd > s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl > ass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreeme > nts"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Ag > reements,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob > jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Rem > ove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Repli > cation Agreements,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > > # o\3Dipaca, mapping tree, config > dn: cn=o\3Dipaca,cn=mapping tree,cn=config > aci: (targetattr=*)(version 3.0;acl "cert manager: Add Replication Agreements" > ;allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) > aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd > s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl > ass=nsMappingTree))")(version 3.0; acl "cert manager: Modify Replication Agre > ements"; allow (read, write, search) userdn = "ldap:///uid=pkidbuser,ou=peopl > e,o=ipaca";) > aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob > jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "cert manager: > Remove Replication Agreements";allow (delete) userdn = "ldap:///uid=pkidbuser > ,ou=people,o=ipaca";) > > # ldbm database, plugins, config > dn: cn=ldbm database,cn=plugins,cn=config > aci: (targetattr=*)(version 3.0; acl "Cert Manager access for VLV searches"; a > llow (read) userdn="ldap:///uid=pkidbuser,ou=people,o=ipaca";) > > # Posix IDs, Distributed Numeric Assignment Plugin, plugins, config > dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config > aci: (targetattr=dnaNextRange || dnaNextValue || dnaMaxValue)(version 3.0;acl > "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA > Range,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > aci: (targetattr=cn || dnaMaxValue || dnaNextRange || dnaNextValue || dnaThre > shold || dnaType || objectclass)(version 3.0;acl "permission:Read DNA Range"; > allow (read, search, compare) groupdn = "ldap:///cn=Read DNA Range,cn=permiss > ions,cn=pbac,dc=ipatestdomain,dc=net";) > > # userRoot, ldbm database, plugins, config > dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config > aci: (targetattr=nsslapd-readonly)(version 3.0; acl "Allow marking the databas > e readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreement > s,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > > # search result > search: 2 > result: 0 Success > > # numResponses: 12 > # numEntries: 11 > > > ============================================================================ > 2. ACL on dc1 when its still on FreeIPA 4.2.0 on CentOS 7.2 but there is now a Fedora 23 FreeIPA 4.2.3 server in the domain (for reference that the CentOS ACL hasn't changed yet) > ============================================================================ > ================ after reinstallation of dc2 in fedora 23 / ipa 4.2.3 ========================= > > [root at dc1 ~]# ldapsearch -b "cn=config" -D "uid=admin,cn=users,cn=accounts,dc=ipatestdomain,dc=net" -W > Enter LDAP Password: > # config > dn: cn=config > aci: (targetattr != aci)(version 3.0; aci "cert manager read access"; allow (r > ead, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) > aci: (target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")( > targetattr=*)(version 3.0;acl "permission:Add Automember Rebuild Membership T > ask";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task > ,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > aci: (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || ob > jectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plu > gins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configura > tion";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Manager > s Configuration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > aci: (targetattr = "passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop, > cn=plugins,cn=config")(version 3.0;acl "permission:Modify PassSync Managers C > onfiguration";allow (write) groupdn = "ldap:///cn=Modify PassSync Managers Co > nfiguration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > aci: (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || ns > slapd-directory* || objectclass")(target = "ldap:///cn=config,cn=ldbm databas > e,cn=plugins,cn=config")(version 3.0;acl "permission:Read LDBM Database Confi > guration";allow (compare,read,search) groupdn = "ldap:///cn=Read LDBM Databas > e Configuration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > aci: (version 3.0;acl "permission:Add Configuration Sub-Entries";allow (add) g > roupdn = "ldap:///cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc= > ipatestdomain,dc=net";) > aci: (targetattr = "cn || createtimestamp || description || entryusn || modify > timestamp || nsds50ruv || nsds5beginreplicarefresh || nsds5debugreplicatimeou > t || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || n > sds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds > 5replicabindmethod || nsds5replicabusywaittime || nsds5replicachangecount || > nsds5replicachangessentsincestartup || nsds5replicacleanruv || nsds5replicacl > eanruvnotified || nsds5replicacredentials || nsds5replicaenabled || nsds5repl > icahost || nsds5replicaid || nsds5replicalastinitend || nsds5replicalastinits > tart || nsds5replicalastinitstatus || nsds5replicalastupdateend || nsds5repli > calastupdatestart || nsds5replicalastupdatestatus || nsds5replicalegacyconsum > er || nsds5replicaname || nsds5replicaport || nsds5replicaprotocoltimeout || > nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5re > plicasessionpausetime || nsds5replicastripattrs || nsds5replicatedattributeli > st || nsds5replicatedattributelisttotal || nsds5replicatimeout || nsds5replic > atombstonepurgeinterval || nsds5replicatransportinfo || nsds5replicatype || n > sds5replicaupdateinprogress || nsds5replicaupdateschedule || nsds5task || nsd > s7directoryreplicasubtree || nsds7dirsynccookie || nsds7newwingroupsyncenable > d || nsds7newwinusersyncenabled || nsds7windowsdomain || nsds7windowsreplicas > ubtree || nsruvreplicalastmodified || nsstate || objectclass || onewaysync || > winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction || winsyncsub > treepair || winsyncwindowsfilter")(targetfilter = "(|(objectclass=nsds5Replic > a)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationA > greement)(objectClass=nsMappingTree))")(version 3.0;acl "permission:System: R > ead Replication Agreements";allow (compare,read,search) groupdn = "ldap:///cn > =System: Read Replication Agreements,cn=permissions,cn=pbac,dc=ipatestdomai > n,dc=net";) > > # SNMP, config > dn: cn=SNMP,cn=config > aci: (target="ldap:///cn=SNMP,cn=config")(targetattr !="aci")(version 3.0;acl > "snmp";allow (read, search, compare)(userdn = "ldap:///anyone");) > > # tasks, config > dn: cn=tasks,cn=config > aci: (targetattr=*)(version 3.0; acl "Run tasks after replica re-initializatio > n"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permis > sions,cn=pbac,dc=ipatestdomain,dc=net";) > aci: (targetattr=*)(version 3.0; acl "cert manager: Run tasks after replica re > -initialization"; allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipa > ca";) > aci: (targetattr="*")(version 3.0; acl "Admin can read all tasks"; allow (read > , compare, search) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=grip > atestdomain,dc=net";) > aci: (targetattr = "*")(target = "ldap:///cn=*,cn=automember rebuild membershi > p,cn=tasks,cn=config")(version 3.0;acl "permission:System: Read Automember Ta > sks";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Automembe > r Tasks,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > > # csusers, config > dn: ou=csusers,cn=config > aci: (targetattr != aci)(version 3.0; aci "cert manager manage replication use > rs"; allow (all) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) > > # 1.3.6.1.4.1.4203.1.9.1.1, features, config > dn: oid=1.3.6.1.4.1.4203.1.9.1.1,cn=features,cn=config > aci: (targetattr != "aci")(version 3.0; acl "Sync Request Control"; allow( rea > d, search ) userdn = "ldap:///all";) > > # 2.16.840.1.113730.3.4.9, features, config > dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config > aci: (targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, > search, compare, proxy) userdn = "ldap:///anyone"; ) > > # dc\3Dipatestdomain\2Cdc\3Dnet, mapping tree, config > dn: cn=dc\3Dipatestdomain\2Cdc\3Dnet,cn=mapping tree,cn=config > aci: (targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";al > low (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn= > pbac,dc=ipatestdomain,dc=net";) > aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd > s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl > ass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreeme > nts"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Ag > reements,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob > jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Rem > ove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Repli > cation Agreements,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > > # o\3Dipaca, mapping tree, config > dn: cn=o\3Dipaca,cn=mapping tree,cn=config > aci: (targetattr=*)(version 3.0;acl "cert manager: Add Replication Agreements" > ;allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) > aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd > s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl > ass=nsMappingTree))")(version 3.0; acl "cert manager: Modify Replication Agre > ements"; allow (read, write, search) userdn = "ldap:///uid=pkidbuser,ou=peopl > e,o=ipaca";) > aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob > jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "cert manager: > Remove Replication Agreements";allow (delete) userdn = "ldap:///uid=pkidbuser > ,ou=people,o=ipaca";) > > # ldbm database, plugins, config > dn: cn=ldbm database,cn=plugins,cn=config > aci: (targetattr=*)(version 3.0; acl "Cert Manager access for VLV searches"; a > llow (read) userdn="ldap:///uid=pkidbuser,ou=people,o=ipaca";) > > # Posix IDs, Distributed Numeric Assignment Plugin, plugins, config > dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config > aci: (targetattr=dnaNextRange || dnaNextValue || dnaMaxValue)(version 3.0;acl > "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA > Range,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > aci: (targetattr=cn || dnaMaxValue || dnaNextRange || dnaNextValue || dnaThre > shold || dnaType || objectclass)(version 3.0;acl "permission:Read DNA Range"; > allow (read, search, compare) groupdn = "ldap:///cn=Read DNA Range,cn=permiss > ions,cn=pbac,dc=ipatestdomain,dc=net";) > > # userRoot, ldbm database, plugins, config > dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config > aci: (targetattr=nsslapd-readonly)(version 3.0; acl "Allow marking the databas > e readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreement > s,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > > # search result > search: 2 > result: 0 Success > > # numResponses: 12 > # numEntries: 11 > > > > ============================================================================ > 3. ACL on dc2 when it's now a Fedora 23 FreeIPA 4.2.3 server and the replica file was made from dc1 which is a CentOS server that still has the acls(missing some stuff) > ============================================================================ > aci list on dc2 > > [root at dc2 ~]# ldapsearch -D "cn=directory manager" -W -b "cn=config" "(aci=*)" aci > Enter LDAP Password: > # extended LDIF > # > # LDAPv3 > # base with scope subtree > # filter: (aci=*) > # requesting: aci > # > > # config > dn: cn=config > aci: (targetattr != aci)(version 3.0; aci "cert manager read access"; allow (r > ead, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) > aci: (target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")( > targetattr=*)(version 3.0;acl "permission:Add Automember Rebuild Membership T > ask";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task > ,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > aci: (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || ob > jectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plu > gins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configura > tion";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Manager > s Configuration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > aci: (targetattr = "passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop, > cn=plugins,cn=config")(version 3.0;acl "permission:Modify PassSync Managers C > onfiguration";allow (write) groupdn = "ldap:///cn=Modify PassSync Managers Co > nfiguration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > aci: (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || ns > slapd-directory* || objectclass")(target = "ldap:///cn=config,cn=ldbm databas > e,cn=plugins,cn=config")(version 3.0;acl "permission:Read LDBM Database Confi > guration";allow (compare,read,search) groupdn = "ldap:///cn=Read LDBM Databas > e Configuration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > aci: (version 3.0;acl "permission:Add Configuration Sub-Entries";allow (add) g > roupdn = "ldap:///cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc= > ipatestdomain,dc=net";) > > # SNMP, config > dn: cn=SNMP,cn=config > aci: (target="ldap:///cn=SNMP,cn=config")(targetattr !="aci")(version 3.0;acl > "snmp";allow (read, search, compare)(userdn = "ldap:///anyone");) > > # tasks, config > dn: cn=tasks,cn=config > aci: (targetattr=*)(version 3.0; acl "Run tasks after replica re-initializatio > n"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permis > sions,cn=pbac,dc=ipatestdomain,dc=net";) > aci: (targetattr=*)(version 3.0; acl "cert manager: Run tasks after replica re > -initialization"; allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipa > ca";) > aci: (targetattr="*")(version 3.0; acl "Admin can read all tasks"; allow (read > , compare, search) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=grip > atestdomain,dc=net";) > > # csusers, config > dn: ou=csusers,cn=config > aci: (targetattr != aci)(version 3.0; aci "cert manager manage replication use > rs"; allow (all) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) > > # 1.3.6.1.4.1.4203.1.9.1.1, features, config > dn: oid=1.3.6.1.4.1.4203.1.9.1.1,cn=features,cn=config > aci: (targetattr != "aci")(version 3.0; acl "Sync Request Control"; allow( rea > d, search ) userdn = "ldap:///all";) > > # 2.16.840.1.113730.3.4.9, features, config > dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config > aci: (targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, > search, compare, proxy) userdn = "ldap:///anyone"; ) > > # dc\3Dipatestdomain\2Cdc\3Dnet, mapping tree, config > dn: cn=dc\3Dipatestdomain\2Cdc\3Dnet,cn=mapping tree,cn=config > aci: (targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";al > low (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn= > pbac,dc=ipatestdomain,dc=net";) > aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd > s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl > ass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreeme > nts"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Ag > reements,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob > jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Rem > ove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Repli > cation Agreements,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > > # o\3Dipaca, mapping tree, config > dn: cn=o\3Dipaca,cn=mapping tree,cn=config > aci: (targetattr=*)(version 3.0;acl "cert manager: Add Replication Agreements" > ;allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) > aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd > s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl > ass=nsMappingTree))")(version 3.0; acl "cert manager: Modify Replication Agre > ements"; allow (read, write, search) userdn = "ldap:///uid=pkidbuser,ou=peopl > e,o=ipaca";) > aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob > jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "cert manager: > Remove Replication Agreements";allow (delete) userdn = "ldap:///uid=pkidbuser > ,ou=people,o=ipaca";) > > # ldbm database, plugins, config > dn: cn=ldbm database,cn=plugins,cn=config > aci: (targetattr=*)(version 3.0; acl "Cert Manager access for VLV searches"; a > llow (read) userdn="ldap:///uid=pkidbuser,ou=people,o=ipaca";) > > # Posix IDs, Distributed Numeric Assignment Plugin, plugins, config > dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config > aci: (targetattr=dnaNextRange || dnaNextValue || dnaMaxValue)(version 3.0;acl > "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA > Range,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > aci: (targetattr=cn || dnaMaxValue || dnaNextRange || dnaNextValue || dnaThre > shold || dnaType || objectclass)(version 3.0;acl "permission:Read DNA Range"; > allow (read, search, compare) groupdn = "ldap:///cn=Read DNA Range,cn=permiss > ions,cn=pbac,dc=ipatestdomain,dc=net";) > > # userRoot, ldbm database, plugins, config > dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config > aci: (targetattr=nsslapd-readonly)(version 3.0; acl "Allow marking the databas > e readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreement > s,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > > # search result > search: 2 > result: 0 Success > > # numResponses: 12 > # numEntries: 11 > > ============================================================================ > 4. ACL on dc1 when it's now a Fedora 23 FreeIPA 4.2.3 server (now missing some stuff) > ============================================================================ > [root at dc1 yum.repos.d]# ldapsearch -D "cn=directory manager" -W -b "cn=config" "(aci=*)" aci > Enter LDAP Password: > # extended LDIF > # > # LDAPv3 > # base with scope subtree > # filter: (aci=*) > # requesting: aci > # > > # config > dn: cn=config > aci: (targetattr != aci)(version 3.0; aci "cert manager read access"; allow (r > ead, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) > aci: (target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")( > targetattr=*)(version 3.0;acl "permission:Add Automember Rebuild Membership T > ask";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task > ,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > aci: (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || ob > jectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plu > gins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configura > tion";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Manager > s Configuration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > aci: (targetattr = "passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop, > cn=plugins,cn=config")(version 3.0;acl "permission:Modify PassSync Managers C > onfiguration";allow (write) groupdn = "ldap:///cn=Modify PassSync Managers Co > nfiguration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > aci: (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || ns > slapd-directory* || objectclass")(target = "ldap:///cn=config,cn=ldbm databas > e,cn=plugins,cn=config")(version 3.0;acl "permission:Read LDBM Database Confi > guration";allow (compare,read,search) groupdn = "ldap:///cn=Read LDBM Databas > e Configuration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > aci: (version 3.0;acl "permission:Add Configuration Sub-Entries";allow (add) g > roupdn = "ldap:///cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc= > ipatestdomain,dc=net";) > > # SNMP, config > dn: cn=SNMP,cn=config > aci: (target="ldap:///cn=SNMP,cn=config")(targetattr !="aci")(version 3.0;acl > "snmp";allow (read, search, compare)(userdn = "ldap:///anyone");) > > # tasks, config > dn: cn=tasks,cn=config > aci: (targetattr=*)(version 3.0; acl "Run tasks after replica re-initializatio > n"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permis > sions,cn=pbac,dc=ipatestdomain,dc=net";) > aci: (targetattr=*)(version 3.0; acl "cert manager: Run tasks after replica re > -initialization"; allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipa > ca";) > aci: (targetattr="*")(version 3.0; acl "Admin can read all tasks"; allow (read > , compare, search) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=grip > atestdomain,dc=net";) > > # csusers, config > dn: ou=csusers,cn=config > aci: (targetattr != aci)(version 3.0; aci "cert manager manage replication use > rs"; allow (all) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) > > # 1.3.6.1.4.1.4203.1.9.1.1, features, config > dn: oid=1.3.6.1.4.1.4203.1.9.1.1,cn=features,cn=config > aci: (targetattr != "aci")(version 3.0; acl "Sync Request Control"; allow( rea > d, search ) userdn = "ldap:///all";) > > # 2.16.840.1.113730.3.4.9, features, config > dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config > aci: (targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, > search, compare, proxy) userdn = "ldap:///anyone"; ) > > # dc\3Dipatestdomain\2Cdc\3Dnet, mapping tree, config > dn: cn=dc\3Dipatestdomain\2Cdc\3Dnet,cn=mapping tree,cn=config > aci: (targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";al > low (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn= > pbac,dc=ipatestdomain,dc=net";) > aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd > s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl > ass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreeme > nts"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Ag > reements,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob > jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Rem > ove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Repli > cation Agreements,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > > # o\3Dipaca, mapping tree, config > dn: cn=o\3Dipaca,cn=mapping tree,cn=config > aci: (targetattr=*)(version 3.0;acl "cert manager: Add Replication Agreements" > ;allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) > aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd > s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl > ass=nsMappingTree))")(version 3.0; acl "cert manager: Modify Replication Agre > ements"; allow (read, write, search) userdn = "ldap:///uid=pkidbuser,ou=peopl > e,o=ipaca";) > aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob > jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "cert manager: > Remove Replication Agreements";allow (delete) userdn = "ldap:///uid=pkidbuser > ,ou=people,o=ipaca";) > > # ldbm database, plugins, config > dn: cn=ldbm database,cn=plugins,cn=config > aci: (targetattr=*)(version 3.0; acl "Cert Manager access for VLV searches"; a > llow (read) userdn="ldap:///uid=pkidbuser,ou=people,o=ipaca";) > > # Posix IDs, Distributed Numeric Assignment Plugin, plugins, config > dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config > aci: (targetattr=dnaNextRange || dnaNextValue || dnaMaxValue)(version 3.0;acl > "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA > Range,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > aci: (targetattr=cn || dnaMaxValue || dnaNextRange || dnaNextValue || dnaThre > shold || dnaType || objectclass)(version 3.0;acl "permission:Read DNA Range"; > allow (read, search, compare) groupdn = "ldap:///cn=Read DNA Range,cn=permiss > ions,cn=pbac,dc=ipatestdomain,dc=net";) > > # userRoot, ldbm database, plugins, config > dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config > aci: (targetattr=nsslapd-readonly)(version 3.0; acl "Allow marking the databas > e readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreement > s,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) > > # search result > search: 2 > result: 0 Success > > # numResponses: 12 > # numEntries: 11 > > > > -----Original Message----- > From: Rich Megginson [mailto:rmeggins at redhat.com] > Sent: January-22-16 10:24 AM > To: Nathan Peters; freeipa-users at redhat.com > Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists > > On 01/22/2016 11:04 AM, Nathan Peters wrote: >> Wow, strange stuff, the search I linked in the last email for our non working dev environment seems short some entries. >> >> For comparison, here is the same search run against our currently working prod environment. >> >> As you can see, our prod environment has a huge aci on the config tree. >> >> For reference, our prod and dev environments were identical (FreeIPA 4.1.4/CentOS7.1) before I updated our dev environment to CentOS7.2/FreeIPA4.2.0 -> Fedora23/FreeIPA4.2.3 -> Fedora23/FreeIPA4.3.0. So at some point during this upgrade process I assume maybe one of the installers deleted acis on our tree? That sounds like the kind of thing that would happen when introducing the new domain level functionality in 4.3, like if someone accidentally thought "oh this replica branch is now in a globally replicated section, we can remove these acis for this local stuff..." and then put that logic into the installer or something... >> >> The real question is, is there some good way of getting those aci's back, like a fixaci command? > I don't know. > From aalam at paperlesspost.com Tue Jan 26 20:45:58 2016 From: aalam at paperlesspost.com (Ash Alam) Date: Tue, 26 Jan 2016 15:45:58 -0500 Subject: [Freeipa-users] Upgrading from 3.0.0 CentOS6 to 4.2.3 CentOS7 In-Reply-To: References: <564EE884.6060909@redhat.com> <564F46BB.8060906@redhat.com> <56A79741.30707@redhat.com> Message-ID: I didnt want to dig up an old thread but i am running into this issue. The old thread points to Pki 10.2.6 as the solution but i am not seeing that package on centos 7.2. STDERR: ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to configure CA instance: Command ''/usr/sbin/pkispawn' '-s' 'CA' '-f' '/tmp/tmpHfdvFD'' returned non-zero exit status 1 Thank You On Tue, Jan 26, 2016 at 12:14 PM, Ash Alam wrote: > thank you! Out of curiosity has anyone been able to automate this using > chef/puppet etc? > > On Tue, Jan 26, 2016 at 10:56 AM, Martin Kosek wrote: > >> Did you follow the instructions in the error message? There is also a >> longer >> description here: >> >> >> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/upgrading.html#migrating-ipa-proc >> >> Martin >> >> On 01/26/2016 04:38 PM, Ash Alam wrote: >> > I wanted to follow up on this as i finally gotten around to doing the >> > upgrade. I an running into this error. I also found a bugzilla ticket. >> Do >> > you have to do some type of schema upgrade like you do with active >> > directory? >> > >> > https://bugzilla.redhat.com/show_bug.cgi?id=1235766 >> > >> > STDERR: ipa : CRITICAL The master CA directory server does >> not >> > have necessary schema. Please copy the following script to all CA >> masters >> > and run it on them: /usr/share/ipa/copy-schema-to-ca.py >> > >> > If you are certain that this is a false positive, use >> > --skip-schema-check. >> > >> > ipa.ipapython.install.cli.install_tool(Replica): ERROR IPA schema >> > missing on master CA directory server >> > >> > >> > >> > Thank You >> > >> > >> > >> > >> > On Fri, Nov 20, 2015 at 11:13 AM, Martin Kosek >> wrote: >> > >> >> On 11/20/2015 04:08 PM, Ash Alam wrote: >> >> >> >>> Most of the clients in my env are centos 6.6 with ipa 3.0.0 client >> >>> installed. I >> >>> if bring up a replica on centos 7.2 with ipa 4.2.3 server and then >> start >> >>> phasing out the older 3.0.0 servers. Will the client that are still >> >>> running the >> >>> older client software still work? >> >>> >> >> >> >> It should, yes. It is expected that there are RHEL/CentOS-6 clients >> with >> >> RHEL-7 FreeIPA servers. The older clients just won't be able to use the >> >> newest features. >> >> >> >> >> >>> On Fri, Nov 20, 2015 at 4:31 AM, Martin Kosek > >>> > wrote: >> >>> >> >>> On 11/19/2015 11:03 PM, Ash Alam wrote: >> >>> >> >>> Hello All >> >>> >> >>> I am looking for some advice on upgrading. Currently our >> FreeIPA >> >>> servers are >> >>> 3.0.0 on centos 6.6. We are looking to go to 4.2.3 Centos7. >> This >> >>> upgrade path >> >>> is not possible per IPA documentation. Minimum version >> required >> >>> is 3.3.x. I >> >>> have also found that cenos6 does not provide anything past >> 3.0.0. >> >>> >> >>> >> >>> And it won't. There are no plans in updating FreeIPA version in >> >>> RHEL/CentOS-6.x, we encourage people who want the new features to >> >>> migrate >> >>> to RHEL-7.x: >> >>> >> >>> >> >>> >> http://www.freeipa.org/page/Howto/Migration#Migrating_Identity_Management_in_RHEL.2FCentOS >> >>> >> >>> >> >>> >> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/upgrading.html#migrating-ipa-proc >> >>> >> >>> If you want to wait on CentOS-7.2, it should be in works now: >> >>> http://seven.centos.org/2015/11/rhel-7-2-released-today/ >> >>> >> >>> One idea is to upgrade to 3.3.x first and then upgrade to >> 4.2.3 >> >>> on centos7. >> >>> This is harder since centos does not provide this. The other >> >>> issue is if >> >>> 3.0/3.3 client will be supported with 4.2.3 server. >> >>> >> >>> >> >>> The right way is to migrate via creating replicas in >> RHEL/CentOS-7.x >> >>> and >> >>> slowly deprecating RHEL/CentOS-6 ones. Detailed procedure in the >> >>> links above. >> >>> >> >>> >> >>> >> >> >> > >> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mbasti at redhat.com Tue Jan 26 20:51:01 2016 From: mbasti at redhat.com (Martin Basti) Date: Tue, 26 Jan 2016 21:51:01 +0100 Subject: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists In-Reply-To: References: <569EC761.9090306@redhat.com> <569F5B19.50009@redhat.com> <569FE2EC.5080307@redhat.com> <56A0F93E.3000406@redhat.com> <56A23BDB.1020608@redhat.com> <56A273A3.4010600@redhat.com> <56A61B88.7010205@redhat.com> Message-ID: <56A7DC35.4060504@redhat.com> On 26.01.2016 21:03, Nathan Peters wrote: > After some more investigation, it appears that there may be more ACIs missing. > > I added the missing permission (System: Read Replication Agreements) on all my masters, and then the installation failed at this point : > --------------------------- > [28/43]: setting up initial replication > Starting replication, please wait until this has completed. > [error] INSUFFICIENT_ACCESS: {'info': "Insufficient 'write' privilege to the 'nsds5BeginReplicaRefresh' attribute of entry 'cn=metodc2-ipa-dev-van.mydomain.net,cn=replica,cn=dc\\3dmydomain\\2cdc\\3dnet,cn=mapping tree,cn=config'.\n", 'desc': 'Insufficient access'} > Your system may be partly configured. > Run /usr/sbin/ipa-server-install --uninstall to clean up. > > ipa.ipapython.install.cli.install_tool(Replica): ERROR {'info': "Insufficient 'write' privilege to the 'nsds5BeginReplicaRefresh' attribute of entry 'cn=metodc2-ipa-dev-van.mydomain.net,cn=replica,cn=dc\\3dmydomain\\2cdc\\3dnet,cn=mapping tree,cn=config'.\n", 'desc': 'Insufficient access'} > ipa.ipapython.install.cli.install_tool(Replica): ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information > > Because of that and a comparison of my earlier version of ldif files from earlier versions of FreeIPA, I noticed the following ACI also missing from the mapping tree : > -------------------------------------- > # dc\3Dipatestdomain\2Cdc\3Dnet, mapping tree, config > dn: cn=dc\3Dipatestdomain\2Cdc\3Dnet,cn=mapping tree,cn=config > aci: (targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";al > low (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn= > pbac,dc=mydomain,dc=net";) > aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd > s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl > ass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreeme > nts"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Ag > reements,cn=permissions,cn=pbac,dc=mydomain,dc=net";) > > After I added that, I attempted my replica installation again this time it failed on the o=ipaca branch > ---------------------------------------- > Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes 30 seconds > [1/23]: creating certificate server user > [2/23]: creating certificate server db > [3/23]: setting up initial replication > [error] INSUFFICIENT_ACCESS: {'info': "Insufficient 'write' privilege to the 'nsDS5ReplicaBindDN' attribute of entry 'cn=replica,cn=o\\3dipaca,cn=mapping tree,cn=config'.\n", 'desc': 'Insufficient access'} > Your system may be partly configured. > Run /usr/sbin/ipa-server-install --uninstall to clean up. > > ipa.ipapython.install.cli.install_tool(Replica): ERROR {'info': "Insufficient 'write' privilege to the 'nsDS5ReplicaBindDN' attribute of entry 'cn=replica,cn=o\\3dipaca,cn=mapping tree,cn=config'.\n", 'desc': 'Insufficient access'} > ipa.ipapython.install.cli.install_tool(Replica): ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information > > Looking at that branch of the ldap tree, I noticed some differences > --------------------------------------------------------------------------- > In the cn=yourdomain,cn=mapping tree,cn=config you will find the following permissions : > permission:Add Replication Agreements > In the cn=o=ipaca,cn=mapping tree,cn=config you will find the following permissions : > cert manager: Add Replication Agreements > > ========================= > So I think there are actually 3 issues : > =========================== > 1. Missing aci on base cn=config entry > 2. Missing aci on dc\3Dipatestdomain\2Cdc\3Dnet, mapping tree, config branch > 3. acis are on the o=ipaca branch, but they are wrong as they only apply to cert manager, and not all users I'm not sure if this covers your issues, but it may be related https://fedorahosted.org/freeipa/ticket/5412 Martin > > -----Original Message----- > From: Martin Basti [mailto:mbasti at redhat.com] > Sent: January-25-16 4:57 AM > To: Nathan Peters; Rich Megginson; freeipa-users at redhat.com > Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists > > Thank you, > > I found root cause why "System: Read Replication Agreements" ACI is not on replica. > > https://fedorahosted.org/freeipa/ticket/5631 > > I have to figure out why this permission is added on centos7.2, because IMO this bug is there from 4.0. > > > On 24.01.2016 03:22, Nathan Peters wrote: >> I can now confirm that this is a 100% reproducible bug, and a pretty severe one at that. You should be able to reproduce this issue at will if you follow these steps. It may actually be possible with less servers and less steps, but here is what I did in a test lab today: >> >> 1. Create a brand new FreeIPA domain in CentOS 7.2 / FreeIPA 4.2.0 with 3 servers, dc1, dc2, dc3, replicating any way you want. >> 3. Use ipa-replica-manage del dc2.ipatestdomain.net, and then delete the server / vm / whatever you have it running on >> 3. Install Fedora 23 on the same IP address and hostname (dc2.ipatestdomain.net). Install FreeIPA server 4.2.3 from replica file created on CA master (dc1). >> >> Check aci on dc2. You will notice it's now missing a bunch of stuff. So basically, all it takes to lose that ACL is to create a Fedora FreeIPA server and join it to a CentOS domain. >> After I had upgraded all 3 to Fedora, that ACLS was lost permanently as it no longer existed on any server because there were no CentOS servers left. >> >> I'm assuming since this is so easy to reproduce, that you don't actually need my log files. >> >> ACL comparisons below for reference : >> 1. ACL on dc1 when its on FreeIPA 4.2.0 on CentOS 7.2 and the domain consists of only CentOS servers >> 2. ACL on dc1 when its still on FreeIPA 4.2.0 on CentOS 7.2 but there is now a Fedora 23 FreeIPA 4.2.3 server in the domain (for reference that the CentOS ACL hasn't changed yet) >> 3. ACL on dc2 when it's now a Fedora 23 FreeIPA 4.2.3 server created from a replica file made from dc1, the centOS 7.2 CA master(missing some stuff) >> 4. ACL on dc1 when it's now a Fedora 23 FreeIPA 4.2.3 server (now missing some stuff) >> >> ============================================================================ >> 1. ACL on dc1 when its on FreeIPA 4.2.0 on CentOS 7.2 and the domain consists of only CentOS servers >> ============================================================================ >> [root at dc1 ~]# ldapsearch -D "cn=directory manager" -W -b "cn=config" "(aci=*)" aci >> Enter LDAP Password: >> # extended LDIF >> # >> # LDAPv3 >> # base with scope subtree >> # filter: (aci=*) >> # requesting: aci >> # >> >> # config >> dn: cn=config >> aci: (targetattr != aci)(version 3.0; aci "cert manager read access"; allow (r >> ead, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) >> aci: (target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")( >> targetattr=*)(version 3.0;acl "permission:Add Automember Rebuild Membership T >> ask";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task >> ,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >> aci: (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || ob >> jectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plu >> gins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configura >> tion";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Manager >> s Configuration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >> aci: (targetattr = "passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop, >> cn=plugins,cn=config")(version 3.0;acl "permission:Modify PassSync Managers C >> onfiguration";allow (write) groupdn = "ldap:///cn=Modify PassSync Managers Co >> nfiguration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >> aci: (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || ns >> slapd-directory* || objectclass")(target = "ldap:///cn=config,cn=ldbm databas >> e,cn=plugins,cn=config")(version 3.0;acl "permission:Read LDBM Database Confi >> guration";allow (compare,read,search) groupdn = "ldap:///cn=Read LDBM Databas >> e Configuration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >> aci: (version 3.0;acl "permission:Add Configuration Sub-Entries";allow (add) g >> roupdn = "ldap:///cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc= >> ipatestdomain,dc=net";) >> aci: (targetattr = "cn || createtimestamp || description || entryusn || modify >> timestamp || nsds50ruv || nsds5beginreplicarefresh || nsds5debugreplicatimeou >> t || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || n >> sds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds >> 5replicabindmethod || nsds5replicabusywaittime || nsds5replicachangecount || >> nsds5replicachangessentsincestartup || nsds5replicacleanruv || nsds5replicacl >> eanruvnotified || nsds5replicacredentials || nsds5replicaenabled || nsds5repl >> icahost || nsds5replicaid || nsds5replicalastinitend || nsds5replicalastinits >> tart || nsds5replicalastinitstatus || nsds5replicalastupdateend || nsds5repli >> calastupdatestart || nsds5replicalastupdatestatus || nsds5replicalegacyconsum >> er || nsds5replicaname || nsds5replicaport || nsds5replicaprotocoltimeout || >> nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5re >> plicasessionpausetime || nsds5replicastripattrs || nsds5replicatedattributeli >> st || nsds5replicatedattributelisttotal || nsds5replicatimeout || nsds5replic >> atombstonepurgeinterval || nsds5replicatransportinfo || nsds5replicatype || n >> sds5replicaupdateinprogress || nsds5replicaupdateschedule || nsds5task || nsd >> s7directoryreplicasubtree || nsds7dirsynccookie || nsds7newwingroupsyncenable >> d || nsds7newwinusersyncenabled || nsds7windowsdomain || nsds7windowsreplicas >> ubtree || nsruvreplicalastmodified || nsstate || objectclass || onewaysync || >> winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction || winsyncsub >> treepair || winsyncwindowsfilter")(targetfilter = "(|(objectclass=nsds5Replic >> a)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationA >> greement)(objectClass=nsMappingTree))")(version 3.0;acl "permission:System: R >> ead Replication Agreements";allow (compare,read,search) groupdn = "ldap:///cn >> =System: Read Replication Agreements,cn=permissions,cn=pbac,dc=ipatestdomai >> n,dc=net";) >> >> # SNMP, config >> dn: cn=SNMP,cn=config >> aci: (target="ldap:///cn=SNMP,cn=config")(targetattr !="aci")(version 3.0;acl >> "snmp";allow (read, search, compare)(userdn = "ldap:///anyone");) >> >> # tasks, config >> dn: cn=tasks,cn=config >> aci: (targetattr=*)(version 3.0; acl "Run tasks after replica re-initializatio >> n"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permis >> sions,cn=pbac,dc=ipatestdomain,dc=net";) >> aci: (targetattr=*)(version 3.0; acl "cert manager: Run tasks after replica re >> -initialization"; allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipa >> ca";) >> aci: (targetattr="*")(version 3.0; acl "Admin can read all tasks"; allow (read >> , compare, search) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=grip >> atestdomain,dc=net";) >> aci: (targetattr = "*")(target = "ldap:///cn=*,cn=automember rebuild membershi >> p,cn=tasks,cn=config")(version 3.0;acl "permission:System: Read Automember Ta >> sks";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Automembe >> r Tasks,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >> >> # csusers, config >> dn: ou=csusers,cn=config >> aci: (targetattr != aci)(version 3.0; aci "cert manager manage replication use >> rs"; allow (all) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) >> >> # 1.3.6.1.4.1.4203.1.9.1.1, features, config >> dn: oid=1.3.6.1.4.1.4203.1.9.1.1,cn=features,cn=config >> aci: (targetattr != "aci")(version 3.0; acl "Sync Request Control"; allow( rea >> d, search ) userdn = "ldap:///all";) >> >> # 2.16.840.1.113730.3.4.9, features, config >> dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config >> aci: (targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, >> search, compare, proxy) userdn = "ldap:///anyone"; ) >> >> # dc\3Dipatestdomain\2Cdc\3Dnet, mapping tree, config >> dn: cn=dc\3Dipatestdomain\2Cdc\3Dnet,cn=mapping tree,cn=config >> aci: (targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";al >> low (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn= >> pbac,dc=ipatestdomain,dc=net";) >> aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd >> s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl >> ass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreeme >> nts"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Ag >> reements,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >> aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob >> jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Rem >> ove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Repli >> cation Agreements,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >> >> # o\3Dipaca, mapping tree, config >> dn: cn=o\3Dipaca,cn=mapping tree,cn=config >> aci: (targetattr=*)(version 3.0;acl "cert manager: Add Replication Agreements" >> ;allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) >> aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd >> s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl >> ass=nsMappingTree))")(version 3.0; acl "cert manager: Modify Replication Agre >> ements"; allow (read, write, search) userdn = "ldap:///uid=pkidbuser,ou=peopl >> e,o=ipaca";) >> aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob >> jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "cert manager: >> Remove Replication Agreements";allow (delete) userdn = "ldap:///uid=pkidbuser >> ,ou=people,o=ipaca";) >> >> # ldbm database, plugins, config >> dn: cn=ldbm database,cn=plugins,cn=config >> aci: (targetattr=*)(version 3.0; acl "Cert Manager access for VLV searches"; a >> llow (read) userdn="ldap:///uid=pkidbuser,ou=people,o=ipaca";) >> >> # Posix IDs, Distributed Numeric Assignment Plugin, plugins, config >> dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config >> aci: (targetattr=dnaNextRange || dnaNextValue || dnaMaxValue)(version 3.0;acl >> "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA >> Range,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >> aci: (targetattr=cn || dnaMaxValue || dnaNextRange || dnaNextValue || dnaThre >> shold || dnaType || objectclass)(version 3.0;acl "permission:Read DNA Range"; >> allow (read, search, compare) groupdn = "ldap:///cn=Read DNA Range,cn=permiss >> ions,cn=pbac,dc=ipatestdomain,dc=net";) >> >> # userRoot, ldbm database, plugins, config >> dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config >> aci: (targetattr=nsslapd-readonly)(version 3.0; acl "Allow marking the databas >> e readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreement >> s,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >> >> # search result >> search: 2 >> result: 0 Success >> >> # numResponses: 12 >> # numEntries: 11 >> >> >> ============================================================================ >> 2. ACL on dc1 when its still on FreeIPA 4.2.0 on CentOS 7.2 but there is now a Fedora 23 FreeIPA 4.2.3 server in the domain (for reference that the CentOS ACL hasn't changed yet) >> ============================================================================ >> ================ after reinstallation of dc2 in fedora 23 / ipa 4.2.3 ========================= >> >> [root at dc1 ~]# ldapsearch -b "cn=config" -D "uid=admin,cn=users,cn=accounts,dc=ipatestdomain,dc=net" -W >> Enter LDAP Password: >> # config >> dn: cn=config >> aci: (targetattr != aci)(version 3.0; aci "cert manager read access"; allow (r >> ead, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) >> aci: (target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")( >> targetattr=*)(version 3.0;acl "permission:Add Automember Rebuild Membership T >> ask";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task >> ,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >> aci: (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || ob >> jectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plu >> gins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configura >> tion";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Manager >> s Configuration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >> aci: (targetattr = "passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop, >> cn=plugins,cn=config")(version 3.0;acl "permission:Modify PassSync Managers C >> onfiguration";allow (write) groupdn = "ldap:///cn=Modify PassSync Managers Co >> nfiguration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >> aci: (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || ns >> slapd-directory* || objectclass")(target = "ldap:///cn=config,cn=ldbm databas >> e,cn=plugins,cn=config")(version 3.0;acl "permission:Read LDBM Database Confi >> guration";allow (compare,read,search) groupdn = "ldap:///cn=Read LDBM Databas >> e Configuration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >> aci: (version 3.0;acl "permission:Add Configuration Sub-Entries";allow (add) g >> roupdn = "ldap:///cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc= >> ipatestdomain,dc=net";) >> aci: (targetattr = "cn || createtimestamp || description || entryusn || modify >> timestamp || nsds50ruv || nsds5beginreplicarefresh || nsds5debugreplicatimeou >> t || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || n >> sds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds >> 5replicabindmethod || nsds5replicabusywaittime || nsds5replicachangecount || >> nsds5replicachangessentsincestartup || nsds5replicacleanruv || nsds5replicacl >> eanruvnotified || nsds5replicacredentials || nsds5replicaenabled || nsds5repl >> icahost || nsds5replicaid || nsds5replicalastinitend || nsds5replicalastinits >> tart || nsds5replicalastinitstatus || nsds5replicalastupdateend || nsds5repli >> calastupdatestart || nsds5replicalastupdatestatus || nsds5replicalegacyconsum >> er || nsds5replicaname || nsds5replicaport || nsds5replicaprotocoltimeout || >> nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5re >> plicasessionpausetime || nsds5replicastripattrs || nsds5replicatedattributeli >> st || nsds5replicatedattributelisttotal || nsds5replicatimeout || nsds5replic >> atombstonepurgeinterval || nsds5replicatransportinfo || nsds5replicatype || n >> sds5replicaupdateinprogress || nsds5replicaupdateschedule || nsds5task || nsd >> s7directoryreplicasubtree || nsds7dirsynccookie || nsds7newwingroupsyncenable >> d || nsds7newwinusersyncenabled || nsds7windowsdomain || nsds7windowsreplicas >> ubtree || nsruvreplicalastmodified || nsstate || objectclass || onewaysync || >> winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction || winsyncsub >> treepair || winsyncwindowsfilter")(targetfilter = "(|(objectclass=nsds5Replic >> a)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationA >> greement)(objectClass=nsMappingTree))")(version 3.0;acl "permission:System: R >> ead Replication Agreements";allow (compare,read,search) groupdn = "ldap:///cn >> =System: Read Replication Agreements,cn=permissions,cn=pbac,dc=ipatestdomai >> n,dc=net";) >> >> # SNMP, config >> dn: cn=SNMP,cn=config >> aci: (target="ldap:///cn=SNMP,cn=config")(targetattr !="aci")(version 3.0;acl >> "snmp";allow (read, search, compare)(userdn = "ldap:///anyone");) >> >> # tasks, config >> dn: cn=tasks,cn=config >> aci: (targetattr=*)(version 3.0; acl "Run tasks after replica re-initializatio >> n"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permis >> sions,cn=pbac,dc=ipatestdomain,dc=net";) >> aci: (targetattr=*)(version 3.0; acl "cert manager: Run tasks after replica re >> -initialization"; allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipa >> ca";) >> aci: (targetattr="*")(version 3.0; acl "Admin can read all tasks"; allow (read >> , compare, search) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=grip >> atestdomain,dc=net";) >> aci: (targetattr = "*")(target = "ldap:///cn=*,cn=automember rebuild membershi >> p,cn=tasks,cn=config")(version 3.0;acl "permission:System: Read Automember Ta >> sks";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Automembe >> r Tasks,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >> >> # csusers, config >> dn: ou=csusers,cn=config >> aci: (targetattr != aci)(version 3.0; aci "cert manager manage replication use >> rs"; allow (all) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) >> >> # 1.3.6.1.4.1.4203.1.9.1.1, features, config >> dn: oid=1.3.6.1.4.1.4203.1.9.1.1,cn=features,cn=config >> aci: (targetattr != "aci")(version 3.0; acl "Sync Request Control"; allow( rea >> d, search ) userdn = "ldap:///all";) >> >> # 2.16.840.1.113730.3.4.9, features, config >> dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config >> aci: (targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, >> search, compare, proxy) userdn = "ldap:///anyone"; ) >> >> # dc\3Dipatestdomain\2Cdc\3Dnet, mapping tree, config >> dn: cn=dc\3Dipatestdomain\2Cdc\3Dnet,cn=mapping tree,cn=config >> aci: (targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";al >> low (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn= >> pbac,dc=ipatestdomain,dc=net";) >> aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd >> s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl >> ass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreeme >> nts"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Ag >> reements,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >> aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob >> jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Rem >> ove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Repli >> cation Agreements,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >> >> # o\3Dipaca, mapping tree, config >> dn: cn=o\3Dipaca,cn=mapping tree,cn=config >> aci: (targetattr=*)(version 3.0;acl "cert manager: Add Replication Agreements" >> ;allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) >> aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd >> s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl >> ass=nsMappingTree))")(version 3.0; acl "cert manager: Modify Replication Agre >> ements"; allow (read, write, search) userdn = "ldap:///uid=pkidbuser,ou=peopl >> e,o=ipaca";) >> aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob >> jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "cert manager: >> Remove Replication Agreements";allow (delete) userdn = "ldap:///uid=pkidbuser >> ,ou=people,o=ipaca";) >> >> # ldbm database, plugins, config >> dn: cn=ldbm database,cn=plugins,cn=config >> aci: (targetattr=*)(version 3.0; acl "Cert Manager access for VLV searches"; a >> llow (read) userdn="ldap:///uid=pkidbuser,ou=people,o=ipaca";) >> >> # Posix IDs, Distributed Numeric Assignment Plugin, plugins, config >> dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config >> aci: (targetattr=dnaNextRange || dnaNextValue || dnaMaxValue)(version 3.0;acl >> "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA >> Range,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >> aci: (targetattr=cn || dnaMaxValue || dnaNextRange || dnaNextValue || dnaThre >> shold || dnaType || objectclass)(version 3.0;acl "permission:Read DNA Range"; >> allow (read, search, compare) groupdn = "ldap:///cn=Read DNA Range,cn=permiss >> ions,cn=pbac,dc=ipatestdomain,dc=net";) >> >> # userRoot, ldbm database, plugins, config >> dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config >> aci: (targetattr=nsslapd-readonly)(version 3.0; acl "Allow marking the databas >> e readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreement >> s,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >> >> # search result >> search: 2 >> result: 0 Success >> >> # numResponses: 12 >> # numEntries: 11 >> >> >> >> ============================================================================ >> 3. ACL on dc2 when it's now a Fedora 23 FreeIPA 4.2.3 server and the replica file was made from dc1 which is a CentOS server that still has the acls(missing some stuff) >> ============================================================================ >> aci list on dc2 >> >> [root at dc2 ~]# ldapsearch -D "cn=directory manager" -W -b "cn=config" "(aci=*)" aci >> Enter LDAP Password: >> # extended LDIF >> # >> # LDAPv3 >> # base with scope subtree >> # filter: (aci=*) >> # requesting: aci >> # >> >> # config >> dn: cn=config >> aci: (targetattr != aci)(version 3.0; aci "cert manager read access"; allow (r >> ead, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) >> aci: (target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")( >> targetattr=*)(version 3.0;acl "permission:Add Automember Rebuild Membership T >> ask";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task >> ,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >> aci: (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || ob >> jectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plu >> gins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configura >> tion";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Manager >> s Configuration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >> aci: (targetattr = "passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop, >> cn=plugins,cn=config")(version 3.0;acl "permission:Modify PassSync Managers C >> onfiguration";allow (write) groupdn = "ldap:///cn=Modify PassSync Managers Co >> nfiguration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >> aci: (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || ns >> slapd-directory* || objectclass")(target = "ldap:///cn=config,cn=ldbm databas >> e,cn=plugins,cn=config")(version 3.0;acl "permission:Read LDBM Database Confi >> guration";allow (compare,read,search) groupdn = "ldap:///cn=Read LDBM Databas >> e Configuration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >> aci: (version 3.0;acl "permission:Add Configuration Sub-Entries";allow (add) g >> roupdn = "ldap:///cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc= >> ipatestdomain,dc=net";) >> >> # SNMP, config >> dn: cn=SNMP,cn=config >> aci: (target="ldap:///cn=SNMP,cn=config")(targetattr !="aci")(version 3.0;acl >> "snmp";allow (read, search, compare)(userdn = "ldap:///anyone");) >> >> # tasks, config >> dn: cn=tasks,cn=config >> aci: (targetattr=*)(version 3.0; acl "Run tasks after replica re-initializatio >> n"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permis >> sions,cn=pbac,dc=ipatestdomain,dc=net";) >> aci: (targetattr=*)(version 3.0; acl "cert manager: Run tasks after replica re >> -initialization"; allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipa >> ca";) >> aci: (targetattr="*")(version 3.0; acl "Admin can read all tasks"; allow (read >> , compare, search) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=grip >> atestdomain,dc=net";) >> >> # csusers, config >> dn: ou=csusers,cn=config >> aci: (targetattr != aci)(version 3.0; aci "cert manager manage replication use >> rs"; allow (all) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) >> >> # 1.3.6.1.4.1.4203.1.9.1.1, features, config >> dn: oid=1.3.6.1.4.1.4203.1.9.1.1,cn=features,cn=config >> aci: (targetattr != "aci")(version 3.0; acl "Sync Request Control"; allow( rea >> d, search ) userdn = "ldap:///all";) >> >> # 2.16.840.1.113730.3.4.9, features, config >> dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config >> aci: (targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, >> search, compare, proxy) userdn = "ldap:///anyone"; ) >> >> # dc\3Dipatestdomain\2Cdc\3Dnet, mapping tree, config >> dn: cn=dc\3Dipatestdomain\2Cdc\3Dnet,cn=mapping tree,cn=config >> aci: (targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";al >> low (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn= >> pbac,dc=ipatestdomain,dc=net";) >> aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd >> s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl >> ass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreeme >> nts"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Ag >> reements,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >> aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob >> jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Rem >> ove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Repli >> cation Agreements,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >> >> # o\3Dipaca, mapping tree, config >> dn: cn=o\3Dipaca,cn=mapping tree,cn=config >> aci: (targetattr=*)(version 3.0;acl "cert manager: Add Replication Agreements" >> ;allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) >> aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd >> s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl >> ass=nsMappingTree))")(version 3.0; acl "cert manager: Modify Replication Agre >> ements"; allow (read, write, search) userdn = "ldap:///uid=pkidbuser,ou=peopl >> e,o=ipaca";) >> aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob >> jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "cert manager: >> Remove Replication Agreements";allow (delete) userdn = "ldap:///uid=pkidbuser >> ,ou=people,o=ipaca";) >> >> # ldbm database, plugins, config >> dn: cn=ldbm database,cn=plugins,cn=config >> aci: (targetattr=*)(version 3.0; acl "Cert Manager access for VLV searches"; a >> llow (read) userdn="ldap:///uid=pkidbuser,ou=people,o=ipaca";) >> >> # Posix IDs, Distributed Numeric Assignment Plugin, plugins, config >> dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config >> aci: (targetattr=dnaNextRange || dnaNextValue || dnaMaxValue)(version 3.0;acl >> "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA >> Range,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >> aci: (targetattr=cn || dnaMaxValue || dnaNextRange || dnaNextValue || dnaThre >> shold || dnaType || objectclass)(version 3.0;acl "permission:Read DNA Range"; >> allow (read, search, compare) groupdn = "ldap:///cn=Read DNA Range,cn=permiss >> ions,cn=pbac,dc=ipatestdomain,dc=net";) >> >> # userRoot, ldbm database, plugins, config >> dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config >> aci: (targetattr=nsslapd-readonly)(version 3.0; acl "Allow marking the databas >> e readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreement >> s,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >> >> # search result >> search: 2 >> result: 0 Success >> >> # numResponses: 12 >> # numEntries: 11 >> >> ============================================================================ >> 4. ACL on dc1 when it's now a Fedora 23 FreeIPA 4.2.3 server (now missing some stuff) >> ============================================================================ >> [root at dc1 yum.repos.d]# ldapsearch -D "cn=directory manager" -W -b "cn=config" "(aci=*)" aci >> Enter LDAP Password: >> # extended LDIF >> # >> # LDAPv3 >> # base with scope subtree >> # filter: (aci=*) >> # requesting: aci >> # >> >> # config >> dn: cn=config >> aci: (targetattr != aci)(version 3.0; aci "cert manager read access"; allow (r >> ead, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) >> aci: (target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")( >> targetattr=*)(version 3.0;acl "permission:Add Automember Rebuild Membership T >> ask";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task >> ,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >> aci: (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || ob >> jectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plu >> gins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configura >> tion";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Manager >> s Configuration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >> aci: (targetattr = "passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop, >> cn=plugins,cn=config")(version 3.0;acl "permission:Modify PassSync Managers C >> onfiguration";allow (write) groupdn = "ldap:///cn=Modify PassSync Managers Co >> nfiguration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >> aci: (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || ns >> slapd-directory* || objectclass")(target = "ldap:///cn=config,cn=ldbm databas >> e,cn=plugins,cn=config")(version 3.0;acl "permission:Read LDBM Database Confi >> guration";allow (compare,read,search) groupdn = "ldap:///cn=Read LDBM Databas >> e Configuration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >> aci: (version 3.0;acl "permission:Add Configuration Sub-Entries";allow (add) g >> roupdn = "ldap:///cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc= >> ipatestdomain,dc=net";) >> >> # SNMP, config >> dn: cn=SNMP,cn=config >> aci: (target="ldap:///cn=SNMP,cn=config")(targetattr !="aci")(version 3.0;acl >> "snmp";allow (read, search, compare)(userdn = "ldap:///anyone");) >> >> # tasks, config >> dn: cn=tasks,cn=config >> aci: (targetattr=*)(version 3.0; acl "Run tasks after replica re-initializatio >> n"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permis >> sions,cn=pbac,dc=ipatestdomain,dc=net";) >> aci: (targetattr=*)(version 3.0; acl "cert manager: Run tasks after replica re >> -initialization"; allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipa >> ca";) >> aci: (targetattr="*")(version 3.0; acl "Admin can read all tasks"; allow (read >> , compare, search) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=grip >> atestdomain,dc=net";) >> >> # csusers, config >> dn: ou=csusers,cn=config >> aci: (targetattr != aci)(version 3.0; aci "cert manager manage replication use >> rs"; allow (all) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) >> >> # 1.3.6.1.4.1.4203.1.9.1.1, features, config >> dn: oid=1.3.6.1.4.1.4203.1.9.1.1,cn=features,cn=config >> aci: (targetattr != "aci")(version 3.0; acl "Sync Request Control"; allow( rea >> d, search ) userdn = "ldap:///all";) >> >> # 2.16.840.1.113730.3.4.9, features, config >> dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config >> aci: (targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, >> search, compare, proxy) userdn = "ldap:///anyone"; ) >> >> # dc\3Dipatestdomain\2Cdc\3Dnet, mapping tree, config >> dn: cn=dc\3Dipatestdomain\2Cdc\3Dnet,cn=mapping tree,cn=config >> aci: (targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";al >> low (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn= >> pbac,dc=ipatestdomain,dc=net";) >> aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd >> s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl >> ass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreeme >> nts"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Ag >> reements,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >> aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob >> jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Rem >> ove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Repli >> cation Agreements,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >> >> # o\3Dipaca, mapping tree, config >> dn: cn=o\3Dipaca,cn=mapping tree,cn=config >> aci: (targetattr=*)(version 3.0;acl "cert manager: Add Replication Agreements" >> ;allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) >> aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd >> s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl >> ass=nsMappingTree))")(version 3.0; acl "cert manager: Modify Replication Agre >> ements"; allow (read, write, search) userdn = "ldap:///uid=pkidbuser,ou=peopl >> e,o=ipaca";) >> aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob >> jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "cert manager: >> Remove Replication Agreements";allow (delete) userdn = "ldap:///uid=pkidbuser >> ,ou=people,o=ipaca";) >> >> # ldbm database, plugins, config >> dn: cn=ldbm database,cn=plugins,cn=config >> aci: (targetattr=*)(version 3.0; acl "Cert Manager access for VLV searches"; a >> llow (read) userdn="ldap:///uid=pkidbuser,ou=people,o=ipaca";) >> >> # Posix IDs, Distributed Numeric Assignment Plugin, plugins, config >> dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config >> aci: (targetattr=dnaNextRange || dnaNextValue || dnaMaxValue)(version 3.0;acl >> "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA >> Range,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >> aci: (targetattr=cn || dnaMaxValue || dnaNextRange || dnaNextValue || dnaThre >> shold || dnaType || objectclass)(version 3.0;acl "permission:Read DNA Range"; >> allow (read, search, compare) groupdn = "ldap:///cn=Read DNA Range,cn=permiss >> ions,cn=pbac,dc=ipatestdomain,dc=net";) >> >> # userRoot, ldbm database, plugins, config >> dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config >> aci: (targetattr=nsslapd-readonly)(version 3.0; acl "Allow marking the databas >> e readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreement >> s,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >> >> # search result >> search: 2 >> result: 0 Success >> >> # numResponses: 12 >> # numEntries: 11 >> >> >> >> -----Original Message----- >> From: Rich Megginson [mailto:rmeggins at redhat.com] >> Sent: January-22-16 10:24 AM >> To: Nathan Peters; freeipa-users at redhat.com >> Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists >> >> On 01/22/2016 11:04 AM, Nathan Peters wrote: >>> Wow, strange stuff, the search I linked in the last email for our non working dev environment seems short some entries. >>> >>> For comparison, here is the same search run against our currently working prod environment. >>> >>> As you can see, our prod environment has a huge aci on the config tree. >>> >>> For reference, our prod and dev environments were identical (FreeIPA 4.1.4/CentOS7.1) before I updated our dev environment to CentOS7.2/FreeIPA4.2.0 -> Fedora23/FreeIPA4.2.3 -> Fedora23/FreeIPA4.3.0. So at some point during this upgrade process I assume maybe one of the installers deleted acis on our tree? That sounds like the kind of thing that would happen when introducing the new domain level functionality in 4.3, like if someone accidentally thought "oh this replica branch is now in a globally replicated section, we can remove these acis for this local stuff..." and then put that logic into the installer or something... >>> >>> The real question is, is there some good way of getting those aci's back, like a fixaci command? >> I don't know. >> From mbasti at redhat.com Tue Jan 26 20:56:26 2016 From: mbasti at redhat.com (Martin Basti) Date: Tue, 26 Jan 2016 21:56:26 +0100 Subject: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists In-Reply-To: <56A7DC35.4060504@redhat.com> References: <569EC761.9090306@redhat.com> <569F5B19.50009@redhat.com> <569FE2EC.5080307@redhat.com> <56A0F93E.3000406@redhat.com> <56A23BDB.1020608@redhat.com> <56A273A3.4010600@redhat.com> <56A61B88.7010205@redhat.com> <56A7DC35.4060504@redhat.com> Message-ID: <56A7DD7A.9010105@redhat.com> On 26.01.2016 21:51, Martin Basti wrote: > > > On 26.01.2016 21:03, Nathan Peters wrote: >> After some more investigation, it appears that there may be more ACIs >> missing. >> >> I added the missing permission (System: Read Replication Agreements) >> on all my masters, and then the installation failed at this point : >> --------------------------- >> [28/43]: setting up initial replication >> Starting replication, please wait until this has completed. >> [error] INSUFFICIENT_ACCESS: {'info': "Insufficient 'write' >> privilege to the 'nsds5BeginReplicaRefresh' attribute of entry >> 'cn=metodc2-ipa-dev-van.mydomain.net,cn=replica,cn=dc\\3dmydomain\\2cdc\\3dnet,cn=mapping >> tree,cn=config'.\n", 'desc': 'Insufficient access'} >> Your system may be partly configured. >> Run /usr/sbin/ipa-server-install --uninstall to clean up. >> >> ipa.ipapython.install.cli.install_tool(Replica): ERROR {'info': >> "Insufficient 'write' privilege to the 'nsds5BeginReplicaRefresh' >> attribute of entry >> 'cn=metodc2-ipa-dev-van.mydomain.net,cn=replica,cn=dc\\3dmydomain\\2cdc\\3dnet,cn=mapping >> tree,cn=config'.\n", 'desc': 'Insufficient access'} >> ipa.ipapython.install.cli.install_tool(Replica): ERROR The >> ipa-replica-install command failed. See >> /var/log/ipareplica-install.log for more information >> >> Because of that and a comparison of my earlier version of ldif files >> from earlier versions of FreeIPA, I noticed the following ACI also >> missing from the mapping tree : >> -------------------------------------- >> # dc\3Dipatestdomain\2Cdc\3Dnet, mapping tree, config >> dn: cn=dc\3Dipatestdomain\2Cdc\3Dnet,cn=mapping tree,cn=config >> aci: (targetattr=*)(version 3.0;acl "permission:Add Replication >> Agreements";al >> low (add) groupdn = "ldap:///cn=Add Replication >> Agreements,cn=permissions,cn= >> pbac,dc=mydomain,dc=net";) >> aci: >> (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd >> s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl >> ass=nsMappingTree))")(version 3.0; acl "permission:Modify >> Replication Agreeme >> nts"; allow (read, write, search) groupdn = "ldap:///cn=Modify >> Replication Ag >> reements,cn=permissions,cn=pbac,dc=mydomain,dc=net";) >> >> After I added that, I attempted my replica installation again this >> time it failed on the o=ipaca branch >> ---------------------------------------- >> Configuring certificate server (pki-tomcatd). Estimated time: 3 >> minutes 30 seconds >> [1/23]: creating certificate server user >> [2/23]: creating certificate server db >> [3/23]: setting up initial replication >> [error] INSUFFICIENT_ACCESS: {'info': "Insufficient 'write' >> privilege to the 'nsDS5ReplicaBindDN' attribute of entry >> 'cn=replica,cn=o\\3dipaca,cn=mapping tree,cn=config'.\n", 'desc': >> 'Insufficient access'} >> Your system may be partly configured. >> Run /usr/sbin/ipa-server-install --uninstall to clean up. >> >> ipa.ipapython.install.cli.install_tool(Replica): ERROR {'info': >> "Insufficient 'write' privilege to the 'nsDS5ReplicaBindDN' attribute >> of entry 'cn=replica,cn=o\\3dipaca,cn=mapping tree,cn=config'.\n", >> 'desc': 'Insufficient access'} >> ipa.ipapython.install.cli.install_tool(Replica): ERROR The >> ipa-replica-install command failed. See >> /var/log/ipareplica-install.log for more information >> >> Looking at that branch of the ldap tree, I noticed some differences >> --------------------------------------------------------------------------- >> >> In the cn=yourdomain,cn=mapping tree,cn=config you will find the >> following permissions : >> permission:Add Replication Agreements >> In the cn=o=ipaca,cn=mapping tree,cn=config you will find the >> following permissions : >> cert manager: Add Replication Agreements >> >> ========================= >> So I think there are actually 3 issues : >> =========================== >> 1. Missing aci on base cn=config entry >> 2. Missing aci on dc\3Dipatestdomain\2Cdc\3Dnet, mapping tree, config >> branch >> 3. acis are on the o=ipaca branch, but they are wrong as they only >> apply to cert manager, and not all users > I'm not sure if this covers your issues, but it may be related > > https://fedorahosted.org/freeipa/ticket/5412 > > Martin and this https://fedorahosted.org/freeipa/ticket/5575 >> >> -----Original Message----- >> From: Martin Basti [mailto:mbasti at redhat.com] >> Sent: January-25-16 4:57 AM >> To: Nathan Peters; Rich Megginson; freeipa-users at redhat.com >> Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails >> with DuplicateEntry: This entry already exists >> >> Thank you, >> >> I found root cause why "System: Read Replication Agreements" ACI is >> not on replica. >> >> https://fedorahosted.org/freeipa/ticket/5631 >> >> I have to figure out why this permission is added on centos7.2, >> because IMO this bug is there from 4.0. >> >> >> On 24.01.2016 03:22, Nathan Peters wrote: >>> I can now confirm that this is a 100% reproducible bug, and a pretty >>> severe one at that. You should be able to reproduce this issue at >>> will if you follow these steps. It may actually be possible with >>> less servers and less steps, but here is what I did in a test lab >>> today: >>> >>> 1. Create a brand new FreeIPA domain in CentOS 7.2 / FreeIPA 4.2.0 >>> with 3 servers, dc1, dc2, dc3, replicating any way you want. >>> 3. Use ipa-replica-manage del dc2.ipatestdomain.net, and then delete >>> the server / vm / whatever you have it running on >>> 3. Install Fedora 23 on the same IP address and hostname >>> (dc2.ipatestdomain.net). Install FreeIPA server 4.2.3 from replica >>> file created on CA master (dc1). >>> >>> Check aci on dc2. You will notice it's now missing a bunch of >>> stuff. So basically, all it takes to lose that ACL is to create a >>> Fedora FreeIPA server and join it to a CentOS domain. >>> After I had upgraded all 3 to Fedora, that ACLS was lost permanently >>> as it no longer existed on any server because there were no CentOS >>> servers left. >>> >>> I'm assuming since this is so easy to reproduce, that you don't >>> actually need my log files. >>> >>> ACL comparisons below for reference : >>> 1. ACL on dc1 when its on FreeIPA 4.2.0 on CentOS 7.2 and the domain >>> consists of only CentOS servers >>> 2. ACL on dc1 when its still on FreeIPA 4.2.0 on CentOS 7.2 but >>> there is now a Fedora 23 FreeIPA 4.2.3 server in the domain (for >>> reference that the CentOS ACL hasn't changed yet) >>> 3. ACL on dc2 when it's now a Fedora 23 FreeIPA 4.2.3 server created >>> from a replica file made from dc1, the centOS 7.2 CA master(missing >>> some stuff) >>> 4. ACL on dc1 when it's now a Fedora 23 FreeIPA 4.2.3 server (now >>> missing some stuff) >>> >>> ============================================================================ >>> >>> 1. ACL on dc1 when its on FreeIPA 4.2.0 on CentOS 7.2 and the domain >>> consists of only CentOS servers >>> ============================================================================ >>> >>> [root at dc1 ~]# ldapsearch -D "cn=directory manager" -W -b "cn=config" >>> "(aci=*)" aci >>> Enter LDAP Password: >>> # extended LDIF >>> # >>> # LDAPv3 >>> # base with scope subtree >>> # filter: (aci=*) >>> # requesting: aci >>> # >>> >>> # config >>> dn: cn=config >>> aci: (targetattr != aci)(version 3.0; aci "cert manager read >>> access"; allow (r >>> ead, search, compare) userdn = >>> "ldap:///uid=pkidbuser,ou=people,o=ipaca";) >>> aci: (target = "ldap:///cn=automember rebuild >>> membership,cn=tasks,cn=config")( >>> targetattr=*)(version 3.0;acl "permission:Add Automember Rebuild >>> Membership T >>> ask";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild >>> Membership Task >>> ,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> aci: (targetattr = "cn || createtimestamp || entryusn || >>> modifytimestamp || ob >>> jectclass || passsyncmanagersdns*")(target = >>> "ldap:///cn=ipa_pwd_extop,cn=plu >>> gins,cn=config")(version 3.0;acl "permission:Read PassSync >>> Managers Configura >>> tion";allow (compare,read,search) groupdn = "ldap:///cn=Read >>> PassSync Manager >>> s Configuration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> aci: (targetattr = "passsyncmanagersdns*")(target = >>> "ldap:///cn=ipa_pwd_extop, >>> cn=plugins,cn=config")(version 3.0;acl "permission:Modify >>> PassSync Managers C >>> onfiguration";allow (write) groupdn = "ldap:///cn=Modify PassSync >>> Managers Co >>> nfiguration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> aci: (targetattr = "cn || createtimestamp || entryusn || >>> modifytimestamp || ns >>> slapd-directory* || objectclass")(target = >>> "ldap:///cn=config,cn=ldbm databas >>> e,cn=plugins,cn=config")(version 3.0;acl "permission:Read LDBM >>> Database Confi >>> guration";allow (compare,read,search) groupdn = "ldap:///cn=Read >>> LDBM Databas >>> e Configuration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> aci: (version 3.0;acl "permission:Add Configuration >>> Sub-Entries";allow (add) g >>> roupdn = "ldap:///cn=Add Configuration >>> Sub-Entries,cn=permissions,cn=pbac,dc= >>> ipatestdomain,dc=net";) >>> aci: (targetattr = "cn || createtimestamp || description || entryusn >>> || modify >>> timestamp || nsds50ruv || nsds5beginreplicarefresh || >>> nsds5debugreplicatimeou >>> t || nsds5flags || nsds5replicaabortcleanruv || >>> nsds5replicaautoreferral || n >>> sds5replicabackoffmax || nsds5replicabackoffmin || >>> nsds5replicabinddn || nsds >>> 5replicabindmethod || nsds5replicabusywaittime || >>> nsds5replicachangecount || >>> nsds5replicachangessentsincestartup || nsds5replicacleanruv || >>> nsds5replicacl >>> eanruvnotified || nsds5replicacredentials || nsds5replicaenabled >>> || nsds5repl >>> icahost || nsds5replicaid || nsds5replicalastinitend || >>> nsds5replicalastinits >>> tart || nsds5replicalastinitstatus || nsds5replicalastupdateend >>> || nsds5repli >>> calastupdatestart || nsds5replicalastupdatestatus || >>> nsds5replicalegacyconsum >>> er || nsds5replicaname || nsds5replicaport || >>> nsds5replicaprotocoltimeout || >>> nsds5replicapurgedelay || nsds5replicareferral || >>> nsds5replicaroot || nsds5re >>> plicasessionpausetime || nsds5replicastripattrs || >>> nsds5replicatedattributeli >>> st || nsds5replicatedattributelisttotal || nsds5replicatimeout || >>> nsds5replic >>> atombstonepurgeinterval || nsds5replicatransportinfo || >>> nsds5replicatype || n >>> sds5replicaupdateinprogress || nsds5replicaupdateschedule || >>> nsds5task || nsd >>> s7directoryreplicasubtree || nsds7dirsynccookie || >>> nsds7newwingroupsyncenable >>> d || nsds7newwinusersyncenabled || nsds7windowsdomain || >>> nsds7windowsreplicas >>> ubtree || nsruvreplicalastmodified || nsstate || objectclass || >>> onewaysync || >>> winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction >>> || winsyncsub >>> treepair || winsyncwindowsfilter")(targetfilter = >>> "(|(objectclass=nsds5Replic >>> a)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationA >>> greement)(objectClass=nsMappingTree))")(version 3.0;acl >>> "permission:System: R >>> ead Replication Agreements";allow (compare,read,search) groupdn = >>> "ldap:///cn >>> =System: Read Replication >>> Agreements,cn=permissions,cn=pbac,dc=ipatestdomai >>> n,dc=net";) >>> >>> # SNMP, config >>> dn: cn=SNMP,cn=config >>> aci: (target="ldap:///cn=SNMP,cn=config")(targetattr >>> !="aci")(version 3.0;acl >>> "snmp";allow (read, search, compare)(userdn = "ldap:///anyone");) >>> >>> # tasks, config >>> dn: cn=tasks,cn=config >>> aci: (targetattr=*)(version 3.0; acl "Run tasks after replica >>> re-initializatio >>> n"; allow (add) groupdn = "ldap:///cn=Modify Replication >>> Agreements,cn=permis >>> sions,cn=pbac,dc=ipatestdomain,dc=net";) >>> aci: (targetattr=*)(version 3.0; acl "cert manager: Run tasks after >>> replica re >>> -initialization"; allow (add) userdn = >>> "ldap:///uid=pkidbuser,ou=people,o=ipa >>> ca";) >>> aci: (targetattr="*")(version 3.0; acl "Admin can read all tasks"; >>> allow (read >>> , compare, search) groupdn = >>> "ldap:///cn=admins,cn=groups,cn=accounts,dc=grip >>> atestdomain,dc=net";) >>> aci: (targetattr = "*")(target = "ldap:///cn=*,cn=automember rebuild >>> membershi >>> p,cn=tasks,cn=config")(version 3.0;acl "permission:System: Read >>> Automember Ta >>> sks";allow (compare,read,search) groupdn = "ldap:///cn=System: >>> Read Automembe >>> r Tasks,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> >>> # csusers, config >>> dn: ou=csusers,cn=config >>> aci: (targetattr != aci)(version 3.0; aci "cert manager manage >>> replication use >>> rs"; allow (all) userdn = >>> "ldap:///uid=pkidbuser,ou=people,o=ipaca";) >>> >>> # 1.3.6.1.4.1.4203.1.9.1.1, features, config >>> dn: oid=1.3.6.1.4.1.4203.1.9.1.1,cn=features,cn=config >>> aci: (targetattr != "aci")(version 3.0; acl "Sync Request Control"; >>> allow( rea >>> d, search ) userdn = "ldap:///all";) >>> >>> # 2.16.840.1.113730.3.4.9, features, config >>> dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config >>> aci: (targetattr !="aci")(version 3.0; acl "VLV Request Control"; >>> allow (read, >>> search, compare, proxy) userdn = "ldap:///anyone"; ) >>> >>> # dc\3Dipatestdomain\2Cdc\3Dnet, mapping tree, config >>> dn: cn=dc\3Dipatestdomain\2Cdc\3Dnet,cn=mapping tree,cn=config >>> aci: (targetattr=*)(version 3.0;acl "permission:Add Replication >>> Agreements";al >>> low (add) groupdn = "ldap:///cn=Add Replication >>> Agreements,cn=permissions,cn= >>> pbac,dc=ipatestdomain,dc=net";) >>> aci: >>> (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd >>> s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl >>> ass=nsMappingTree))")(version 3.0; acl "permission:Modify >>> Replication Agreeme >>> nts"; allow (read, write, search) groupdn = "ldap:///cn=Modify >>> Replication Ag >>> reements,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> aci: >>> (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob >>> jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl >>> "permission:Rem >>> ove Replication Agreements";allow (delete) groupdn = >>> "ldap:///cn=Remove Repli >>> cation Agreements,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> >>> # o\3Dipaca, mapping tree, config >>> dn: cn=o\3Dipaca,cn=mapping tree,cn=config >>> aci: (targetattr=*)(version 3.0;acl "cert manager: Add Replication >>> Agreements" >>> ;allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) >>> aci: >>> (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd >>> s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl >>> ass=nsMappingTree))")(version 3.0; acl "cert manager: Modify >>> Replication Agre >>> ements"; allow (read, write, search) userdn = >>> "ldap:///uid=pkidbuser,ou=peopl >>> e,o=ipaca";) >>> aci: >>> (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob >>> jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl >>> "cert manager: >>> Remove Replication Agreements";allow (delete) userdn = >>> "ldap:///uid=pkidbuser >>> ,ou=people,o=ipaca";) >>> >>> # ldbm database, plugins, config >>> dn: cn=ldbm database,cn=plugins,cn=config >>> aci: (targetattr=*)(version 3.0; acl "Cert Manager access for VLV >>> searches"; a >>> llow (read) userdn="ldap:///uid=pkidbuser,ou=people,o=ipaca";) >>> >>> # Posix IDs, Distributed Numeric Assignment Plugin, plugins, config >>> dn: cn=Posix IDs,cn=Distributed Numeric Assignment >>> Plugin,cn=plugins,cn=config >>> aci: (targetattr=dnaNextRange || dnaNextValue || >>> dnaMaxValue)(version 3.0;acl >>> "permission:Modify DNA Range";allow (write) groupdn = >>> "ldap:///cn=Modify DNA >>> Range,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> aci: (targetattr=cn || dnaMaxValue || dnaNextRange || dnaNextValue >>> || dnaThre >>> shold || dnaType || objectclass)(version 3.0;acl "permission:Read >>> DNA Range"; >>> allow (read, search, compare) groupdn = "ldap:///cn=Read DNA >>> Range,cn=permiss >>> ions,cn=pbac,dc=ipatestdomain,dc=net";) >>> >>> # userRoot, ldbm database, plugins, config >>> dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config >>> aci: (targetattr=nsslapd-readonly)(version 3.0; acl "Allow marking >>> the databas >>> e readonly"; allow (write) groupdn = "ldap:///cn=Remove >>> Replication Agreement >>> s,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> >>> # search result >>> search: 2 >>> result: 0 Success >>> >>> # numResponses: 12 >>> # numEntries: 11 >>> >>> >>> ============================================================================ >>> >>> 2. ACL on dc1 when its still on FreeIPA 4.2.0 on CentOS 7.2 but >>> there is now a Fedora 23 FreeIPA 4.2.3 server in the domain (for >>> reference that the CentOS ACL hasn't changed yet) >>> ============================================================================ >>> >>> ================ after reinstallation of dc2 in fedora 23 / ipa >>> 4.2.3 ========================= >>> >>> [root at dc1 ~]# ldapsearch -b "cn=config" -D >>> "uid=admin,cn=users,cn=accounts,dc=ipatestdomain,dc=net" -W >>> Enter LDAP Password: >>> # config >>> dn: cn=config >>> aci: (targetattr != aci)(version 3.0; aci "cert manager read >>> access"; allow (r >>> ead, search, compare) userdn = >>> "ldap:///uid=pkidbuser,ou=people,o=ipaca";) >>> aci: (target = "ldap:///cn=automember rebuild >>> membership,cn=tasks,cn=config")( >>> targetattr=*)(version 3.0;acl "permission:Add Automember Rebuild >>> Membership T >>> ask";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild >>> Membership Task >>> ,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> aci: (targetattr = "cn || createtimestamp || entryusn || >>> modifytimestamp || ob >>> jectclass || passsyncmanagersdns*")(target = >>> "ldap:///cn=ipa_pwd_extop,cn=plu >>> gins,cn=config")(version 3.0;acl "permission:Read PassSync >>> Managers Configura >>> tion";allow (compare,read,search) groupdn = "ldap:///cn=Read >>> PassSync Manager >>> s Configuration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> aci: (targetattr = "passsyncmanagersdns*")(target = >>> "ldap:///cn=ipa_pwd_extop, >>> cn=plugins,cn=config")(version 3.0;acl "permission:Modify >>> PassSync Managers C >>> onfiguration";allow (write) groupdn = "ldap:///cn=Modify PassSync >>> Managers Co >>> nfiguration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> aci: (targetattr = "cn || createtimestamp || entryusn || >>> modifytimestamp || ns >>> slapd-directory* || objectclass")(target = >>> "ldap:///cn=config,cn=ldbm databas >>> e,cn=plugins,cn=config")(version 3.0;acl "permission:Read LDBM >>> Database Confi >>> guration";allow (compare,read,search) groupdn = "ldap:///cn=Read >>> LDBM Databas >>> e Configuration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> aci: (version 3.0;acl "permission:Add Configuration >>> Sub-Entries";allow (add) g >>> roupdn = "ldap:///cn=Add Configuration >>> Sub-Entries,cn=permissions,cn=pbac,dc= >>> ipatestdomain,dc=net";) >>> aci: (targetattr = "cn || createtimestamp || description || entryusn >>> || modify >>> timestamp || nsds50ruv || nsds5beginreplicarefresh || >>> nsds5debugreplicatimeou >>> t || nsds5flags || nsds5replicaabortcleanruv || >>> nsds5replicaautoreferral || n >>> sds5replicabackoffmax || nsds5replicabackoffmin || >>> nsds5replicabinddn || nsds >>> 5replicabindmethod || nsds5replicabusywaittime || >>> nsds5replicachangecount || >>> nsds5replicachangessentsincestartup || nsds5replicacleanruv || >>> nsds5replicacl >>> eanruvnotified || nsds5replicacredentials || nsds5replicaenabled >>> || nsds5repl >>> icahost || nsds5replicaid || nsds5replicalastinitend || >>> nsds5replicalastinits >>> tart || nsds5replicalastinitstatus || nsds5replicalastupdateend >>> || nsds5repli >>> calastupdatestart || nsds5replicalastupdatestatus || >>> nsds5replicalegacyconsum >>> er || nsds5replicaname || nsds5replicaport || >>> nsds5replicaprotocoltimeout || >>> nsds5replicapurgedelay || nsds5replicareferral || >>> nsds5replicaroot || nsds5re >>> plicasessionpausetime || nsds5replicastripattrs || >>> nsds5replicatedattributeli >>> st || nsds5replicatedattributelisttotal || nsds5replicatimeout || >>> nsds5replic >>> atombstonepurgeinterval || nsds5replicatransportinfo || >>> nsds5replicatype || n >>> sds5replicaupdateinprogress || nsds5replicaupdateschedule || >>> nsds5task || nsd >>> s7directoryreplicasubtree || nsds7dirsynccookie || >>> nsds7newwingroupsyncenable >>> d || nsds7newwinusersyncenabled || nsds7windowsdomain || >>> nsds7windowsreplicas >>> ubtree || nsruvreplicalastmodified || nsstate || objectclass || >>> onewaysync || >>> winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction >>> || winsyncsub >>> treepair || winsyncwindowsfilter")(targetfilter = >>> "(|(objectclass=nsds5Replic >>> a)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationA >>> greement)(objectClass=nsMappingTree))")(version 3.0;acl >>> "permission:System: R >>> ead Replication Agreements";allow (compare,read,search) groupdn = >>> "ldap:///cn >>> =System: Read Replication >>> Agreements,cn=permissions,cn=pbac,dc=ipatestdomai >>> n,dc=net";) >>> >>> # SNMP, config >>> dn: cn=SNMP,cn=config >>> aci: (target="ldap:///cn=SNMP,cn=config")(targetattr >>> !="aci")(version 3.0;acl >>> "snmp";allow (read, search, compare)(userdn = "ldap:///anyone");) >>> >>> # tasks, config >>> dn: cn=tasks,cn=config >>> aci: (targetattr=*)(version 3.0; acl "Run tasks after replica >>> re-initializatio >>> n"; allow (add) groupdn = "ldap:///cn=Modify Replication >>> Agreements,cn=permis >>> sions,cn=pbac,dc=ipatestdomain,dc=net";) >>> aci: (targetattr=*)(version 3.0; acl "cert manager: Run tasks after >>> replica re >>> -initialization"; allow (add) userdn = >>> "ldap:///uid=pkidbuser,ou=people,o=ipa >>> ca";) >>> aci: (targetattr="*")(version 3.0; acl "Admin can read all tasks"; >>> allow (read >>> , compare, search) groupdn = >>> "ldap:///cn=admins,cn=groups,cn=accounts,dc=grip >>> atestdomain,dc=net";) >>> aci: (targetattr = "*")(target = "ldap:///cn=*,cn=automember rebuild >>> membershi >>> p,cn=tasks,cn=config")(version 3.0;acl "permission:System: Read >>> Automember Ta >>> sks";allow (compare,read,search) groupdn = "ldap:///cn=System: >>> Read Automembe >>> r Tasks,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> >>> # csusers, config >>> dn: ou=csusers,cn=config >>> aci: (targetattr != aci)(version 3.0; aci "cert manager manage >>> replication use >>> rs"; allow (all) userdn = >>> "ldap:///uid=pkidbuser,ou=people,o=ipaca";) >>> >>> # 1.3.6.1.4.1.4203.1.9.1.1, features, config >>> dn: oid=1.3.6.1.4.1.4203.1.9.1.1,cn=features,cn=config >>> aci: (targetattr != "aci")(version 3.0; acl "Sync Request Control"; >>> allow( rea >>> d, search ) userdn = "ldap:///all";) >>> >>> # 2.16.840.1.113730.3.4.9, features, config >>> dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config >>> aci: (targetattr !="aci")(version 3.0; acl "VLV Request Control"; >>> allow (read, >>> search, compare, proxy) userdn = "ldap:///anyone"; ) >>> >>> # dc\3Dipatestdomain\2Cdc\3Dnet, mapping tree, config >>> dn: cn=dc\3Dipatestdomain\2Cdc\3Dnet,cn=mapping tree,cn=config >>> aci: (targetattr=*)(version 3.0;acl "permission:Add Replication >>> Agreements";al >>> low (add) groupdn = "ldap:///cn=Add Replication >>> Agreements,cn=permissions,cn= >>> pbac,dc=ipatestdomain,dc=net";) >>> aci: >>> (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd >>> s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl >>> ass=nsMappingTree))")(version 3.0; acl "permission:Modify >>> Replication Agreeme >>> nts"; allow (read, write, search) groupdn = "ldap:///cn=Modify >>> Replication Ag >>> reements,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> aci: >>> (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob >>> jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl >>> "permission:Rem >>> ove Replication Agreements";allow (delete) groupdn = >>> "ldap:///cn=Remove Repli >>> cation Agreements,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> >>> # o\3Dipaca, mapping tree, config >>> dn: cn=o\3Dipaca,cn=mapping tree,cn=config >>> aci: (targetattr=*)(version 3.0;acl "cert manager: Add Replication >>> Agreements" >>> ;allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) >>> aci: >>> (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd >>> s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl >>> ass=nsMappingTree))")(version 3.0; acl "cert manager: Modify >>> Replication Agre >>> ements"; allow (read, write, search) userdn = >>> "ldap:///uid=pkidbuser,ou=peopl >>> e,o=ipaca";) >>> aci: >>> (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob >>> jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl >>> "cert manager: >>> Remove Replication Agreements";allow (delete) userdn = >>> "ldap:///uid=pkidbuser >>> ,ou=people,o=ipaca";) >>> >>> # ldbm database, plugins, config >>> dn: cn=ldbm database,cn=plugins,cn=config >>> aci: (targetattr=*)(version 3.0; acl "Cert Manager access for VLV >>> searches"; a >>> llow (read) userdn="ldap:///uid=pkidbuser,ou=people,o=ipaca";) >>> >>> # Posix IDs, Distributed Numeric Assignment Plugin, plugins, config >>> dn: cn=Posix IDs,cn=Distributed Numeric Assignment >>> Plugin,cn=plugins,cn=config >>> aci: (targetattr=dnaNextRange || dnaNextValue || >>> dnaMaxValue)(version 3.0;acl >>> "permission:Modify DNA Range";allow (write) groupdn = >>> "ldap:///cn=Modify DNA >>> Range,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> aci: (targetattr=cn || dnaMaxValue || dnaNextRange || dnaNextValue >>> || dnaThre >>> shold || dnaType || objectclass)(version 3.0;acl "permission:Read >>> DNA Range"; >>> allow (read, search, compare) groupdn = "ldap:///cn=Read DNA >>> Range,cn=permiss >>> ions,cn=pbac,dc=ipatestdomain,dc=net";) >>> >>> # userRoot, ldbm database, plugins, config >>> dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config >>> aci: (targetattr=nsslapd-readonly)(version 3.0; acl "Allow marking >>> the databas >>> e readonly"; allow (write) groupdn = "ldap:///cn=Remove >>> Replication Agreement >>> s,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> >>> # search result >>> search: 2 >>> result: 0 Success >>> >>> # numResponses: 12 >>> # numEntries: 11 >>> >>> >>> >>> ============================================================================ >>> >>> 3. ACL on dc2 when it's now a Fedora 23 FreeIPA 4.2.3 server and the >>> replica file was made from dc1 which is a CentOS server that still >>> has the acls(missing some stuff) >>> ============================================================================ >>> >>> aci list on dc2 >>> >>> [root at dc2 ~]# ldapsearch -D "cn=directory manager" -W -b "cn=config" >>> "(aci=*)" aci >>> Enter LDAP Password: >>> # extended LDIF >>> # >>> # LDAPv3 >>> # base with scope subtree >>> # filter: (aci=*) >>> # requesting: aci >>> # >>> >>> # config >>> dn: cn=config >>> aci: (targetattr != aci)(version 3.0; aci "cert manager read >>> access"; allow (r >>> ead, search, compare) userdn = >>> "ldap:///uid=pkidbuser,ou=people,o=ipaca";) >>> aci: (target = "ldap:///cn=automember rebuild >>> membership,cn=tasks,cn=config")( >>> targetattr=*)(version 3.0;acl "permission:Add Automember Rebuild >>> Membership T >>> ask";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild >>> Membership Task >>> ,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> aci: (targetattr = "cn || createtimestamp || entryusn || >>> modifytimestamp || ob >>> jectclass || passsyncmanagersdns*")(target = >>> "ldap:///cn=ipa_pwd_extop,cn=plu >>> gins,cn=config")(version 3.0;acl "permission:Read PassSync >>> Managers Configura >>> tion";allow (compare,read,search) groupdn = "ldap:///cn=Read >>> PassSync Manager >>> s Configuration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> aci: (targetattr = "passsyncmanagersdns*")(target = >>> "ldap:///cn=ipa_pwd_extop, >>> cn=plugins,cn=config")(version 3.0;acl "permission:Modify >>> PassSync Managers C >>> onfiguration";allow (write) groupdn = "ldap:///cn=Modify PassSync >>> Managers Co >>> nfiguration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> aci: (targetattr = "cn || createtimestamp || entryusn || >>> modifytimestamp || ns >>> slapd-directory* || objectclass")(target = >>> "ldap:///cn=config,cn=ldbm databas >>> e,cn=plugins,cn=config")(version 3.0;acl "permission:Read LDBM >>> Database Confi >>> guration";allow (compare,read,search) groupdn = "ldap:///cn=Read >>> LDBM Databas >>> e Configuration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> aci: (version 3.0;acl "permission:Add Configuration >>> Sub-Entries";allow (add) g >>> roupdn = "ldap:///cn=Add Configuration >>> Sub-Entries,cn=permissions,cn=pbac,dc= >>> ipatestdomain,dc=net";) >>> >>> # SNMP, config >>> dn: cn=SNMP,cn=config >>> aci: (target="ldap:///cn=SNMP,cn=config")(targetattr >>> !="aci")(version 3.0;acl >>> "snmp";allow (read, search, compare)(userdn = "ldap:///anyone");) >>> >>> # tasks, config >>> dn: cn=tasks,cn=config >>> aci: (targetattr=*)(version 3.0; acl "Run tasks after replica >>> re-initializatio >>> n"; allow (add) groupdn = "ldap:///cn=Modify Replication >>> Agreements,cn=permis >>> sions,cn=pbac,dc=ipatestdomain,dc=net";) >>> aci: (targetattr=*)(version 3.0; acl "cert manager: Run tasks after >>> replica re >>> -initialization"; allow (add) userdn = >>> "ldap:///uid=pkidbuser,ou=people,o=ipa >>> ca";) >>> aci: (targetattr="*")(version 3.0; acl "Admin can read all tasks"; >>> allow (read >>> , compare, search) groupdn = >>> "ldap:///cn=admins,cn=groups,cn=accounts,dc=grip >>> atestdomain,dc=net";) >>> >>> # csusers, config >>> dn: ou=csusers,cn=config >>> aci: (targetattr != aci)(version 3.0; aci "cert manager manage >>> replication use >>> rs"; allow (all) userdn = >>> "ldap:///uid=pkidbuser,ou=people,o=ipaca";) >>> >>> # 1.3.6.1.4.1.4203.1.9.1.1, features, config >>> dn: oid=1.3.6.1.4.1.4203.1.9.1.1,cn=features,cn=config >>> aci: (targetattr != "aci")(version 3.0; acl "Sync Request Control"; >>> allow( rea >>> d, search ) userdn = "ldap:///all";) >>> >>> # 2.16.840.1.113730.3.4.9, features, config >>> dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config >>> aci: (targetattr !="aci")(version 3.0; acl "VLV Request Control"; >>> allow (read, >>> search, compare, proxy) userdn = "ldap:///anyone"; ) >>> >>> # dc\3Dipatestdomain\2Cdc\3Dnet, mapping tree, config >>> dn: cn=dc\3Dipatestdomain\2Cdc\3Dnet,cn=mapping tree,cn=config >>> aci: (targetattr=*)(version 3.0;acl "permission:Add Replication >>> Agreements";al >>> low (add) groupdn = "ldap:///cn=Add Replication >>> Agreements,cn=permissions,cn= >>> pbac,dc=ipatestdomain,dc=net";) >>> aci: >>> (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd >>> s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl >>> ass=nsMappingTree))")(version 3.0; acl "permission:Modify >>> Replication Agreeme >>> nts"; allow (read, write, search) groupdn = "ldap:///cn=Modify >>> Replication Ag >>> reements,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> aci: >>> (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob >>> jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl >>> "permission:Rem >>> ove Replication Agreements";allow (delete) groupdn = >>> "ldap:///cn=Remove Repli >>> cation Agreements,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> >>> # o\3Dipaca, mapping tree, config >>> dn: cn=o\3Dipaca,cn=mapping tree,cn=config >>> aci: (targetattr=*)(version 3.0;acl "cert manager: Add Replication >>> Agreements" >>> ;allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) >>> aci: >>> (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd >>> s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl >>> ass=nsMappingTree))")(version 3.0; acl "cert manager: Modify >>> Replication Agre >>> ements"; allow (read, write, search) userdn = >>> "ldap:///uid=pkidbuser,ou=peopl >>> e,o=ipaca";) >>> aci: >>> (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob >>> jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl >>> "cert manager: >>> Remove Replication Agreements";allow (delete) userdn = >>> "ldap:///uid=pkidbuser >>> ,ou=people,o=ipaca";) >>> >>> # ldbm database, plugins, config >>> dn: cn=ldbm database,cn=plugins,cn=config >>> aci: (targetattr=*)(version 3.0; acl "Cert Manager access for VLV >>> searches"; a >>> llow (read) userdn="ldap:///uid=pkidbuser,ou=people,o=ipaca";) >>> >>> # Posix IDs, Distributed Numeric Assignment Plugin, plugins, config >>> dn: cn=Posix IDs,cn=Distributed Numeric Assignment >>> Plugin,cn=plugins,cn=config >>> aci: (targetattr=dnaNextRange || dnaNextValue || >>> dnaMaxValue)(version 3.0;acl >>> "permission:Modify DNA Range";allow (write) groupdn = >>> "ldap:///cn=Modify DNA >>> Range,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> aci: (targetattr=cn || dnaMaxValue || dnaNextRange || dnaNextValue >>> || dnaThre >>> shold || dnaType || objectclass)(version 3.0;acl "permission:Read >>> DNA Range"; >>> allow (read, search, compare) groupdn = "ldap:///cn=Read DNA >>> Range,cn=permiss >>> ions,cn=pbac,dc=ipatestdomain,dc=net";) >>> >>> # userRoot, ldbm database, plugins, config >>> dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config >>> aci: (targetattr=nsslapd-readonly)(version 3.0; acl "Allow marking >>> the databas >>> e readonly"; allow (write) groupdn = "ldap:///cn=Remove >>> Replication Agreement >>> s,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> >>> # search result >>> search: 2 >>> result: 0 Success >>> >>> # numResponses: 12 >>> # numEntries: 11 >>> >>> ============================================================================ >>> >>> 4. ACL on dc1 when it's now a Fedora 23 FreeIPA 4.2.3 server (now >>> missing some stuff) >>> ============================================================================ >>> >>> [root at dc1 yum.repos.d]# ldapsearch -D "cn=directory manager" -W -b >>> "cn=config" "(aci=*)" aci >>> Enter LDAP Password: >>> # extended LDIF >>> # >>> # LDAPv3 >>> # base with scope subtree >>> # filter: (aci=*) >>> # requesting: aci >>> # >>> >>> # config >>> dn: cn=config >>> aci: (targetattr != aci)(version 3.0; aci "cert manager read >>> access"; allow (r >>> ead, search, compare) userdn = >>> "ldap:///uid=pkidbuser,ou=people,o=ipaca";) >>> aci: (target = "ldap:///cn=automember rebuild >>> membership,cn=tasks,cn=config")( >>> targetattr=*)(version 3.0;acl "permission:Add Automember Rebuild >>> Membership T >>> ask";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild >>> Membership Task >>> ,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> aci: (targetattr = "cn || createtimestamp || entryusn || >>> modifytimestamp || ob >>> jectclass || passsyncmanagersdns*")(target = >>> "ldap:///cn=ipa_pwd_extop,cn=plu >>> gins,cn=config")(version 3.0;acl "permission:Read PassSync >>> Managers Configura >>> tion";allow (compare,read,search) groupdn = "ldap:///cn=Read >>> PassSync Manager >>> s Configuration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> aci: (targetattr = "passsyncmanagersdns*")(target = >>> "ldap:///cn=ipa_pwd_extop, >>> cn=plugins,cn=config")(version 3.0;acl "permission:Modify >>> PassSync Managers C >>> onfiguration";allow (write) groupdn = "ldap:///cn=Modify PassSync >>> Managers Co >>> nfiguration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> aci: (targetattr = "cn || createtimestamp || entryusn || >>> modifytimestamp || ns >>> slapd-directory* || objectclass")(target = >>> "ldap:///cn=config,cn=ldbm databas >>> e,cn=plugins,cn=config")(version 3.0;acl "permission:Read LDBM >>> Database Confi >>> guration";allow (compare,read,search) groupdn = "ldap:///cn=Read >>> LDBM Databas >>> e Configuration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> aci: (version 3.0;acl "permission:Add Configuration >>> Sub-Entries";allow (add) g >>> roupdn = "ldap:///cn=Add Configuration >>> Sub-Entries,cn=permissions,cn=pbac,dc= >>> ipatestdomain,dc=net";) >>> >>> # SNMP, config >>> dn: cn=SNMP,cn=config >>> aci: (target="ldap:///cn=SNMP,cn=config")(targetattr >>> !="aci")(version 3.0;acl >>> "snmp";allow (read, search, compare)(userdn = "ldap:///anyone");) >>> >>> # tasks, config >>> dn: cn=tasks,cn=config >>> aci: (targetattr=*)(version 3.0; acl "Run tasks after replica >>> re-initializatio >>> n"; allow (add) groupdn = "ldap:///cn=Modify Replication >>> Agreements,cn=permis >>> sions,cn=pbac,dc=ipatestdomain,dc=net";) >>> aci: (targetattr=*)(version 3.0; acl "cert manager: Run tasks after >>> replica re >>> -initialization"; allow (add) userdn = >>> "ldap:///uid=pkidbuser,ou=people,o=ipa >>> ca";) >>> aci: (targetattr="*")(version 3.0; acl "Admin can read all tasks"; >>> allow (read >>> , compare, search) groupdn = >>> "ldap:///cn=admins,cn=groups,cn=accounts,dc=grip >>> atestdomain,dc=net";) >>> >>> # csusers, config >>> dn: ou=csusers,cn=config >>> aci: (targetattr != aci)(version 3.0; aci "cert manager manage >>> replication use >>> rs"; allow (all) userdn = >>> "ldap:///uid=pkidbuser,ou=people,o=ipaca";) >>> >>> # 1.3.6.1.4.1.4203.1.9.1.1, features, config >>> dn: oid=1.3.6.1.4.1.4203.1.9.1.1,cn=features,cn=config >>> aci: (targetattr != "aci")(version 3.0; acl "Sync Request Control"; >>> allow( rea >>> d, search ) userdn = "ldap:///all";) >>> >>> # 2.16.840.1.113730.3.4.9, features, config >>> dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config >>> aci: (targetattr !="aci")(version 3.0; acl "VLV Request Control"; >>> allow (read, >>> search, compare, proxy) userdn = "ldap:///anyone"; ) >>> >>> # dc\3Dipatestdomain\2Cdc\3Dnet, mapping tree, config >>> dn: cn=dc\3Dipatestdomain\2Cdc\3Dnet,cn=mapping tree,cn=config >>> aci: (targetattr=*)(version 3.0;acl "permission:Add Replication >>> Agreements";al >>> low (add) groupdn = "ldap:///cn=Add Replication >>> Agreements,cn=permissions,cn= >>> pbac,dc=ipatestdomain,dc=net";) >>> aci: >>> (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd >>> s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl >>> ass=nsMappingTree))")(version 3.0; acl "permission:Modify >>> Replication Agreeme >>> nts"; allow (read, write, search) groupdn = "ldap:///cn=Modify >>> Replication Ag >>> reements,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> aci: >>> (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob >>> jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl >>> "permission:Rem >>> ove Replication Agreements";allow (delete) groupdn = >>> "ldap:///cn=Remove Repli >>> cation Agreements,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> >>> # o\3Dipaca, mapping tree, config >>> dn: cn=o\3Dipaca,cn=mapping tree,cn=config >>> aci: (targetattr=*)(version 3.0;acl "cert manager: Add Replication >>> Agreements" >>> ;allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) >>> aci: >>> (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd >>> s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl >>> ass=nsMappingTree))")(version 3.0; acl "cert manager: Modify >>> Replication Agre >>> ements"; allow (read, write, search) userdn = >>> "ldap:///uid=pkidbuser,ou=peopl >>> e,o=ipaca";) >>> aci: >>> (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob >>> jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl >>> "cert manager: >>> Remove Replication Agreements";allow (delete) userdn = >>> "ldap:///uid=pkidbuser >>> ,ou=people,o=ipaca";) >>> >>> # ldbm database, plugins, config >>> dn: cn=ldbm database,cn=plugins,cn=config >>> aci: (targetattr=*)(version 3.0; acl "Cert Manager access for VLV >>> searches"; a >>> llow (read) userdn="ldap:///uid=pkidbuser,ou=people,o=ipaca";) >>> >>> # Posix IDs, Distributed Numeric Assignment Plugin, plugins, config >>> dn: cn=Posix IDs,cn=Distributed Numeric Assignment >>> Plugin,cn=plugins,cn=config >>> aci: (targetattr=dnaNextRange || dnaNextValue || >>> dnaMaxValue)(version 3.0;acl >>> "permission:Modify DNA Range";allow (write) groupdn = >>> "ldap:///cn=Modify DNA >>> Range,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> aci: (targetattr=cn || dnaMaxValue || dnaNextRange || dnaNextValue >>> || dnaThre >>> shold || dnaType || objectclass)(version 3.0;acl "permission:Read >>> DNA Range"; >>> allow (read, search, compare) groupdn = "ldap:///cn=Read DNA >>> Range,cn=permiss >>> ions,cn=pbac,dc=ipatestdomain,dc=net";) >>> >>> # userRoot, ldbm database, plugins, config >>> dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config >>> aci: (targetattr=nsslapd-readonly)(version 3.0; acl "Allow marking >>> the databas >>> e readonly"; allow (write) groupdn = "ldap:///cn=Remove >>> Replication Agreement >>> s,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> >>> # search result >>> search: 2 >>> result: 0 Success >>> >>> # numResponses: 12 >>> # numEntries: 11 >>> >>> >>> >>> -----Original Message----- >>> From: Rich Megginson [mailto:rmeggins at redhat.com] >>> Sent: January-22-16 10:24 AM >>> To: Nathan Peters; freeipa-users at redhat.com >>> Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation >>> fails with DuplicateEntry: This entry already exists >>> >>> On 01/22/2016 11:04 AM, Nathan Peters wrote: >>>> Wow, strange stuff, the search I linked in the last email for our >>>> non working dev environment seems short some entries. >>>> >>>> For comparison, here is the same search run against our currently >>>> working prod environment. >>>> >>>> As you can see, our prod environment has a huge aci on the config >>>> tree. >>>> >>>> For reference, our prod and dev environments were identical >>>> (FreeIPA 4.1.4/CentOS7.1) before I updated our dev environment to >>>> CentOS7.2/FreeIPA4.2.0 -> Fedora23/FreeIPA4.2.3 -> >>>> Fedora23/FreeIPA4.3.0. So at some point during this upgrade >>>> process I assume maybe one of the installers deleted acis on our >>>> tree? That sounds like the kind of thing that would happen when >>>> introducing the new domain level functionality in 4.3, like if >>>> someone accidentally thought "oh this replica branch is now in a >>>> globally replicated section, we can remove these acis for this >>>> local stuff..." and then put that logic into the installer or >>>> something... >>>> >>>> The real question is, is there some good way of getting those aci's >>>> back, like a fixaci command? >>> I don't know. >>> > From david at cazena.com Tue Jan 26 21:20:09 2016 From: david at cazena.com (David Zabner) Date: Tue, 26 Jan 2016 21:20:09 +0000 Subject: [Freeipa-users] Client-Install failures Message-ID: Hi All, I am working on automated deployment of ipa clients through a program called salt and have been seeing an issue. Specifically, calls to ipa.server.internal/ipa/json occasionally return a 500 error. This tends to occur while using ipa-client-install and ipa-dns commands. I am on free-ipa v 4.2.0 running on Centos 7 and will include the offending httpd error log. Thanks for your help, David -------------- next part -------------- A non-text attachment was scrubbed... Name: error_log Type: application/octet-stream Size: 13575 bytes Desc: error_log URL: From Nathan.Peters at globalrelay.net Tue Jan 26 23:31:22 2016 From: Nathan.Peters at globalrelay.net (Nathan Peters) Date: Tue, 26 Jan 2016 23:31:22 +0000 Subject: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists In-Reply-To: <56A7DD7A.9010105@redhat.com> References: <569EC761.9090306@redhat.com> <569F5B19.50009@redhat.com> <569FE2EC.5080307@redhat.com> <56A0F93E.3000406@redhat.com> <56A23BDB.1020608@redhat.com> <56A273A3.4010600@redhat.com> <56A61B88.7010205@redhat.com> <56A7DC35.4060504@redhat.com> <56A7DD7A.9010105@redhat.com> Message-ID: https://fedorahosted.org/freeipa/ticket/5575 ^--- That was the one. It triggered differently for me because I had manually re-replaced the aci in the dc=domain,dc=mapping tree branch. Had I left it alone it would have triggered exactly as in thebug report. However, that bug report did let me know how to fix it. I made a brand new FreeIPA 4.3.0 domain with a single master (which has the correct ACI entries for the mapping tree branch), then copied those ACIs into my existing domain (edit dse.ldif when the server is turned off). I was able to successfully install a replica after that. Thanks for pointing out the actual bug. I'm fairly new to debugging 389 DS so knowing what branch needed to be fixed was invaluable. -----Original Message----- From: Martin Basti [mailto:mbasti at redhat.com] Sent: January-26-16 12:57 PM To: Nathan Peters; Rich Megginson; freeipa-users at redhat.com Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists On 26.01.2016 21:51, Martin Basti wrote: > > > On 26.01.2016 21:03, Nathan Peters wrote: >> After some more investigation, it appears that there may be more ACIs >> missing. >> >> I added the missing permission (System: Read Replication Agreements) >> on all my masters, and then the installation failed at this point : >> --------------------------- >> [28/43]: setting up initial replication Starting replication, please >> wait until this has completed. >> [error] INSUFFICIENT_ACCESS: {'info': "Insufficient 'write' >> privilege to the 'nsds5BeginReplicaRefresh' attribute of entry >> 'cn=metodc2-ipa-dev-van.mydomain.net,cn=replica,cn=dc\\3dmydomain\\2c >> dc\\3dnet,cn=mapping tree,cn=config'.\n", 'desc': 'Insufficient >> access'} Your system may be partly configured. >> Run /usr/sbin/ipa-server-install --uninstall to clean up. >> >> ipa.ipapython.install.cli.install_tool(Replica): ERROR {'info': >> "Insufficient 'write' privilege to the 'nsds5BeginReplicaRefresh' >> attribute of entry >> 'cn=metodc2-ipa-dev-van.mydomain.net,cn=replica,cn=dc\\3dmydomain\\2c >> dc\\3dnet,cn=mapping tree,cn=config'.\n", 'desc': 'Insufficient >> access'} >> ipa.ipapython.install.cli.install_tool(Replica): ERROR The >> ipa-replica-install command failed. See >> /var/log/ipareplica-install.log for more information >> >> Because of that and a comparison of my earlier version of ldif files >> from earlier versions of FreeIPA, I noticed the following ACI also >> missing from the mapping tree : >> -------------------------------------- >> # dc\3Dipatestdomain\2Cdc\3Dnet, mapping tree, config >> dn: cn=dc\3Dipatestdomain\2Cdc\3Dnet,cn=mapping tree,cn=config >> aci: (targetattr=*)(version 3.0;acl "permission:Add Replication >> Agreements";al >> low (add) groupdn = "ldap:///cn=Add Replication >> Agreements,cn=permissions,cn= >> pbac,dc=mydomain,dc=net";) >> aci: >> (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass >> =nsd >> s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl >> ass=nsMappingTree))")(version 3.0; acl "permission:Modify >> Replication Agreeme >> nts"; allow (read, write, search) groupdn = "ldap:///cn=Modify >> Replication Ag >> reements,cn=permissions,cn=pbac,dc=mydomain,dc=net";) >> >> After I added that, I attempted my replica installation again this >> time it failed on the o=ipaca branch >> ---------------------------------------- >> Configuring certificate server (pki-tomcatd). Estimated time: 3 >> minutes 30 seconds >> [1/23]: creating certificate server user >> [2/23]: creating certificate server db >> [3/23]: setting up initial replication >> [error] INSUFFICIENT_ACCESS: {'info': "Insufficient 'write' >> privilege to the 'nsDS5ReplicaBindDN' attribute of entry >> 'cn=replica,cn=o\\3dipaca,cn=mapping tree,cn=config'.\n", 'desc': >> 'Insufficient access'} >> Your system may be partly configured. >> Run /usr/sbin/ipa-server-install --uninstall to clean up. >> >> ipa.ipapython.install.cli.install_tool(Replica): ERROR {'info': >> "Insufficient 'write' privilege to the 'nsDS5ReplicaBindDN' attribute >> of entry 'cn=replica,cn=o\\3dipaca,cn=mapping tree,cn=config'.\n", >> 'desc': 'Insufficient access'} >> ipa.ipapython.install.cli.install_tool(Replica): ERROR The >> ipa-replica-install command failed. See >> /var/log/ipareplica-install.log for more information >> >> Looking at that branch of the ldap tree, I noticed some differences >> --------------------------------------------------------------------- >> ------ >> >> In the cn=yourdomain,cn=mapping tree,cn=config you will find the >> following permissions : >> permission:Add Replication Agreements In the cn=o=ipaca,cn=mapping >> tree,cn=config you will find the following permissions : >> cert manager: Add Replication Agreements >> >> ========================= >> So I think there are actually 3 issues : >> =========================== >> 1. Missing aci on base cn=config entry 2. Missing aci on >> dc\3Dipatestdomain\2Cdc\3Dnet, mapping tree, config branch 3. acis >> are on the o=ipaca branch, but they are wrong as they only apply to >> cert manager, and not all users > I'm not sure if this covers your issues, but it may be related > > https://fedorahosted.org/freeipa/ticket/5412 > > Martin and this https://fedorahosted.org/freeipa/ticket/5575 >> >> -----Original Message----- >> From: Martin Basti [mailto:mbasti at redhat.com] >> Sent: January-25-16 4:57 AM >> To: Nathan Peters; Rich Megginson; freeipa-users at redhat.com >> Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails >> with DuplicateEntry: This entry already exists >> >> Thank you, >> >> I found root cause why "System: Read Replication Agreements" ACI is >> not on replica. >> >> https://fedorahosted.org/freeipa/ticket/5631 >> >> I have to figure out why this permission is added on centos7.2, >> because IMO this bug is there from 4.0. >> >> >> On 24.01.2016 03:22, Nathan Peters wrote: >>> I can now confirm that this is a 100% reproducible bug, and a pretty >>> severe one at that. You should be able to reproduce this issue at >>> will if you follow these steps. It may actually be possible with >>> less servers and less steps, but here is what I did in a test lab >>> today: >>> >>> 1. Create a brand new FreeIPA domain in CentOS 7.2 / FreeIPA 4.2.0 >>> with 3 servers, dc1, dc2, dc3, replicating any way you want. >>> 3. Use ipa-replica-manage del dc2.ipatestdomain.net, and then delete >>> the server / vm / whatever you have it running on >>> 3. Install Fedora 23 on the same IP address and hostname >>> (dc2.ipatestdomain.net). Install FreeIPA server 4.2.3 from replica >>> file created on CA master (dc1). >>> >>> Check aci on dc2. You will notice it's now missing a bunch of >>> stuff. So basically, all it takes to lose that ACL is to create a >>> Fedora FreeIPA server and join it to a CentOS domain. >>> After I had upgraded all 3 to Fedora, that ACLS was lost permanently >>> as it no longer existed on any server because there were no CentOS >>> servers left. >>> >>> I'm assuming since this is so easy to reproduce, that you don't >>> actually need my log files. >>> >>> ACL comparisons below for reference : >>> 1. ACL on dc1 when its on FreeIPA 4.2.0 on CentOS 7.2 and the domain >>> consists of only CentOS servers >>> 2. ACL on dc1 when its still on FreeIPA 4.2.0 on CentOS 7.2 but >>> there is now a Fedora 23 FreeIPA 4.2.3 server in the domain (for >>> reference that the CentOS ACL hasn't changed yet) >>> 3. ACL on dc2 when it's now a Fedora 23 FreeIPA 4.2.3 server created >>> from a replica file made from dc1, the centOS 7.2 CA master(missing >>> some stuff) >>> 4. ACL on dc1 when it's now a Fedora 23 FreeIPA 4.2.3 server (now >>> missing some stuff) >>> >>> ============================================================================ >>> >>> 1. ACL on dc1 when its on FreeIPA 4.2.0 on CentOS 7.2 and the domain >>> consists of only CentOS servers >>> ============================================================================ >>> >>> [root at dc1 ~]# ldapsearch -D "cn=directory manager" -W -b "cn=config" >>> "(aci=*)" aci >>> Enter LDAP Password: >>> # extended LDIF >>> # >>> # LDAPv3 >>> # base with scope subtree >>> # filter: (aci=*) >>> # requesting: aci >>> # >>> >>> # config >>> dn: cn=config >>> aci: (targetattr != aci)(version 3.0; aci "cert manager read >>> access"; allow (r >>> ead, search, compare) userdn = >>> "ldap:///uid=pkidbuser,ou=people,o=ipaca";) >>> aci: (target = "ldap:///cn=automember rebuild >>> membership,cn=tasks,cn=config")( >>> targetattr=*)(version 3.0;acl "permission:Add Automember Rebuild >>> Membership T >>> ask";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild >>> Membership Task >>> ,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> aci: (targetattr = "cn || createtimestamp || entryusn || >>> modifytimestamp || ob >>> jectclass || passsyncmanagersdns*")(target = >>> "ldap:///cn=ipa_pwd_extop,cn=plu >>> gins,cn=config")(version 3.0;acl "permission:Read PassSync >>> Managers Configura >>> tion";allow (compare,read,search) groupdn = "ldap:///cn=Read >>> PassSync Manager >>> s Configuration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> aci: (targetattr = "passsyncmanagersdns*")(target = >>> "ldap:///cn=ipa_pwd_extop, >>> cn=plugins,cn=config")(version 3.0;acl "permission:Modify >>> PassSync Managers C >>> onfiguration";allow (write) groupdn = "ldap:///cn=Modify PassSync >>> Managers Co >>> nfiguration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> aci: (targetattr = "cn || createtimestamp || entryusn || >>> modifytimestamp || ns >>> slapd-directory* || objectclass")(target = >>> "ldap:///cn=config,cn=ldbm databas >>> e,cn=plugins,cn=config")(version 3.0;acl "permission:Read LDBM >>> Database Confi >>> guration";allow (compare,read,search) groupdn = "ldap:///cn=Read >>> LDBM Databas >>> e Configuration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> aci: (version 3.0;acl "permission:Add Configuration >>> Sub-Entries";allow (add) g >>> roupdn = "ldap:///cn=Add Configuration >>> Sub-Entries,cn=permissions,cn=pbac,dc= >>> ipatestdomain,dc=net";) >>> aci: (targetattr = "cn || createtimestamp || description || entryusn >>> || modify >>> timestamp || nsds50ruv || nsds5beginreplicarefresh || >>> nsds5debugreplicatimeou >>> t || nsds5flags || nsds5replicaabortcleanruv || >>> nsds5replicaautoreferral || n >>> sds5replicabackoffmax || nsds5replicabackoffmin || >>> nsds5replicabinddn || nsds >>> 5replicabindmethod || nsds5replicabusywaittime || >>> nsds5replicachangecount || >>> nsds5replicachangessentsincestartup || nsds5replicacleanruv || >>> nsds5replicacl >>> eanruvnotified || nsds5replicacredentials || nsds5replicaenabled >>> || nsds5repl >>> icahost || nsds5replicaid || nsds5replicalastinitend || >>> nsds5replicalastinits >>> tart || nsds5replicalastinitstatus || nsds5replicalastupdateend >>> || nsds5repli >>> calastupdatestart || nsds5replicalastupdatestatus || >>> nsds5replicalegacyconsum >>> er || nsds5replicaname || nsds5replicaport || >>> nsds5replicaprotocoltimeout || >>> nsds5replicapurgedelay || nsds5replicareferral || >>> nsds5replicaroot || nsds5re >>> plicasessionpausetime || nsds5replicastripattrs || >>> nsds5replicatedattributeli >>> st || nsds5replicatedattributelisttotal || nsds5replicatimeout || >>> nsds5replic >>> atombstonepurgeinterval || nsds5replicatransportinfo || >>> nsds5replicatype || n >>> sds5replicaupdateinprogress || nsds5replicaupdateschedule || >>> nsds5task || nsd >>> s7directoryreplicasubtree || nsds7dirsynccookie || >>> nsds7newwingroupsyncenable >>> d || nsds7newwinusersyncenabled || nsds7windowsdomain || >>> nsds7windowsreplicas >>> ubtree || nsruvreplicalastmodified || nsstate || objectclass || >>> onewaysync || >>> winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction >>> || winsyncsub >>> treepair || winsyncwindowsfilter")(targetfilter = >>> "(|(objectclass=nsds5Replic >>> a)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationA >>> greement)(objectClass=nsMappingTree))")(version 3.0;acl >>> "permission:System: R >>> ead Replication Agreements";allow (compare,read,search) groupdn = >>> "ldap:///cn >>> =System: Read Replication >>> Agreements,cn=permissions,cn=pbac,dc=ipatestdomai >>> n,dc=net";) >>> >>> # SNMP, config >>> dn: cn=SNMP,cn=config >>> aci: (target="ldap:///cn=SNMP,cn=config")(targetattr >>> !="aci")(version 3.0;acl >>> "snmp";allow (read, search, compare)(userdn = "ldap:///anyone");) >>> >>> # tasks, config >>> dn: cn=tasks,cn=config >>> aci: (targetattr=*)(version 3.0; acl "Run tasks after replica >>> re-initializatio >>> n"; allow (add) groupdn = "ldap:///cn=Modify Replication >>> Agreements,cn=permis >>> sions,cn=pbac,dc=ipatestdomain,dc=net";) >>> aci: (targetattr=*)(version 3.0; acl "cert manager: Run tasks after >>> replica re >>> -initialization"; allow (add) userdn = >>> "ldap:///uid=pkidbuser,ou=people,o=ipa >>> ca";) >>> aci: (targetattr="*")(version 3.0; acl "Admin can read all tasks"; >>> allow (read >>> , compare, search) groupdn = >>> "ldap:///cn=admins,cn=groups,cn=accounts,dc=grip >>> atestdomain,dc=net";) >>> aci: (targetattr = "*")(target = "ldap:///cn=*,cn=automember rebuild >>> membershi >>> p,cn=tasks,cn=config")(version 3.0;acl "permission:System: Read >>> Automember Ta >>> sks";allow (compare,read,search) groupdn = "ldap:///cn=System: >>> Read Automembe >>> r Tasks,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> >>> # csusers, config >>> dn: ou=csusers,cn=config >>> aci: (targetattr != aci)(version 3.0; aci "cert manager manage >>> replication use >>> rs"; allow (all) userdn = >>> "ldap:///uid=pkidbuser,ou=people,o=ipaca";) >>> >>> # 1.3.6.1.4.1.4203.1.9.1.1, features, config >>> dn: oid=1.3.6.1.4.1.4203.1.9.1.1,cn=features,cn=config >>> aci: (targetattr != "aci")(version 3.0; acl "Sync Request Control"; >>> allow( rea >>> d, search ) userdn = "ldap:///all";) >>> >>> # 2.16.840.1.113730.3.4.9, features, config >>> dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config >>> aci: (targetattr !="aci")(version 3.0; acl "VLV Request Control"; >>> allow (read, >>> search, compare, proxy) userdn = "ldap:///anyone"; ) >>> >>> # dc\3Dipatestdomain\2Cdc\3Dnet, mapping tree, config >>> dn: cn=dc\3Dipatestdomain\2Cdc\3Dnet,cn=mapping tree,cn=config >>> aci: (targetattr=*)(version 3.0;acl "permission:Add Replication >>> Agreements";al >>> low (add) groupdn = "ldap:///cn=Add Replication >>> Agreements,cn=permissions,cn= >>> pbac,dc=ipatestdomain,dc=net";) >>> aci: >>> (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd >>> s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl >>> ass=nsMappingTree))")(version 3.0; acl "permission:Modify >>> Replication Agreeme >>> nts"; allow (read, write, search) groupdn = "ldap:///cn=Modify >>> Replication Ag >>> reements,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> aci: >>> (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob >>> jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl >>> "permission:Rem >>> ove Replication Agreements";allow (delete) groupdn = >>> "ldap:///cn=Remove Repli >>> cation Agreements,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> >>> # o\3Dipaca, mapping tree, config >>> dn: cn=o\3Dipaca,cn=mapping tree,cn=config >>> aci: (targetattr=*)(version 3.0;acl "cert manager: Add Replication >>> Agreements" >>> ;allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) >>> aci: >>> (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd >>> s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl >>> ass=nsMappingTree))")(version 3.0; acl "cert manager: Modify >>> Replication Agre >>> ements"; allow (read, write, search) userdn = >>> "ldap:///uid=pkidbuser,ou=peopl >>> e,o=ipaca";) >>> aci: >>> (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob >>> jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl >>> "cert manager: >>> Remove Replication Agreements";allow (delete) userdn = >>> "ldap:///uid=pkidbuser >>> ,ou=people,o=ipaca";) >>> >>> # ldbm database, plugins, config >>> dn: cn=ldbm database,cn=plugins,cn=config >>> aci: (targetattr=*)(version 3.0; acl "Cert Manager access for VLV >>> searches"; a >>> llow (read) userdn="ldap:///uid=pkidbuser,ou=people,o=ipaca";) >>> >>> # Posix IDs, Distributed Numeric Assignment Plugin, plugins, config >>> dn: cn=Posix IDs,cn=Distributed Numeric Assignment >>> Plugin,cn=plugins,cn=config >>> aci: (targetattr=dnaNextRange || dnaNextValue || >>> dnaMaxValue)(version 3.0;acl >>> "permission:Modify DNA Range";allow (write) groupdn = >>> "ldap:///cn=Modify DNA >>> Range,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> aci: (targetattr=cn || dnaMaxValue || dnaNextRange || dnaNextValue >>> || dnaThre >>> shold || dnaType || objectclass)(version 3.0;acl "permission:Read >>> DNA Range"; >>> allow (read, search, compare) groupdn = "ldap:///cn=Read DNA >>> Range,cn=permiss >>> ions,cn=pbac,dc=ipatestdomain,dc=net";) >>> >>> # userRoot, ldbm database, plugins, config >>> dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config >>> aci: (targetattr=nsslapd-readonly)(version 3.0; acl "Allow marking >>> the databas >>> e readonly"; allow (write) groupdn = "ldap:///cn=Remove >>> Replication Agreement >>> s,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> >>> # search result >>> search: 2 >>> result: 0 Success >>> >>> # numResponses: 12 >>> # numEntries: 11 >>> >>> >>> ============================================================================ >>> >>> 2. ACL on dc1 when its still on FreeIPA 4.2.0 on CentOS 7.2 but >>> there is now a Fedora 23 FreeIPA 4.2.3 server in the domain (for >>> reference that the CentOS ACL hasn't changed yet) >>> ============================================================================ >>> >>> ================ after reinstallation of dc2 in fedora 23 / ipa >>> 4.2.3 ========================= >>> >>> [root at dc1 ~]# ldapsearch -b "cn=config" -D >>> "uid=admin,cn=users,cn=accounts,dc=ipatestdomain,dc=net" -W >>> Enter LDAP Password: >>> # config >>> dn: cn=config >>> aci: (targetattr != aci)(version 3.0; aci "cert manager read >>> access"; allow (r >>> ead, search, compare) userdn = >>> "ldap:///uid=pkidbuser,ou=people,o=ipaca";) >>> aci: (target = "ldap:///cn=automember rebuild >>> membership,cn=tasks,cn=config")( >>> targetattr=*)(version 3.0;acl "permission:Add Automember Rebuild >>> Membership T >>> ask";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild >>> Membership Task >>> ,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> aci: (targetattr = "cn || createtimestamp || entryusn || >>> modifytimestamp || ob >>> jectclass || passsyncmanagersdns*")(target = >>> "ldap:///cn=ipa_pwd_extop,cn=plu >>> gins,cn=config")(version 3.0;acl "permission:Read PassSync >>> Managers Configura >>> tion";allow (compare,read,search) groupdn = "ldap:///cn=Read >>> PassSync Manager >>> s Configuration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> aci: (targetattr = "passsyncmanagersdns*")(target = >>> "ldap:///cn=ipa_pwd_extop, >>> cn=plugins,cn=config")(version 3.0;acl "permission:Modify >>> PassSync Managers C >>> onfiguration";allow (write) groupdn = "ldap:///cn=Modify PassSync >>> Managers Co >>> nfiguration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> aci: (targetattr = "cn || createtimestamp || entryusn || >>> modifytimestamp || ns >>> slapd-directory* || objectclass")(target = >>> "ldap:///cn=config,cn=ldbm databas >>> e,cn=plugins,cn=config")(version 3.0;acl "permission:Read LDBM >>> Database Confi >>> guration";allow (compare,read,search) groupdn = "ldap:///cn=Read >>> LDBM Databas >>> e Configuration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> aci: (version 3.0;acl "permission:Add Configuration >>> Sub-Entries";allow (add) g >>> roupdn = "ldap:///cn=Add Configuration >>> Sub-Entries,cn=permissions,cn=pbac,dc= >>> ipatestdomain,dc=net";) >>> aci: (targetattr = "cn || createtimestamp || description || entryusn >>> || modify >>> timestamp || nsds50ruv || nsds5beginreplicarefresh || >>> nsds5debugreplicatimeou >>> t || nsds5flags || nsds5replicaabortcleanruv || >>> nsds5replicaautoreferral || n >>> sds5replicabackoffmax || nsds5replicabackoffmin || >>> nsds5replicabinddn || nsds >>> 5replicabindmethod || nsds5replicabusywaittime || >>> nsds5replicachangecount || >>> nsds5replicachangessentsincestartup || nsds5replicacleanruv || >>> nsds5replicacl >>> eanruvnotified || nsds5replicacredentials || nsds5replicaenabled >>> || nsds5repl >>> icahost || nsds5replicaid || nsds5replicalastinitend || >>> nsds5replicalastinits >>> tart || nsds5replicalastinitstatus || nsds5replicalastupdateend >>> || nsds5repli >>> calastupdatestart || nsds5replicalastupdatestatus || >>> nsds5replicalegacyconsum >>> er || nsds5replicaname || nsds5replicaport || >>> nsds5replicaprotocoltimeout || >>> nsds5replicapurgedelay || nsds5replicareferral || >>> nsds5replicaroot || nsds5re >>> plicasessionpausetime || nsds5replicastripattrs || >>> nsds5replicatedattributeli >>> st || nsds5replicatedattributelisttotal || nsds5replicatimeout || >>> nsds5replic >>> atombstonepurgeinterval || nsds5replicatransportinfo || >>> nsds5replicatype || n >>> sds5replicaupdateinprogress || nsds5replicaupdateschedule || >>> nsds5task || nsd >>> s7directoryreplicasubtree || nsds7dirsynccookie || >>> nsds7newwingroupsyncenable >>> d || nsds7newwinusersyncenabled || nsds7windowsdomain || >>> nsds7windowsreplicas >>> ubtree || nsruvreplicalastmodified || nsstate || objectclass || >>> onewaysync || >>> winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction >>> || winsyncsub >>> treepair || winsyncwindowsfilter")(targetfilter = >>> "(|(objectclass=nsds5Replic >>> a)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationA >>> greement)(objectClass=nsMappingTree))")(version 3.0;acl >>> "permission:System: R >>> ead Replication Agreements";allow (compare,read,search) groupdn = >>> "ldap:///cn >>> =System: Read Replication >>> Agreements,cn=permissions,cn=pbac,dc=ipatestdomai >>> n,dc=net";) >>> >>> # SNMP, config >>> dn: cn=SNMP,cn=config >>> aci: (target="ldap:///cn=SNMP,cn=config")(targetattr >>> !="aci")(version 3.0;acl >>> "snmp";allow (read, search, compare)(userdn = "ldap:///anyone");) >>> >>> # tasks, config >>> dn: cn=tasks,cn=config >>> aci: (targetattr=*)(version 3.0; acl "Run tasks after replica >>> re-initializatio >>> n"; allow (add) groupdn = "ldap:///cn=Modify Replication >>> Agreements,cn=permis >>> sions,cn=pbac,dc=ipatestdomain,dc=net";) >>> aci: (targetattr=*)(version 3.0; acl "cert manager: Run tasks after >>> replica re >>> -initialization"; allow (add) userdn = >>> "ldap:///uid=pkidbuser,ou=people,o=ipa >>> ca";) >>> aci: (targetattr="*")(version 3.0; acl "Admin can read all tasks"; >>> allow (read >>> , compare, search) groupdn = >>> "ldap:///cn=admins,cn=groups,cn=accounts,dc=grip >>> atestdomain,dc=net";) >>> aci: (targetattr = "*")(target = "ldap:///cn=*,cn=automember rebuild >>> membershi >>> p,cn=tasks,cn=config")(version 3.0;acl "permission:System: Read >>> Automember Ta >>> sks";allow (compare,read,search) groupdn = "ldap:///cn=System: >>> Read Automembe >>> r Tasks,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> >>> # csusers, config >>> dn: ou=csusers,cn=config >>> aci: (targetattr != aci)(version 3.0; aci "cert manager manage >>> replication use >>> rs"; allow (all) userdn = >>> "ldap:///uid=pkidbuser,ou=people,o=ipaca";) >>> >>> # 1.3.6.1.4.1.4203.1.9.1.1, features, config >>> dn: oid=1.3.6.1.4.1.4203.1.9.1.1,cn=features,cn=config >>> aci: (targetattr != "aci")(version 3.0; acl "Sync Request Control"; >>> allow( rea >>> d, search ) userdn = "ldap:///all";) >>> >>> # 2.16.840.1.113730.3.4.9, features, config >>> dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config >>> aci: (targetattr !="aci")(version 3.0; acl "VLV Request Control"; >>> allow (read, >>> search, compare, proxy) userdn = "ldap:///anyone"; ) >>> >>> # dc\3Dipatestdomain\2Cdc\3Dnet, mapping tree, config >>> dn: cn=dc\3Dipatestdomain\2Cdc\3Dnet,cn=mapping tree,cn=config >>> aci: (targetattr=*)(version 3.0;acl "permission:Add Replication >>> Agreements";al >>> low (add) groupdn = "ldap:///cn=Add Replication >>> Agreements,cn=permissions,cn= >>> pbac,dc=ipatestdomain,dc=net";) >>> aci: >>> (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd >>> s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl >>> ass=nsMappingTree))")(version 3.0; acl "permission:Modify >>> Replication Agreeme >>> nts"; allow (read, write, search) groupdn = "ldap:///cn=Modify >>> Replication Ag >>> reements,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> aci: >>> (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob >>> jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl >>> "permission:Rem >>> ove Replication Agreements";allow (delete) groupdn = >>> "ldap:///cn=Remove Repli >>> cation Agreements,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> >>> # o\3Dipaca, mapping tree, config >>> dn: cn=o\3Dipaca,cn=mapping tree,cn=config >>> aci: (targetattr=*)(version 3.0;acl "cert manager: Add Replication >>> Agreements" >>> ;allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) >>> aci: >>> (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd >>> s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl >>> ass=nsMappingTree))")(version 3.0; acl "cert manager: Modify >>> Replication Agre >>> ements"; allow (read, write, search) userdn = >>> "ldap:///uid=pkidbuser,ou=peopl >>> e,o=ipaca";) >>> aci: >>> (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob >>> jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl >>> "cert manager: >>> Remove Replication Agreements";allow (delete) userdn = >>> "ldap:///uid=pkidbuser >>> ,ou=people,o=ipaca";) >>> >>> # ldbm database, plugins, config >>> dn: cn=ldbm database,cn=plugins,cn=config >>> aci: (targetattr=*)(version 3.0; acl "Cert Manager access for VLV >>> searches"; a >>> llow (read) userdn="ldap:///uid=pkidbuser,ou=people,o=ipaca";) >>> >>> # Posix IDs, Distributed Numeric Assignment Plugin, plugins, config >>> dn: cn=Posix IDs,cn=Distributed Numeric Assignment >>> Plugin,cn=plugins,cn=config >>> aci: (targetattr=dnaNextRange || dnaNextValue || >>> dnaMaxValue)(version 3.0;acl >>> "permission:Modify DNA Range";allow (write) groupdn = >>> "ldap:///cn=Modify DNA >>> Range,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> aci: (targetattr=cn || dnaMaxValue || dnaNextRange || dnaNextValue >>> || dnaThre >>> shold || dnaType || objectclass)(version 3.0;acl "permission:Read >>> DNA Range"; >>> allow (read, search, compare) groupdn = "ldap:///cn=Read DNA >>> Range,cn=permiss >>> ions,cn=pbac,dc=ipatestdomain,dc=net";) >>> >>> # userRoot, ldbm database, plugins, config >>> dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config >>> aci: (targetattr=nsslapd-readonly)(version 3.0; acl "Allow marking >>> the databas >>> e readonly"; allow (write) groupdn = "ldap:///cn=Remove >>> Replication Agreement >>> s,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> >>> # search result >>> search: 2 >>> result: 0 Success >>> >>> # numResponses: 12 >>> # numEntries: 11 >>> >>> >>> >>> ============================================================================ >>> >>> 3. ACL on dc2 when it's now a Fedora 23 FreeIPA 4.2.3 server and the >>> replica file was made from dc1 which is a CentOS server that still >>> has the acls(missing some stuff) >>> ============================================================================ >>> >>> aci list on dc2 >>> >>> [root at dc2 ~]# ldapsearch -D "cn=directory manager" -W -b "cn=config" >>> "(aci=*)" aci >>> Enter LDAP Password: >>> # extended LDIF >>> # >>> # LDAPv3 >>> # base with scope subtree >>> # filter: (aci=*) >>> # requesting: aci >>> # >>> >>> # config >>> dn: cn=config >>> aci: (targetattr != aci)(version 3.0; aci "cert manager read >>> access"; allow (r >>> ead, search, compare) userdn = >>> "ldap:///uid=pkidbuser,ou=people,o=ipaca";) >>> aci: (target = "ldap:///cn=automember rebuild >>> membership,cn=tasks,cn=config")( >>> targetattr=*)(version 3.0;acl "permission:Add Automember Rebuild >>> Membership T >>> ask";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild >>> Membership Task >>> ,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> aci: (targetattr = "cn || createtimestamp || entryusn || >>> modifytimestamp || ob >>> jectclass || passsyncmanagersdns*")(target = >>> "ldap:///cn=ipa_pwd_extop,cn=plu >>> gins,cn=config")(version 3.0;acl "permission:Read PassSync >>> Managers Configura >>> tion";allow (compare,read,search) groupdn = "ldap:///cn=Read >>> PassSync Manager >>> s Configuration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> aci: (targetattr = "passsyncmanagersdns*")(target = >>> "ldap:///cn=ipa_pwd_extop, >>> cn=plugins,cn=config")(version 3.0;acl "permission:Modify >>> PassSync Managers C >>> onfiguration";allow (write) groupdn = "ldap:///cn=Modify PassSync >>> Managers Co >>> nfiguration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> aci: (targetattr = "cn || createtimestamp || entryusn || >>> modifytimestamp || ns >>> slapd-directory* || objectclass")(target = >>> "ldap:///cn=config,cn=ldbm databas >>> e,cn=plugins,cn=config")(version 3.0;acl "permission:Read LDBM >>> Database Confi >>> guration";allow (compare,read,search) groupdn = "ldap:///cn=Read >>> LDBM Databas >>> e Configuration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> aci: (version 3.0;acl "permission:Add Configuration >>> Sub-Entries";allow (add) g >>> roupdn = "ldap:///cn=Add Configuration >>> Sub-Entries,cn=permissions,cn=pbac,dc= >>> ipatestdomain,dc=net";) >>> >>> # SNMP, config >>> dn: cn=SNMP,cn=config >>> aci: (target="ldap:///cn=SNMP,cn=config")(targetattr >>> !="aci")(version 3.0;acl >>> "snmp";allow (read, search, compare)(userdn = "ldap:///anyone");) >>> >>> # tasks, config >>> dn: cn=tasks,cn=config >>> aci: (targetattr=*)(version 3.0; acl "Run tasks after replica >>> re-initializatio >>> n"; allow (add) groupdn = "ldap:///cn=Modify Replication >>> Agreements,cn=permis >>> sions,cn=pbac,dc=ipatestdomain,dc=net";) >>> aci: (targetattr=*)(version 3.0; acl "cert manager: Run tasks after >>> replica re >>> -initialization"; allow (add) userdn = >>> "ldap:///uid=pkidbuser,ou=people,o=ipa >>> ca";) >>> aci: (targetattr="*")(version 3.0; acl "Admin can read all tasks"; >>> allow (read >>> , compare, search) groupdn = >>> "ldap:///cn=admins,cn=groups,cn=accounts,dc=grip >>> atestdomain,dc=net";) >>> >>> # csusers, config >>> dn: ou=csusers,cn=config >>> aci: (targetattr != aci)(version 3.0; aci "cert manager manage >>> replication use >>> rs"; allow (all) userdn = >>> "ldap:///uid=pkidbuser,ou=people,o=ipaca";) >>> >>> # 1.3.6.1.4.1.4203.1.9.1.1, features, config >>> dn: oid=1.3.6.1.4.1.4203.1.9.1.1,cn=features,cn=config >>> aci: (targetattr != "aci")(version 3.0; acl "Sync Request Control"; >>> allow( rea >>> d, search ) userdn = "ldap:///all";) >>> >>> # 2.16.840.1.113730.3.4.9, features, config >>> dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config >>> aci: (targetattr !="aci")(version 3.0; acl "VLV Request Control"; >>> allow (read, >>> search, compare, proxy) userdn = "ldap:///anyone"; ) >>> >>> # dc\3Dipatestdomain\2Cdc\3Dnet, mapping tree, config >>> dn: cn=dc\3Dipatestdomain\2Cdc\3Dnet,cn=mapping tree,cn=config >>> aci: (targetattr=*)(version 3.0;acl "permission:Add Replication >>> Agreements";al >>> low (add) groupdn = "ldap:///cn=Add Replication >>> Agreements,cn=permissions,cn= >>> pbac,dc=ipatestdomain,dc=net";) >>> aci: >>> (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd >>> s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl >>> ass=nsMappingTree))")(version 3.0; acl "permission:Modify >>> Replication Agreeme >>> nts"; allow (read, write, search) groupdn = "ldap:///cn=Modify >>> Replication Ag >>> reements,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> aci: >>> (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob >>> jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl >>> "permission:Rem >>> ove Replication Agreements";allow (delete) groupdn = >>> "ldap:///cn=Remove Repli >>> cation Agreements,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> >>> # o\3Dipaca, mapping tree, config >>> dn: cn=o\3Dipaca,cn=mapping tree,cn=config >>> aci: (targetattr=*)(version 3.0;acl "cert manager: Add Replication >>> Agreements" >>> ;allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) >>> aci: >>> (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd >>> s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl >>> ass=nsMappingTree))")(version 3.0; acl "cert manager: Modify >>> Replication Agre >>> ements"; allow (read, write, search) userdn = >>> "ldap:///uid=pkidbuser,ou=peopl >>> e,o=ipaca";) >>> aci: >>> (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob >>> jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl >>> "cert manager: >>> Remove Replication Agreements";allow (delete) userdn = >>> "ldap:///uid=pkidbuser >>> ,ou=people,o=ipaca";) >>> >>> # ldbm database, plugins, config >>> dn: cn=ldbm database,cn=plugins,cn=config >>> aci: (targetattr=*)(version 3.0; acl "Cert Manager access for VLV >>> searches"; a >>> llow (read) userdn="ldap:///uid=pkidbuser,ou=people,o=ipaca";) >>> >>> # Posix IDs, Distributed Numeric Assignment Plugin, plugins, config >>> dn: cn=Posix IDs,cn=Distributed Numeric Assignment >>> Plugin,cn=plugins,cn=config >>> aci: (targetattr=dnaNextRange || dnaNextValue || >>> dnaMaxValue)(version 3.0;acl >>> "permission:Modify DNA Range";allow (write) groupdn = >>> "ldap:///cn=Modify DNA >>> Range,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> aci: (targetattr=cn || dnaMaxValue || dnaNextRange || dnaNextValue >>> || dnaThre >>> shold || dnaType || objectclass)(version 3.0;acl "permission:Read >>> DNA Range"; >>> allow (read, search, compare) groupdn = "ldap:///cn=Read DNA >>> Range,cn=permiss >>> ions,cn=pbac,dc=ipatestdomain,dc=net";) >>> >>> # userRoot, ldbm database, plugins, config >>> dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config >>> aci: (targetattr=nsslapd-readonly)(version 3.0; acl "Allow marking >>> the databas >>> e readonly"; allow (write) groupdn = "ldap:///cn=Remove >>> Replication Agreement >>> s,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> >>> # search result >>> search: 2 >>> result: 0 Success >>> >>> # numResponses: 12 >>> # numEntries: 11 >>> >>> ============================================================================ >>> >>> 4. ACL on dc1 when it's now a Fedora 23 FreeIPA 4.2.3 server (now >>> missing some stuff) >>> ============================================================================ >>> >>> [root at dc1 yum.repos.d]# ldapsearch -D "cn=directory manager" -W -b >>> "cn=config" "(aci=*)" aci >>> Enter LDAP Password: >>> # extended LDIF >>> # >>> # LDAPv3 >>> # base with scope subtree >>> # filter: (aci=*) >>> # requesting: aci >>> # >>> >>> # config >>> dn: cn=config >>> aci: (targetattr != aci)(version 3.0; aci "cert manager read >>> access"; allow (r >>> ead, search, compare) userdn = >>> "ldap:///uid=pkidbuser,ou=people,o=ipaca";) >>> aci: (target = "ldap:///cn=automember rebuild >>> membership,cn=tasks,cn=config")( >>> targetattr=*)(version 3.0;acl "permission:Add Automember Rebuild >>> Membership T >>> ask";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild >>> Membership Task >>> ,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> aci: (targetattr = "cn || createtimestamp || entryusn || >>> modifytimestamp || ob >>> jectclass || passsyncmanagersdns*")(target = >>> "ldap:///cn=ipa_pwd_extop,cn=plu >>> gins,cn=config")(version 3.0;acl "permission:Read PassSync >>> Managers Configura >>> tion";allow (compare,read,search) groupdn = "ldap:///cn=Read >>> PassSync Manager >>> s Configuration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> aci: (targetattr = "passsyncmanagersdns*")(target = >>> "ldap:///cn=ipa_pwd_extop, >>> cn=plugins,cn=config")(version 3.0;acl "permission:Modify >>> PassSync Managers C >>> onfiguration";allow (write) groupdn = "ldap:///cn=Modify PassSync >>> Managers Co >>> nfiguration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> aci: (targetattr = "cn || createtimestamp || entryusn || >>> modifytimestamp || ns >>> slapd-directory* || objectclass")(target = >>> "ldap:///cn=config,cn=ldbm databas >>> e,cn=plugins,cn=config")(version 3.0;acl "permission:Read LDBM >>> Database Confi >>> guration";allow (compare,read,search) groupdn = "ldap:///cn=Read >>> LDBM Databas >>> e Configuration,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> aci: (version 3.0;acl "permission:Add Configuration >>> Sub-Entries";allow (add) g >>> roupdn = "ldap:///cn=Add Configuration >>> Sub-Entries,cn=permissions,cn=pbac,dc= >>> ipatestdomain,dc=net";) >>> >>> # SNMP, config >>> dn: cn=SNMP,cn=config >>> aci: (target="ldap:///cn=SNMP,cn=config")(targetattr >>> !="aci")(version 3.0;acl >>> "snmp";allow (read, search, compare)(userdn = "ldap:///anyone");) >>> >>> # tasks, config >>> dn: cn=tasks,cn=config >>> aci: (targetattr=*)(version 3.0; acl "Run tasks after replica >>> re-initializatio >>> n"; allow (add) groupdn = "ldap:///cn=Modify Replication >>> Agreements,cn=permis >>> sions,cn=pbac,dc=ipatestdomain,dc=net";) >>> aci: (targetattr=*)(version 3.0; acl "cert manager: Run tasks after >>> replica re >>> -initialization"; allow (add) userdn = >>> "ldap:///uid=pkidbuser,ou=people,o=ipa >>> ca";) >>> aci: (targetattr="*")(version 3.0; acl "Admin can read all tasks"; >>> allow (read >>> , compare, search) groupdn = >>> "ldap:///cn=admins,cn=groups,cn=accounts,dc=grip >>> atestdomain,dc=net";) >>> >>> # csusers, config >>> dn: ou=csusers,cn=config >>> aci: (targetattr != aci)(version 3.0; aci "cert manager manage >>> replication use >>> rs"; allow (all) userdn = >>> "ldap:///uid=pkidbuser,ou=people,o=ipaca";) >>> >>> # 1.3.6.1.4.1.4203.1.9.1.1, features, config >>> dn: oid=1.3.6.1.4.1.4203.1.9.1.1,cn=features,cn=config >>> aci: (targetattr != "aci")(version 3.0; acl "Sync Request Control"; >>> allow( rea >>> d, search ) userdn = "ldap:///all";) >>> >>> # 2.16.840.1.113730.3.4.9, features, config >>> dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config >>> aci: (targetattr !="aci")(version 3.0; acl "VLV Request Control"; >>> allow (read, >>> search, compare, proxy) userdn = "ldap:///anyone"; ) >>> >>> # dc\3Dipatestdomain\2Cdc\3Dnet, mapping tree, config >>> dn: cn=dc\3Dipatestdomain\2Cdc\3Dnet,cn=mapping tree,cn=config >>> aci: (targetattr=*)(version 3.0;acl "permission:Add Replication >>> Agreements";al >>> low (add) groupdn = "ldap:///cn=Add Replication >>> Agreements,cn=permissions,cn= >>> pbac,dc=ipatestdomain,dc=net";) >>> aci: >>> (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd >>> s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl >>> ass=nsMappingTree))")(version 3.0; acl "permission:Modify >>> Replication Agreeme >>> nts"; allow (read, write, search) groupdn = "ldap:///cn=Modify >>> Replication Ag >>> reements,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> aci: >>> (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob >>> jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl >>> "permission:Rem >>> ove Replication Agreements";allow (delete) groupdn = >>> "ldap:///cn=Remove Repli >>> cation Agreements,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> >>> # o\3Dipaca, mapping tree, config >>> dn: cn=o\3Dipaca,cn=mapping tree,cn=config >>> aci: (targetattr=*)(version 3.0;acl "cert manager: Add Replication >>> Agreements" >>> ;allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) >>> aci: >>> (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd >>> s5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectCl >>> ass=nsMappingTree))")(version 3.0; acl "cert manager: Modify >>> Replication Agre >>> ements"; allow (read, write, search) userdn = >>> "ldap:///uid=pkidbuser,ou=peopl >>> e,o=ipaca";) >>> aci: >>> (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob >>> jectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl >>> "cert manager: >>> Remove Replication Agreements";allow (delete) userdn = >>> "ldap:///uid=pkidbuser >>> ,ou=people,o=ipaca";) >>> >>> # ldbm database, plugins, config >>> dn: cn=ldbm database,cn=plugins,cn=config >>> aci: (targetattr=*)(version 3.0; acl "Cert Manager access for VLV >>> searches"; a >>> llow (read) userdn="ldap:///uid=pkidbuser,ou=people,o=ipaca";) >>> >>> # Posix IDs, Distributed Numeric Assignment Plugin, plugins, config >>> dn: cn=Posix IDs,cn=Distributed Numeric Assignment >>> Plugin,cn=plugins,cn=config >>> aci: (targetattr=dnaNextRange || dnaNextValue || >>> dnaMaxValue)(version 3.0;acl >>> "permission:Modify DNA Range";allow (write) groupdn = >>> "ldap:///cn=Modify DNA >>> Range,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> aci: (targetattr=cn || dnaMaxValue || dnaNextRange || dnaNextValue >>> || dnaThre >>> shold || dnaType || objectclass)(version 3.0;acl "permission:Read >>> DNA Range"; >>> allow (read, search, compare) groupdn = "ldap:///cn=Read DNA >>> Range,cn=permiss >>> ions,cn=pbac,dc=ipatestdomain,dc=net";) >>> >>> # userRoot, ldbm database, plugins, config >>> dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config >>> aci: (targetattr=nsslapd-readonly)(version 3.0; acl "Allow marking >>> the databas >>> e readonly"; allow (write) groupdn = "ldap:///cn=Remove >>> Replication Agreement >>> s,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) >>> >>> # search result >>> search: 2 >>> result: 0 Success >>> >>> # numResponses: 12 >>> # numEntries: 11 >>> >>> >>> >>> -----Original Message----- >>> From: Rich Megginson [mailto:rmeggins at redhat.com] >>> Sent: January-22-16 10:24 AM >>> To: Nathan Peters; freeipa-users at redhat.com >>> Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation >>> fails with DuplicateEntry: This entry already exists >>> >>> On 01/22/2016 11:04 AM, Nathan Peters wrote: >>>> Wow, strange stuff, the search I linked in the last email for our >>>> non working dev environment seems short some entries. >>>> >>>> For comparison, here is the same search run against our currently >>>> working prod environment. >>>> >>>> As you can see, our prod environment has a huge aci on the config >>>> tree. >>>> >>>> For reference, our prod and dev environments were identical >>>> (FreeIPA 4.1.4/CentOS7.1) before I updated our dev environment to >>>> CentOS7.2/FreeIPA4.2.0 -> Fedora23/FreeIPA4.2.3 -> >>>> Fedora23/FreeIPA4.3.0. So at some point during this upgrade >>>> process I assume maybe one of the installers deleted acis on our >>>> tree? That sounds like the kind of thing that would happen when >>>> introducing the new domain level functionality in 4.3, like if >>>> someone accidentally thought "oh this replica branch is now in a >>>> globally replicated section, we can remove these acis for this >>>> local stuff..." and then put that logic into the installer or >>>> something... >>>> >>>> The real question is, is there some good way of getting those aci's >>>> back, like a fixaci command? >>> I don't know. >>> > From Lachlan.Simpson at petermac.org Wed Jan 27 01:39:03 2016 From: Lachlan.Simpson at petermac.org (Simpson Lachlan) Date: Wed, 27 Jan 2016 01:39:03 +0000 Subject: [Freeipa-users] ipa-trust and SRV records Message-ID: <0137003026EBE54FBEC540C5600C03C4330FB2@PMC-EXMBX02.petermac.org.au> At the end of the installation of the ipa-adtrust-install, there is a message along the lines of: Add the following service records to your DNS server for DNS zone unix.co.org.au: _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs _ldap._tcp.dc._msdcs _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs _kerberos._tcp.dc._msdcs _kerberos._udp.Default-First-Site-Name._sites.dc._msdcs _kerberos._udp.dc._msdcs Which has, I think, been the cause of all of my grief. Do these SRV records in AD represent the minimum DNS set up required in Active Directory (my setup is a one way trust from FreeIPA to an AD over which I have no control, and all DNS is passed up to AD)? These records are required so that the FreeIPA server can find the AD servers? Also, is it fair to infer that Default-First-Site-Name is in our case co.org.au? Cheers L. This email (including any attachments or links) may contain confidential and/or legally privileged information and is intended only to be read or used by the addressee. If you are not the intended addressee, any use, distribution, disclosure or copying of this email is strictly prohibited. Confidentiality and legal privilege attached to this email (including any attachments) are not waived or lost by reason of its mistaken delivery to you. If you have received this email in error, please delete it and notify us immediately by telephone or email. Peter MacCallum Cancer Centre provides no guarantee that this transmission is free of virus or that it has not been intercepted or altered and will not be liable for any delay in its receipt. From Nathan.Peters at globalrelay.net Wed Jan 27 01:54:19 2016 From: Nathan.Peters at globalrelay.net (Nathan Peters) Date: Wed, 27 Jan 2016 01:54:19 +0000 Subject: [Freeipa-users] Freeipa 4.3.0 : Forward only Policy fails for reverse lookup zones Message-ID: I have my FreeIPA server setup with a forward only policy for DNS. If I perform an nslookup against either of the configured forward servers, I can do a reverse lookup properly. If I perform the same nslookup against my local server, it will not find the entry. I have confirmed that there are no conflicting zones or reverse zones on my FreeIPA server. Tests below : 1. Show forwarding configuration 2. Test lookup against localhost of own domain name (prove we can find records we host as primary) 3. Prove we can do forward lookup on the host that we can't reverse lookup on 4. Reverse lookup fails against localhost 5. Reverse lookup succeeds against forward server 1 6. Reverse lookup succeeds against forward server 2 So... if I am set to always forward, and I don't host this domain (or a parent of it), and I can lookup the server on my forwarded domains, Then... why can't that query get forwarded properly according to my forwarding settings ? 1. =========================== [root at dc2-ipa-dev-van ~]# ipa dnsconfig-show Global forwarders: 10.21.0.15, 10.21.0.14 Forward policy: only Allow PTR sync: TRUE 2. =========================== [root at dc2-ipa-dev-van ~]# nslookup > dc2-ipa-dev-van.dev-mydomain.net Server: 127.0.0.1 Address: 127.0.0.1#53 Name: dc2-ipa-dev-van.dev-mydomain.net Address: 10.21.0.98 3. =========================== > officedc2.office.mydomain.net Server: 127.0.0.1 Address: 127.0.0.1#53 Non-authoritative answer: Name: officedc2.office.mydomain.net Address: 10.6.60.6 4. =========================== > 10.6.60.6 Server: 127.0.0.1 Address: 127.0.0.1#53 ** server can't find 6.60.6.10.in-addr.arpa: NXDOMAIN 5. =========================== > server 10.21.0.14 Default server: 10.21.0.14 Address: 10.21.0.14#53 > 10.6.60.6 Server: 10.21.0.14 Address: 10.21.0.14#53 Non-authoritative answer: 6.60.6.10.in-addr.arpa name = officedc2.office.mydomain.net. Authoritative answers can be found from: 6. =========================== > server 10.21.0.15 Default server: 10.21.0.15 Address: 10.21.0.15#53 > 10.6.60.6 Server: 10.21.0.15 Address: 10.21.0.15#53 Non-authoritative answer: 6.60.6.10.in-addr.arpa name = officedc2.office.mydomain.net. Authoritative answers can be found from: > -------------- next part -------------- An HTML attachment was scrubbed... URL: From timm at spring.co.nz Wed Jan 27 02:53:02 2016 From: timm at spring.co.nz (Tim Moor) Date: Wed, 27 Jan 2016 02:53:02 +0000 Subject: [Freeipa-users] help Message-ID: <73BB5BAE-9EB5-4022-9F79-E8E22164A60D@spring.co.nz> -------------- next part -------------- An HTML attachment was scrubbed... URL: From Nathan.Peters at globalrelay.net Wed Jan 27 05:23:11 2016 From: Nathan.Peters at globalrelay.net (Nathan Peters) Date: Wed, 27 Jan 2016 05:23:11 +0000 Subject: [Freeipa-users] Freeipa 4.3.0 : Forward only Policy fails for reverse lookup zones Message-ID: I don't know if this is a bug or intended behavior, but if I set those values also in named.conf manually, forwarding of arpa zones works. I had to do this : ---snip--- forward only; forwarders { 10.21.0.14; 10.21.0.15; }; ---snip--- Previously my file looked like this ---snip --- forward only; forwarders { }; ---snip--- But that shouldn't have mattered, because the server was properly using the ldap global settings for forwarding regular lookups and overriding the named.conf settings properly. From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Nathan Peters Sent: January-26-16 6:03 PM To: freeipa-users at redhat.com Subject: [Freeipa-users] Freeipa 4.3.0 : Forward only Policy fails for reverse lookup zones I have my FreeIPA server setup with a forward only policy for DNS. If I perform an nslookup against either of the configured forward servers, I can do a reverse lookup properly. If I perform the same nslookup against my local server, it will not find the entry. I have confirmed that there are no conflicting zones or reverse zones on my FreeIPA server. Tests below : 1. Show forwarding configuration 2. Test lookup against localhost of own domain name (prove we can find records we host as primary) 3. Prove we can do forward lookup on the host that we can't reverse lookup on 4. Reverse lookup fails against localhost 5. Reverse lookup succeeds against forward server 1 6. Reverse lookup succeeds against forward server 2 So... if I am set to always forward, and I don't host this domain (or a parent of it), and I can lookup the server on my forwarded domains, Then... why can't that query get forwarded properly according to my forwarding settings ? 1. =========================== [root at dc2-ipa-dev-van ~]# ipa dnsconfig-show Global forwarders: 10.21.0.15, 10.21.0.14 Forward policy: only Allow PTR sync: TRUE 2. =========================== [root at dc2-ipa-dev-van ~]# nslookup > dc2-ipa-dev-van.dev-mydomain.net Server: 127.0.0.1 Address: 127.0.0.1#53 Name: dc2-ipa-dev-van.dev-mydomain.net Address: 10.21.0.98 3. =========================== > officedc2.office.mydomain.net Server: 127.0.0.1 Address: 127.0.0.1#53 Non-authoritative answer: Name: officedc2.office.mydomain.net Address: 10.6.60.6 4. =========================== > 10.6.60.6 Server: 127.0.0.1 Address: 127.0.0.1#53 ** server can't find 6.60.6.10.in-addr.arpa: NXDOMAIN 5. =========================== > server 10.21.0.14 Default server: 10.21.0.14 Address: 10.21.0.14#53 > 10.6.60.6 Server: 10.21.0.14 Address: 10.21.0.14#53 Non-authoritative answer: 6.60.6.10.in-addr.arpa name = officedc2.office.mydomain.net. Authoritative answers can be found from: 6. =========================== > server 10.21.0.15 Default server: 10.21.0.15 Address: 10.21.0.15#53 > 10.6.60.6 Server: 10.21.0.15 Address: 10.21.0.15#53 Non-authoritative answer: 6.60.6.10.in-addr.arpa name = officedc2.office.mydomain.net. Authoritative answers can be found from: > -------------- next part -------------- An HTML attachment was scrubbed... URL: From abokovoy at redhat.com Wed Jan 27 05:37:33 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Wed, 27 Jan 2016 07:37:33 +0200 Subject: [Freeipa-users] ipa-trust and SRV records In-Reply-To: <0137003026EBE54FBEC540C5600C03C4330FB2@PMC-EXMBX02.petermac.org.au> References: <0137003026EBE54FBEC540C5600C03C4330FB2@PMC-EXMBX02.petermac.org.au> Message-ID: <20160127053733.GD8506@redhat.com> On Wed, 27 Jan 2016, Simpson Lachlan wrote: >At the end of the installation of the ipa-adtrust-install, there is a >message along the lines of: > >Add the following service records to your DNS server for DNS zone >unix.co.org.au: > > _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs > _ldap._tcp.dc._msdcs > _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs > _kerberos._tcp.dc._msdcs > _kerberos._udp.Default-First-Site-Name._sites.dc._msdcs > _kerberos._udp.dc._msdcs > > >Which has, I think, been the cause of all of my grief. > >Do these SRV records in AD represent the minimum DNS set up required in >Active Directory (my setup is a one way trust from FreeIPA to an AD >over which I have no control, and all DNS is passed up to AD)? These records are required to exist in the DNS zone of IPA. >These records are required so that the FreeIPA server can find the AD >servers? These records are required so that AD DCs know where to find IPA domain controllers. >Also, is it fair to infer that Default-First-Site-Name is in our case co.org.au? No, this is literal string, it has to be this way. -- / Alexander Bokovoy From Nathan.Peters at globalrelay.net Wed Jan 27 06:07:00 2016 From: Nathan.Peters at globalrelay.net (Nathan Peters) Date: Wed, 27 Jan 2016 06:07:00 +0000 Subject: [Freeipa-users] FreeIPA 4.3.0 Trust with AD Fails with RemoteRetrieveError Message-ID: I'm trying to create a trust with AD on FreeIPA 4.3.0 domain at domain level 1. When I try though the cli I get this error : ipa: ERROR: communication with CIFS server was unsuccessful When I try through the web ui I get : IPA Error 4016: RemoteRetrieveError Following debugging steps and setting loglevel to 100 gives a whole pile of stuff that doesn't seem to indicate the actual cause of the failure. It ends with these errors : lsa_lsaRSetForestTrustInformation: struct lsa_lsaRSetForestTrustInformation out: struct lsa_lsaRSetForestTrustInformation collision_info : * collision_info : NULL result : NT_STATUS_INVALID_PARAMETER rpc reply data: [0000] 00 00 00 00 0D 00 00 C0 ........ lsa_QueryTrustedDomainInfoByName: struct lsa_QueryTrustedDomainInfoByName in: struct lsa_QueryTrustedDomainInfoByName handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000d-0000-0000-a856-ba5c507f0000 trusted_domain : * trusted_domain: struct lsa_String length : 0x002c (44) size : 0x002c (44) string : * string : 'office.mydomain.net' level : LSA_TRUSTED_DOMAIN_INFO_FULL_INFO (8) rpc request data: lsa_QueryTrustedDomainInfoByName: struct lsa_QueryTrustedDomainInfoByName out: struct lsa_QueryTrustedDomainInfoByName info : * info : NULL result : NT_STATUS_OBJECT_NAME_NOT_FOUND rpc reply data: [0000] 00 00 00 00 34 00 00 C0 ....4... lsa_CreateTrustedDomainEx2: struct lsa_CreateTrustedDomainEx2 in: struct lsa_CreateTrustedDomainEx2 policy_handle : * policy_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000d-0000-0000-a856-ba5c507f0000 info : * info: struct lsa_TrustDomainInfoInfoEx domain_name: struct lsa_StringLarge length : 0x002c (44) size : 0x002e (46) string : * string : 'office.mydomain.net' netbios_name: struct lsa_StringLarge length : 0x000c (12) size : 0x000e (14) string : * string : 'OFFICE' sid : * sid : S-1-5-21-3104402935-1443057687-1106712449 trust_direction : 0x00000001 (1) 1: LSA_TRUST_DIRECTION_INBOUND 0: LSA_TRUST_DIRECTION_OUTBOUND trust_type : LSA_TRUST_TYPE_UPLEVEL (2) trust_attributes : 0x00000000 (0) 0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE 0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY 0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN 0: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE 0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION 0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST 0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL 0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION auth_info_internal : * auth_info_internal: struct lsa_TrustDomainInfoAuthInfoInternal auth_blob: struct lsa_DATA_BUF2 size : 0x00000440 (1088) data : * data: ARRAY(1088) lsa_CreateTrustedDomainEx2: struct lsa_CreateTrustedDomainEx2 out: struct lsa_CreateTrustedDomainEx2 trustdom_handle : * trustdom_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_UNSUCCESSFUL rpc reply data: [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 01 00 00 C0 ........ [Tue Jan 26 21:59:34.411382 2016] [wsgi:error] [pid 29762] ipa: INFO: [jsonserver_kerb] admin at DEV-MYDOMAIN.NET: trust_add(u'office.mydomain.net', trust_type=u'ad', realm_admin=u'Administrator', realm_passwd=u'********', all=False, raw=False, version=u'2.163'): RemoteRetrieveError -------------- next part -------------- An HTML attachment was scrubbed... URL: From mkosek at redhat.com Wed Jan 27 07:24:27 2016 From: mkosek at redhat.com (Martin Kosek) Date: Wed, 27 Jan 2016 08:24:27 +0100 Subject: [Freeipa-users] Upgrading from 3.0.0 CentOS6 to 4.2.3 CentOS7 In-Reply-To: References: <564EE884.6060909@redhat.com> <564F46BB.8060906@redhat.com> <56A79741.30707@redhat.com> Message-ID: <56A870AB.6080304@redhat.com> On 01/26/2016 09:45 PM, Ash Alam wrote: > I didnt want to dig up an old thread but i am running into this issue. The > old thread points to Pki 10.2.6 as the solution but i am not seeing that > package on centos 7.2. > > STDERR: ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to > configure CA instance: Command ''/usr/sbin/pkispawn' '-s' 'CA' '-f' > '/tmp/tmpHfdvFD'' returned non-zero exit status 1 CCing David and Endi, they might have an idea what is wrong. There were several recent fixes, to again fix RHEL-6 to RHEL-7 migration, we would need to check if you have them installed. As for your RHEL-6 IPA setup, is it running with External CA, i.e. IPA CA with being signed with other CA? > > On Tue, Jan 26, 2016 at 12:14 PM, Ash Alam wrote: > >> thank you! Out of curiosity has anyone been able to automate this using >> chef/puppet etc? >> >> On Tue, Jan 26, 2016 at 10:56 AM, Martin Kosek wrote: >> >>> Did you follow the instructions in the error message? There is also a >>> longer >>> description here: >>> >>> >>> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/upgrading.html#migrating-ipa-proc >>> >>> Martin >>> >>> On 01/26/2016 04:38 PM, Ash Alam wrote: >>>> I wanted to follow up on this as i finally gotten around to doing the >>>> upgrade. I an running into this error. I also found a bugzilla ticket. >>> Do >>>> you have to do some type of schema upgrade like you do with active >>>> directory? >>>> >>>> https://bugzilla.redhat.com/show_bug.cgi?id=1235766 >>>> >>>> STDERR: ipa : CRITICAL The master CA directory server does >>> not >>>> have necessary schema. Please copy the following script to all CA >>> masters >>>> and run it on them: /usr/share/ipa/copy-schema-to-ca.py >>>> >>>> If you are certain that this is a false positive, use >>>> --skip-schema-check. >>>> >>>> ipa.ipapython.install.cli.install_tool(Replica): ERROR IPA schema >>>> missing on master CA directory server >>>> >>>> >>>> >>>> Thank You >>>> >>>> >>>> >>>> >>>> On Fri, Nov 20, 2015 at 11:13 AM, Martin Kosek >>> wrote: >>>> >>>>> On 11/20/2015 04:08 PM, Ash Alam wrote: >>>>> >>>>>> Most of the clients in my env are centos 6.6 with ipa 3.0.0 client >>>>>> installed. I >>>>>> if bring up a replica on centos 7.2 with ipa 4.2.3 server and then >>> start >>>>>> phasing out the older 3.0.0 servers. Will the client that are still >>>>>> running the >>>>>> older client software still work? >>>>>> >>>>> >>>>> It should, yes. It is expected that there are RHEL/CentOS-6 clients >>> with >>>>> RHEL-7 FreeIPA servers. The older clients just won't be able to use the >>>>> newest features. >>>>> >>>>> >>>>>> On Fri, Nov 20, 2015 at 4:31 AM, Martin Kosek >>>>> > wrote: >>>>>> >>>>>> On 11/19/2015 11:03 PM, Ash Alam wrote: >>>>>> >>>>>> Hello All >>>>>> >>>>>> I am looking for some advice on upgrading. Currently our >>> FreeIPA >>>>>> servers are >>>>>> 3.0.0 on centos 6.6. We are looking to go to 4.2.3 Centos7. >>> This >>>>>> upgrade path >>>>>> is not possible per IPA documentation. Minimum version >>> required >>>>>> is 3.3.x. I >>>>>> have also found that cenos6 does not provide anything past >>> 3.0.0. >>>>>> >>>>>> >>>>>> And it won't. There are no plans in updating FreeIPA version in >>>>>> RHEL/CentOS-6.x, we encourage people who want the new features to >>>>>> migrate >>>>>> to RHEL-7.x: >>>>>> >>>>>> >>>>>> >>> http://www.freeipa.org/page/Howto/Migration#Migrating_Identity_Management_in_RHEL.2FCentOS >>>>>> >>>>>> >>>>>> >>> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/upgrading.html#migrating-ipa-proc >>>>>> >>>>>> If you want to wait on CentOS-7.2, it should be in works now: >>>>>> http://seven.centos.org/2015/11/rhel-7-2-released-today/ >>>>>> >>>>>> One idea is to upgrade to 3.3.x first and then upgrade to >>> 4.2.3 >>>>>> on centos7. >>>>>> This is harder since centos does not provide this. The other >>>>>> issue is if >>>>>> 3.0/3.3 client will be supported with 4.2.3 server. >>>>>> >>>>>> >>>>>> The right way is to migrate via creating replicas in >>> RHEL/CentOS-7.x >>>>>> and >>>>>> slowly deprecating RHEL/CentOS-6 ones. Detailed procedure in the >>>>>> links above. >>>>>> >>>>>> >>>>>> >>>>> >>>> >>> >>> >> > From mkosek at redhat.com Wed Jan 27 07:30:14 2016 From: mkosek at redhat.com (Martin Kosek) Date: Wed, 27 Jan 2016 08:30:14 +0100 Subject: [Freeipa-users] ipa-admintools version incompatibility In-Reply-To: References: <56A79A47.7050900@redhat.com> Message-ID: <56A87206.6030309@redhat.com> Adding freeipa-users list back, so that others benefit from the discussion. On 01/26/2016 07:47 PM, Izzo, Anthony wrote: > The error I'm getting is that the option "raw" is invalid. The dnsrecord-del command includes a "--raw" switch on RHEL6, but not on RHEL7. I am not using the switch, but according to the debug output, RHEL6 is passing "raw" (as a parameter with a value) unconditionally, with the value indicating whether the flag was selected or not. Since RHEL7 does not accept "raw", it fails. Ah, I see. It looks like we broke forward compatibility of this command in https://fedorahosted.org/freeipa/ticket/3503 I think dnsrecord-del should at least "eat" the options withour raising error. CCing Martin Basti to eventually create ticket for it. Martin, can you think of any workaround that Anthony could use, besides using nsupdate? > I hadn't thought about using the nsupdate tool, I'll give that a shot. Thanks. > > Tony > > -----Original Message----- > From: Martin Kosek [mailto:mkosek at redhat.com] > Sent: Tuesday, January 26, 2016 11:10 AM > To: Izzo, Anthony (U.S. Person) ; freeipa-users at redhat.com > Subject: Re: [Freeipa-users] ipa-admintools version incompatibility > > On 01/26/2016 04:22 PM, Izzo, Anthony wrote: >> I have a FreeIPA 4.2 server (on RHEL7) and a FreeIPA 3.0 client (on RHEL6). I am aware of the incompatibility between versions for ipa-admintools (in my case I'm trying to use ipa dnsrecord-del). I was just wondering if there is a workaround that would allow me, from my 3.0 client, to delete a DNS PTR record on the 4.2 server, since I can't use the ipa dnsrecord-del command (the APIs are different, and the server responds that I've sent an invalid option). Thanks. > > That's strange, client should be forward compatible already: > > http://www.freeipa.org/page/Client#IPA_management_tool > > , i.e. RHEL-6 clients should be able to update RHEL-7 servers. We would know more if you send us the error. > > Anyway, given you are only updating DNS, maybe you could just use standard Kerberos-authenticated DNS update (nsupdate tool), to delete that PTR record? > From mkosek at redhat.com Wed Jan 27 07:37:16 2016 From: mkosek at redhat.com (Martin Kosek) Date: Wed, 27 Jan 2016 08:37:16 +0100 Subject: [Freeipa-users] FREAK Vulnerability In-Reply-To: References: <56A0F065.7050407@redhat.com> <56A1FE59.5010407@redhat.com> Message-ID: <56A873AC.1010801@redhat.com> On 01/26/2016 05:39 PM, Terry John wrote: > Thanks for this. I've had a look today > We are running: > > ipa-server.x86_64 3.0.0-47.el6.centos > > and some of the directives did not work, namely allowWeakCipher, sslVersionMin and sslVersionMax . So I commented them out > The ldapupdater then seems happy but when I went to restart IPA. The ldap server wasn't happy with cipher TLS_RSA_WITH_AES_256_CBC_SHA256 and would not start. Usually, when DS is not starting after some change in configuration, you can manually update the dse.ldif in /etc/dirsrv/... and start again. As for RHEL-6 support, old SSL ciphers should be disabled since ipa-3.0.0-46.el6, 389-ds-base-1.2.11.15-51.el6: https://bugzilla.redhat.com/show_bug.cgi?id=1131049 https://bugzilla.redhat.com/show_bug.cgi?id=1153739 The options are normally used in RHEL-7.1+: https://bugzilla.redhat.com/show_bug.cgi?id=1117979 they may have not been backported to RHEL-6 also, I am not sure. > > Now I can't change anything and it doesn't work. Reaching for my backup..... > > Terry > > -----Original Message----- > From: Christian Heimes [mailto:cheimes at redhat.com] > Sent: 22 January 2016 10:03 > To: Terry John; Martin Kosek; freeipa-users at redhat.com > Subject: Re: [Freeipa-users] FREAK Vulnerability > > On 2016-01-21 17:54, Terry John wrote: >> Thanks for the info. I have tried nearly all the NSSCipherSuite settings in that ticket but none so far has eliminated the FREAK report. >> Christian thanks for the heads up on the syntax, I wasn't sure of what >> I was doing >> >> Each time I've made a change I've run an sslscan from the OpenVAS scanner and I do get a different result each time but the errors still remains in OpenVAS. >> Aaargh! Just noticed the port is 636/tcp(!) which is ns-slapd. >> >> Back to the drawing board :-) > > Hi Terry, > > you can give the attached file a try. It's a ldif file for ipa-ldap-updater. You need to run the command on the machine as root and restart 389-DS. > > The hardened TLS configuration is highly experimental and comes with no warranty whatsoever. The configuration works on my tests systems with Python's ldap client and Apache Directory Studio. It may not work with other clients, especially older clients or clients in FIPS mode. > > Christian > > > > The Manheim group of companies within the UK comprises: Manheim Europe Limited (registered number: 03183918), Manheim Auctions Limited (registered number: 00448761), Manheim Retail Services Limited (registered number: 02838588), Motors.co.uk Limited (registered number: 05975777), Real Time Communications Limited (registered number: 04277845) and Complete Automotive Solutions Limited (registered number: 05302535). Each of these companies is registered in England and Wales with the registered office address of Central House, Leeds Road, Rothwell, Leeds LS26 0JE. The Manheim group of companies operates under various brand/trading names including Manheim Inspection Services, Manheim Auctions, Manheim Direct, Manheim De-fleet and Manheim Aftersales Solutions. > > V:0CF72C13B2AC > > From pspacek at redhat.com Wed Jan 27 08:23:19 2016 From: pspacek at redhat.com (Petr Spacek) Date: Wed, 27 Jan 2016 09:23:19 +0100 Subject: [Freeipa-users] Freeipa 4.3.0 : Forward only Policy fails for reverse lookup zones In-Reply-To: References: Message-ID: <56A87E77.1030105@redhat.com> On 27.1.2016 02:54, Nathan Peters wrote: > I have my FreeIPA server setup with a forward only policy for DNS. > > If I perform an nslookup against either of the configured forward servers, I can do a reverse lookup properly. > > If I perform the same nslookup against my local server, it will not find the entry. > > I have confirmed that there are no conflicting zones or reverse zones on my FreeIPA server. > > Tests below : > > 1. Show forwarding configuration > > 2. Test lookup against localhost of own domain name (prove we can find records we host as primary) > > 3. Prove we can do forward lookup on the host that we can't reverse lookup on > > 4. Reverse lookup fails against localhost > > 5. Reverse lookup succeeds against forward server 1 > > 6. Reverse lookup succeeds against forward server 2 > > So... if I am set to always forward, and I don't host this domain (or a parent of it), and I can lookup the server on my forwarded domains, > > Then... why can't that query get forwarded properly according to my forwarding settings ? > > 1. =========================== > [root at dc2-ipa-dev-van ~]# ipa dnsconfig-show > Global forwarders: 10.21.0.15, 10.21.0.14 > Forward policy: only > Allow PTR sync: TRUE > 2. =========================== > [root at dc2-ipa-dev-van ~]# nslookup >> dc2-ipa-dev-van.dev-mydomain.net > Server: 127.0.0.1 > Address: 127.0.0.1#53 > > Name: dc2-ipa-dev-van.dev-mydomain.net > Address: 10.21.0.98 > 3. =========================== >> officedc2.office.mydomain.net > Server: 127.0.0.1 > Address: 127.0.0.1#53 > > Non-authoritative answer: > Name: officedc2.office.mydomain.net > Address: 10.6.60.6 > 4. =========================== >> 10.6.60.6 > Server: 127.0.0.1 > Address: 127.0.0.1#53 > > ** server can't find 6.60.6.10.in-addr.arpa: NXDOMAIN > 5. =========================== >> server 10.21.0.14 > Default server: 10.21.0.14 > Address: 10.21.0.14#53 >> 10.6.60.6 > Server: 10.21.0.14 > Address: 10.21.0.14#53 > > Non-authoritative answer: > 6.60.6.10.in-addr.arpa name = officedc2.office.mydomain.net. > > Authoritative answers can be found from: > 6. =========================== >> server 10.21.0.15 > Default server: 10.21.0.15 > Address: 10.21.0.15#53 >> 10.6.60.6 > Server: 10.21.0.15 > Address: 10.21.0.15#53 > > Non-authoritative answer: > 6.60.6.10.in-addr.arpa name = officedc2.office.mydomain.net. > > Authoritative answers can be found from: Hello, I suspect that you hit an an deficiency in bind-dyndb-ldap: https://fedorahosted.org/bind-dyndb-ldap/ticket/160 I'm working on a fix but it is not ready yet. Workaround is to add following line to named.conf on all IPA servers: disable-empty-zone "10.in-addr.arpa."; Please confirm that it works for you. -- Petr^2 Spacek From marat.vyshegorodtsev at gmail.com Wed Jan 27 08:55:27 2016 From: marat.vyshegorodtsev at gmail.com (Marat Vyshegorodtsev) Date: Wed, 27 Jan 2016 17:55:27 +0900 Subject: [Freeipa-users] Service account to enroll hosts Message-ID: Hi! I'm trying to build an auto-enrollment script that would leverage a service account to enroll hosts. Here is the LDIF for this service account: https://gist.github.com/touzoku/2b03a47d3f0bcfbdf30a This service account is created successfully, but when I try to: 1) kinit hostadmin 2) ipa host-add foobar.contoso.com The following error appears: ipa: ERROR: Insufficient access: Insufficient 'add' privilege to add the entry 'fqdn=foobar.contoso.com,cn=computers,cn=accounts,dc=contoso,dc=com'. Which privilege am I missing? A normal (posix) user, with the same set of privileges worked fine, the problem started to happen when I moved user from normal users to cn=sysaccounts,cn=etc. Also, is my set of privileges minimal? Which privileges do I need to just add host entries? Best regards, Marat Vyshegorodtsev From wodel.youchi at gmail.com Wed Jan 27 08:56:44 2016 From: wodel.youchi at gmail.com (wodel youchi) Date: Wed, 27 Jan 2016 09:56:44 +0100 Subject: [Freeipa-users] Migration from openLDAP to FreeIPA with qmail.schema In-Reply-To: <56A79C84.7030102@redhat.com> References: <56A74201.6010306@redhat.com> <56A78DAB.90509@redhat.com> <56A79C84.7030102@redhat.com> Message-ID: Hi again, Thanks for all your help, I have another question. In my openldap I use qmail for only these attributes : *mailQuotaSize*, *mailAlternateAddress*, *mailForwardingAddress* and *accountStatus* Searching in ipa's schema I found this schema *50ns-mail.ldif*, this schema provides these compatible attributes : *mailQuota*, *mailAlternateAddress* and *mailForwardingAddress *but no accounStatus For accountStatus it is not a problem, there is an equivalent in Freeipa to tell if an account is disabled or not. My question: is there a way to tell the migration process to map *mailQuotaSize *from openldap to *mailQuota* on freeipa and so on. If I can do that, I don't have to import qmail schema into freeipa. Regards 2016-01-26 17:19 GMT+01:00 Martin Kosek : > On 01/26/2016 05:13 PM, wodel youchi wrote: > > Hi, > > > > For the first problem I redid the import using this syntax > > ipa -d -v migrate-ds --bind-dn "cn=admin,dc=example,dc=com" --with-compat > > --user-ignore-objectclass qmailuser --continue ldap://192.168.1.121:389 > > > > and it worked, all accounts were imported successfully. > > Good! > > > The thing I don't know where the query is getting qmailuser, since the > > objectclass imported is qmailUser!!! > > > > About the second problem, the error say (sorry for the french btw) : > > Error : the search for LDAP group do not return any result (search > > base ou=groups,dc=example,dc=com, > > objectClass : groupofuniquenames, groupofnames)) > > > > And I tested with this command > > ipa -d -v migrate-ds --bind-dn "cn=admin,dc=example,dc=com" --with-compat > > --group-objectclass=posixGroup --user-ignore-objectclass qmailuser > ldap:// > > 192.168.1.121:389 > > > > and it worked, as you said I had to add --group-objectclass=posixGroup > > Good! > > > Now, I need to added some of attributes to the Webui when creating a new > > user, for example mailQuotaSize, is there a way to do that? > > There is a way, although you still need to code a little in JavaScript. We > have > a HowTo here: > > https://www.freeipa.org/images/5/5b/FreeIPA33-extending-freeipa.pdf > > There is some example in "Extending the Web UI" section. If it does not > work, > Petr Vobornik should be able to advise. > > > > > Thanks for your help. > > Regards. > > > > > > 2016-01-26 16:15 GMT+01:00 Martin Kosek : > > > >> On 01/26/2016 02:20 PM, wodel youchi wrote: > >>> Hi, > >>> > >>> In the above log (httpd log) the LDAPEntry contains qmailuser and > >> qmailUser > >>> objectClasses, I don't know if this is what is causing the problem. > >> > >> That's probably it. Can you please try to lowercaser 'qmailUser' in the > >> FreeIPA > >> config and try the migration again? > >> > >>> Another thing, I can't import groups as well, I did add a simple group > to > >>> my ldap > >>> dn: ou=groups,dc=example,dc=com > >>> objectClass: organizationalUnit > >>> objectClass: top > >>> ou: groups > >>> structuralObjectClass: organizationalUnit > >>> > >>> dn: cn=vmail,ou=groups,dc=example,dc=com > >>> objectClass: top > >>> objectClass: posixGroup > >>> gidNumber: 5000 > >>> structuralObjectClass: posixGroup > >>> cn: vmail > >>> > >>> When I launch the migration command I get > >>> > >>> ipa: ERROR: La recherche LDAP group ne renvoie aucun r?sultat (base de > >>> recherche : ou=groups,dc=example,dc=com, classe d'objet : > >>> groupofuniquenames, groupofnames) > >>> > >>> any idea? > >> > >> I cannot really read French, but I suspect you could use the option > >> > >> --group-objectclass=STR > >> Objectclasses used to search for group entries > in > >> DS > >> > >> to specify the objectclass the migration should search (posixGroup in > your > >> case) > >> > >>> > >>> Regards. > >>> > >>> 2016-01-26 13:42 GMT+01:00 wodel youchi : > >>> > >>>> Hi again, > >>>> > >>>> This is what I get from httpd error_log > >>>> > >>>> [Tue Jan 26 13:38:02.394757 2016] [:error] [pid 7427] ipa: WARNING: > GID > >>>> number 1000 of migrated user jean.doe does not point to a known group. > >>>> [Tue Jan 26 13:38:02.397928 2016] [:error] [pid 7427] > >>>> > >> > LDAPEntry(ipapython.dn.DN('uid=jean.doe,cn=users,cn=accounts,dc=example,dc=com'), > >>>> {u'mailQuotaSize': ['2048000'], u'cn': ['DOE'], u'uid': [u'jean.doe'], > >>>> u'objectClass': [u'ipaobject', u'organizationalperson', u'qmailuser', > >>>> u'top', u'ipasshuser', u'inetorgperson', u'person', > >> u'krbticketpolicyaux', > >>>> u'krbprincipalaux', u'shadowaccount', u'qmailUser', u'inetuser', > >>>> u'posixaccount'], u'loginShell': ['/bin/bash'], u'uidNumber': > ['1001'], > >>>> u'gidNumber': [u'1000'], u'ipauniqueid': ['autogenerate'], > >>>> u'krbprincipalname': [u'jean.doe at EXAMPLE.COM'], u'mailMessageStore': > >>>> ['/var/vmail/jean.doe'], u'description': ['__no_upg__'], > u'displayName': > >>>> ['Jean Doe'], u'userPassword': > >> ['{SSHA}NIxCImzQDagloyVdMtheC4wDMUImxW85'], > >>>> u'accountStatus': ['yes'], u'mailAlternateAddress': [' > root at example.com', > >> ' > >>>> postmaster at example.com'], u'sn': ['Jean'], u'homeDirectory': > >>>> ['/var/vmail/jean.doe'], u'mail': ['jean.doe at example.com'], > >> u'givenName': > >>>> ['DOE']}) > >>>> [Tue Jan 26 13:38:02.398937 2016] [:error] [pid 7427] ipa: WARNING: > GID > >>>> number 1000 of migrated user jeane.doe does not point to a known > group. > >>>> [Tue Jan 26 13:38:02.399703 2016] [:error] [pid 7427] > >>>> > >> > LDAPEntry(ipapython.dn.DN('uid=jeane.doe,cn=users,cn=accounts,dc=example,dc=com'), > >>>> {u'mailQuotaSize': ['1024000'], u'cn': ['DOE'], u'uid': > [u'jeane.doe'], > >>>> u'objectClass': [u'ipaobject', u'organizationalperson', u'qmailuser', > >>>> u'top', u'ipasshuser', u'inetorgperson', u'person', > >> u'krbticketpolicyaux', > >>>> u'krbprincipalaux', u'shadowaccount', u'qmailUser', u'inetuser', > >>>> u'posixaccount'], u'loginShell': ['/bin/bash'], u'uidNumber': > ['1002'], > >>>> u'gidNumber': [u'1000'], u'ipauniqueid': ['autogenerate'], > >>>> u'krbprincipalname': [u'jeane.doe at EXAMPLE.COM'], u'mailMessageStore': > >>>> ['/var/vmail/jeane.doe'], u'description': ['__no_upg__'], > >> u'displayName': > >>>> ['Jeane Doe'], u'userPassword': > >> ['{SSHA}+fXBt+2vlneTFUDhnEv9YvHS4Zo65LIT'], > >>>> u'accountStatus': ['yes'], u'sn': ['Jeane'], u'homeDirectory': > >>>> ['/var/vmail/jeane.doe'], u'mail': ['jeane.doe at example.com'], > >>>> u'givenName': ['DOE']}) > >>>> > >>>> Regards. > >>>> > >>>> 2016-01-26 11:22 GMT+01:00 wodel youchi : > >>>> > >>>>> Thanks I will try and report back. > >>>>> > >>>>> I am using Centos 7.2x64 with latest updates > >>>>> > >>>>> and ipa-server-4.2.0-15.el7.centos.3.x86_64 > >>>>> > >>>>> Regards > >>>>> > >>>>> 2016-01-26 10:53 GMT+01:00 Martin Kosek : > >>>>> > >>>>>> On 01/26/2016 10:16 AM, wodel youchi wrote: > >>>>>>> Hi, > >>>>>>> > >>>>>>> I am a newbie in freeipa. I am trying to use it with our mail > server. > >>>>>> > >>>>>> Cool! What is your version of the FreeIPA server? It will be > important > >>>>>> for > >>>>>> further investigation. > >>>>>> > >>>>>>> Our mail server uses openldap with one external schema : > >> qmail.schema, > >>>>>> we > >>>>>>> use it especially for mailQuota, mailAlternateAddress, > >>>>>>> mailForwardingAddress and AccountStatus. > >>>>>>> > >>>>>>> I tried to import this schema to freeipa using ipa-ldap-updater. > >>>>>>> I am not sure if I succeeded, but when I tried : ipa config-mod > >>>>>>> --addattr=ipaGroupObjectClasses=qmailUser it worked and I can see > the > >>>>>>> objectClass. > >>>>>>> > >>>>>>> > >>>>>>> [root at ipamaster work]# ipa config-show --all > >>>>>>> dn: cn=ipaConfig,cn=etc,dc=example,dc=com > >>>>>>> Longueur maximale du nom d'utilisateur: 32 > >>>>>>> Base du r?pertoire utilisateur: /home > >>>>>>> Interpr?teur par d?faut: /bin/sh > >>>>>>> Groupe utilisateur par d?faut: ipausers > >>>>>>> Domaine par d?faut pour les courriels: example.com > >>>>>>> Limite de temps d'une recherche: 2 > >>>>>>> Limite de taille d'une recherche: 100 > >>>>>>> Champs de recherche utilisateur: > >>>>>> uid,givenname,sn,telephonenumber,ou,title > >>>>>>> Group search fields: cn,description > >>>>>>> Activer le mode migration: TRUE > >>>>>>> Base de sujet de certificat: O=EXAMPLE.COM > >>>>>>> Classes d'objets de groupe par d?faut: top, ipaobject, > >> groupofnames, > >>>>>>> ipausergroup, nestedgroup > >>>>>>> Classes d'objets utilisateur par d?faut: ipaobject, person, top, > >>>>>>> ipasshuser, inetorgperson, organizationalperson, > >>>>>>> krbticketpolicyaux, > >>>>>>> krbprincipalaux, *qmailUser*, inetuser, posixaccount > >>>>>>> Notification d'expiration de mot de passe (jours): 4 > >>>>>>> Fonctionnalit?s du greffon mots de passe: AllowNThash > >>>>>>> Ordre de la mappe des utilisateurs SELinux: > >>>>>>> > >>>>>> > >> > guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023 > >>>>>>> Utilisateur SELinux par d?faut: unconfined_u:s0-s0:c0.c1023 > >>>>>>> Types de PAC par d?faut: nfs:NONE, MS-PAC > >>>>>>> aci: (targetattr = "cn || createtimestamp || entryusn || > >>>>>>> ipacertificatesubjectbase || ipaconfigstring || ipacustomfields || > >>>>>>> ipadefaultemaildomain || ipadefaultloginshell || > >>>>>>> ipadefaultprimarygroup || ipagroupobjectclasses || > >>>>>>> ipagroupsearchfields || ipahomesrootdir || ipakrbauthzdata > || > >>>>>>> ipamaxusernamelength || ipamigrationenabled || > >>>>>>> ipapwdexpadvnotify || ipasearchrecordslimit || > >>>>>> ipasearchtimelimit || > >>>>>>> ipaselinuxusermapdefault || > >>>>>>> ipaselinuxusermaporder || ipauserauthtype || > >>>>>> ipauserobjectclasses || > >>>>>>> ipausersearchfields || modifytimestamp || > >>>>>>> objectclass")(targetfilter = > >>>>>> "(objectclass=ipaguiconfig)")(version > >>>>>>> 3.0;acl "permission:System: Read Global > >>>>>>> Configuration";allow (compare,read,search) userdn = > >>>>>> "ldap:///all";) > >>>>>>> cn: ipaConfig > >>>>>>> objectclass: ipaConfigObject, nsContainer, top, ipaGuiConfig, > >>>>>>> ipaUserAuthTypeClass > >>>>>>> > >>>>>>> Then I tried to migrate openldap's accounts, but without luck so > far > >>>>>>> #ipa -v migrate-ds --with-compat --bind-dn > >> "cn=admin,dc=example,dc=com" > >>>>>>> --continue ldap://192.168.1.121:389 > >>>>>>> ----------- > >>>>>>> migrate-ds: > >>>>>>> ----------- > >>>>>>> Migrated: > >>>>>>> Failed user: > >>>>>>> jean.doe: Type or value exists: > >>>>>>> jeane.doe: Type or value exists: > >>>>>>> Failed group: > >>>>>>> ---------- > >>>>>>> No users/groups were migrated from ldap://192.168.1.121:389 > >>>>>>> > >>>>>>> > >>>>>>> Here is an entry from openldap > >>>>>>> dn: uid=jeane.doe,ou=people,dc=example,dc=com > >>>>>>> loginShell: /bin/bash > >>>>>>> gidNumber: 1000 > >>>>>>> objectClass: top > >>>>>>> objectClass: qmailUser > >>>>>>> objectClass: inetOrgPerson > >>>>>>> objectClass: posixAccount > >>>>>>> objectClass: person > >>>>>>> objectClass: shadowAccount > >>>>>>> objectClass: organizationalPerson > >>>>>>> mail: jeane.doe at example.com > >>>>>>> givenName: DOE > >>>>>>> uid: jeane.doe > >>>>>>> uidNumber: 1002 > >>>>>>> displayName: Jeane Doe > >>>>>>> homeDirectory: /var/vmail/jeane.doe > >>>>>>> accountStatus: yes > >>>>>>> mailMessageStore: /var/vmail/jeane.doe > >>>>>>> structuralObjectClass: inetOrgPerson > >>>>>>> entryUUID: 3e8ee290-166f-1035-94d7-ef8fa27fbe71 > >>>>>>> creatorsName: cn=admin,dc=example,dc=com > >>>>>>> createTimestamp: 20151103120748Z > >>>>>>> userPassword:: e1NTSEF9K2ZYQnQrMnZsbmVURlVEaG5FdjlZdkhTNFpvNjVMSVQ= > >>>>>>> mailQuotaSize: 1024000 > >>>>>>> sn: Jeane > >>>>>>> cn: DOE > >>>>>>> entryCSN: 20160125162455.613052Z#000000#000#000000 > >>>>>>> modifiersName: cn=admin,dc=example,dc=com > >>>>>>> modifyTimestamp: 20160125162455Z > >>>>>>> > >>>>>>> What does "Type or value exists" means? > >>>>>> > >>>>>> That normally means that you have the same value for LDAP attribute > >>>>>> twice or > >>>>>> that you are trying to add multiple values for a single valued > >>>>>> attribute. I > >>>>>> wonder if we could get better logging, like how exactly the entry > >> looks > >>>>>> like > >>>>>> before it is added to LDAP. > >>>>>> > >>>>>> But right now, I cannot think about a better way than to updating > >>>>>> /usr/lib/python2.7/site-packages/ipalib/plugins/migration.py > >>>>>> on the FreeIPA server the following way (new print statement) > >>>>>> > >>>>>> try: > >>>>>> print entry_attrs > >>>>>> ldap.add_entry(entry_attrs) > >>>>>> except errors.ExecutionError, e: > >>>>>> > >>>>>> , restarting the httpd service and sending us the > >>>>>> /var/log/httpd/error_log > >>>>>> after the next migration attempt. Maybe Jan (CCed) knows a better > way. > >>>>>> > >>>>>>> PS: the qmail.schema presents two other objectClasses, but I didn't > >>>>>> add use > >>>>>>> them (qldapAdmin, qmailGroup) > >>>>>>> > >>>>>>> Regards > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>> > >>>>>> > >>>>> > >>>> > >>> > >> > >> > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mbasti at redhat.com Wed Jan 27 10:13:16 2016 From: mbasti at redhat.com (Martin Basti) Date: Wed, 27 Jan 2016 11:13:16 +0100 Subject: [Freeipa-users] ipa-admintools version incompatibility In-Reply-To: <56A87206.6030309@redhat.com> References: <56A79A47.7050900@redhat.com> <56A87206.6030309@redhat.com> Message-ID: <56A8983C.5050603@redhat.com> On 27.01.2016 08:30, Martin Kosek wrote: > Adding freeipa-users list back, so that others benefit from the discussion. > > On 01/26/2016 07:47 PM, Izzo, Anthony wrote: >> The error I'm getting is that the option "raw" is invalid. The dnsrecord-del command includes a "--raw" switch on RHEL6, but not on RHEL7. I am not using the switch, but according to the debug output, RHEL6 is passing "raw" (as a parameter with a value) unconditionally, with the value indicating whether the flag was selected or not. Since RHEL7 does not accept "raw", it fails. > Ah, I see. It looks like we broke forward compatibility of this command in > https://fedorahosted.org/freeipa/ticket/3503 > I think dnsrecord-del should at least "eat" the options withour raising error. > CCing Martin Basti to eventually create ticket for it. Martin, can you think of > any workaround that Anthony could use, besides using nsupdate? I'm not aware of any workaround on that particular client side Ticket filed: https://fedorahosted.org/freeipa/ticket/5644 Is there any issue that prevents you to use WebUI to remove dnsrecord, or calling dnsrecord-del on RHEL7 machine (or directly on server)? Martin^2 > >> I hadn't thought about using the nsupdate tool, I'll give that a shot. Thanks. >> >> Tony >> >> -----Original Message----- >> From: Martin Kosek [mailto:mkosek at redhat.com] >> Sent: Tuesday, January 26, 2016 11:10 AM >> To: Izzo, Anthony (U.S. Person) ; freeipa-users at redhat.com >> Subject: Re: [Freeipa-users] ipa-admintools version incompatibility >> >> On 01/26/2016 04:22 PM, Izzo, Anthony wrote: >>> I have a FreeIPA 4.2 server (on RHEL7) and a FreeIPA 3.0 client (on RHEL6). I am aware of the incompatibility between versions for ipa-admintools (in my case I'm trying to use ipa dnsrecord-del). I was just wondering if there is a workaround that would allow me, from my 3.0 client, to delete a DNS PTR record on the 4.2 server, since I can't use the ipa dnsrecord-del command (the APIs are different, and the server responds that I've sent an invalid option). Thanks. >> That's strange, client should be forward compatible already: >> >> http://www.freeipa.org/page/Client#IPA_management_tool >> >> , i.e. RHEL-6 clients should be able to update RHEL-7 servers. We would know more if you send us the error. >> >> Anyway, given you are only updating DNS, maybe you could just use standard Kerberos-authenticated DNS update (nsupdate tool), to delete that PTR record? >> From david.goudet at lyra-network.com Wed Jan 27 11:54:08 2016 From: david.goudet at lyra-network.com (David Goudet) Date: Wed, 27 Jan 2016 12:54:08 +0100 (CET) Subject: [Freeipa-users] Purge old entries in /var/lib/dirsrv/slapd-xxx/cldb/xxx.db4 file Message-ID: <137907826.3807515.1453895648208.JavaMail.zimbra@lyra-network.com> Hi, > Hi, On 12/22/2015 11:43 AM, David Goudet wrote: >> Hi, >> I have multimaster replication environment. On each replica, folder /var/lib/dirsrv/slapd-xxxx/cldb/ has big size (3~GB) and old entries in /var/lib/dirsrv/slapd-xxx/cldb/xxx.db4 have three month year old: >> sudo dbscan -f /var/lib/dirsrv/slapd-xxxx/cldb/ef155b03-dda611e2-a156db20-90xxx06_51c9aed900xxxxxx000.db4 | less dbid: 56239e5e000000040000 replgen: 1445174777 Sun Oct 18 15:26:17 2015 csn: 56239e5e000000040000 uniqueid: e55d5e01-26f211e4-9b60db20-90c3b706 dn: xxxx operation: modify krbLastSuccessfulAuth: 20151018132617Z modifiersname: cn=Directory Manager modifytimestamp: 20151018132617Z entryusn: 68030946 >> My questions are: >> a) How to purge old entries in file /var/lib/dirsrv/slapd-xxx/cldb/xxx.db4? (what is the procedure) >> b) What is the right configuration to limit increase of this file? > setting changelog maxage should be sufficient to trim changes, but the age is not the only condition deciding if a recored in the changelog can be deleted. - for each replicaID the last record will never be deleted, independent of its age, so if you have replicas in your topology which are not (or not frequently) updated directly there will be old changes in the changelog - if the replica where the trimming is run and if it has replication agreements to other replicas, changes which were not yet replicated to the other replica will not be purged. So, if you have some stale agreements to other replicas this could prevent trimming as well. > Also trimming removes changelog records and frees space internally ro th edb4 file to be reused, but it will not shrink the file size Thank you for your response. I agree with you, to identify where the problem is i enabled the errors logs: nsslapd-errorlog-level: 8192 And i found these errors: [23/Dec/2015:09:46:40 +0100] agmt="cn=meTo" (ds01:389) - load=1 rec=69 csn=567a5a43000100040000 [23/Dec/2015:09:46:40 +0100] NSMMReplicationPlugin - agmt="cn=meTo" (ds01:389): replay_update: Sending modify operation ( dn="fqdn=xxx.xxx.xxx,cn=computers,cn=accounts,dc=xxx,dc=xxx" csn=567a5a43000100040000) [23/Dec/2015:09:46:40 +0100] NSMMReplicationPlugin - agmt="cn=meTo" (ds01:389): replay_update: modifys operation (dn="fqd n=pad01.xxx.xxx.xxx,cn=computers,cn=accounts,dc=xxx,dc=xxx" csn=567a5a43000100040000) not sent - empty [23/Dec/2015:09:46:40 +0100] NSMMReplicationPlugin - agmt="cn=meTo" (ds01:389): replay_update: Consumer successfully sent operation with csn 567a5a43000100040000 [23/Dec/2015:09:46:40 +0100] NSMMReplicationPlugin - agmt="cn=meTo" (ds01:389): Skipping update operation with no message_id (uniqueid 25791707-b72211e2-a156db20-90c3b706, CSN 567a5a43000100040000): ... 23/Dec/2015:09:46:40 +0100] agmt="cn=meTo" (ds01:389) - load=1 rec=72 csn=567a5a44000000040000 [23/Dec/2015:09:46:40 +0100] NSMMReplicationPlugin - agmt="cn=meTo" (ds01:389): replay_update: Sending modify operation (dn="fqdn=xxx x.xxx.xxx,cn=computers,cn=accounts,dc=xxx,dc=xxx" csn=567a5a44000000040000) [23/Dec/2015:09:46:40 +0100] NSMMReplicationPlugin - agmt="cn=meTo" (ds01:389): replay_update: modifys operation (dn="fqdn=xxxx xxx,cn=computers,cn=accounts,dc=xxx,dc=xxx" csn=567a5a44000000040000) not sent - empty [23/Dec/2015:09:46:40 +0100] NSMMReplicationPlugin - agmt="cn=meTo" (ds01:389): replay_update: Consumer successfully sent operation with csn 567a5a44000000040000 [23/Dec/2015:09:46:40 +0100] NSMMReplicationPlugin - agmt="cn=meTo" (ds01:389): Skipping update operation with no message_id (uniqueid 7cfafb01-7fc711e4-974fdb20-90c3b706, CSN 567a5a44000000040000): Replication between the two master/master IPA server seems to work well, but we can see many skipped requests: repl-monitor -r -c xxx -w


Enter password for (:):

Time Lag Legend:

within 5 min
within 60 min
over 60 min
server n/a

Master:  xxxx:389

tr class=bgColor13>
Replica ID: 3 Replica Root: dc=xxxx,dc=xxx Max CSN: 56a8ad14000200030000 (01/27/2016 12:42:12 2 0)
Receiver Time Lag Max CSN Last Modify Time Supplier Sent/Skipped Update Status Update Started Update Ended Schedule SSL?
xxx:389
Type: master
- 0:44:30
 56a8a2a6000100030000
(01/27/2016 11:57:42 1 0)		 1/27/2016 11:56:01
xxxx:389
 3429 / 4188985195 0 Replica acquired successfully: Incremental update succeeded 01/27/2016 12:40:31 01/27/2016 12:40:32 always in sync SASL/GSSAPI

Master:  xxx:389

tr class=bgColor13>
Replica ID: 4 Replica Root: dc=xxxx,dc=xxxx Max CSN: 56a8ad1b000100040000 (01/27/2016 12:42:19 1 0)
Receiver Time Lag Max CSN Last Modify Time Supplier Sent/Skipped Update Status Update Started Update Ended Schedule SSL?
xxx:389
Type: master
- 0:15:07
 56a8a990000500040000
(01/27/2016 12:27:12 5 0)		 1/27/2016 12:25:32
xxxx:389
 2434 / 3284152884 0 Replica acquired successfully: Incremental update started 01/27/2016 12:40:38 n/a always in sync SASL/GSSAPI
Questions ---- Is these observertions (request not sent and skipped request) can explain the problem? If yes how to fix it? If no how to get information to identify the problem? Thank you for your help David From aalam at paperlesspost.com Wed Jan 27 15:18:34 2016 From: aalam at paperlesspost.com (Ash Alam) Date: Wed, 27 Jan 2016 10:18:34 -0500 Subject: [Freeipa-users] Upgrading from 3.0.0 CentOS6 to 4.2.3 CentOS7 In-Reply-To: <56A870AB.6080304@redhat.com> References: <564EE884.6060909@redhat.com> <564F46BB.8060906@redhat.com> <56A79741.30707@redhat.com> <56A870AB.6080304@redhat.com> Message-ID: Hi Martin I am happy to provide the necessary information. What packages should i check for? As for IPA we are IPA CA being signed with other CA Thank You On Wed, Jan 27, 2016 at 2:24 AM, Martin Kosek wrote: > On 01/26/2016 09:45 PM, Ash Alam wrote: > > I didnt want to dig up an old thread but i am running into this issue. > The > > old thread points to Pki 10.2.6 as the solution but i am not seeing that > > package on centos 7.2. > > > > STDERR: ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to > > configure CA instance: Command ''/usr/sbin/pkispawn' '-s' 'CA' '-f' > > '/tmp/tmpHfdvFD'' returned non-zero exit status 1 > > CCing David and Endi, they might have an idea what is wrong. There were > several > recent fixes, to again fix RHEL-6 to RHEL-7 migration, we would need to > check > if you have them installed. As for your RHEL-6 IPA setup, is it running > with > External CA, i.e. IPA CA with being signed with other CA? > > > > > On Tue, Jan 26, 2016 at 12:14 PM, Ash Alam > wrote: > > > >> thank you! Out of curiosity has anyone been able to automate this using > >> chef/puppet etc? > >> > >> On Tue, Jan 26, 2016 at 10:56 AM, Martin Kosek > wrote: > >> > >>> Did you follow the instructions in the error message? There is also a > >>> longer > >>> description here: > >>> > >>> > >>> > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/upgrading.html#migrating-ipa-proc > >>> > >>> Martin > >>> > >>> On 01/26/2016 04:38 PM, Ash Alam wrote: > >>>> I wanted to follow up on this as i finally gotten around to doing the > >>>> upgrade. I an running into this error. I also found a bugzilla ticket. > >>> Do > >>>> you have to do some type of schema upgrade like you do with active > >>>> directory? > >>>> > >>>> https://bugzilla.redhat.com/show_bug.cgi?id=1235766 > >>>> > >>>> STDERR: ipa : CRITICAL The master CA directory server does > >>> not > >>>> have necessary schema. Please copy the following script to all CA > >>> masters > >>>> and run it on them: /usr/share/ipa/copy-schema-to-ca.py > >>>> > >>>> If you are certain that this is a false positive, use > >>>> --skip-schema-check. > >>>> > >>>> ipa.ipapython.install.cli.install_tool(Replica): ERROR IPA > schema > >>>> missing on master CA directory server > >>>> > >>>> > >>>> > >>>> Thank You > >>>> > >>>> > >>>> > >>>> > >>>> On Fri, Nov 20, 2015 at 11:13 AM, Martin Kosek > >>> wrote: > >>>> > >>>>> On 11/20/2015 04:08 PM, Ash Alam wrote: > >>>>> > >>>>>> Most of the clients in my env are centos 6.6 with ipa 3.0.0 client > >>>>>> installed. I > >>>>>> if bring up a replica on centos 7.2 with ipa 4.2.3 server and then > >>> start > >>>>>> phasing out the older 3.0.0 servers. Will the client that are still > >>>>>> running the > >>>>>> older client software still work? > >>>>>> > >>>>> > >>>>> It should, yes. It is expected that there are RHEL/CentOS-6 clients > >>> with > >>>>> RHEL-7 FreeIPA servers. The older clients just won't be able to use > the > >>>>> newest features. > >>>>> > >>>>> > >>>>>> On Fri, Nov 20, 2015 at 4:31 AM, Martin Kosek >>>>>> > wrote: > >>>>>> > >>>>>> On 11/19/2015 11:03 PM, Ash Alam wrote: > >>>>>> > >>>>>> Hello All > >>>>>> > >>>>>> I am looking for some advice on upgrading. Currently our > >>> FreeIPA > >>>>>> servers are > >>>>>> 3.0.0 on centos 6.6. We are looking to go to 4.2.3 Centos7. > >>> This > >>>>>> upgrade path > >>>>>> is not possible per IPA documentation. Minimum version > >>> required > >>>>>> is 3.3.x. I > >>>>>> have also found that cenos6 does not provide anything past > >>> 3.0.0. > >>>>>> > >>>>>> > >>>>>> And it won't. There are no plans in updating FreeIPA version in > >>>>>> RHEL/CentOS-6.x, we encourage people who want the new features > to > >>>>>> migrate > >>>>>> to RHEL-7.x: > >>>>>> > >>>>>> > >>>>>> > >>> > http://www.freeipa.org/page/Howto/Migration#Migrating_Identity_Management_in_RHEL.2FCentOS > >>>>>> > >>>>>> > >>>>>> > >>> > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/upgrading.html#migrating-ipa-proc > >>>>>> > >>>>>> If you want to wait on CentOS-7.2, it should be in works now: > >>>>>> http://seven.centos.org/2015/11/rhel-7-2-released-today/ > >>>>>> > >>>>>> One idea is to upgrade to 3.3.x first and then upgrade to > >>> 4.2.3 > >>>>>> on centos7. > >>>>>> This is harder since centos does not provide this. The other > >>>>>> issue is if > >>>>>> 3.0/3.3 client will be supported with 4.2.3 server. > >>>>>> > >>>>>> > >>>>>> The right way is to migrate via creating replicas in > >>> RHEL/CentOS-7.x > >>>>>> and > >>>>>> slowly deprecating RHEL/CentOS-6 ones. Detailed procedure in the > >>>>>> links above. > >>>>>> > >>>>>> > >>>>>> > >>>>> > >>>> > >>> > >>> > >> > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jhrozek at redhat.com Wed Jan 27 15:21:03 2016 From: jhrozek at redhat.com (Jakub Hrozek) Date: Wed, 27 Jan 2016 16:21:03 +0100 Subject: [Freeipa-users] heads-up: new code to fetch sudo rules from an IPA server coming to Fedora and RHEL-6 Message-ID: <20160127152103.GD3448@hendrix.redhat.com> Hi, the sssd's code that fetches sudo rules from the IPA server got an overhaul recently. The search would no longer be performed against the compat tree, but against IPA's native LDAP tree. This would have the advantage that environments that don't use the slapi-nis' compat tree for another reason (like old or non-Linux clients) would no longer require slapi-nis to be running at all. We'd like to get some tests for this new code! If you're running Fedora , you can just upgrade to the packages from Fedora's update testing. If you're running RHEL-6.7 and would like to see what is cooking for 6.8, you can try this repository: https://copr.fedorainfracloud.org/coprs/jhrozek/SSSD-6.8-preview/ RHEL-7 wouldn't receive this code until 7.3, so we don't have test packages for el7 yet.. From aizzo01 at harris.com Wed Jan 27 15:49:49 2016 From: aizzo01 at harris.com (Izzo, Anthony) Date: Wed, 27 Jan 2016 15:49:49 +0000 Subject: [Freeipa-users] ipa-admintools version incompatibility In-Reply-To: <56A8983C.5050603@redhat.com> References: <56A79A47.7050900@redhat.com> <56A87206.6030309@redhat.com> <56A8983C.5050603@redhat.com> Message-ID: Both the WebUI and the CLI on the RHEL server work fine. The issue is that I'm trying to automate the cleanup of old PTR records for the IP address of a new VM joining the domain (we're experimenting in an AWS Cloud environment and at least in this phase we have RHEL6 machines joining the domain and then being terminated on a regular basis). I've found a workaround of sorts, but it relies on behavior that does not seem "correct" to me, in the dnsrecord-mod command. For the standard case where there's already exactly one PTR record for my IP, dnsrecord-mod is completely adequate. For the edge case where there is more than one orphan PTR record matching my IP, I've found that a dnsrecord-mod command formed so as to set the --ptr-hostname of any one of the existing records to the empty string seems to have the effect of deleting all matching PTR records except for the one specified, which is left untouched. dnsrecord-mod --ptr-record= --ptr-hostname="" So after this command, I seem to always have exactly one PTR record matching my IP, which I can then change to the value I want with a second dnsrecord-mod command. Tony -----Original Message----- From: Martin Basti [mailto:mbasti at redhat.com] Sent: Wednesday, January 27, 2016 5:13 AM To: Martin Kosek ; Izzo, Anthony (U.S. Person) ; freeipa-users at redhat.com Subject: Re: [Freeipa-users] ipa-admintools version incompatibility On 27.01.2016 08:30, Martin Kosek wrote: > Adding freeipa-users list back, so that others benefit from the discussion. > > On 01/26/2016 07:47 PM, Izzo, Anthony wrote: >> The error I'm getting is that the option "raw" is invalid. The dnsrecord-del command includes a "--raw" switch on RHEL6, but not on RHEL7. I am not using the switch, but according to the debug output, RHEL6 is passing "raw" (as a parameter with a value) unconditionally, with the value indicating whether the flag was selected or not. Since RHEL7 does not accept "raw", it fails. > Ah, I see. It looks like we broke forward compatibility of this command in > https://fedorahosted.org/freeipa/ticket/3503 > I think dnsrecord-del should at least "eat" the options without raising error. > CCing Martin Basti to eventually create ticket for it. Martin, can you think of > any workaround that Anthony could use, besides using nsupdate? I'm not aware of any workaround on that particular client side Ticket filed: https://fedorahosted.org/freeipa/ticket/5644 Is there any issue that prevents you to use WebUI to remove dnsrecord, or calling dnsrecord-del on RHEL7 machine (or directly on server)? Martin^2 > >> I hadn't thought about using the nsupdate tool, I'll give that a shot. Thanks. >> >> Tony >> >> -----Original Message----- >> From: Martin Kosek [mailto:mkosek at redhat.com] >> Sent: Tuesday, January 26, 2016 11:10 AM >> To: Izzo, Anthony (U.S. Person) ; freeipa-users at redhat.com >> Subject: Re: [Freeipa-users] ipa-admintools version incompatibility >> >> On 01/26/2016 04:22 PM, Izzo, Anthony wrote: >>> I have a FreeIPA 4.2 server (on RHEL7) and a FreeIPA 3.0 client (on RHEL6). I am aware of the incompatibility between versions for ipa-admintools (in my case I'm trying to use ipa dnsrecord-del). I was just wondering if there is a workaround that would allow me, from my 3.0 client, to delete a DNS PTR record on the 4.2 server, since I can't use the ipa dnsrecord-del command (the APIs are different, and the server responds that I've sent an invalid option). Thanks. >> That's strange, client should be forward compatible already: >> >> http://www.freeipa.org/page/Client#IPA_management_tool >> >> , i.e. RHEL-6 clients should be able to update RHEL-7 servers. We would know more if you send us the error. >> >> Anyway, given you are only updating DNS, maybe you could just use standard Kerberos-authenticated DNS update (nsupdate tool), to delete that PTR record? >> From abokovoy at redhat.com Wed Jan 27 15:55:36 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Wed, 27 Jan 2016 17:55:36 +0200 Subject: [Freeipa-users] FreeIPA 4.3.0 Trust with AD Fails with RemoteRetrieveError In-Reply-To: References: Message-ID: <20160127155536.GF8506@redhat.com> On Wed, 27 Jan 2016, Nathan Peters wrote: >I'm trying to create a trust with AD on FreeIPA 4.3.0 domain at domain level 1. > >When I try though the cli I get this error : >ipa: ERROR: communication with CIFS server was unsuccessful > >When I try through the web ui I get : >IPA Error 4016: RemoteRetrieveError > >Following debugging steps and setting loglevel to 100 gives a whole pile of stuff that doesn't seem to indicate the actual cause of the failure. > >It ends with these errors : > > lsa_lsaRSetForestTrustInformation: struct lsa_lsaRSetForestTrustInformation > out: struct lsa_lsaRSetForestTrustInformation > collision_info : * > collision_info : NULL > result : NT_STATUS_INVALID_PARAMETER >rpc reply data: >[0000] 00 00 00 00 0D 00 00 C0 ........ > lsa_QueryTrustedDomainInfoByName: struct lsa_QueryTrustedDomainInfoByName > in: struct lsa_QueryTrustedDomainInfoByName > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000d-0000-0000-a856-ba5c507f0000 > trusted_domain : * > trusted_domain: struct lsa_String > length : 0x002c (44) > size : 0x002c (44) > string : * > string : 'office.mydomain.net' > level : LSA_TRUSTED_DOMAIN_INFO_FULL_INFO (8) >rpc request data: > > lsa_QueryTrustedDomainInfoByName: struct lsa_QueryTrustedDomainInfoByName > out: struct lsa_QueryTrustedDomainInfoByName > info : * > info : NULL > result : NT_STATUS_OBJECT_NAME_NOT_FOUND >rpc reply data: >[0000] 00 00 00 00 34 00 00 C0 ....4... > lsa_CreateTrustedDomainEx2: struct lsa_CreateTrustedDomainEx2 > in: struct lsa_CreateTrustedDomainEx2 > policy_handle : * > policy_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000d-0000-0000-a856-ba5c507f0000 > info : * > info: struct lsa_TrustDomainInfoInfoEx > domain_name: struct lsa_StringLarge > length : 0x002c (44) > size : 0x002e (46) > string : * > string : 'office.mydomain.net' > netbios_name: struct lsa_StringLarge > length : 0x000c (12) > size : 0x000e (14) > string : * > string : 'OFFICE' > sid : * > sid : S-1-5-21-3104402935-1443057687-1106712449 > trust_direction : 0x00000001 (1) > 1: LSA_TRUST_DIRECTION_INBOUND > 0: LSA_TRUST_DIRECTION_OUTBOUND > trust_type : LSA_TRUST_TYPE_UPLEVEL (2) > trust_attributes : 0x00000000 (0) > 0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE > 0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY > 0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN > 0: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE > 0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION > 0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST > 0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL > 0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION > auth_info_internal : * > auth_info_internal: struct lsa_TrustDomainInfoAuthInfoInternal > auth_blob: struct lsa_DATA_BUF2 > size : 0x00000440 (1088) > data : * > data: ARRAY(1088) > > > > lsa_CreateTrustedDomainEx2: struct lsa_CreateTrustedDomainEx2 > out: struct lsa_CreateTrustedDomainEx2 > trustdom_handle : * > trustdom_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : NT_STATUS_UNSUCCESSFUL >rpc reply data: >[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[0010] 00 00 00 00 01 00 00 C0 ........ >[Tue Jan 26 21:59:34.411382 2016] [wsgi:error] [pid 29762] ipa: INFO: >[jsonserver_kerb] admin at DEV-MYDOMAIN.NET: >trust_add(u'office.mydomain.net', trust_type=u'ad', >realm_admin=u'Administrator', realm_passwd=u'********', all=False, >raw=False, version=u'2.163'): RemoteRetrieveError I need to have a better picture of your AD topology. It is unclear why AD DC chosen for communication denies trust creation request but there might be multiple reasons. Unfortunately, I'll have no time for investigation until February 12th or so. -- / Alexander Bokovoy From rcritten at redhat.com Wed Jan 27 16:03:44 2016 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 27 Jan 2016 11:03:44 -0500 Subject: [Freeipa-users] Service account to enroll hosts In-Reply-To: References: Message-ID: <56A8EA60.4030601@redhat.com> Marat Vyshegorodtsev wrote: > Hi! > > I'm trying to build an auto-enrollment script that would leverage a > service account to enroll hosts. > > Here is the LDIF for this service account: > https://gist.github.com/touzoku/2b03a47d3f0bcfbdf30a > > This service account is created successfully, but when I try to: > 1) kinit hostadmin > 2) ipa host-add foobar.contoso.com > > The following error appears: > ipa: ERROR: Insufficient access: Insufficient 'add' privilege to add > the entry 'fqdn=foobar.contoso.com,cn=computers,cn=accounts,dc=contoso,dc=com'. > > Which privilege am I missing? A normal (posix) user, with the same set > of privileges worked fine, the problem started to happen when I moved > user from normal users to cn=sysaccounts,cn=etc. > > Also, is my set of privileges minimal? Which privileges do I need to > just add host entries? > You should not directly add memberOf values. You should add the user as a member of the respective roles and the rest should follow naturally. So you'll need to add this entry then do a modify to add it as a member of one or more roles. rob From lslebodn at redhat.com Wed Jan 27 17:40:22 2016 From: lslebodn at redhat.com (Lukas Slebodnik) Date: Wed, 27 Jan 2016 18:40:22 +0100 Subject: [Freeipa-users] heads-up: new code to fetch sudo rules from an IPA server coming to Fedora and RHEL-6 In-Reply-To: <20160127152103.GD3448@hendrix.redhat.com> References: <20160127152103.GD3448@hendrix.redhat.com> Message-ID: <20160127174021.GA16031@mail.corp.redhat.com> On (27/01/16 16:21), Jakub Hrozek wrote: >Hi, > >the sssd's code that fetches sudo rules from the IPA server got an >overhaul recently. The search would no longer be performed against the >compat tree, but against IPA's native LDAP tree. This would have the >advantage that environments that don't use the slapi-nis' compat tree >for another reason (like old or non-Linux clients) would no longer >require slapi-nis to be running at all. > >We'd like to get some tests for this new code! If you're running Fedora , >you can just upgrade to the packages from Fedora's update testing. If >you're running RHEL-6.7 and would like to see what is cooking for 6.8, >you can try this repository: > https://copr.fedorainfracloud.org/coprs/jhrozek/SSSD-6.8-preview/ > >RHEL-7 wouldn't receive this code until 7.3, so we don't have test >packages for el7 yet.. > Actually, there are packages suitable for testing on rhel7.2 https://copr.fedorainfracloud.org/coprs/g/sssd/sssd-1-13/ It's backported version from fedora 23. LS From schogan at us.ibm.com Wed Jan 27 17:53:00 2016 From: schogan at us.ibm.com (Sean Hogan) Date: Wed, 27 Jan 2016 10:53:00 -0700 Subject: [Freeipa-users] SSSD and DNS Message-ID: <201601271753.u0RHr9rk010214@d01av04.pok.ibm.com> Hi All, Tue Jan 26 19:01:32 2016) [sssd] [ping_check] (0x0020): A service PING timed out on [ssh]. Attempt [0] (Tue Jan 26 19:06:50 2016) [sssd] [ping_check] (0x0020): A service PING timed out on [sudo]. Attempt [0] (Tue Jan 26 19:06:50 2016) [sssd] [ping_check] (0x0020): A service PING timed out on [ssh]. Attempt [0] Everything recovers and all is good for a while then; (Tue Jan 26 19:14:11 2016) [sssd] [ping_check] (0x0020): A service PING timed out on [foo.local]. Attempt [2] (Tue Jan 26 19:14:21 2016) [sssd] [tasks_check_handler] (0x0020): Killing service [foo.local], not responding to pings! (Tue Jan 26 19:14:21 2016) [sssd] [ping_check] (0x0020): A service PING timed out on [foo.local]. Attempt [3] (Tue Jan 26 19:14:25 2016) [sssd] [mt_svc_exit_handler] (0x0040): Child [foo.local] exited with code [0] (Tue Jan 26 19:14:25 2016) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x10022c42aa0 (Tue Jan 26 19:14:25 2016) [sssd] [sbus_dispatch] (0x0080): Connection is not open for dispatching. (Tue Jan 26 19:14:25 2016) [sssd] [mt_svc_restart] (0x0400): Scheduling service foo.local for restart 1 (Tue Jan 26 19:14:25 2016) [sssd] [get_ping_config] (0x0100): Time between service pings for [foo.local]: [10] (Tue Jan 26 19:14:25 2016) [sssd] [get_ping_config] (0x0100): Time between SIGTERM and SIGKILL for [foo.local]: [60] (Tue Jan 26 19:14:25 2016) [sssd] [start_service] (0x0100): Queueing service foo.local for startup (Tue Jan 26 19:18:44 2016) [sssd] [service_send_ping] (0x0100): Pinging pam (Tue Jan 26 19:19:26 2016) [sssd] [sbus_add_timeout] (0x2000): 0x10022c47f60 (Tue Jan 26 19:19:26 2016) [sssd] [service_send_ping] (0x0100): Pinging ssh (Tue Jan 26 19:19:26 2016) [sssd] [sbus_add_timeout] (0x2000): 0x10022c54600 (Tue Jan 26 19:19:26 2016) [sssd] [service_send_ping] (0x0100): Pinging pac (Tue Jan 26 19:19:26 2016) [sssd] [sbus_add_timeout] (0x2000): 0x10022c307c0 (Tue Jan 26 19:19:26 2016) [sssd] [service_send_ping] (0x0100): Pinging sudo (Tue Jan 26 19:19:26 2016) [sssd] [sbus_add_timeout] (0x2000): 0x10022c488b0 (Tue Jan 26 19:19:26 2016) [sssd] [service_send_ping] (0x0100): Pinging nss (Tue Jan 26 19:19:26 2016) [sssd] [sbus_add_timeout] (0x2000): 0x10022c47710 (Tue Jan 26 19:19:26 2016) [sssd] [service_send_ping] (0x2000): Service not yet initialized (Tue Jan 26 19:19:26 2016) [sssd] [tasks_check_handler] (0x0020): Child (foo.local) not responding! (yet) (Tue Jan 26 19:21:33 2016) [sssd] [tasks_check_handler] (0x0020): Child (foo.local) not responding! (yet) Thouroughly confused now.. I thought I had the above issue pinned down on IBM Java; http://www-01.ibm.com/support/docview.wss?uid=swg1IV71405 IV71405: JGSS CANNOT GET KDC FROM DNS. but now I also see this; https://bugzilla.redhat.com/show_bug.cgi?id=966757 SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable Seems both the above links are issues with reading and using DNS whether it is caused by SSSD or IBM Java ibmjgssprovider.jar. I am not running the version of sssd that in the bugzilla post but.. ipa-python-3.0.0-42.el6.ppc64 libipa_hbac-1.11.6-30.el6_6.4.ppc64 sssd-ipa-1.11.6-30.el6_6.4.ppc64 ipa-client-3.0.0-42.el6.ppc64 device-mapper-multipath-0.4.9-80.el6_6.3.ppc64 CPU spike to 100% for SSSD and requires a reboot or interestingly enough a kill -9 java process. Kinit also does not work on the box with: com.ibm.security.krb5.KrbException, status code: 0 message: Cannot find KDC for realm foo.LOCAL Also .. the box has been running fine for a couple of months with kinit not working. The kinit issue is the IBM APAR and I am working with IBM java for a new ibmjgssprovider.jar but the sssd cpu spiking to 100% is so random and all over the place. Not sure if I am dealing with 2 issues or 1 issue here. I am thinking 2 issues with kinit being ibm java.. and cpu 100% being sssd issue. Systems are set for dns lookup in krb5.conf Sean Hogan Security Engineer -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 07645583.jpg Type: image/jpeg Size: 27085 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 07536454.gif Type: image/gif Size: 1650 bytes Desc: not available URL: From mbasti at redhat.com Wed Jan 27 18:02:50 2016 From: mbasti at redhat.com (Martin Basti) Date: Wed, 27 Jan 2016 19:02:50 +0100 Subject: [Freeipa-users] ipa-admintools version incompatibility In-Reply-To: References: <56A79A47.7050900@redhat.com> <56A87206.6030309@redhat.com> <56A8983C.5050603@redhat.com> Message-ID: <56A9064A.9000200@redhat.com> On 27.01.2016 16:49, Izzo, Anthony wrote: > Both the WebUI and the CLI on the RHEL server work fine. The issue is that I'm trying to automate the cleanup of old PTR records for the IP address of a new VM joining the domain (we're experimenting in an AWS Cloud environment and at least in this phase we have RHEL6 machines joining the domain and then being terminated on a regular basis). > > I've found a workaround of sorts, but it relies on behavior that does not seem "correct" to me, in the dnsrecord-mod command. For the standard case where there's already exactly one PTR record for my IP, dnsrecord-mod is completely adequate. For the edge case where there is more than one orphan PTR record matching my IP, I've found that a dnsrecord-mod command formed so as to set the --ptr-hostname of any one of the existing records to the empty string seems to have the effect of deleting all matching PTR records except for the one specified, which is left untouched. > > dnsrecord-mod --ptr-record= --ptr-hostname="" This is correct and tested behavior :-) I just forgot about it somehow. > > So after this command, I seem to always have exactly one PTR record matching my IP, which I can then change to the value I want with a second dnsrecord-mod command. > > Tony > > -----Original Message----- > From: Martin Basti [mailto:mbasti at redhat.com] > Sent: Wednesday, January 27, 2016 5:13 AM > To: Martin Kosek ; Izzo, Anthony (U.S. Person) ; freeipa-users at redhat.com > Subject: Re: [Freeipa-users] ipa-admintools version incompatibility > > > > On 27.01.2016 08:30, Martin Kosek wrote: >> Adding freeipa-users list back, so that others benefit from the discussion. >> >> On 01/26/2016 07:47 PM, Izzo, Anthony wrote: >>> The error I'm getting is that the option "raw" is invalid. The dnsrecord-del command includes a "--raw" switch on RHEL6, but not on RHEL7. I am not using the switch, but according to the debug output, RHEL6 is passing "raw" (as a parameter with a value) unconditionally, with the value indicating whether the flag was selected or not. Since RHEL7 does not accept "raw", it fails. >> Ah, I see. It looks like we broke forward compatibility of this command in >> https://fedorahosted.org/freeipa/ticket/3503 >> I think dnsrecord-del should at least "eat" the options without raising error. >> CCing Martin Basti to eventually create ticket for it. Martin, can you think of >> any workaround that Anthony could use, besides using nsupdate? > I'm not aware of any workaround on that particular client side > > Ticket filed: https://fedorahosted.org/freeipa/ticket/5644 > > Is there any issue that prevents you to use WebUI to remove dnsrecord, > or calling dnsrecord-del on RHEL7 machine (or directly on server)? > > Martin^2 >>> I hadn't thought about using the nsupdate tool, I'll give that a shot. Thanks. >>> >>> Tony >>> >>> -----Original Message----- >>> From: Martin Kosek [mailto:mkosek at redhat.com] >>> Sent: Tuesday, January 26, 2016 11:10 AM >>> To: Izzo, Anthony (U.S. Person) ; freeipa-users at redhat.com >>> Subject: Re: [Freeipa-users] ipa-admintools version incompatibility >>> >>> On 01/26/2016 04:22 PM, Izzo, Anthony wrote: >>>> I have a FreeIPA 4.2 server (on RHEL7) and a FreeIPA 3.0 client (on RHEL6). I am aware of the incompatibility between versions for ipa-admintools (in my case I'm trying to use ipa dnsrecord-del). I was just wondering if there is a workaround that would allow me, from my 3.0 client, to delete a DNS PTR record on the 4.2 server, since I can't use the ipa dnsrecord-del command (the APIs are different, and the server responds that I've sent an invalid option). Thanks. >>> That's strange, client should be forward compatible already: >>> >>> http://www.freeipa.org/page/Client#IPA_management_tool >>> >>> , i.e. RHEL-6 clients should be able to update RHEL-7 servers. We would know more if you send us the error. >>> >>> Anyway, given you are only updating DNS, maybe you could just use standard Kerberos-authenticated DNS update (nsupdate tool), to delete that PTR record? >>> > From Warren.Birnbaum at nike.com Wed Jan 27 18:53:43 2016 From: Warren.Birnbaum at nike.com (Birnbaum, Warren (ETW)) Date: Wed, 27 Jan 2016 18:53:43 +0000 Subject: [Freeipa-users] Active Directory users are not controlled by HBAC In-Reply-To: <20160125224742.GC4316@redhat.com> References: <20160122125155.GE7092@hendrix.redhat.com> <20160122134438.GP4316@redhat.com> <20160125221111.GB4316@redhat.com> <20160125224742.GC4316@redhat.com> Message-ID: I started this post with a simple question: ?is it possible to have HBAC work with AD authenticated users?. I was not able from the tips provided to get any further with this. What I have not been able to have addressed is, if there are no HBAC rules, there should be no access, or if there is no Allow_Access rule, no one should be able to login to any system. Currently with this said configuration, everyone has access to every system. My pam stack is exactly as recommended. Is there someone who has FreeIPA with active directory authenticated users and HBAC working? I don?t have trust defined with AD but authentication is working fine. >From the following link: https://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/trust-gro ups.html It says in the second paragraph: "However, Active Directory users cannot be added directly to FreeIPA user groups. This means that Active Directory users require special configuration in order to access FreeIPA domain resources." There is then a procedure given to create user groups that work with HBAC. I don?t see how this work help me since adding a user to a group could only be used to further allow access to systems, but already have total access to all systems by all users. Thanks for your help! Warren On 1/25/16, 2:47 PM, "Alexander Bokovoy" wrote: >On Mon, 25 Jan 2016, Birnbaum, Warren (ETW) wrote: >>OK. I have done this and am using the pam stack that is the result of >>what you here describe. >> >>A few threads back you mentioned that this could be a reason why my hbac >>are not restricting access. I have no hbac rules currently and any >>active >>directory user can access any host. Is there something else I could look >>at to see why this is happening? >https://fedorahosted.org/sssd/wiki/Troubleshooting is your friend. > >-- >/ Alexander Bokovoy From abokovoy at redhat.com Wed Jan 27 19:04:46 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Wed, 27 Jan 2016 21:04:46 +0200 Subject: [Freeipa-users] Active Directory users are not controlled by HBAC In-Reply-To: References: <20160122125155.GE7092@hendrix.redhat.com> <20160122134438.GP4316@redhat.com> <20160125221111.GB4316@redhat.com> <20160125224742.GC4316@redhat.com> Message-ID: <20160127190446.GG8506@redhat.com> On Wed, 27 Jan 2016, Birnbaum, Warren (ETW) wrote: >I started this post with a simple question: ?is it possible to have HBAC >work with AD authenticated users?. I was not able from the tips provided >to get any further with this. Have you tried to read actual documentation? From your attempts it looks like you never read https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Windows_Integration_Guide/index.html#idp1105760 >What I have not been able to have addressed is, if there are no HBAC >rules, there should be no access, or if there is no Allow_Access rule, no >one should be able to login to any system. Currently with this said >configuration, everyone has access to every system. My pam stack is >exactly as recommended. Is there someone who has FreeIPA with active >directory authenticated users and HBAC working? I don?t have trust >defined with AD but authentication is working fine. Please use official documentation: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Windows_Integration_Guide/index.html#trust-groups -- / Alexander Bokovoy From three18ti at gmail.com Wed Jan 27 20:37:58 2016 From: three18ti at gmail.com (Jon) Date: Wed, 27 Jan 2016 14:37:58 -0600 Subject: [Freeipa-users] Fwd: Creating Trusts with AD - (RH#878168, FIPA#3266) In-Reply-To: <20160120105720.GU4316@redhat.com> References: <20160120105720.GU4316@redhat.com> Message-ID: Hello, Thanks for your feedback. So I reran `ipa-adtrust-install` and got a core dump from samba that there was no space left on the device...? A little digging showed that /var/log had filled up with files named "core.XXXXX" in /var/log/samba/cores/winbindd. So I removed all of them and reran `ipa-adtrust-install --add-sids` which continues to fail on starting CIFS services. Debug information shows that it's the smb service that isn't starting: >> [22/22]: starting CIFS services >> ipa : DEBUG Starting external process >> ipa : DEBUG args='/bin/systemctl' 'start' 'smb.service' >> ipa : DEBUG Process finished, return code=1 >> ipa : DEBUG stdout= >> ipa : DEBUG stderr=Job for smb.service failed because the control process exited with error code. See "systemctl status smb.service" and "journalctl -xe" for details. >> >> ipa : CRITICAL CIFS services failed to start >> ipa : DEBUG duration: 16 seconds >> ipa : DEBUG Done configuring CIFS. Looking at the samba logs, I see: >> Jan 27 13:19:48 freeipa01enwdco smbd[18300]: [2016/01/27 13:19:48.482378, 0] ipa_sam.c:4208(bind_callback_cleanup) >> Jan 27 13:19:48 freeipa01enwdco smbd[18300]: kerberos error: code=-1765328203, message=Keytab contains no suitable keys for cifs/ freeipaserver at MY.SUB.DOMAIN.COM >> Jan 27 13:19:49 freeipa01enwdco smbd[18300]: [2016/01/27 13:19:49.482818, 0] ipa_sam.c:4520(pdb_init_ipasam) >> Jan 27 13:19:49 freeipa01enwdco smbd[18300]: Failed to get base DN. >> Jan 27 13:19:49 freeipa01enwdco smbd[18300]: [2016/01/27 13:19:49.482909, 0] ../source3/passdb/pdb_interface.c:179(make_pdb_method_name) >> Jan 27 13:19:49 freeipa01enwdco smbd[18300]: pdb backend ipasam:ldapi://%2fvar%2frun%2fslapd-MY-SUB-DOMAIN-COM.socket did not correctly init (error was NT_STATUS_UNSUCCESSFUL) >> Jan 27 13:19:49 freeipa01enwdco systemd[1]: smb.service: main process exited, code=exited, status=1/FAILURE >> Jan 27 13:19:49 freeipa01enwdco systemd[1]: Failed to start Samba SMB Daemon. >> Jan 27 13:19:49 freeipa01enwdco systemd[1]: Unit smb.service entered failed state. >> Jan 27 13:19:49 freeipa01enwdco systemd[1]: smb.service failed. I tried following the trust debugging instructions here: http://www.freeipa.org/page/Active_Directory_trust_setup#Debugging_trust But it fails on the step `systemctl start smb winbind` >> # systemctl stop smb winbind >> # net conf setparm global 'log level' 100 >> # nano /usr/share/ipa/smb.conf.empty >> # rm /var/log/samba/log.* >> # systemctl start smb winbind >> Job for smb.service failed because the control process exited with error code. See "systemctl status smb.service" and "journalctl -xe" for details. Which produces the exact same error listed above. in /var/log/samba/log.smbd I see what appears to be a stack trace, I see the same exact error above as well as the error about the socket not initing correctly: >> [2016/01/27 13:26:21.606257, 0, pid=18344, effective(0, 0), real(0, 0)] ipa_sam.c:4208(bind_callback_cleanup) kerberos error: code=-1765328203, message=Keytab contains no suitable keys for cifs/freeipaserver at MY.SUB.DOMAIN.COM >> [2016/01/27 13:26:21.606422, 2, pid=18344, effective(0, 0), real(0, 0)] ../source3/lib/smbldap.c:998(smbldap_connect_system) failed to bind to server ldapi://%2fvar%2frun%2fslapd-MY-SUB-DOMAIN-COM.socket with dn="[Anonymous bind]" Error: Local error (unknown) >> [2016/01/27 13:26:22.606842, 0, pid=18344, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:179(make_pdb_method_name) pdb backend ipasam:ldapi://%2fvar%2frun%2fslapd-MY-SUB-DOMAIN-COM.socket did not correctly init (error was NT_STATUS_UNSUCCESSFUL) So I think the problem is more fundamental than trusts as samba won't even start. Is there any documentation or does anyone have some good tricks for troubleshooting samba? Thanks, Jon A On Wed, Jan 20, 2016 at 4:57 AM, Alexander Bokovoy wrote: > On Wed, 20 Jan 2016, Anon Lister wrote: > >> So I had the same problem. For me it ended up being that some attribute >> was >> not created correctly in 389 using the instructions in the guide. I don't >> remember what it was off the top of my head. Something about a default >> user >> or group SID I think. Had to turn samba logging up. Eventually it shows >> the >> attribute it is failing on. I ended up manually adding it with vildap and >> it worked fine after that. If noone else gets it I'll poke around and see >> if I can find what it was, took me several hours to debug due to the >> somewhat misleading error message. >> > The message is the only thing we get from Samba Python libraries, so it > is as good as what we get. > > Use > http://www.freeipa.org/page/Active_Directory_trust_setup#Debugging_trust > to produce debug output needed to find out where things happened. > > If your setup lacks 'Default SMB Group' group with a SID > (ipaNTSecurityIdentifier attribute), run ipa-adtrust-install --add-sids. > > ipa-adtrust-install can be re-run several times to fix missing parts. It > skips steps which were already done and only performs those that are > really needed. > > However, if your base IPA deployment does not work, like in the Jon's > case, there is little reason to run any of ipa-adtrust-install or other > trust-related functions. > > Additionally, DNS should be configured properly. ipa-adtrust-install > either automatically updates IPA DNS (if IPA manages the DNS zone) or > produces list of entries that should be added to the DNS zone whoever > manages it. This should not be overlooked -- when Active Directory > domain controller tries to validate the trust, it uses DNS SRV records > to find out IPA domain controllers ('trust controllers' in IPA speak, > the ones where ipa-adtrust-install was run) and only considers those > that are available via SRV records. If AD DC cannot find IPA DC via SRV > record, trust cannot be validated. > > On Jan 19, 2016 1:37 PM, "Jon" wrote: >> >> Hello, >>> >>> While following the guide on setting up FreeIPA with AD >>> , I got to the >>> >>> step where I'm adding the AD trust to FreeIPA but I receive an error: >>> >>> >> Active Directory domain administrator's password: >>> >> ipa: ERROR: CIFS server communication error: code "-1073741801", >>> >> message "Memory allocation error" (both may be >>> "None") >>> >>> Thinking that the error was what was stated (my VM at the time only had >>> 1GB of ram), I shutdown my VM (memory hot add was not enabled in VMware, >>> it >>> is now), bumped the RAM to 4GB, and booted the VM. >>> >>> Upon running the same command after reboot I received an error: >>> >>> >> ipa: ERROR: did not receive Kerberos credentials >>> >>> kinit admin is also reporting an error: >>> >>> >> kinit: Cannot contact any KDC for realm 'myrealm' while getting >>> initial credentials >>> >>> trying to start FreeIPA in debug mode identified the samba service as at >>> fault. >>> >>> >> Jan 19 10:19:50 myfreeipaserver smbd[3676]: kerberos error: >>> code=-1765328203, message=Keytab contains no suitable keys for cifs/ >>> myfreeipaserver at SUB.DOMAIN.MYDOMAIN.COM >>> >> Jan 19 10:19:51 myfreeipaserver smbd[3676]: [2016/01/19 >>> 10:19:51.261648, 0] ipa_sam.c:4520(pdb_init_ipasam) >>> >> Jan 19 10:19:51 myfreeipaserver smbd[3676]: Failed to get base DN. >>> >> Jan 19 10:19:51 myfreeipaserver smbd[3676]: [2016/01/19 >>> 10:19:51.262675, 0] >>> ../source3/passdb/pdb_interface.c:179(make_pdb_method_name) >>> >> Jan 19 10:19:51 myfreeipaserver smbd[3676]: pdb backend >>> ipasam:ldapi://%2fvar%2frun%2fslapd-SUB-DOMAIN-MYDOMAIN-COM.socket did >>> not >>> correctly init (error was NT_STATUS_UNSUCCESSFUL) >>> >>> Googling for these errors turned up a few similar threads but none of the >>> solutions seemed to work and all signs pointed to AD integration as the >>> culprit... >>> >>> So I did what any good sysadmin would do and forced freeipa to start >>> while >>> ignoring any failures. Every service except samba starts without issue. >>> >>> So I tried my trust connection again, and received the same error, >>> >>> >> Active Directory domain administrator's password: >>> >> ipa: ERROR: CIFS server communication error: code "-1073741801", >>> >> message "Memory allocation error" (both may be >>> "None") >>> >>> Which brought me to googling two bug reports opened on this exact issue: >>> >>> >> https://bugzilla.redhat.com/show_bug.cgi?id=878168 >>> >> https://fedorahosted.org/freeipa/ticket/3266 >>> >>> Both of these bug reports indicate there's an upstream bug in Samba, the >>> bug has been closed and reopened at least once. I did add the AD servers >>> to /etc/hosts and rebooted the server. I have to go through the same >>> process of forcing freeipa to start after the server rebooted... >>> However, I >>> received the same error message. >>> >>> While the bug report is currently closed, I seem to be experiencing the >>> same issues... >>> >>> Given this bug report, can you please answer me these questions three: >>> >>> 1) Given the issues with Samba starting after reboot, is this bug report >>> actually what's wrong or is the error message when trying to create a >>> trust >>> a red herring and it's actually samba that's the problem? >>> 2) Does this bug report mean that trusts between FreeIPA and AD are >>> broken and can not be established until the upstream bug in Samba is >>> fixed? >>> 3) Is there a workaround? (as adding the domain controllers to >>> /etc/hosts with IPv4 address does not appear to work) >>> >>> System Stats: >>> - AD Server: Win2k8R2 >>> - FreeIPA server: >>> >>> >> CentOS Linux release 7.2.1511 (Core) >>> >>> >>> >> # uname -a >>> >> Linux myserver 3.10.0-327.4.4.el7.x86_64 #1 SMP Tue Jan 5 16:07:00 UTC >>> 2016 x86_64 x86_64 x86_64 GNU/Linux >>> >>> >> # rpm -qa | grep ipa >>> >> python-libipa_hbac-1.13.0-40.el7_2.1.x86_64 >>> >> ipa-server-4.2.0-15.el7.centos.3.x86_64 >>> >> ipa-server-dns-4.2.0-15.el7.centos.3.x86_64 >>> >> python-iniparse-0.4-9.el7.noarch >>> >> libipa_hbac-1.13.0-40.el7_2.1.x86_64 >>> >> sssd-ipa-1.13.0-40.el7_2.1.x86_64 >>> >> ipa-python-4.2.0-15.el7.centos.3.x86_64 >>> >> ipa-client-4.2.0-15.el7.centos.3.x86_64 >>> >> ipa-server-trust-ad-4.2.0-15.el7.centos.3.x86_64 >>> >> ipa-admintools-4.2.0-15.el7.centos.3.x86_64 >>> >>> >>> I appreciate any help. I've been trying to get FreeIPA going for a >>> couple >>> of weeks now and have run into nothing but frustrations. The funny thing >>> is, I've never had a problem deploying FreeIPA by itself... Microsoft >>> seems to be the common denominator in my hair pulling lately... >>> Correlation >>> does not equal causation... but it sure is a coincidence... :) >>> >>> Thanks for your time! >>> >>> Best Regards, >>> Jon A >>> >>> >>> -- >>> Manage your subscription for the Freeipa-users mailing list: >>> https://www.redhat.com/mailman/listinfo/freeipa-users >>> Go to http://freeipa.org for more info on the project >>> >>> > -- >> Manage your subscription for the Freeipa-users mailing list: >> https://www.redhat.com/mailman/listinfo/freeipa-users >> Go to http://freeipa.org for more info on the project >> > > > -- > / Alexander Bokovoy > -------------- next part -------------- An HTML attachment was scrubbed... URL: From abokovoy at redhat.com Wed Jan 27 20:44:00 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Wed, 27 Jan 2016 22:44:00 +0200 Subject: [Freeipa-users] Fwd: Creating Trusts with AD - (RH#878168, FIPA#3266) In-Reply-To: References: <20160120105720.GU4316@redhat.com> Message-ID: <20160127204400.GM8506@redhat.com> On Wed, 27 Jan 2016, Jon wrote: >Hello, > >Thanks for your feedback. > >So I reran `ipa-adtrust-install` and got a core dump from samba that there >was no space left on the device...? > >A little digging showed that /var/log had filled up with files named >"core.XXXXX" in /var/log/samba/cores/winbindd. So I removed all of them >and reran `ipa-adtrust-install --add-sids` which continues to fail on >starting CIFS services. Debug information shows that it's the smb service >that isn't starting: > >>> [22/22]: starting CIFS services >>> ipa : DEBUG Starting external process >>> ipa : DEBUG args='/bin/systemctl' 'start' 'smb.service' >>> ipa : DEBUG Process finished, return code=1 >>> ipa : DEBUG stdout= >>> ipa : DEBUG stderr=Job for smb.service failed because the >control process exited with error code. See "systemctl status smb.service" >and "journalctl -xe" for details. >>> >>> ipa : CRITICAL CIFS services failed to start >>> ipa : DEBUG duration: 16 seconds >>> ipa : DEBUG Done configuring CIFS. > >Looking at the samba logs, I see: > >>> Jan 27 13:19:48 freeipa01enwdco smbd[18300]: [2016/01/27 >13:19:48.482378, 0] ipa_sam.c:4208(bind_callback_cleanup) >>> Jan 27 13:19:48 freeipa01enwdco smbd[18300]: kerberos error: >code=-1765328203, message=Keytab contains no suitable keys for cifs/ >freeipaserver at MY.SUB.DOMAIN.COM ^ is this the real name for the server? E.g. it is non-fully qualified one here? What does your `hostname` command show? >>> Jan 27 13:19:49 freeipa01enwdco smbd[18300]: [2016/01/27 >13:19:49.482818, 0] ipa_sam.c:4520(pdb_init_ipasam) >>> Jan 27 13:19:49 freeipa01enwdco smbd[18300]: Failed to get base DN. >>> Jan 27 13:19:49 freeipa01enwdco smbd[18300]: [2016/01/27 >13:19:49.482909, 0] >../source3/passdb/pdb_interface.c:179(make_pdb_method_name) >>> Jan 27 13:19:49 freeipa01enwdco smbd[18300]: pdb backend >ipasam:ldapi://%2fvar%2frun%2fslapd-MY-SUB-DOMAIN-COM.socket did not >correctly init (error was NT_STATUS_UNSUCCESSFUL) >>> Jan 27 13:19:49 freeipa01enwdco systemd[1]: smb.service: main process >exited, code=exited, status=1/FAILURE >>> Jan 27 13:19:49 freeipa01enwdco systemd[1]: Failed to start Samba SMB >Daemon. >>> Jan 27 13:19:49 freeipa01enwdco systemd[1]: Unit smb.service entered >failed state. >>> Jan 27 13:19:49 freeipa01enwdco systemd[1]: smb.service failed. > > >I tried following the trust debugging instructions here: >http://www.freeipa.org/page/Active_Directory_trust_setup#Debugging_trust > >But it fails on the step `systemctl start smb winbind` > >>> # systemctl stop smb winbind >>> # net conf setparm global 'log level' 100 >>> # nano /usr/share/ipa/smb.conf.empty >>> # rm /var/log/samba/log.* >>> # systemctl start smb winbind >>> Job for smb.service failed because the control process exited with error >code. See "systemctl status smb.service" and "journalctl -xe" for details. > >Which produces the exact same error listed above. > > >in /var/log/samba/log.smbd I see what appears to be a stack trace, I see >the same exact error above as well as the error about the socket not >initing correctly: > >>> [2016/01/27 13:26:21.606257, 0, pid=18344, effective(0, 0), real(0, 0)] >ipa_sam.c:4208(bind_callback_cleanup) > kerberos error: code=-1765328203, message=Keytab contains no suitable >keys for cifs/freeipaserver at MY.SUB.DOMAIN.COM >>> [2016/01/27 13:26:21.606422, 2, pid=18344, effective(0, 0), real(0, 0)] >../source3/lib/smbldap.c:998(smbldap_connect_system) > failed to bind to server >ldapi://%2fvar%2frun%2fslapd-MY-SUB-DOMAIN-COM.socket with dn="[Anonymous >bind]" Error: Local error > (unknown) >>> [2016/01/27 13:26:22.606842, 0, pid=18344, effective(0, 0), real(0, 0), >class=passdb] ../source3/passdb/pdb_interface.c:179(make_pdb_method_name) > pdb backend ipasam:ldapi://%2fvar%2frun%2fslapd-MY-SUB-DOMAIN-COM.socket >did not correctly init (error was NT_STATUS_UNSUCCESSFUL) > >So I think the problem is more fundamental than trusts as samba won't even >start. > >Is there any documentation or does anyone have some good tricks for >troubleshooting samba? > >Thanks, >Jon A > >On Wed, Jan 20, 2016 at 4:57 AM, Alexander Bokovoy >wrote: > >> On Wed, 20 Jan 2016, Anon Lister wrote: >> >>> So I had the same problem. For me it ended up being that some attribute >>> was >>> not created correctly in 389 using the instructions in the guide. I don't >>> remember what it was off the top of my head. Something about a default >>> user >>> or group SID I think. Had to turn samba logging up. Eventually it shows >>> the >>> attribute it is failing on. I ended up manually adding it with vildap and >>> it worked fine after that. If noone else gets it I'll poke around and see >>> if I can find what it was, took me several hours to debug due to the >>> somewhat misleading error message. >>> >> The message is the only thing we get from Samba Python libraries, so it >> is as good as what we get. >> >> Use >> http://www.freeipa.org/page/Active_Directory_trust_setup#Debugging_trust >> to produce debug output needed to find out where things happened. >> >> If your setup lacks 'Default SMB Group' group with a SID >> (ipaNTSecurityIdentifier attribute), run ipa-adtrust-install --add-sids. >> >> ipa-adtrust-install can be re-run several times to fix missing parts. It >> skips steps which were already done and only performs those that are >> really needed. >> >> However, if your base IPA deployment does not work, like in the Jon's >> case, there is little reason to run any of ipa-adtrust-install or other >> trust-related functions. >> >> Additionally, DNS should be configured properly. ipa-adtrust-install >> either automatically updates IPA DNS (if IPA manages the DNS zone) or >> produces list of entries that should be added to the DNS zone whoever >> manages it. This should not be overlooked -- when Active Directory >> domain controller tries to validate the trust, it uses DNS SRV records >> to find out IPA domain controllers ('trust controllers' in IPA speak, >> the ones where ipa-adtrust-install was run) and only considers those >> that are available via SRV records. If AD DC cannot find IPA DC via SRV >> record, trust cannot be validated. >> >> On Jan 19, 2016 1:37 PM, "Jon" wrote: >>> >>> Hello, >>>> >>>> While following the guide on setting up FreeIPA with AD >>>> , I got to the >>>> >>>> step where I'm adding the AD trust to FreeIPA but I receive an error: >>>> >>>> >> Active Directory domain administrator's password: >>>> >> ipa: ERROR: CIFS server communication error: code "-1073741801", >>>> >> message "Memory allocation error" (both may be >>>> "None") >>>> >>>> Thinking that the error was what was stated (my VM at the time only had >>>> 1GB of ram), I shutdown my VM (memory hot add was not enabled in VMware, >>>> it >>>> is now), bumped the RAM to 4GB, and booted the VM. >>>> >>>> Upon running the same command after reboot I received an error: >>>> >>>> >> ipa: ERROR: did not receive Kerberos credentials >>>> >>>> kinit admin is also reporting an error: >>>> >>>> >> kinit: Cannot contact any KDC for realm 'myrealm' while getting >>>> initial credentials >>>> >>>> trying to start FreeIPA in debug mode identified the samba service as at >>>> fault. >>>> >>>> >> Jan 19 10:19:50 myfreeipaserver smbd[3676]: kerberos error: >>>> code=-1765328203, message=Keytab contains no suitable keys for cifs/ >>>> myfreeipaserver at SUB.DOMAIN.MYDOMAIN.COM >>>> >> Jan 19 10:19:51 myfreeipaserver smbd[3676]: [2016/01/19 >>>> 10:19:51.261648, 0] ipa_sam.c:4520(pdb_init_ipasam) >>>> >> Jan 19 10:19:51 myfreeipaserver smbd[3676]: Failed to get base DN. >>>> >> Jan 19 10:19:51 myfreeipaserver smbd[3676]: [2016/01/19 >>>> 10:19:51.262675, 0] >>>> ../source3/passdb/pdb_interface.c:179(make_pdb_method_name) >>>> >> Jan 19 10:19:51 myfreeipaserver smbd[3676]: pdb backend >>>> ipasam:ldapi://%2fvar%2frun%2fslapd-SUB-DOMAIN-MYDOMAIN-COM.socket did >>>> not >>>> correctly init (error was NT_STATUS_UNSUCCESSFUL) >>>> >>>> Googling for these errors turned up a few similar threads but none of the >>>> solutions seemed to work and all signs pointed to AD integration as the >>>> culprit... >>>> >>>> So I did what any good sysadmin would do and forced freeipa to start >>>> while >>>> ignoring any failures. Every service except samba starts without issue. >>>> >>>> So I tried my trust connection again, and received the same error, >>>> >>>> >> Active Directory domain administrator's password: >>>> >> ipa: ERROR: CIFS server communication error: code "-1073741801", >>>> >> message "Memory allocation error" (both may be >>>> "None") >>>> >>>> Which brought me to googling two bug reports opened on this exact issue: >>>> >>>> >> https://bugzilla.redhat.com/show_bug.cgi?id=878168 >>>> >> https://fedorahosted.org/freeipa/ticket/3266 >>>> >>>> Both of these bug reports indicate there's an upstream bug in Samba, the >>>> bug has been closed and reopened at least once. I did add the AD servers >>>> to /etc/hosts and rebooted the server. I have to go through the same >>>> process of forcing freeipa to start after the server rebooted... >>>> However, I >>>> received the same error message. >>>> >>>> While the bug report is currently closed, I seem to be experiencing the >>>> same issues... >>>> >>>> Given this bug report, can you please answer me these questions three: >>>> >>>> 1) Given the issues with Samba starting after reboot, is this bug report >>>> actually what's wrong or is the error message when trying to create a >>>> trust >>>> a red herring and it's actually samba that's the problem? >>>> 2) Does this bug report mean that trusts between FreeIPA and AD are >>>> broken and can not be established until the upstream bug in Samba is >>>> fixed? >>>> 3) Is there a workaround? (as adding the domain controllers to >>>> /etc/hosts with IPv4 address does not appear to work) >>>> >>>> System Stats: >>>> - AD Server: Win2k8R2 >>>> - FreeIPA server: >>>> >>>> >> CentOS Linux release 7.2.1511 (Core) >>>> >>>> >>>> >> # uname -a >>>> >> Linux myserver 3.10.0-327.4.4.el7.x86_64 #1 SMP Tue Jan 5 16:07:00 UTC >>>> 2016 x86_64 x86_64 x86_64 GNU/Linux >>>> >>>> >> # rpm -qa | grep ipa >>>> >> python-libipa_hbac-1.13.0-40.el7_2.1.x86_64 >>>> >> ipa-server-4.2.0-15.el7.centos.3.x86_64 >>>> >> ipa-server-dns-4.2.0-15.el7.centos.3.x86_64 >>>> >> python-iniparse-0.4-9.el7.noarch >>>> >> libipa_hbac-1.13.0-40.el7_2.1.x86_64 >>>> >> sssd-ipa-1.13.0-40.el7_2.1.x86_64 >>>> >> ipa-python-4.2.0-15.el7.centos.3.x86_64 >>>> >> ipa-client-4.2.0-15.el7.centos.3.x86_64 >>>> >> ipa-server-trust-ad-4.2.0-15.el7.centos.3.x86_64 >>>> >> ipa-admintools-4.2.0-15.el7.centos.3.x86_64 >>>> >>>> >>>> I appreciate any help. I've been trying to get FreeIPA going for a >>>> couple >>>> of weeks now and have run into nothing but frustrations. The funny thing >>>> is, I've never had a problem deploying FreeIPA by itself... Microsoft >>>> seems to be the common denominator in my hair pulling lately... >>>> Correlation >>>> does not equal causation... but it sure is a coincidence... :) >>>> >>>> Thanks for your time! >>>> >>>> Best Regards, >>>> Jon A >>>> >>>> >>>> -- >>>> Manage your subscription for the Freeipa-users mailing list: >>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>>> Go to http://freeipa.org for more info on the project >>>> >>>> >> -- >>> Manage your subscription for the Freeipa-users mailing list: >>> https://www.redhat.com/mailman/listinfo/freeipa-users >>> Go to http://freeipa.org for more info on the project >>> >> >> >> -- >> / Alexander Bokovoy >> >-- >Manage your subscription for the Freeipa-users mailing list: >https://www.redhat.com/mailman/listinfo/freeipa-users >Go to http://freeipa.org for more info on the project -- / Alexander Bokovoy From anil_3g at hotmail.com Wed Jan 27 20:51:07 2016 From: anil_3g at hotmail.com (Anil Kommareddy) Date: Wed, 27 Jan 2016 14:51:07 -0600 Subject: [Freeipa-users] ERROR: missing attribute "ipaNTSecurityIdentifier" required by object class "ipaNTUserAttrs" Message-ID: Hi All, I have an ipa-server-4.2.0-15.el7_2.3.x86_64 on which I installed ipa-server-trust-ad-4.2.0-15.el7_2.3.x86_64 and ran "ipa-adtrust-install --add-sids" command. After some initial issues it started working fine. This has created ipaNTSecurityIdentifier to existing user accounts fine. It seem to create ipaNTHash on changing the password of the existing users. But when add new users, i am getting this error. Is there any way to fix this issue? ERROR: missing attribute "ipaNTSecurityIdentifier" required by object class "ipaNTUserAttrs" Greatly appreciate your help. Regards,Anil -------------- next part -------------- An HTML attachment was scrubbed... URL: From three18ti at gmail.com Wed Jan 27 21:03:54 2016 From: three18ti at gmail.com (Jon) Date: Wed, 27 Jan 2016 15:03:54 -0600 Subject: [Freeipa-users] Fwd: Creating Trusts with AD - (RH#878168, FIPA#3266) In-Reply-To: <20160127204400.GM8506@redhat.com> References: <20160120105720.GU4316@redhat.com> <20160127204400.GM8506@redhat.com> Message-ID: Hi Alexander, I've changed the names to anonymize the logs, but have maintained the structure of the names. This is how I've got the hostname configured: >> [root at freeipaserver ~]# hostname >> freeipaserver >> [root at freeipaserver ~]# hostname -a >> freeipaserver >> [root at freeipaserver ~]# hostname -f >> freeipaserver.my.sub.domain.com >> [root at freeipaserver ~]# cat /etc/hosts >> 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 >> ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 >> >> 192.168.1.10 freeipaserver.my.sub.domain.com freeipaserver >> >> [root at freeipaserver ~]# cat /etc/sysconfig/network >> DNS1=192.168.10.1 >> NISDOMAIN=my.sub.domain.com >> GATEWAY=192.168.1.1 >> SEARCH=my.sub.domain.com >> DOMAIN=my.sub.domain.com (NISDOMAIN and DOMAIN were previous attempts to set the domain. I can't just set /etc/hostname to "freeipaserver" as a bash prompt that says [ root at freeipaserver.my.sub.domain.com ~] is unacceptable to our ops teams, and we can't rewrite our bashrcs (these are company standards). However, based on the instructions, I do believe I've set the hostname correctly unless something has changed between RHEL6 and RHEL7). Thanks, Jon A On Wed, Jan 27, 2016 at 2:44 PM, Alexander Bokovoy wrote: > On Wed, 27 Jan 2016, Jon wrote: > >> Hello, >> >> Thanks for your feedback. >> >> So I reran `ipa-adtrust-install` and got a core dump from samba that there >> was no space left on the device...? >> >> A little digging showed that /var/log had filled up with files named >> "core.XXXXX" in /var/log/samba/cores/winbindd. So I removed all of them >> and reran `ipa-adtrust-install --add-sids` which continues to fail on >> starting CIFS services. Debug information shows that it's the smb service >> that isn't starting: >> >> [22/22]: starting CIFS services >>>> ipa : DEBUG Starting external process >>>> ipa : DEBUG args='/bin/systemctl' 'start' 'smb.service' >>>> ipa : DEBUG Process finished, return code=1 >>>> ipa : DEBUG stdout= >>>> ipa : DEBUG stderr=Job for smb.service failed because the >>>> >>> control process exited with error code. See "systemctl status >> smb.service" >> and "journalctl -xe" for details. >> >>> >>>> ipa : CRITICAL CIFS services failed to start >>>> ipa : DEBUG duration: 16 seconds >>>> ipa : DEBUG Done configuring CIFS. >>>> >>> >> Looking at the samba logs, I see: >> >> Jan 27 13:19:48 freeipa01enwdco smbd[18300]: [2016/01/27 >>>> >>> 13:19:48.482378, 0] ipa_sam.c:4208(bind_callback_cleanup) >> >>> Jan 27 13:19:48 freeipa01enwdco smbd[18300]: kerberos error: >>>> >>> code=-1765328203, message=Keytab contains no suitable keys for cifs/ >> freeipaserver at MY.SUB.DOMAIN.COM >> > ^ is this the real name for the server? E.g. it is non-fully qualified > one here? What does your `hostname` command show? > > > Jan 27 13:19:49 freeipa01enwdco smbd[18300]: [2016/01/27 >>>> >>> 13:19:49.482818, 0] ipa_sam.c:4520(pdb_init_ipasam) >> >>> Jan 27 13:19:49 freeipa01enwdco smbd[18300]: Failed to get base DN. >>>> Jan 27 13:19:49 freeipa01enwdco smbd[18300]: [2016/01/27 >>>> >>> 13:19:49.482909, 0] >> ../source3/passdb/pdb_interface.c:179(make_pdb_method_name) >> >>> Jan 27 13:19:49 freeipa01enwdco smbd[18300]: pdb backend >>>> >>> ipasam:ldapi://%2fvar%2frun%2fslapd-MY-SUB-DOMAIN-COM.socket did not >> correctly init (error was NT_STATUS_UNSUCCESSFUL) >> >>> Jan 27 13:19:49 freeipa01enwdco systemd[1]: smb.service: main process >>>> >>> exited, code=exited, status=1/FAILURE >> >>> Jan 27 13:19:49 freeipa01enwdco systemd[1]: Failed to start Samba SMB >>>> >>> Daemon. >> >>> Jan 27 13:19:49 freeipa01enwdco systemd[1]: Unit smb.service entered >>>> >>> failed state. >> >>> Jan 27 13:19:49 freeipa01enwdco systemd[1]: smb.service failed. >>>> >>> >> >> I tried following the trust debugging instructions here: >> http://www.freeipa.org/page/Active_Directory_trust_setup#Debugging_trust >> >> But it fails on the step `systemctl start smb winbind` >> >> # systemctl stop smb winbind >>>> # net conf setparm global 'log level' 100 >>>> # nano /usr/share/ipa/smb.conf.empty >>>> # rm /var/log/samba/log.* >>>> # systemctl start smb winbind >>>> Job for smb.service failed because the control process exited with error >>>> >>> code. See "systemctl status smb.service" and "journalctl -xe" for >> details. >> >> Which produces the exact same error listed above. >> >> >> in /var/log/samba/log.smbd I see what appears to be a stack trace, I see >> the same exact error above as well as the error about the socket not >> initing correctly: >> >> [2016/01/27 13:26:21.606257, 0, pid=18344, effective(0, 0), real(0, 0)] >>>> >>> ipa_sam.c:4208(bind_callback_cleanup) >> kerberos error: code=-1765328203, message=Keytab contains no suitable >> keys for cifs/freeipaserver at MY.SUB.DOMAIN.COM >> >>> [2016/01/27 13:26:21.606422, 2, pid=18344, effective(0, 0), real(0, 0)] >>>> >>> ../source3/lib/smbldap.c:998(smbldap_connect_system) >> failed to bind to server >> ldapi://%2fvar%2frun%2fslapd-MY-SUB-DOMAIN-COM.socket with dn="[Anonymous >> bind]" Error: Local error >> (unknown) >> >>> [2016/01/27 13:26:22.606842, 0, pid=18344, effective(0, 0), real(0, 0), >>>> >>> class=passdb] ../source3/passdb/pdb_interface.c:179(make_pdb_method_name) >> pdb backend ipasam:ldapi://%2fvar%2frun%2fslapd-MY-SUB-DOMAIN-COM.socket >> did not correctly init (error was NT_STATUS_UNSUCCESSFUL) >> >> So I think the problem is more fundamental than trusts as samba won't even >> start. >> >> Is there any documentation or does anyone have some good tricks for >> troubleshooting samba? >> >> Thanks, >> Jon A >> >> On Wed, Jan 20, 2016 at 4:57 AM, Alexander Bokovoy >> wrote: >> >> On Wed, 20 Jan 2016, Anon Lister wrote: >>> >>> So I had the same problem. For me it ended up being that some attribute >>>> was >>>> not created correctly in 389 using the instructions in the guide. I >>>> don't >>>> remember what it was off the top of my head. Something about a default >>>> user >>>> or group SID I think. Had to turn samba logging up. Eventually it shows >>>> the >>>> attribute it is failing on. I ended up manually adding it with vildap >>>> and >>>> it worked fine after that. If noone else gets it I'll poke around and >>>> see >>>> if I can find what it was, took me several hours to debug due to the >>>> somewhat misleading error message. >>>> >>>> The message is the only thing we get from Samba Python libraries, so it >>> is as good as what we get. >>> >>> Use >>> http://www.freeipa.org/page/Active_Directory_trust_setup#Debugging_trust >>> to produce debug output needed to find out where things happened. >>> >>> If your setup lacks 'Default SMB Group' group with a SID >>> (ipaNTSecurityIdentifier attribute), run ipa-adtrust-install --add-sids. >>> >>> ipa-adtrust-install can be re-run several times to fix missing parts. It >>> skips steps which were already done and only performs those that are >>> really needed. >>> >>> However, if your base IPA deployment does not work, like in the Jon's >>> case, there is little reason to run any of ipa-adtrust-install or other >>> trust-related functions. >>> >>> Additionally, DNS should be configured properly. ipa-adtrust-install >>> either automatically updates IPA DNS (if IPA manages the DNS zone) or >>> produces list of entries that should be added to the DNS zone whoever >>> manages it. This should not be overlooked -- when Active Directory >>> domain controller tries to validate the trust, it uses DNS SRV records >>> to find out IPA domain controllers ('trust controllers' in IPA speak, >>> the ones where ipa-adtrust-install was run) and only considers those >>> that are available via SRV records. If AD DC cannot find IPA DC via SRV >>> record, trust cannot be validated. >>> >>> On Jan 19, 2016 1:37 PM, "Jon" wrote: >>> >>>> >>>> Hello, >>>> >>>>> >>>>> While following the guide on setting up FreeIPA with AD >>>>> , I got to >>>>> the >>>>> >>>>> step where I'm adding the AD trust to FreeIPA but I receive an error: >>>>> >>>>> >> Active Directory domain administrator's password: >>>>> >> ipa: ERROR: CIFS server communication error: code "-1073741801", >>>>> >> message "Memory allocation error" (both may be >>>>> "None") >>>>> >>>>> Thinking that the error was what was stated (my VM at the time only had >>>>> 1GB of ram), I shutdown my VM (memory hot add was not enabled in >>>>> VMware, >>>>> it >>>>> is now), bumped the RAM to 4GB, and booted the VM. >>>>> >>>>> Upon running the same command after reboot I received an error: >>>>> >>>>> >> ipa: ERROR: did not receive Kerberos credentials >>>>> >>>>> kinit admin is also reporting an error: >>>>> >>>>> >> kinit: Cannot contact any KDC for realm 'myrealm' while getting >>>>> initial credentials >>>>> >>>>> trying to start FreeIPA in debug mode identified the samba service as >>>>> at >>>>> fault. >>>>> >>>>> >> Jan 19 10:19:50 myfreeipaserver smbd[3676]: kerberos error: >>>>> code=-1765328203, message=Keytab contains no suitable keys for cifs/ >>>>> myfreeipaserver at SUB.DOMAIN.MYDOMAIN.COM >>>>> >> Jan 19 10:19:51 myfreeipaserver smbd[3676]: [2016/01/19 >>>>> 10:19:51.261648, 0] ipa_sam.c:4520(pdb_init_ipasam) >>>>> >> Jan 19 10:19:51 myfreeipaserver smbd[3676]: Failed to get base >>>>> DN. >>>>> >> Jan 19 10:19:51 myfreeipaserver smbd[3676]: [2016/01/19 >>>>> 10:19:51.262675, 0] >>>>> ../source3/passdb/pdb_interface.c:179(make_pdb_method_name) >>>>> >> Jan 19 10:19:51 myfreeipaserver smbd[3676]: pdb backend >>>>> ipasam:ldapi://%2fvar%2frun%2fslapd-SUB-DOMAIN-MYDOMAIN-COM.socket did >>>>> not >>>>> correctly init (error was NT_STATUS_UNSUCCESSFUL) >>>>> >>>>> Googling for these errors turned up a few similar threads but none of >>>>> the >>>>> solutions seemed to work and all signs pointed to AD integration as the >>>>> culprit... >>>>> >>>>> So I did what any good sysadmin would do and forced freeipa to start >>>>> while >>>>> ignoring any failures. Every service except samba starts without >>>>> issue. >>>>> >>>>> So I tried my trust connection again, and received the same error, >>>>> >>>>> >> Active Directory domain administrator's password: >>>>> >> ipa: ERROR: CIFS server communication error: code "-1073741801", >>>>> >> message "Memory allocation error" (both may be >>>>> "None") >>>>> >>>>> Which brought me to googling two bug reports opened on this exact >>>>> issue: >>>>> >>>>> >> https://bugzilla.redhat.com/show_bug.cgi?id=878168 >>>>> >> https://fedorahosted.org/freeipa/ticket/3266 >>>>> >>>>> Both of these bug reports indicate there's an upstream bug in Samba, >>>>> the >>>>> bug has been closed and reopened at least once. I did add the AD >>>>> servers >>>>> to /etc/hosts and rebooted the server. I have to go through the same >>>>> process of forcing freeipa to start after the server rebooted... >>>>> However, I >>>>> received the same error message. >>>>> >>>>> While the bug report is currently closed, I seem to be experiencing the >>>>> same issues... >>>>> >>>>> Given this bug report, can you please answer me these questions three: >>>>> >>>>> 1) Given the issues with Samba starting after reboot, is this bug >>>>> report >>>>> actually what's wrong or is the error message when trying to create a >>>>> trust >>>>> a red herring and it's actually samba that's the problem? >>>>> 2) Does this bug report mean that trusts between FreeIPA and AD are >>>>> broken and can not be established until the upstream bug in Samba is >>>>> fixed? >>>>> 3) Is there a workaround? (as adding the domain controllers to >>>>> /etc/hosts with IPv4 address does not appear to work) >>>>> >>>>> System Stats: >>>>> - AD Server: Win2k8R2 >>>>> - FreeIPA server: >>>>> >>>>> >> CentOS Linux release 7.2.1511 (Core) >>>>> >>>>> >>>>> >> # uname -a >>>>> >> Linux myserver 3.10.0-327.4.4.el7.x86_64 #1 SMP Tue Jan 5 16:07:00 >>>>> UTC >>>>> 2016 x86_64 x86_64 x86_64 GNU/Linux >>>>> >>>>> >> # rpm -qa | grep ipa >>>>> >> python-libipa_hbac-1.13.0-40.el7_2.1.x86_64 >>>>> >> ipa-server-4.2.0-15.el7.centos.3.x86_64 >>>>> >> ipa-server-dns-4.2.0-15.el7.centos.3.x86_64 >>>>> >> python-iniparse-0.4-9.el7.noarch >>>>> >> libipa_hbac-1.13.0-40.el7_2.1.x86_64 >>>>> >> sssd-ipa-1.13.0-40.el7_2.1.x86_64 >>>>> >> ipa-python-4.2.0-15.el7.centos.3.x86_64 >>>>> >> ipa-client-4.2.0-15.el7.centos.3.x86_64 >>>>> >> ipa-server-trust-ad-4.2.0-15.el7.centos.3.x86_64 >>>>> >> ipa-admintools-4.2.0-15.el7.centos.3.x86_64 >>>>> >>>>> >>>>> I appreciate any help. I've been trying to get FreeIPA going for a >>>>> couple >>>>> of weeks now and have run into nothing but frustrations. The funny >>>>> thing >>>>> is, I've never had a problem deploying FreeIPA by itself... Microsoft >>>>> seems to be the common denominator in my hair pulling lately... >>>>> Correlation >>>>> does not equal causation... but it sure is a coincidence... :) >>>>> >>>>> Thanks for your time! >>>>> >>>>> Best Regards, >>>>> Jon A >>>>> >>>>> >>>>> -- >>>>> Manage your subscription for the Freeipa-users mailing list: >>>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>>>> Go to http://freeipa.org for more info on the project >>>>> >>>>> >>>>> -- >>> >>>> Manage your subscription for the Freeipa-users mailing list: >>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>>> Go to http://freeipa.org for more info on the project >>>> >>>> >>> >>> -- >>> / Alexander Bokovoy >>> >>> > -- >> Manage your subscription for the Freeipa-users mailing list: >> https://www.redhat.com/mailman/listinfo/freeipa-users >> Go to http://freeipa.org for more info on the project >> > > > -- > / Alexander Bokovoy > -------------- next part -------------- An HTML attachment was scrubbed... URL: From abokovoy at redhat.com Wed Jan 27 21:16:15 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Wed, 27 Jan 2016 23:16:15 +0200 Subject: [Freeipa-users] Fwd: Creating Trusts with AD - (RH#878168, FIPA#3266) In-Reply-To: References: <20160120105720.GU4316@redhat.com> <20160127204400.GM8506@redhat.com> Message-ID: <20160127211615.GN8506@redhat.com> On Wed, 27 Jan 2016, Jon wrote: >Hi Alexander, > >I've changed the names to anonymize the logs, but have maintained the >structure of the names. > >This is how I've got the hostname configured: > >>> [root at freeipaserver ~]# hostname >>> freeipaserver >>> [root at freeipaserver ~]# hostname -a >>> freeipaserver >>> [root at freeipaserver ~]# hostname -f >>> freeipaserver.my.sub.domain.com >>> [root at freeipaserver ~]# cat /etc/hosts >>> 127.0.0.1 localhost localhost.localdomain localhost4 >localhost4.localdomain4 >>> ::1 localhost localhost.localdomain localhost6 >localhost6.localdomain6 >>> >>> 192.168.1.10 freeipaserver.my.sub.domain.com freeipaserver >>> >>> [root at freeipaserver ~]# cat /etc/sysconfig/network >>> DNS1=192.168.10.1 >>> NISDOMAIN=my.sub.domain.com >>> GATEWAY=192.168.1.1 >>> SEARCH=my.sub.domain.com >>> DOMAIN=my.sub.domain.com > >(NISDOMAIN and DOMAIN were previous attempts to set the domain. I can't >just set /etc/hostname to "freeipaserver" as a bash prompt that says [ >root at freeipaserver.my.sub.domain.com ~] is unacceptable to our ops teams, >and we can't rewrite our bashrcs (these are company standards). However, >based on the instructions, I do believe I've set the hostname correctly >unless something has changed between RHEL6 and RHEL7). So this is not going to work, sorry. One way or another, Kerberos requires you to have uniform names, so freeipaserver and freeipaserver.my.sub.domain.com are different names and thus cifs/freeipaserver at REALM and cifs/freeipaserver.my.sub.domain.com at REALM are two different Kerberos principals. FreeIPA KDC does not support aliases. Almost all software using Kerberos is retrieving hostname using gethostname() call which, in turn, uses uname() system call and copies hostname from a nodename element of the returned structure. There is no code that complements nodename with default domain or something, so that output has to be fully qualified or ALL hosts in your deployment would need to non-fully qualified. `hostname` output is essentially giving you what uname() returns in nodename, while `hostname -f` appends default domain to it. Company standards may be important but in this case your bashrc code is clearly based on something that is not really taking Kerberos reality into account. -- / Alexander Bokovoy From datakid at gmail.com Wed Jan 27 21:20:29 2016 From: datakid at gmail.com (Lachlan Musicman) Date: Thu, 28 Jan 2016 08:20:29 +1100 Subject: [Freeipa-users] Centos 7, CA log files, bug report? Message-ID: Hi, Not sure if this is a bug or if I'm ignorant of the RH world, but when I try to do a fresh IPA install on Centos 7.2, I'm getting failures here: [1/27]: creating certificate server user [2/27]: configuring certificate server instance ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to configure CA instance: Command ''/usr/sbin/pkispawn' '-s' 'CA' '-f' '/tmp/tmpAGdITu'' returned non-zero exit status 1 ipa.ipaserver.install.cainstance.CAInstance: CRITICAL See the installation logs and the following files/directories for more information: ipa.ipaserver.install.cainstance.CAInstance: CRITICAL /var/log/pki-ca-install.log ipa.ipaserver.install.cainstance.CAInstance: CRITICAL /var/log/pki/pki-tomcat [error] RuntimeError: CA configuration failed. ipa.ipapython.install.cli.install_tool(Server): ERROR CA configuration failed. [root at emts-centos71-7f ~]# ipa --version VERSION: 4.2.0, API_VERSION: 2.156 CentOS Linux release 7.2.1511 (Core) Most importantly for me, /var/log/pki-ca-install.log doesn't exist and there is no file that looks like it anywhere on my system. Is this a bug? cheers L. ------ The most dangerous phrase in the language is, "We've always done it this way." - Grace Hopper -------------- next part -------------- An HTML attachment was scrubbed... URL: From three18ti at gmail.com Wed Jan 27 21:49:11 2016 From: three18ti at gmail.com (Jon) Date: Wed, 27 Jan 2016 15:49:11 -0600 Subject: [Freeipa-users] Fwd: Creating Trusts with AD - (RH#878168, FIPA#3266) In-Reply-To: <20160127211615.GN8506@redhat.com> References: <20160120105720.GU4316@redhat.com> <20160127204400.GM8506@redhat.com> <20160127211615.GN8506@redhat.com> Message-ID: Hi Alexander, Huzzah! Thanks for explaining how gethostname() works. At least armed with this information I can make a case to the powers that be why we need to make a change like this. So does this mean that all servers should have a fqdn in /etc/hostname or in the case of RHEL6 setting the HOSTNAME variable in /etc/sysconfig/network? Thanks a ton for your help! Best Regards, Jon A On Wed, Jan 27, 2016 at 3:16 PM, Alexander Bokovoy wrote: > On Wed, 27 Jan 2016, Jon wrote: > >> Hi Alexander, >> >> I've changed the names to anonymize the logs, but have maintained the >> structure of the names. >> >> This is how I've got the hostname configured: >> >> [root at freeipaserver ~]# hostname >>>> freeipaserver >>>> [root at freeipaserver ~]# hostname -a >>>> freeipaserver >>>> [root at freeipaserver ~]# hostname -f >>>> freeipaserver.my.sub.domain.com >>>> [root at freeipaserver ~]# cat /etc/hosts >>>> 127.0.0.1 localhost localhost.localdomain localhost4 >>>> >>> localhost4.localdomain4 >> >>> ::1 localhost localhost.localdomain localhost6 >>>> >>> localhost6.localdomain6 >> >>> >>>> 192.168.1.10 freeipaserver.my.sub.domain.com freeipaserver >>>> >>>> [root at freeipaserver ~]# cat /etc/sysconfig/network >>>> DNS1=192.168.10.1 >>>> NISDOMAIN=my.sub.domain.com >>>> GATEWAY=192.168.1.1 >>>> SEARCH=my.sub.domain.com >>>> DOMAIN=my.sub.domain.com >>>> >>> >> (NISDOMAIN and DOMAIN were previous attempts to set the domain. I can't >> just set /etc/hostname to "freeipaserver" as a bash prompt that says [ >> root at freeipaserver.my.sub.domain.com ~] is unacceptable to our ops teams, >> and we can't rewrite our bashrcs (these are company standards). However, >> based on the instructions, I do believe I've set the hostname correctly >> unless something has changed between RHEL6 and RHEL7). >> > So this is not going to work, sorry. > > One way or another, Kerberos requires you to have uniform names, so > freeipaserver and freeipaserver.my.sub.domain.com are different names > and thus cifs/freeipaserver at REALM and > cifs/freeipaserver.my.sub.domain.com at REALM > are two different Kerberos principals. FreeIPA KDC does not support > aliases. > > Almost all software using Kerberos is retrieving hostname using > gethostname() call which, in turn, uses uname() system call and copies > hostname from a nodename element of the returned structure. There is no > code that complements nodename with default domain or something, so > that output has to be fully qualified or ALL hosts in your deployment > would need to non-fully qualified. > > `hostname` output is essentially giving you what uname() returns in > nodename, while `hostname -f` appends default domain to it. > > Company standards may be important but in this case your bashrc code is > clearly based on something that is not really taking Kerberos reality > into account. > -- > / Alexander Bokovoy > -------------- next part -------------- An HTML attachment was scrubbed... URL: From abokovoy at redhat.com Wed Jan 27 22:02:07 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Thu, 28 Jan 2016 00:02:07 +0200 Subject: [Freeipa-users] Fwd: Creating Trusts with AD - (RH#878168, FIPA#3266) In-Reply-To: References: <20160120105720.GU4316@redhat.com> <20160127204400.GM8506@redhat.com> <20160127211615.GN8506@redhat.com> Message-ID: <20160127220207.GO8506@redhat.com> On Wed, 27 Jan 2016, Jon wrote: >Hi Alexander, > >Huzzah! > >Thanks for explaining how gethostname() works. At least armed with this >information I can make a case to the powers that be why we need to make a >change like this. > >So does this mean that all servers should have a fqdn in /etc/hostname or >in the case of RHEL6 setting the HOSTNAME variable in >/etc/sysconfig/network? All servers should be returning fqdn output in `hostname` run, without any additional options, e.g. not `hostname -f`. In case of RHEL 7.x this means use of 'hostnamectl set-hostname f.q.d.n' which would end up being the name stored in /etc/hostname In case of RHEL 6.x this means setting HOSTNAME in /etc/sysconfig/network. Of course, in both cases the first name for the host in /etc/hosts should also be fqdn because this is the canonical name of the host -- in case the host's IP address is set in /etc/hosts. > >Thanks a ton for your help! > >Best Regards, >Jon A > > >On Wed, Jan 27, 2016 at 3:16 PM, Alexander Bokovoy >wrote: > >> On Wed, 27 Jan 2016, Jon wrote: >> >>> Hi Alexander, >>> >>> I've changed the names to anonymize the logs, but have maintained the >>> structure of the names. >>> >>> This is how I've got the hostname configured: >>> >>> [root at freeipaserver ~]# hostname >>>>> freeipaserver >>>>> [root at freeipaserver ~]# hostname -a >>>>> freeipaserver >>>>> [root at freeipaserver ~]# hostname -f >>>>> freeipaserver.my.sub.domain.com >>>>> [root at freeipaserver ~]# cat /etc/hosts >>>>> 127.0.0.1 localhost localhost.localdomain localhost4 >>>>> >>>> localhost4.localdomain4 >>> >>>> ::1 localhost localhost.localdomain localhost6 >>>>> >>>> localhost6.localdomain6 >>> >>>> >>>>> 192.168.1.10 freeipaserver.my.sub.domain.com freeipaserver >>>>> >>>>> [root at freeipaserver ~]# cat /etc/sysconfig/network >>>>> DNS1=192.168.10.1 >>>>> NISDOMAIN=my.sub.domain.com >>>>> GATEWAY=192.168.1.1 >>>>> SEARCH=my.sub.domain.com >>>>> DOMAIN=my.sub.domain.com >>>>> >>>> >>> (NISDOMAIN and DOMAIN were previous attempts to set the domain. I can't >>> just set /etc/hostname to "freeipaserver" as a bash prompt that says [ >>> root at freeipaserver.my.sub.domain.com ~] is unacceptable to our ops teams, >>> and we can't rewrite our bashrcs (these are company standards). However, >>> based on the instructions, I do believe I've set the hostname correctly >>> unless something has changed between RHEL6 and RHEL7). >>> >> So this is not going to work, sorry. >> >> One way or another, Kerberos requires you to have uniform names, so >> freeipaserver and freeipaserver.my.sub.domain.com are different names >> and thus cifs/freeipaserver at REALM and >> cifs/freeipaserver.my.sub.domain.com at REALM >> are two different Kerberos principals. FreeIPA KDC does not support >> aliases. >> >> Almost all software using Kerberos is retrieving hostname using >> gethostname() call which, in turn, uses uname() system call and copies >> hostname from a nodename element of the returned structure. There is no >> code that complements nodename with default domain or something, so >> that output has to be fully qualified or ALL hosts in your deployment >> would need to non-fully qualified. >> >> `hostname` output is essentially giving you what uname() returns in >> nodename, while `hostname -f` appends default domain to it. >> >> Company standards may be important but in this case your bashrc code is >> clearly based on something that is not really taking Kerberos reality >> into account. >> -- >> / Alexander Bokovoy >> >-- >Manage your subscription for the Freeipa-users mailing list: >https://www.redhat.com/mailman/listinfo/freeipa-users >Go to http://freeipa.org for more info on the project -- / Alexander Bokovoy From marat.vyshegorodtsev at gmail.com Thu Jan 28 02:03:43 2016 From: marat.vyshegorodtsev at gmail.com (Marat Vyshegorodtsev) Date: Thu, 28 Jan 2016 11:03:43 +0900 Subject: [Freeipa-users] FREAK Vulnerability In-Reply-To: References: <56A0F065.7050407@redhat.com> Message-ID: My two cents: My "magic" string for NSS is like this (I had to move to Fedora 23 from CentOS in order to get more recent NSS version though): NSSProtocol TLSv1.2 NSSCipherSuite -All,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ecdsa_aes_256_sha,+ecdh_ecdsa_aes_128_sha,+ecdh_ecdsa_aes_256_sha,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ecdsa_aes_256_sha,+aes_256_sha_256,+aes_128_sha_256,+rsa_aes_128_gcm_sha_256,+ecdhe_ecdsa_aes_128_sha_256,+ecdhe_rsa_aes_128_sha_256,+ecdhe_ecdsa_aes_128_gcm_sha_256,+ecdhe_rsa_aes_128_gcm_sha_256 My cert is ECDSA private CA though. If you are interested, I can give you my chef recipe snippets to configure it. On Thu, Jan 28, 2016 at 11:02 AM, Marat Vyshegorodtsev wrote: > My two cents: > > My "magic" string for NSS is like this (I had to move to Fedora 23 > from CentOS in order to get more recent NSS version though): > > NSSProtocol TLSv1.2 > NSSCipherSuite -All,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ecdsa_aes_256_sha,+ecdh_ecdsa_aes_128_sha,+ecdh_ecdsa_aes_256_sha,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ecdsa_aes_256_sha,+aes_256_sha_256,+aes_128_sha_256,+rsa_aes_128_gcm_sha_256,+ecdhe_ecdsa_aes_128_sha_256,+ecdhe_rsa_aes_128_sha_256,+ecdhe_ecdsa_aes_128_gcm_sha_256,+ecdhe_rsa_aes_128_gcm_sha_256 > > My cert is ECDSA private CA though. If you are interested, I can give > you my chef recipe snippets to configure it. > > Marat > > On Fri, Jan 22, 2016 at 1:54 AM, Terry John > wrote: >>>> I've been trying to tidy the security on my FreeIPA and this is >>>> causing me some problems. I'm using OpenVAS vulnerability scanner and >>>> it is coming up with this issue >>>> >>>> EXPORT_RSA cipher suites supported by the remote server: >>>> TLSv1.0: TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0006) >>>> TLSv1.0: TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0003) >>>> >>>> It seems we have to disable export TLS ciphers but I can't see how. I've edited /etc/httpd/conf.d/nss.conf and disabled all SSL and TLSV1.0. >>> >>>> NSSCipherSuite -all,-exp,+ >>>> >>>> I've restarted httpd and ipa but it still fails >>>> >>>> Is there something I have overlooked >> >> >>>Hi Terry, >>> >>>Please check >>>https://fedorahosted.org/freeipa/ticket/5589 >>> >>>We are trying to come up with a better cipher suite right now. The fix should be in some of the next FreeIPA 4.3.x versions. >>> >>>The ticket has more details in it. >> >> Thanks for the info. I have tried nearly all the NSSCipherSuite settings in that ticket but none so far has eliminated the FREAK report. >> Christian thanks for the heads up on the syntax, I wasn't sure of what I was doing >> >> Each time I've made a change I've run an sslscan from the OpenVAS scanner and I do get a different result each time but the errors still remains in OpenVAS. >> Aaargh! Just noticed the port is 636/tcp(!) which is ns-slapd. >> >> Back to the drawing board :-) >> >> >> >> >> The Manheim group of companies within the UK comprises: Manheim Europe Limited (registered number: 03183918), Manheim Auctions Limited (registered number: 00448761), Manheim Retail Services Limited (registered number: 02838588), Motors.co.uk Limited (registered number: 05975777), Real Time Communications Limited (registered number: 04277845) and Complete Automotive Solutions Limited (registered number: 05302535). Each of these companies is registered in England and Wales with the registered office address of Central House, Leeds Road, Rothwell, Leeds LS26 0JE. The Manheim group of companies operates under various brand/trading names including Manheim Inspection Services, Manheim Auctions, Manheim Direct, Manheim De-fleet and Manheim Aftersales Solutions. >> >> V:0CF72C13B2AC >> >> >> >> -- >> Manage your subscription for the Freeipa-users mailing list: >> https://www.redhat.com/mailman/listinfo/freeipa-users >> Go to http://freeipa.org for more info on the project From marat.vyshegorodtsev at gmail.com Thu Jan 28 02:18:12 2016 From: marat.vyshegorodtsev at gmail.com (Marat Vyshegorodtsev) Date: Thu, 28 Jan 2016 11:18:12 +0900 Subject: [Freeipa-users] Service account to enroll hosts In-Reply-To: <56A8EA60.4030601@redhat.com> References: <56A8EA60.4030601@redhat.com> Message-ID: Tried that. Originally I had just a normal user of a role "Build Administrator". It worked perfectly. Service account doesn't seem to recognize its privileges either way (explicit membership assignment or through roles). Originally it was like this (working perfectly): http://pastebin.com/baqcthy5 However, I don't like hostadmin hanging amount regular users. So I moved this account away to its own ldif: dn: uid=hostadmin,cn=sysaccounts,cn=etc,dc=contoso,dc=com changetype: add objectclass: account objectclass: simplesecurityobject objectclass: inetuser objectclass: krbprincipalaux objectclass: krbticketpolicyaux krbPrincipalName: hostadmin@<%= @realm %> memberOf: cn=Build Administrator,cn=roles,cn=accounts,dc=contoso,dc=com userPassword: <%= @hostadmin_pwd %> passwordExpirationTime: <%= @pwd_expiration %> krbpasswordexpiration: <%= @pwd_expiration %> nsIdleTimeout: 0 This didn't work (same error: not enough privileges), so I started experimenting with explicit privileges assignment by basically copying them from default "admin" user. Didn't work too. I wonder what am I doing wrong. On Thu, Jan 28, 2016 at 1:03 AM, Rob Crittenden wrote: > Marat Vyshegorodtsev wrote: >> Hi! >> >> I'm trying to build an auto-enrollment script that would leverage a >> service account to enroll hosts. >> >> Here is the LDIF for this service account: >> https://gist.github.com/touzoku/2b03a47d3f0bcfbdf30a >> >> This service account is created successfully, but when I try to: >> 1) kinit hostadmin >> 2) ipa host-add foobar.contoso.com >> >> The following error appears: >> ipa: ERROR: Insufficient access: Insufficient 'add' privilege to add >> the entry 'fqdn=foobar.contoso.com,cn=computers,cn=accounts,dc=contoso,dc=com'. >> >> Which privilege am I missing? A normal (posix) user, with the same set >> of privileges worked fine, the problem started to happen when I moved >> user from normal users to cn=sysaccounts,cn=etc. >> >> Also, is my set of privileges minimal? Which privileges do I need to >> just add host entries? >> > > You should not directly add memberOf values. You should add the user as > a member of the respective roles and the rest should follow naturally. > So you'll need to add this entry then do a modify to add it as a member > of one or more roles. > > rob > > From rcritten at redhat.com Thu Jan 28 02:25:18 2016 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 27 Jan 2016 21:25:18 -0500 Subject: [Freeipa-users] Service account to enroll hosts In-Reply-To: References: <56A8EA60.4030601@redhat.com> Message-ID: <56A97C0E.4070002@redhat.com> Marat Vyshegorodtsev wrote: > Tried that. > > Originally I had just a normal user of a role "Build Administrator". > It worked perfectly. > > Service account doesn't seem to recognize its privileges either way > (explicit membership assignment or through roles). > > Originally it was like this (working perfectly): > http://pastebin.com/baqcthy5 > > However, I don't like hostadmin hanging amount regular users. > > So I moved this account away to its own ldif: > dn: uid=hostadmin,cn=sysaccounts,cn=etc,dc=contoso,dc=com > changetype: add > objectclass: account > objectclass: simplesecurityobject > objectclass: inetuser > objectclass: krbprincipalaux > objectclass: krbticketpolicyaux > krbPrincipalName: hostadmin@<%= @realm %> > memberOf: cn=Build Administrator,cn=roles,cn=accounts,dc=contoso,dc=com > userPassword: <%= @hostadmin_pwd %> > passwordExpirationTime: <%= @pwd_expiration %> > krbpasswordexpiration: <%= @pwd_expiration %> > nsIdleTimeout: 0 > > This didn't work (same error: not enough privileges), so I started > experimenting with explicit privileges assignment by basically copying > them from default "admin" user. Didn't work too. > > I wonder what am I doing wrong. I already told you: don't add an explicit memberOf. You need a separate modify to add this user as a member of (NOT memberOf) the role: dn: cn=Build Administrator,cn=roles,cn=accounts,dc=contoso,dc=com changetype: modify add: member member: uid=hostadmin,cn=sysaccounts,cn=etc,dc=contoso,dc=com rob > > On Thu, Jan 28, 2016 at 1:03 AM, Rob Crittenden wrote: >> Marat Vyshegorodtsev wrote: >>> Hi! >>> >>> I'm trying to build an auto-enrollment script that would leverage a >>> service account to enroll hosts. >>> >>> Here is the LDIF for this service account: >>> https://gist.github.com/touzoku/2b03a47d3f0bcfbdf30a >>> >>> This service account is created successfully, but when I try to: >>> 1) kinit hostadmin >>> 2) ipa host-add foobar.contoso.com >>> >>> The following error appears: >>> ipa: ERROR: Insufficient access: Insufficient 'add' privilege to add >>> the entry 'fqdn=foobar.contoso.com,cn=computers,cn=accounts,dc=contoso,dc=com'. >>> >>> Which privilege am I missing? A normal (posix) user, with the same set >>> of privileges worked fine, the problem started to happen when I moved >>> user from normal users to cn=sysaccounts,cn=etc. >>> >>> Also, is my set of privileges minimal? Which privileges do I need to >>> just add host entries? >>> >> >> You should not directly add memberOf values. You should add the user as >> a member of the respective roles and the rest should follow naturally. >> So you'll need to add this entry then do a modify to add it as a member >> of one or more roles. >> >> rob >> >> From marat.vyshegorodtsev at gmail.com Thu Jan 28 02:27:41 2016 From: marat.vyshegorodtsev at gmail.com (Marat Vyshegorodtsev) Date: Thu, 28 Jan 2016 11:27:41 +0900 Subject: [Freeipa-users] Moving default "admin" user to service accounts Message-ID: Hi! My FreeIPA deployment is a part of PCI cardholder data environment. Hence, I have to comply with with the requirements such as 8.1.1 (assign unique ID to each user) and 8.5 (do not use generic or shared IDs). I would like to move this user under service accounts (it may still be used by chef/puppet to run the recipes etc), but I don't see how it is even possible. I tried recreating this user under cn=sysaccounts,cn=etc and removing the following object classes, but this breaks everything. objectClass: top objectClass: person objectClass: posixaccount objectClass: ipaobject objectClass: ipasshuser objectClass: ipaSshGroupOfPubKeys How can I pull this off? Did anybody pass PCI DSS audit (for real, I'm not talking about sloppy QSAs) using FreeIPA as an IdM solution? Best regards, Marat From marat.vyshegorodtsev at gmail.com Thu Jan 28 02:36:51 2016 From: marat.vyshegorodtsev at gmail.com (Marat Vyshegorodtsev) Date: Thu, 28 Jan 2016 11:36:51 +0900 Subject: [Freeipa-users] Service account to enroll hosts In-Reply-To: <56A97C0E.4070002@redhat.com> References: <56A8EA60.4030601@redhat.com> <56A97C0E.4070002@redhat.com> Message-ID: Wow, that worked! Thanks, you ended my week of torture :-) For those who interested, this is my final ldif for the host provisioning user: dn: uid=hostadmin,cn=sysaccounts,cn=etc,dc=contoso,dc=com changetype: add objectclass: account objectclass: simplesecurityobject objectclass: inetuser objectClass: krbprincipalaux objectClass: krbticketpolicyaux krbPrincipalName: hostadmin at CONTOSO.COM userPassword: SomePassword123 passwordExpirationTime: 20371231011529Z krbpasswordexpiration: 20371231011529Z nsIdleTimeout: 0 dn: cn=Build Administrator,cn=roles,cn=accounts,dc=contoso,dc=com changetype: modify add: member member: uid=hostadmin,cn=sysaccounts,cn=etc,dc=contoso,dc=com On Thu, Jan 28, 2016 at 11:25 AM, Rob Crittenden wrote: > Marat Vyshegorodtsev wrote: >> Tried that. >> >> Originally I had just a normal user of a role "Build Administrator". >> It worked perfectly. >> >> Service account doesn't seem to recognize its privileges either way >> (explicit membership assignment or through roles). >> >> Originally it was like this (working perfectly): >> http://pastebin.com/baqcthy5 >> >> However, I don't like hostadmin hanging amount regular users. >> >> So I moved this account away to its own ldif: >> dn: uid=hostadmin,cn=sysaccounts,cn=etc,dc=contoso,dc=com >> changetype: add >> objectclass: account >> objectclass: simplesecurityobject >> objectclass: inetuser >> objectclass: krbprincipalaux >> objectclass: krbticketpolicyaux >> krbPrincipalName: hostadmin@<%= @realm %> >> memberOf: cn=Build Administrator,cn=roles,cn=accounts,dc=contoso,dc=com >> userPassword: <%= @hostadmin_pwd %> >> passwordExpirationTime: <%= @pwd_expiration %> >> krbpasswordexpiration: <%= @pwd_expiration %> >> nsIdleTimeout: 0 >> >> This didn't work (same error: not enough privileges), so I started >> experimenting with explicit privileges assignment by basically copying >> them from default "admin" user. Didn't work too. >> >> I wonder what am I doing wrong. > > I already told you: don't add an explicit memberOf. > > You need a separate modify to add this user as a member of (NOT > memberOf) the role: > > dn: cn=Build Administrator,cn=roles,cn=accounts,dc=contoso,dc=com > changetype: modify > add: member > member: uid=hostadmin,cn=sysaccounts,cn=etc,dc=contoso,dc=com > > rob > >> >> On Thu, Jan 28, 2016 at 1:03 AM, Rob Crittenden wrote: >>> Marat Vyshegorodtsev wrote: >>>> Hi! >>>> >>>> I'm trying to build an auto-enrollment script that would leverage a >>>> service account to enroll hosts. >>>> >>>> Here is the LDIF for this service account: >>>> https://gist.github.com/touzoku/2b03a47d3f0bcfbdf30a >>>> >>>> This service account is created successfully, but when I try to: >>>> 1) kinit hostadmin >>>> 2) ipa host-add foobar.contoso.com >>>> >>>> The following error appears: >>>> ipa: ERROR: Insufficient access: Insufficient 'add' privilege to add >>>> the entry 'fqdn=foobar.contoso.com,cn=computers,cn=accounts,dc=contoso,dc=com'. >>>> >>>> Which privilege am I missing? A normal (posix) user, with the same set >>>> of privileges worked fine, the problem started to happen when I moved >>>> user from normal users to cn=sysaccounts,cn=etc. >>>> >>>> Also, is my set of privileges minimal? Which privileges do I need to >>>> just add host entries? >>>> >>> >>> You should not directly add memberOf values. You should add the user as >>> a member of the respective roles and the rest should follow naturally. >>> So you'll need to add this entry then do a modify to add it as a member >>> of one or more roles. >>> >>> rob >>> >>> > From rcritten at redhat.com Thu Jan 28 04:41:43 2016 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 27 Jan 2016 23:41:43 -0500 Subject: [Freeipa-users] Moving default "admin" user to service accounts In-Reply-To: References: Message-ID: <56A99C07.30900@redhat.com> Marat Vyshegorodtsev wrote: > Hi! > > My FreeIPA deployment is a part of PCI cardholder data environment. > > Hence, I have to comply with with the requirements such as 8.1.1 > (assign unique ID to each user) and 8.5 (do not use generic or shared > IDs). > > I would like to move this user under service accounts (it may still be > used by chef/puppet to run the recipes etc), but I don't see how it is > even possible. > > I tried recreating this user under cn=sysaccounts,cn=etc and removing > the following object classes, but this breaks everything. > objectClass: top > objectClass: person > objectClass: posixaccount > objectClass: ipaobject > objectClass: ipasshuser > objectClass: ipaSshGroupOfPubKeys Breaks what? There is little very special about the user uid=admin. The only thing special is that it is a member of the group admins. That said, not sure if it has ever been tested from sysaccounts and I'm sure that creating new replicas will break (https://fedorahosted.org/freeipa/ticket/5060) but I don't know what else. rob > > How can I pull this off? Did anybody pass PCI DSS audit (for real, I'm > not talking about sloppy QSAs) using FreeIPA as an IdM solution? > > Best regards, > Marat > From rcritten at redhat.com Thu Jan 28 04:49:01 2016 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 27 Jan 2016 23:49:01 -0500 Subject: [Freeipa-users] FREAK Vulnerability In-Reply-To: References: <56A0F065.7050407@redhat.com> Message-ID: <56A99DBD.4010409@redhat.com> Marat Vyshegorodtsev wrote: > My two cents: > > My "magic" string for NSS is like this (I had to move to Fedora 23 > from CentOS in order to get more recent NSS version though): > > NSSProtocol TLSv1.2 > NSSCipherSuite -All,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ecdsa_aes_256_sha,+ecdh_ecdsa_aes_128_sha,+ecdh_ecdsa_aes_256_sha,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ecdsa_aes_256_sha,+aes_256_sha_256,+aes_128_sha_256,+rsa_aes_128_gcm_sha_256,+ecdhe_ecdsa_aes_128_sha_256,+ecdhe_rsa_aes_128_sha_256,+ecdhe_ecdsa_aes_128_gcm_sha_256,+ecdhe_rsa_aes_128_gcm_sha_256 The -All is a syntax error (ignored). All ciphers are disabled by default anyway. I'd suggest using the ticket already referenced as a starting point. /usr/lib[64]/nss/unsupported-tools/listsuites is also handy to see what is enabled by default in NSS (though again, everything is disabled by mod_nss at startup). rob > > My cert is ECDSA private CA though. If you are interested, I can give > you my chef recipe snippets to configure it. > > On Thu, Jan 28, 2016 at 11:02 AM, Marat Vyshegorodtsev > wrote: >> My two cents: >> >> My "magic" string for NSS is like this (I had to move to Fedora 23 >> from CentOS in order to get more recent NSS version though): >> >> NSSProtocol TLSv1.2 >> NSSCipherSuite -All,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ecdsa_aes_256_sha,+ecdh_ecdsa_aes_128_sha,+ecdh_ecdsa_aes_256_sha,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ecdsa_aes_256_sha,+aes_256_sha_256,+aes_128_sha_256,+rsa_aes_128_gcm_sha_256,+ecdhe_ecdsa_aes_128_sha_256,+ecdhe_rsa_aes_128_sha_256,+ecdhe_ecdsa_aes_128_gcm_sha_256,+ecdhe_rsa_aes_128_gcm_sha_256 >> >> My cert is ECDSA private CA though. If you are interested, I can give >> you my chef recipe snippets to configure it. >> >> Marat >> >> On Fri, Jan 22, 2016 at 1:54 AM, Terry John >> wrote: >>>>> I've been trying to tidy the security on my FreeIPA and this is >>>>> causing me some problems. I'm using OpenVAS vulnerability scanner and >>>>> it is coming up with this issue >>>>> >>>>> EXPORT_RSA cipher suites supported by the remote server: >>>>> TLSv1.0: TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0006) >>>>> TLSv1.0: TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0003) >>>>> >>>>> It seems we have to disable export TLS ciphers but I can't see how. I've edited /etc/httpd/conf.d/nss.conf and disabled all SSL and TLSV1.0. >>>> >>>>> NSSCipherSuite -all,-exp,+ >>>>> >>>>> I've restarted httpd and ipa but it still fails >>>>> >>>>> Is there something I have overlooked >>> >>> >>>> Hi Terry, >>>> >>>> Please check >>>> https://fedorahosted.org/freeipa/ticket/5589 >>>> >>>> We are trying to come up with a better cipher suite right now. The fix should be in some of the next FreeIPA 4.3.x versions. >>>> >>>> The ticket has more details in it. >>> >>> Thanks for the info. I have tried nearly all the NSSCipherSuite settings in that ticket but none so far has eliminated the FREAK report. >>> Christian thanks for the heads up on the syntax, I wasn't sure of what I was doing >>> >>> Each time I've made a change I've run an sslscan from the OpenVAS scanner and I do get a different result each time but the errors still remains in OpenVAS. >>> Aaargh! Just noticed the port is 636/tcp(!) which is ns-slapd. >>> >>> Back to the drawing board :-) >>> >>> >>> >>> >>> The Manheim group of companies within the UK comprises: Manheim Europe Limited (registered number: 03183918), Manheim Auctions Limited (registered number: 00448761), Manheim Retail Services Limited (registered number: 02838588), Motors.co.uk Limited (registered number: 05975777), Real Time Communications Limited (registered number: 04277845) and Complete Automotive Solutions Limited (registered number: 05302535). Each of these companies is registered in England and Wales with the registered office address of Central House, Leeds Road, Rothwell, Leeds LS26 0JE. The Manheim group of companies operates under various brand/trading names including Manheim Inspection Services, Manheim Auctions, Manheim Direct, Manheim De-fleet and Manheim Aftersales Solutions. >>> >>> V:0CF72C13B2AC >>> >>> >>> >>> -- >>> Manage your subscription for the Freeipa-users mailing list: >>> https://www.redhat.com/mailman/listinfo/freeipa-users >>> Go to http://freeipa.org for more info on the project > From prashant at apigee.com Thu Jan 28 04:55:53 2016 From: prashant at apigee.com (Prashant Bapat) Date: Thu, 28 Jan 2016 10:25:53 +0530 Subject: [Freeipa-users] Kerberos process coredump | authentication fails Message-ID: Hi, We have a FreeIPA 4.1.4 setup on F21 servers. There is 1 master and 7 replicas in different regions. Earlier there was only 1 replica. Since I added new replicas, on the master node, once in a while the kerberos process dumps core and everything stops working - authentication, replication etc. If we restart everything using "ipactl restart" things are back to normal. Attached is the output from journalctl for kerberos. Has anyone come across this ? Are there any pointers to troubleshooting this ? Any help is appreciated. Thanks. --Prashant -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- Jan 26 03:15:59 ipa.example.net systemd-coredump[5000]: Process 4475 (krb5kdc) of user 0 dumped core. Stack trace of thread 4475: #0 0x00007f99de8c18d7 raise (libc.so.6) #1 0x00007f99de8c353a abort (libc.so.6) #2 0x00007f99de8ba47d __assert_fail_base (libc.so.6) #3 0x00007f99de8ba532 __assert_fail (libc.so.6) #4 0x00007f99d783a78f ldap_get_values_len (libldap_r-2.4.so.2) #5 0x00007f99d7c8173e ipadb_ldap_attr_to_int (ipadb.so) #6 0x00007f99d7c83f9c ipadb_parse_ldap_entry (ipadb.so) #7 0x00007f99d7c849ab ipadb_get_principal (ipadb.so) #8 0x00007f99e0433b14 krb5_db_get_principal (libkdb5.so.7) #9 0x000055768457c230 process_tgs_req (krb5kdc) #10 0x0000557684579fe3 dispatch (krb5kdc) #11 0x000055768458d8a0 process_packet (krb5kdc) #12 0x00007f99dec4cc78 verto_fire (libverto.so.1) #13 0x00007f99d6fb72a3 epoll_event_loop_once (libtevent.so.0) #14 0x00007f99d6fb5787 std_event_loop_once (libtevent.so.0) #15 0x00007f99d6fb1fed _tevent_loop_once (libtevent.so.0) #16 0x00007f99dec4c3f7 verto_run (libverto.so.1) #17 0x00005576845795ab main (krb5kdc) #18 0x00007f99de8acfe0 __libc_start_main (libc.so.6) #19 0x00005576845798f0 _start (krb5kdc) Jan 26 03:15:59 ipa.example.net systemd-coredump[4999]: Process 4473 (krb5kdc) of user 0 dumped core. Stack trace of thread 4473: #0 0x00007f99de8c18d7 raise (libc.so.6) #1 0x00007f99de8c353a abort (libc.so.6) #2 0x00007f99de8ba47d __assert_fail_base (libc.so.6) #3 0x00007f99de8ba532 __assert_fail (libc.so.6) #4 0x00007f99d783a78f ldap_get_values_len (libldap_r-2.4.so.2) #5 0x00007f99d7c8173e ipadb_ldap_attr_to_int (ipadb.so) #6 0x00007f99d7c83f9c ipadb_parse_ldap_entry (ipadb.so) #7 0x00007f99d7c849ab ipadb_get_principal (ipadb.so) #8 0x00007f99e0433b14 krb5_db_get_principal (libkdb5.so.7) #9 0x000055768457c230 process_tgs_req (krb5kdc) #10 0x0000557684579fe3 dispatch (krb5kdc) #11 0x000055768458d8a0 process_packet (krb5kdc) #12 0x00007f99dec4cc78 verto_fire (libverto.so.1) #13 0x00007f99d6fb72a3 epoll_event_loop_once (libtevent.so.0) #14 0x00007f99d6fb5787 std_event_loop_once (libtevent.so.0) #15 0x00007f99d6fb1fed _tevent_loop_once (libtevent.so.0) #16 0x00007f99dec4c3f7 verto_run (libverto.so.1) #17 0x00005576845795ab main (krb5kdc) #18 0x00007f99de8acfe0 __libc_start_main (libc.so.6) #19 0x00005576845798f0 _start (krb5kdc) From jhrozek at redhat.com Thu Jan 28 07:57:26 2016 From: jhrozek at redhat.com (Jakub Hrozek) Date: Thu, 28 Jan 2016 08:57:26 +0100 Subject: [Freeipa-users] SSSD and DNS In-Reply-To: <201601271753.u0RHr9rk010214@d01av04.pok.ibm.com> References: <201601271753.u0RHr9rk010214@d01av04.pok.ibm.com> Message-ID: <20160128075726.GA5655@hendrix.redhat.com> On Wed, Jan 27, 2016 at 10:53:00AM -0700, Sean Hogan wrote: > > > Hi All, > > Tue Jan 26 19:01:32 2016) [sssd] [ping_check] (0x0020): A service PING > timed out on [ssh]. Attempt [0] > (Tue Jan 26 19:06:50 2016) [sssd] [ping_check] (0x0020): A service PING > timed out on [sudo]. Attempt [0] > (Tue Jan 26 19:06:50 2016) [sssd] [ping_check] (0x0020): A service PING > timed out on [ssh]. Attempt [0] > Everything recovers and all is good for a while then; > > (Tue Jan 26 19:14:11 2016) [sssd] [ping_check] (0x0020): A service PING > timed out on [foo.local]. Attempt [2] > (Tue Jan 26 19:14:21 2016) [sssd] [tasks_check_handler] (0x0020): Killing > service [foo.local], not responding to pings! > (Tue Jan 26 19:14:21 2016) [sssd] [ping_check] (0x0020): A service PING > timed out on [foo.local]. Attempt [3] > (Tue Jan 26 19:14:25 2016) [sssd] [mt_svc_exit_handler] (0x0040): Child > [foo.local] exited with code [0] > (Tue Jan 26 19:14:25 2016) [sssd] [sbus_dispatch] (0x4000): dbus conn: > 0x10022c42aa0 > (Tue Jan 26 19:14:25 2016) [sssd] [sbus_dispatch] (0x0080): Connection is > not open for dispatching. > (Tue Jan 26 19:14:25 2016) [sssd] [mt_svc_restart] (0x0400): Scheduling > service foo.local for restart 1 > (Tue Jan 26 19:14:25 2016) [sssd] [get_ping_config] (0x0100): Time between > service pings for [foo.local]: [10] > (Tue Jan 26 19:14:25 2016) [sssd] [get_ping_config] (0x0100): Time between > SIGTERM and SIGKILL for [foo.local]: [60] > (Tue Jan 26 19:14:25 2016) [sssd] [start_service] (0x0100): Queueing > service foo.local for startup > (Tue Jan 26 19:18:44 2016) [sssd] [service_send_ping] (0x0100): Pinging pam > (Tue Jan 26 19:19:26 2016) [sssd] [sbus_add_timeout] (0x2000): > 0x10022c47f60 > (Tue Jan 26 19:19:26 2016) [sssd] [service_send_ping] (0x0100): Pinging ssh > (Tue Jan 26 19:19:26 2016) [sssd] [sbus_add_timeout] (0x2000): > 0x10022c54600 > (Tue Jan 26 19:19:26 2016) [sssd] [service_send_ping] (0x0100): Pinging pac > (Tue Jan 26 19:19:26 2016) [sssd] [sbus_add_timeout] (0x2000): > 0x10022c307c0 > (Tue Jan 26 19:19:26 2016) [sssd] [service_send_ping] (0x0100): Pinging > sudo > (Tue Jan 26 19:19:26 2016) [sssd] [sbus_add_timeout] (0x2000): > 0x10022c488b0 > (Tue Jan 26 19:19:26 2016) [sssd] [service_send_ping] (0x0100): Pinging nss > (Tue Jan 26 19:19:26 2016) [sssd] [sbus_add_timeout] (0x2000): > 0x10022c47710 > (Tue Jan 26 19:19:26 2016) [sssd] [service_send_ping] (0x2000): Service not > yet initialized > (Tue Jan 26 19:19:26 2016) [sssd] [tasks_check_handler] (0x0020): Child > (foo.local) not responding! (yet) > (Tue Jan 26 19:21:33 2016) [sssd] [tasks_check_handler] (0x0020): Child > (foo.local) not responding! (yet) These are IPC pings between sssd subprocesses, not network traffic. I would look at the pstack of the sssd processes to see what's going on. I guess one of them is stuck performing some blocking operation (do you have enumeration enabled maybe?) From sbose at redhat.com Thu Jan 28 08:11:07 2016 From: sbose at redhat.com (Sumit Bose) Date: Thu, 28 Jan 2016 09:11:07 +0100 Subject: [Freeipa-users] Active Directory users are not controlled by HBAC In-Reply-To: References: <20160122125155.GE7092@hendrix.redhat.com> <20160122134438.GP4316@redhat.com> <20160125221111.GB4316@redhat.com> <20160125224742.GC4316@redhat.com> Message-ID: <20160128081107.GV19151@p.redhat.com> On Wed, Jan 27, 2016 at 06:53:43PM +0000, Birnbaum, Warren (ETW) wrote: > I started this post with a simple question: ?is it possible to have HBAC > work with AD authenticated users?. I was not able from the tips provided > to get any further with this. > > What I have not been able to have addressed is, if there are no HBAC > rules, there should be no access, or if there is no Allow_Access rule, no > one should be able to login to any system. Currently with this said > configuration, everyone has access to every system. My pam stack is > exactly as recommended. Is there someone who has FreeIPA with active > directory authenticated users and HBAC working? I don?t have trust > defined with AD but authentication is working fine. The HBAC checks are done by SSSD. If there are issues SSSD logs would help to identify the reason. Please see https://fedorahosted.org/sssd/wiki/Troubleshooting for details. With respect to HBAC the sssd_pam.log and sssd_your.domain.log are the most important. Setting debug_level=10 in the [pam] and [domain/...] section of sssd.conf should produce the most details. Feel free to send the logs to me directly if you think they may disclose too many details of your environment on a public mailing-list. HTH bye, Sumit > > >From the following link: > https://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/trust-gro > ups.html > It says in the second paragraph: > > "However, Active Directory users cannot be added directly to FreeIPA user > groups. This means that Active Directory users require special > configuration in order to access FreeIPA domain resources." > > There is then a procedure given to create user groups that work with HBAC. > I don?t see how this work help me since adding a user to a group could > only be used to further allow access to systems, but already have total > access to all systems by all users. > > Thanks for your help! > > Warren > > > > > > > On 1/25/16, 2:47 PM, "Alexander Bokovoy" wrote: > > >On Mon, 25 Jan 2016, Birnbaum, Warren (ETW) wrote: > >>OK. I have done this and am using the pam stack that is the result of > >>what you here describe. > >> > >>A few threads back you mentioned that this could be a reason why my hbac > >>are not restricting access. I have no hbac rules currently and any > >>active > >>directory user can access any host. Is there something else I could look > >>at to see why this is happening? > >https://fedorahosted.org/sssd/wiki/Troubleshooting is your friend. > > > >-- > >/ Alexander Bokovoy > > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project From sbose at redhat.com Thu Jan 28 08:12:54 2016 From: sbose at redhat.com (Sumit Bose) Date: Thu, 28 Jan 2016 09:12:54 +0100 Subject: [Freeipa-users] ERROR: missing attribute "ipaNTSecurityIdentifier" required by object class "ipaNTUserAttrs" In-Reply-To: References: Message-ID: <20160128081254.GW19151@p.redhat.com> On Wed, Jan 27, 2016 at 02:51:07PM -0600, Anil Kommareddy wrote: > Hi All, > > > > I have an ipa-server-4.2.0-15.el7_2.3.x86_64 on which I installed ipa-server-trust-ad-4.2.0-15.el7_2.3.x86_64 and ran "ipa-adtrust-install --add-sids" command. After some initial issues it started working fine. > This has created ipaNTSecurityIdentifier to existing user accounts fine. It seem to create ipaNTHash on changing the password of the existing users. > But when add new users, i am getting this error. Is there any way to fix this issue? > ERROR: missing attribute "ipaNTSecurityIdentifier" required by object class "ipaNTUserAttrs" How do you add the new user? Can you send the command line you use? bye, Sumit > Greatly appreciate your help. > Regards,Anil > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project From sbose at redhat.com Thu Jan 28 08:24:01 2016 From: sbose at redhat.com (Sumit Bose) Date: Thu, 28 Jan 2016 09:24:01 +0100 Subject: [Freeipa-users] Kerberos process coredump | authentication fails In-Reply-To: References: Message-ID: <20160128082401.GX19151@p.redhat.com> On Thu, Jan 28, 2016 at 10:25:53AM +0530, Prashant Bapat wrote: > Hi, > > We have a FreeIPA 4.1.4 setup on F21 servers. There is 1 master and 7 > replicas in different regions. Earlier there was only 1 replica. Since I > added new replicas, on the master node, once in a while the kerberos > process dumps core and everything stops working - authentication, > replication etc. If we restart everything using "ipactl restart" things are > back to normal. > > Attached is the output from journalctl for kerberos. > > Has anyone come across this ? Are there any pointers to troubleshooting > this ? This might be fixed recently by a patch from Simo (2144b1eeb789639b8a3df287b580aeb6196188a8). But to help to better identify the issue the content of the kdc logs around the time of the crash might be useful. Additionally a full backtrace which you can get by calling coredumpclt gdb 4475 and then bt full bye, Sumit > > Any help is appreciated. > > Thanks. > --Prashant > Jan 26 03:15:59 ipa.example.net systemd-coredump[5000]: Process 4475 (krb5kdc) of user 0 dumped core. > > Stack trace of thread 4475: > #0 0x00007f99de8c18d7 raise (libc.so.6) > #1 0x00007f99de8c353a abort (libc.so.6) > #2 0x00007f99de8ba47d __assert_fail_base (libc.so.6) > #3 0x00007f99de8ba532 __assert_fail (libc.so.6) > #4 0x00007f99d783a78f ldap_get_values_len (libldap_r-2.4.so.2) > #5 0x00007f99d7c8173e ipadb_ldap_attr_to_int (ipadb.so) > #6 0x00007f99d7c83f9c ipadb_parse_ldap_entry (ipadb.so) > #7 0x00007f99d7c849ab ipadb_get_principal (ipadb.so) > #8 0x00007f99e0433b14 krb5_db_get_principal (libkdb5.so.7) > #9 0x000055768457c230 process_tgs_req (krb5kdc) > #10 0x0000557684579fe3 dispatch (krb5kdc) > #11 0x000055768458d8a0 process_packet (krb5kdc) > #12 0x00007f99dec4cc78 verto_fire (libverto.so.1) > #13 0x00007f99d6fb72a3 epoll_event_loop_once (libtevent.so.0) > #14 0x00007f99d6fb5787 std_event_loop_once (libtevent.so.0) > #15 0x00007f99d6fb1fed _tevent_loop_once (libtevent.so.0) > #16 0x00007f99dec4c3f7 verto_run (libverto.so.1) > #17 0x00005576845795ab main (krb5kdc) > #18 0x00007f99de8acfe0 __libc_start_main (libc.so.6) > #19 0x00005576845798f0 _start (krb5kdc) > > Jan 26 03:15:59 ipa.example.net systemd-coredump[4999]: Process 4473 (krb5kdc) of user 0 dumped core. > > Stack trace of thread 4473: > #0 0x00007f99de8c18d7 raise (libc.so.6) > #1 0x00007f99de8c353a abort (libc.so.6) > #2 0x00007f99de8ba47d __assert_fail_base (libc.so.6) > #3 0x00007f99de8ba532 __assert_fail (libc.so.6) > #4 0x00007f99d783a78f ldap_get_values_len (libldap_r-2.4.so.2) > #5 0x00007f99d7c8173e ipadb_ldap_attr_to_int (ipadb.so) > #6 0x00007f99d7c83f9c ipadb_parse_ldap_entry (ipadb.so) > #7 0x00007f99d7c849ab ipadb_get_principal (ipadb.so) > #8 0x00007f99e0433b14 krb5_db_get_principal (libkdb5.so.7) > #9 0x000055768457c230 process_tgs_req (krb5kdc) > #10 0x0000557684579fe3 dispatch (krb5kdc) > #11 0x000055768458d8a0 process_packet (krb5kdc) > #12 0x00007f99dec4cc78 verto_fire (libverto.so.1) > #13 0x00007f99d6fb72a3 epoll_event_loop_once (libtevent.so.0) > #14 0x00007f99d6fb5787 std_event_loop_once (libtevent.so.0) > #15 0x00007f99d6fb1fed _tevent_loop_once (libtevent.so.0) > #16 0x00007f99dec4c3f7 verto_run (libverto.so.1) > #17 0x00005576845795ab main (krb5kdc) > #18 0x00007f99de8acfe0 __libc_start_main (libc.so.6) > #19 0x00005576845798f0 _start (krb5kdc) > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project From mbasti at redhat.com Thu Jan 28 08:48:11 2016 From: mbasti at redhat.com (Martin Basti) Date: Thu, 28 Jan 2016 09:48:11 +0100 Subject: [Freeipa-users] Centos 7, CA log files, bug report? In-Reply-To: References: Message-ID: <56A9D5CB.9010202@redhat.com> On 27.01.2016 22:20, Lachlan Musicman wrote: > Hi, > > Not sure if this is a bug or if I'm ignorant of the RH world, but when > I try to do a fresh IPA install on Centos 7.2, I'm getting failures here: > > [1/27]: creating certificate server user > [2/27]: configuring certificate server instance > ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to > configure CA instance: Command ''/usr/sbin/pkispawn' '-s' 'CA' '-f' > '/tmp/tmpAGdITu'' returned non-zero exit status 1 > ipa.ipaserver.install.cainstance.CAInstance: CRITICAL See the > installation logs and the following files/directories for more > information: > ipa.ipaserver.install.cainstance.CAInstance: CRITICAL > /var/log/pki-ca-install.log > ipa.ipaserver.install.cainstance.CAInstance: CRITICAL > /var/log/pki/pki-tomcat > [error] RuntimeError: CA configuration failed. > ipa.ipapython.install.cli.install_tool(Server): ERROR CA configuration > failed. > > > [root at emts-centos71-7f ~]# ipa --version > VERSION: 4.2.0, API_VERSION: 2.156 > > CentOS Linux release 7.2.1511 (Core) > > Most importantly for me, /var/log/pki-ca-install.log doesn't exist and > there is no file that looks like it anywhere on my system. Is this a bug? > > cheers > L. > > > ------ > The most dangerous phrase in the language is, "We've always done it > this way." > > - Grace Hopper > > Hello, do /var/log/pki/pki-ca-spawn.*.log /var/log/pki/pki-tomcat/ca/debug exist? There might be details. -------------- next part -------------- An HTML attachment was scrubbed... URL: From f.zoske at euroimmun.de Thu Jan 28 09:22:40 2016 From: f.zoske at euroimmun.de (Zoske, Fabian) Date: Thu, 28 Jan 2016 09:22:40 +0000 Subject: [Freeipa-users] Cross Domain Trust In-Reply-To: <20160118174536.GG4681@hendrix.arn.redhat.com> References: <20151215123822.GB24928@p.redhat.com> <20160111183721.GA19957@mail.corp.redhat.com> <01E75E6E-4BF3-4996-9A26-6B182C460196@euroimmun.de> <20160112101128.GD14430@mail.corp.redhat.com> <20160118170243.GA32654@mail.corp.redhat.com> <20160118174536.GG4681@hendrix.arn.redhat.com> Message-ID: Thank you Jakub, this solves the issue. Best regards, Fabian -----Urspr?ngliche Nachricht----- Von: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] Im Auftrag von Jakub Hrozek Gesendet: Montag, 18. Januar 2016 18:46 An: freeipa-users at redhat.com Betreff: Re: [Freeipa-users] Cross Domain Trust On Mon, Jan 18, 2016 at 06:02:43PM +0100, Lukas Slebodnik wrote: > On (12/01/16 11:11), Lukas Slebodnik wrote: > >On (12/01/16 08:25), Zoske, Fabian wrote: > >>We recently upgraded our IPA-Server from CentOS 7.1 to CentOS 7.2. So far no differences. > >> > >Then please provide sssd logfiles (1.13.3) from client and also log > >files from sssd on freeipa server (sssd on freeipa server is used > >indirectly by extop plugin in 389-ds) > > > >Please provide log files from the same time when you reproduced an issue. > > > Thank you very much for log files. > > Authentication on client failed Due to following error: > (Thu Jan 14 12:58:36 2016) [[sssd[krb5_child[992]]]] > [sss_child_krb5_trace_cb] (0x4000): [992] 1452772716.736098: Sending > request (173 bytes) to EUROIMMUN.TEST (master) > > (Thu Jan 14 12:58:37 2016) [[sssd[krb5_child[992]]]] > [get_and_save_tgt] (0x0020): 1232: [-1765328230][Cannot find KDC for > realm "EUROIMMUN.TEST"] (Thu Jan 14 12:58:37 2016) > [[sssd[krb5_child[992]]]] [map_krb5_error] (0x0020): 1301: > [-1765328230][Cannot find KDC for realm "EUROIMMUN.TEST"] (Thu Jan 14 12:58:37 2016) [[sssd[krb5_child[992]]]] [k5c_send_data] (0x0200): Received error code 1432158209 (Thu Jan 14 12:58:37 2016) [[sssd[krb5_child[992]]]] [pack_response_packet] (0x2000): response packet size: [4] (Thu Jan 14 12:58:37 2016) [[sssd[krb5_child[992]]]] [k5c_send_data] (0x4000): Response sent. > (Thu Jan 14 12:58:37 2016) [[sssd[krb5_child[992]]]] [main] (0x0400): > krb5_child completed successfully > > > Do you have defineded the realm "EUROIMMUN.TEST" in your krb5.conf? > > It is possible that sssd wrote snippet to the directory > /var/lib/sss/pubconf/krb5.include.d/ > but this directory is not included in krb5.conf. > > $ grep includedir /etc/krb5.conf > includedir /var/lib/sss/pubconf/krb5.include.d/ > > BTW you can test the same operation as sssd did from command line. > > KRB5_TRACE=/dev/stderr kinit f.zoske at EUROIMMUN.TEST > > or is this principal name an enterprise name? IIRC this came up in a private conversation, too. In short, enterprise principals are not supported in a IPA-AD trust scenario, but one can work around that by using: subdomain_inherit = ldap_user_principal ldap_user_principal = nosuchattr and thus tricking sssd into 'deriving' the UPN from the domain name. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project From mkosek at redhat.com Thu Jan 28 09:42:57 2016 From: mkosek at redhat.com (Martin Kosek) Date: Thu, 28 Jan 2016 10:42:57 +0100 Subject: [Freeipa-users] Client-Install failures In-Reply-To: References: Message-ID: <56A9E2A1.8030203@redhat.com> On 01/26/2016 10:20 PM, David Zabner wrote: > Hi All, > I am working on automated deployment of ipa clients through a program called salt and have been seeing an issue. > Specifically, calls to ipa.server.internal/ipa/json occasionally return a 500 error. This tends to occur while using ipa-client-install and ipa-dns commands. > > I am on free-ipa v 4.2.0 running on Centos 7 and will include the offending httpd error log. > Thanks for your help, > David CCing Simo, I wonder if this error could be some problem caused by mod_auth_gssapi? [Tue Jan 26 20:28:00.456181 2016] [:error] [pid 9535] [remote 10.11.135.180:220] mod_wsgi (pid=9535): Exception occurred processing WSGI script '/usr/share/ipa/wsgi.py'. [Tue Jan 26 20:28:00.456211 2016] [:error] [pid 9535] [remote 10.11.135.180:220] Traceback (most recent call last): [Tue Jan 26 20:28:00.456223 2016] [:error] [pid 9535] [remote 10.11.135.180:220] File "/usr/share/ipa/wsgi.py", line 49, in application [Tue Jan 26 20:28:00.456245 2016] [:error] [pid 9535] [remote 10.11.135.180:220] return api.Backend.wsgi_dispatch(environ, start_response) [Tue Jan 26 20:28:00.456251 2016] [:error] [pid 9535] [remote 10.11.135.180:220] File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 258, in __call__ [Tue Jan 26 20:28:00.456263 2016] [:error] [pid 9535] [remote 10.11.135.180:220] return self.route(environ, start_response) [Tue Jan 26 20:28:00.456268 2016] [:error] [pid 9535] [remote 10.11.135.180:220] File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 270, in route [Tue Jan 26 20:28:00.456276 2016] [:error] [pid 9535] [remote 10.11.135.180:220] return app(environ, start_response) [Tue Jan 26 20:28:00.456281 2016] [:error] [pid 9535] [remote 10.11.135.180:220] File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 447, in __call__ [Tue Jan 26 20:28:00.456288 2016] [:error] [pid 9535] [remote 10.11.135.180:220] response = super(jsonserver, self).__call__(environ, start_response) [Tue Jan 26 20:28:00.456293 2016] [:error] [pid 9535] [remote 10.11.135.180:220] File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 647, in __call__ [Tue Jan 26 20:28:00.456299 2016] [:error] [pid 9535] [remote 10.11.135.180:220] 'xmlserver', user_ccache, environ, start_response, headers) [Tue Jan 26 20:28:00.456304 2016] [:error] [pid 9535] [remote 10.11.135.180:220] File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 593, in finalize_kerberos_acquisition [Tue Jan 26 20:28:00.456310 2016] [:error] [pid 9535] [remote 10.11.135.180:220] session_data['ccache_data'] = load_ccache_data(ccache_name) [Tue Jan 26 20:28:00.456315 2016] [:error] [pid 9535] [remote 10.11.135.180:220] File "/usr/lib/python2.7/site-packages/ipalib/session.py", line 1231, in load_ccache_data [Tue Jan 26 20:28:00.456330 2016] [:error] [pid 9535] [remote 10.11.135.180:220] src = open(name) [Tue Jan 26 20:28:00.456344 2016] [:error] [pid 9535] [remote 10.11.135.180:220] IOError: [Errno 2] No such file or directory: '/var/run/httpd/ipa/ clientcaches/admin at FOO.INTERNAL' Martin From simo at redhat.com Thu Jan 28 10:55:22 2016 From: simo at redhat.com (Simo Sorce) Date: Thu, 28 Jan 2016 05:55:22 -0500 (EST) Subject: [Freeipa-users] Client-Install failures In-Reply-To: <56A9E2A1.8030203@redhat.com> References: <56A9E2A1.8030203@redhat.com> Message-ID: <1063477297.13392692.1453978522689.JavaMail.zimbra@redhat.com> Doesn't look related to mod_auth_gssapi, it's past it. ----- Original Message ----- > From: "Martin Kosek" > To: "David Zabner" , freeipa-users at redhat.com, "Simo Sorce" > Sent: Thursday, January 28, 2016 4:42:57 AM > Subject: Re: [Freeipa-users] Client-Install failures > > On 01/26/2016 10:20 PM, David Zabner wrote: > > Hi All, > > I am working on automated deployment of ipa clients through a program > > called salt and have been seeing an issue. > > Specifically, calls to ipa.server.internal/ipa/json occasionally return a > > 500 error. This tends to occur while using ipa-client-install and ipa-dns > > commands. > > > > I am on free-ipa v 4.2.0 running on Centos 7 and will include the offending > > httpd error log. > > Thanks for your help, > > David > > CCing Simo, I wonder if this error could be some problem caused by > mod_auth_gssapi? > > [Tue Jan 26 20:28:00.456181 2016] [:error] [pid 9535] [remote > 10.11.135.180:220] mod_wsgi (pid=9535): Exception occurred processing WSGI > script '/usr/share/ipa/wsgi.py'. > [Tue Jan 26 20:28:00.456211 2016] [:error] [pid 9535] [remote > 10.11.135.180:220] Traceback (most recent call last): > [Tue Jan 26 20:28:00.456223 2016] [:error] [pid 9535] [remote > 10.11.135.180:220] File "/usr/share/ipa/wsgi.py", line 49, in application > [Tue Jan 26 20:28:00.456245 2016] [:error] [pid 9535] [remote > 10.11.135.180:220] return api.Backend.wsgi_dispatch(environ, > start_response) > [Tue Jan 26 20:28:00.456251 2016] [:error] [pid 9535] [remote > 10.11.135.180:220] File > "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 258, in > __call__ > [Tue Jan 26 20:28:00.456263 2016] [:error] [pid 9535] [remote > 10.11.135.180:220] return self.route(environ, start_response) > [Tue Jan 26 20:28:00.456268 2016] [:error] [pid 9535] [remote > 10.11.135.180:220] File > "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 270, in > route > [Tue Jan 26 20:28:00.456276 2016] [:error] [pid 9535] [remote > 10.11.135.180:220] return app(environ, start_response) > [Tue Jan 26 20:28:00.456281 2016] [:error] [pid 9535] [remote > 10.11.135.180:220] File > "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 447, in > __call__ > [Tue Jan 26 20:28:00.456288 2016] [:error] [pid 9535] [remote > 10.11.135.180:220] response = super(jsonserver, self).__call__(environ, > start_response) > [Tue Jan 26 20:28:00.456293 2016] [:error] [pid 9535] [remote > 10.11.135.180:220] File > "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 647, in > __call__ > [Tue Jan 26 20:28:00.456299 2016] [:error] [pid 9535] [remote > 10.11.135.180:220] 'xmlserver', user_ccache, environ, start_response, > headers) > [Tue Jan 26 20:28:00.456304 2016] [:error] [pid 9535] [remote > 10.11.135.180:220] File > "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 593, in > finalize_kerberos_acquisition > [Tue Jan 26 20:28:00.456310 2016] [:error] [pid 9535] [remote > 10.11.135.180:220] session_data['ccache_data'] = > load_ccache_data(ccache_name) > [Tue Jan 26 20:28:00.456315 2016] [:error] [pid 9535] [remote > 10.11.135.180:220] File > "/usr/lib/python2.7/site-packages/ipalib/session.py", > line 1231, in load_ccache_data > [Tue Jan 26 20:28:00.456330 2016] [:error] [pid 9535] [remote > 10.11.135.180:220] src = open(name) > [Tue Jan 26 20:28:00.456344 2016] [:error] [pid 9535] [remote > 10.11.135.180:220] IOError: [Errno 2] No such file or directory: > '/var/run/httpd/ipa/ clientcaches/admin at FOO.INTERNAL' > > Martin > From prashant at apigee.com Thu Jan 28 10:57:52 2016 From: prashant at apigee.com (Prashant Bapat) Date: Thu, 28 Jan 2016 16:27:52 +0530 Subject: [Freeipa-users] Kerberos process coredump | authentication fails In-Reply-To: <20160128082401.GX19151@p.redhat.com> References: <20160128082401.GX19151@p.redhat.com> Message-ID: Thanks Sumit. >From the logs there is nothing unusual around the time of core dump. I found this one line odd though. *Jan 26 03:15:58 ipa.example.net krb5kdc[4471](Error): worker 4473 exited with status 134* Let me try to get the full BT. On 28 January 2016 at 13:54, Sumit Bose wrote: > On Thu, Jan 28, 2016 at 10:25:53AM +0530, Prashant Bapat wrote: > > Hi, > > > > We have a FreeIPA 4.1.4 setup on F21 servers. There is 1 master and 7 > > replicas in different regions. Earlier there was only 1 replica. Since I > > added new replicas, on the master node, once in a while the kerberos > > process dumps core and everything stops working - authentication, > > replication etc. If we restart everything using "ipactl restart" things > are > > back to normal. > > > > Attached is the output from journalctl for kerberos. > > > > Has anyone come across this ? Are there any pointers to troubleshooting > > this ? > > This might be fixed recently by a patch from Simo > (2144b1eeb789639b8a3df287b580aeb6196188a8). But to help to better > identify the issue the content of the kdc logs around the time of the > crash might be useful. Additionally a full backtrace which you can get > by calling > > coredumpclt gdb 4475 > > and then > > bt full > > bye, > Sumit > > > > > Any help is appreciated. > > > > Thanks. > > --Prashant > > > Jan 26 03:15:59 ipa.example.net systemd-coredump[5000]: Process 4475 > (krb5kdc) of user 0 dumped core. > > > > Stack trace of > thread 4475: > > #0 > 0x00007f99de8c18d7 raise (libc.so.6) > > #1 > 0x00007f99de8c353a abort (libc.so.6) > > #2 > 0x00007f99de8ba47d __assert_fail_base (libc.so.6) > > #3 > 0x00007f99de8ba532 __assert_fail (libc.so.6) > > #4 > 0x00007f99d783a78f ldap_get_values_len (libldap_r-2.4.so.2) > > #5 > 0x00007f99d7c8173e ipadb_ldap_attr_to_int (ipadb.so) > > #6 > 0x00007f99d7c83f9c ipadb_parse_ldap_entry (ipadb.so) > > #7 > 0x00007f99d7c849ab ipadb_get_principal (ipadb.so) > > #8 > 0x00007f99e0433b14 krb5_db_get_principal (libkdb5.so.7) > > #9 > 0x000055768457c230 process_tgs_req (krb5kdc) > > #10 > 0x0000557684579fe3 dispatch (krb5kdc) > > #11 > 0x000055768458d8a0 process_packet (krb5kdc) > > #12 > 0x00007f99dec4cc78 verto_fire (libverto.so.1) > > #13 > 0x00007f99d6fb72a3 epoll_event_loop_once (libtevent.so.0) > > #14 > 0x00007f99d6fb5787 std_event_loop_once (libtevent.so.0) > > #15 > 0x00007f99d6fb1fed _tevent_loop_once (libtevent.so.0) > > #16 > 0x00007f99dec4c3f7 verto_run (libverto.so.1) > > #17 > 0x00005576845795ab main (krb5kdc) > > #18 > 0x00007f99de8acfe0 __libc_start_main (libc.so.6) > > #19 > 0x00005576845798f0 _start (krb5kdc) > > > > Jan 26 03:15:59 ipa.example.net systemd-coredump[4999]: Process 4473 > (krb5kdc) of user 0 dumped core. > > > > Stack trace of > thread 4473: > > #0 > 0x00007f99de8c18d7 raise (libc.so.6) > > #1 > 0x00007f99de8c353a abort (libc.so.6) > > #2 > 0x00007f99de8ba47d __assert_fail_base (libc.so.6) > > #3 > 0x00007f99de8ba532 __assert_fail (libc.so.6) > > #4 > 0x00007f99d783a78f ldap_get_values_len (libldap_r-2.4.so.2) > > #5 > 0x00007f99d7c8173e ipadb_ldap_attr_to_int (ipadb.so) > > #6 > 0x00007f99d7c83f9c ipadb_parse_ldap_entry (ipadb.so) > > #7 > 0x00007f99d7c849ab ipadb_get_principal (ipadb.so) > > #8 > 0x00007f99e0433b14 krb5_db_get_principal (libkdb5.so.7) > > #9 > 0x000055768457c230 process_tgs_req (krb5kdc) > > #10 > 0x0000557684579fe3 dispatch (krb5kdc) > > #11 > 0x000055768458d8a0 process_packet (krb5kdc) > > #12 > 0x00007f99dec4cc78 verto_fire (libverto.so.1) > > #13 > 0x00007f99d6fb72a3 epoll_event_loop_once (libtevent.so.0) > > #14 > 0x00007f99d6fb5787 std_event_loop_once (libtevent.so.0) > > #15 > 0x00007f99d6fb1fed _tevent_loop_once (libtevent.so.0) > > #16 > 0x00007f99dec4c3f7 verto_run (libverto.so.1) > > #17 > 0x00005576845795ab main (krb5kdc) > > #18 > 0x00007f99de8acfe0 __libc_start_main (libc.so.6) > > #19 > 0x00005576845798f0 _start (krb5kdc) > > > -- > > Manage your subscription for the Freeipa-users mailing list: > > https://www.redhat.com/mailman/listinfo/freeipa-users > > Go to http://freeipa.org for more info on the project > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project > -------------- next part -------------- An HTML attachment was scrubbed... URL: From lslebodn at redhat.com Thu Jan 28 11:11:17 2016 From: lslebodn at redhat.com (Lukas Slebodnik) Date: Thu, 28 Jan 2016 12:11:17 +0100 Subject: [Freeipa-users] Kerberos process coredump | authentication fails In-Reply-To: References: <20160128082401.GX19151@p.redhat.com> Message-ID: <20160128111116.GK685@mail.corp.redhat.com> On (28/01/16 16:27), Prashant Bapat wrote: >Thanks Sumit. > >>From the logs there is nothing unusual around the time of core dump. I >found this one line odd though. > >*Jan 26 03:15:58 ipa.example.net >krb5kdc[4471](Error): worker 4473 exited with status 134* > > >Let me try to get the full BT. > >On 28 January 2016 at 13:54, Sumit Bose wrote: > >> On Thu, Jan 28, 2016 at 10:25:53AM +0530, Prashant Bapat wrote: >> > Hi, >> > >> > We have a FreeIPA 4.1.4 setup on F21 servers. There is 1 master and 7 Fedora 21 is not supprted since 2015-12-01. http://fedoraproject.org/wiki/End_of_life As Sumit wrote there is a high change that it's already fixed. I would recommend to upgrade to Fedora 22. There is freeipa-4.1.4-4.fc22. So it shoudl not be a big change for you. LS From prashant at apigee.com Thu Jan 28 11:12:20 2016 From: prashant at apigee.com (Prashant Bapat) Date: Thu, 28 Jan 2016 16:42:20 +0530 Subject: [Freeipa-users] Kerberos process coredump | authentication fails In-Reply-To: References: <20160128082401.GX19151@p.redhat.com> Message-ID: gdb stacktrace attached. On 28 January 2016 at 16:27, Prashant Bapat wrote: > Thanks Sumit. > > From the logs there is nothing unusual around the time of core dump. I > found this one line odd though. > > *Jan 26 03:15:58 ipa.example.net > krb5kdc[4471](Error): worker 4473 exited with status 134* > > > Let me try to get the full BT. > > On 28 January 2016 at 13:54, Sumit Bose wrote: > >> On Thu, Jan 28, 2016 at 10:25:53AM +0530, Prashant Bapat wrote: >> > Hi, >> > >> > We have a FreeIPA 4.1.4 setup on F21 servers. There is 1 master and 7 >> > replicas in different regions. Earlier there was only 1 replica. Since I >> > added new replicas, on the master node, once in a while the kerberos >> > process dumps core and everything stops working - authentication, >> > replication etc. If we restart everything using "ipactl restart" things >> are >> > back to normal. >> > >> > Attached is the output from journalctl for kerberos. >> > >> > Has anyone come across this ? Are there any pointers to troubleshooting >> > this ? >> >> This might be fixed recently by a patch from Simo >> (2144b1eeb789639b8a3df287b580aeb6196188a8). But to help to better >> identify the issue the content of the kdc logs around the time of the >> crash might be useful. Additionally a full backtrace which you can get >> by calling >> >> coredumpclt gdb 4475 >> >> and then >> >> bt full >> >> bye, >> Sumit >> >> > >> > Any help is appreciated. >> > >> > Thanks. >> > --Prashant >> >> > Jan 26 03:15:59 ipa.example.net systemd-coredump[5000]: Process 4475 >> (krb5kdc) of user 0 dumped core. >> > >> > Stack trace of >> thread 4475: >> > #0 >> 0x00007f99de8c18d7 raise (libc.so.6) >> > #1 >> 0x00007f99de8c353a abort (libc.so.6) >> > #2 >> 0x00007f99de8ba47d __assert_fail_base (libc.so.6) >> > #3 >> 0x00007f99de8ba532 __assert_fail (libc.so.6) >> > #4 >> 0x00007f99d783a78f ldap_get_values_len (libldap_r-2.4.so.2) >> > #5 >> 0x00007f99d7c8173e ipadb_ldap_attr_to_int (ipadb.so) >> > #6 >> 0x00007f99d7c83f9c ipadb_parse_ldap_entry (ipadb.so) >> > #7 >> 0x00007f99d7c849ab ipadb_get_principal (ipadb.so) >> > #8 >> 0x00007f99e0433b14 krb5_db_get_principal (libkdb5.so.7) >> > #9 >> 0x000055768457c230 process_tgs_req (krb5kdc) >> > #10 >> 0x0000557684579fe3 dispatch (krb5kdc) >> > #11 >> 0x000055768458d8a0 process_packet (krb5kdc) >> > #12 >> 0x00007f99dec4cc78 verto_fire (libverto.so.1) >> > #13 >> 0x00007f99d6fb72a3 epoll_event_loop_once (libtevent.so.0) >> > #14 >> 0x00007f99d6fb5787 std_event_loop_once (libtevent.so.0) >> > #15 >> 0x00007f99d6fb1fed _tevent_loop_once (libtevent.so.0) >> > #16 >> 0x00007f99dec4c3f7 verto_run (libverto.so.1) >> > #17 >> 0x00005576845795ab main (krb5kdc) >> > #18 >> 0x00007f99de8acfe0 __libc_start_main (libc.so.6) >> > #19 >> 0x00005576845798f0 _start (krb5kdc) >> > >> > Jan 26 03:15:59 ipa.example.net systemd-coredump[4999]: Process 4473 >> (krb5kdc) of user 0 dumped core. >> > >> > Stack trace of >> thread 4473: >> > #0 >> 0x00007f99de8c18d7 raise (libc.so.6) >> > #1 >> 0x00007f99de8c353a abort (libc.so.6) >> > #2 >> 0x00007f99de8ba47d __assert_fail_base (libc.so.6) >> > #3 >> 0x00007f99de8ba532 __assert_fail (libc.so.6) >> > #4 >> 0x00007f99d783a78f ldap_get_values_len (libldap_r-2.4.so.2) >> > #5 >> 0x00007f99d7c8173e ipadb_ldap_attr_to_int (ipadb.so) >> > #6 >> 0x00007f99d7c83f9c ipadb_parse_ldap_entry (ipadb.so) >> > #7 >> 0x00007f99d7c849ab ipadb_get_principal (ipadb.so) >> > #8 >> 0x00007f99e0433b14 krb5_db_get_principal (libkdb5.so.7) >> > #9 >> 0x000055768457c230 process_tgs_req (krb5kdc) >> > #10 >> 0x0000557684579fe3 dispatch (krb5kdc) >> > #11 >> 0x000055768458d8a0 process_packet (krb5kdc) >> > #12 >> 0x00007f99dec4cc78 verto_fire (libverto.so.1) >> > #13 >> 0x00007f99d6fb72a3 epoll_event_loop_once (libtevent.so.0) >> > #14 >> 0x00007f99d6fb5787 std_event_loop_once (libtevent.so.0) >> > #15 >> 0x00007f99d6fb1fed _tevent_loop_once (libtevent.so.0) >> > #16 >> 0x00007f99dec4c3f7 verto_run (libverto.so.1) >> > #17 >> 0x00005576845795ab main (krb5kdc) >> > #18 >> 0x00007f99de8acfe0 __libc_start_main (libc.so.6) >> > #19 >> 0x00005576845798f0 _start (krb5kdc) >> >> > -- >> > Manage your subscription for the Freeipa-users mailing list: >> > https://www.redhat.com/mailman/listinfo/freeipa-users >> > Go to http://freeipa.org for more info on the project >> >> -- >> Manage your subscription for the Freeipa-users mailing list: >> https://www.redhat.com/mailman/listinfo/freeipa-users >> Go to http://freeipa.org for more info on the project >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: krb-coredump2.out Type: application/octet-stream Size: 9252 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: krb-coredump.out Type: application/octet-stream Size: 9242 bytes Desc: not available URL: From prashant at apigee.com Thu Jan 28 11:13:10 2016 From: prashant at apigee.com (Prashant Bapat) Date: Thu, 28 Jan 2016 16:43:10 +0530 Subject: [Freeipa-users] Kerberos process coredump | authentication fails In-Reply-To: <20160128111116.GK685@mail.corp.redhat.com> References: <20160128082401.GX19151@p.redhat.com> <20160128111116.GK685@mail.corp.redhat.com> Message-ID: Thanks Lukas. I'm exploring moving to CentOS for our setup so that I get the advantage of longer release cycles. On 28 January 2016 at 16:41, Lukas Slebodnik wrote: > On (28/01/16 16:27), Prashant Bapat wrote: > >Thanks Sumit. > > > >>From the logs there is nothing unusual around the time of core dump. I > >found this one line odd though. > > > >*Jan 26 03:15:58 ipa.example.net > >krb5kdc[4471](Error): worker 4473 exited with status 134* > > > > > >Let me try to get the full BT. > > > >On 28 January 2016 at 13:54, Sumit Bose wrote: > > > >> On Thu, Jan 28, 2016 at 10:25:53AM +0530, Prashant Bapat wrote: > >> > Hi, > >> > > >> > We have a FreeIPA 4.1.4 setup on F21 servers. There is 1 master and 7 > Fedora 21 is not supprted since 2015-12-01. > http://fedoraproject.org/wiki/End_of_life > > As Sumit wrote there is a high change that it's already fixed. > I would recommend to upgrade to Fedora 22. > There is freeipa-4.1.4-4.fc22. So it shoudl not be a big change for you. > > LS > -------------- next part -------------- An HTML attachment was scrubbed... URL: From sbose at redhat.com Thu Jan 28 11:18:22 2016 From: sbose at redhat.com (Sumit Bose) Date: Thu, 28 Jan 2016 12:18:22 +0100 Subject: [Freeipa-users] Kerberos process coredump | authentication fails In-Reply-To: References: <20160128082401.GX19151@p.redhat.com> Message-ID: <20160128111822.GB19151@p.redhat.com> On Thu, Jan 28, 2016 at 04:27:52PM +0530, Prashant Bapat wrote: > Thanks Sumit. > > From the logs there is nothing unusual around the time of core dump. I ah sorry, I wasn't clear here. I was not looking for unusual messages but I wanted to find out which request might have caused the crash. bye, Sumit > found this one line odd though. > > *Jan 26 03:15:58 ipa.example.net > krb5kdc[4471](Error): worker 4473 exited with status 134* > > > Let me try to get the full BT. > > On 28 January 2016 at 13:54, Sumit Bose wrote: > > > On Thu, Jan 28, 2016 at 10:25:53AM +0530, Prashant Bapat wrote: > > > Hi, > > > > > > We have a FreeIPA 4.1.4 setup on F21 servers. There is 1 master and 7 > > > replicas in different regions. Earlier there was only 1 replica. Since I > > > added new replicas, on the master node, once in a while the kerberos > > > process dumps core and everything stops working - authentication, > > > replication etc. If we restart everything using "ipactl restart" things > > are > > > back to normal. > > > > > > Attached is the output from journalctl for kerberos. > > > > > > Has anyone come across this ? Are there any pointers to troubleshooting > > > this ? > > > > This might be fixed recently by a patch from Simo > > (2144b1eeb789639b8a3df287b580aeb6196188a8). But to help to better > > identify the issue the content of the kdc logs around the time of the > > crash might be useful. Additionally a full backtrace which you can get > > by calling > > > > coredumpclt gdb 4475 > > > > and then > > > > bt full > > > > bye, > > Sumit > > > > > > > > Any help is appreciated. > > > > > > Thanks. > > > --Prashant > > > > > Jan 26 03:15:59 ipa.example.net systemd-coredump[5000]: Process 4475 > > (krb5kdc) of user 0 dumped core. > > > > > > Stack trace of > > thread 4475: > > > #0 > > 0x00007f99de8c18d7 raise (libc.so.6) > > > #1 > > 0x00007f99de8c353a abort (libc.so.6) > > > #2 > > 0x00007f99de8ba47d __assert_fail_base (libc.so.6) > > > #3 > > 0x00007f99de8ba532 __assert_fail (libc.so.6) > > > #4 > > 0x00007f99d783a78f ldap_get_values_len (libldap_r-2.4.so.2) > > > #5 > > 0x00007f99d7c8173e ipadb_ldap_attr_to_int (ipadb.so) > > > #6 > > 0x00007f99d7c83f9c ipadb_parse_ldap_entry (ipadb.so) > > > #7 > > 0x00007f99d7c849ab ipadb_get_principal (ipadb.so) > > > #8 > > 0x00007f99e0433b14 krb5_db_get_principal (libkdb5.so.7) > > > #9 > > 0x000055768457c230 process_tgs_req (krb5kdc) > > > #10 > > 0x0000557684579fe3 dispatch (krb5kdc) > > > #11 > > 0x000055768458d8a0 process_packet (krb5kdc) > > > #12 > > 0x00007f99dec4cc78 verto_fire (libverto.so.1) > > > #13 > > 0x00007f99d6fb72a3 epoll_event_loop_once (libtevent.so.0) > > > #14 > > 0x00007f99d6fb5787 std_event_loop_once (libtevent.so.0) > > > #15 > > 0x00007f99d6fb1fed _tevent_loop_once (libtevent.so.0) > > > #16 > > 0x00007f99dec4c3f7 verto_run (libverto.so.1) > > > #17 > > 0x00005576845795ab main (krb5kdc) > > > #18 > > 0x00007f99de8acfe0 __libc_start_main (libc.so.6) > > > #19 > > 0x00005576845798f0 _start (krb5kdc) > > > > > > Jan 26 03:15:59 ipa.example.net systemd-coredump[4999]: Process 4473 > > (krb5kdc) of user 0 dumped core. > > > > > > Stack trace of > > thread 4473: > > > #0 > > 0x00007f99de8c18d7 raise (libc.so.6) > > > #1 > > 0x00007f99de8c353a abort (libc.so.6) > > > #2 > > 0x00007f99de8ba47d __assert_fail_base (libc.so.6) > > > #3 > > 0x00007f99de8ba532 __assert_fail (libc.so.6) > > > #4 > > 0x00007f99d783a78f ldap_get_values_len (libldap_r-2.4.so.2) > > > #5 > > 0x00007f99d7c8173e ipadb_ldap_attr_to_int (ipadb.so) > > > #6 > > 0x00007f99d7c83f9c ipadb_parse_ldap_entry (ipadb.so) > > > #7 > > 0x00007f99d7c849ab ipadb_get_principal (ipadb.so) > > > #8 > > 0x00007f99e0433b14 krb5_db_get_principal (libkdb5.so.7) > > > #9 > > 0x000055768457c230 process_tgs_req (krb5kdc) > > > #10 > > 0x0000557684579fe3 dispatch (krb5kdc) > > > #11 > > 0x000055768458d8a0 process_packet (krb5kdc) > > > #12 > > 0x00007f99dec4cc78 verto_fire (libverto.so.1) > > > #13 > > 0x00007f99d6fb72a3 epoll_event_loop_once (libtevent.so.0) > > > #14 > > 0x00007f99d6fb5787 std_event_loop_once (libtevent.so.0) > > > #15 > > 0x00007f99d6fb1fed _tevent_loop_once (libtevent.so.0) > > > #16 > > 0x00007f99dec4c3f7 verto_run (libverto.so.1) > > > #17 > > 0x00005576845795ab main (krb5kdc) > > > #18 > > 0x00007f99de8acfe0 __libc_start_main (libc.so.6) > > > #19 > > 0x00005576845798f0 _start (krb5kdc) > > > > > -- > > > Manage your subscription for the Freeipa-users mailing list: > > > https://www.redhat.com/mailman/listinfo/freeipa-users > > > Go to http://freeipa.org for more info on the project > > > > -- > > Manage your subscription for the Freeipa-users mailing list: > > https://www.redhat.com/mailman/listinfo/freeipa-users > > Go to http://freeipa.org for more info on the project > > From sbose at redhat.com Thu Jan 28 11:23:57 2016 From: sbose at redhat.com (Sumit Bose) Date: Thu, 28 Jan 2016 12:23:57 +0100 Subject: [Freeipa-users] Kerberos process coredump | authentication fails In-Reply-To: References: <20160128082401.GX19151@p.redhat.com> Message-ID: <20160128112357.GC19151@p.redhat.com> On Thu, Jan 28, 2016 at 04:42:20PM +0530, Prashant Bapat wrote: > gdb stacktrace attached. Can you install the debuginfo with debuginfo-install krb5-server-1.12.2-19.fc21.x86_64 as suggested by gdb and then call 'bt full' again to get more details. Additionally the debuginfo of the freeipa package might be missing as well. bye, Sumit > > On 28 January 2016 at 16:27, Prashant Bapat wrote: > > > Thanks Sumit. > > > > From the logs there is nothing unusual around the time of core dump. I > > found this one line odd though. > > > > *Jan 26 03:15:58 ipa.example.net > > krb5kdc[4471](Error): worker 4473 exited with status 134* > > > > > > Let me try to get the full BT. > > > > On 28 January 2016 at 13:54, Sumit Bose wrote: > > > >> On Thu, Jan 28, 2016 at 10:25:53AM +0530, Prashant Bapat wrote: > >> > Hi, > >> > > >> > We have a FreeIPA 4.1.4 setup on F21 servers. There is 1 master and 7 > >> > replicas in different regions. Earlier there was only 1 replica. Since I > >> > added new replicas, on the master node, once in a while the kerberos > >> > process dumps core and everything stops working - authentication, > >> > replication etc. If we restart everything using "ipactl restart" things > >> are > >> > back to normal. > >> > > >> > Attached is the output from journalctl for kerberos. > >> > > >> > Has anyone come across this ? Are there any pointers to troubleshooting > >> > this ? > >> > >> This might be fixed recently by a patch from Simo > >> (2144b1eeb789639b8a3df287b580aeb6196188a8). But to help to better > >> identify the issue the content of the kdc logs around the time of the > >> crash might be useful. Additionally a full backtrace which you can get > >> by calling > >> > >> coredumpclt gdb 4475 > >> > >> and then > >> > >> bt full > >> > >> bye, > >> Sumit > >> > >> > > >> > Any help is appreciated. > >> > > >> > Thanks. > >> > --Prashant > >> > >> > Jan 26 03:15:59 ipa.example.net systemd-coredump[5000]: Process 4475 > >> (krb5kdc) of user 0 dumped core. > >> > > >> > Stack trace of > >> thread 4475: > >> > #0 > >> 0x00007f99de8c18d7 raise (libc.so.6) > >> > #1 > >> 0x00007f99de8c353a abort (libc.so.6) > >> > #2 > >> 0x00007f99de8ba47d __assert_fail_base (libc.so.6) > >> > #3 > >> 0x00007f99de8ba532 __assert_fail (libc.so.6) > >> > #4 > >> 0x00007f99d783a78f ldap_get_values_len (libldap_r-2.4.so.2) > >> > #5 > >> 0x00007f99d7c8173e ipadb_ldap_attr_to_int (ipadb.so) > >> > #6 > >> 0x00007f99d7c83f9c ipadb_parse_ldap_entry (ipadb.so) > >> > #7 > >> 0x00007f99d7c849ab ipadb_get_principal (ipadb.so) > >> > #8 > >> 0x00007f99e0433b14 krb5_db_get_principal (libkdb5.so.7) > >> > #9 > >> 0x000055768457c230 process_tgs_req (krb5kdc) > >> > #10 > >> 0x0000557684579fe3 dispatch (krb5kdc) > >> > #11 > >> 0x000055768458d8a0 process_packet (krb5kdc) > >> > #12 > >> 0x00007f99dec4cc78 verto_fire (libverto.so.1) > >> > #13 > >> 0x00007f99d6fb72a3 epoll_event_loop_once (libtevent.so.0) > >> > #14 > >> 0x00007f99d6fb5787 std_event_loop_once (libtevent.so.0) > >> > #15 > >> 0x00007f99d6fb1fed _tevent_loop_once (libtevent.so.0) > >> > #16 > >> 0x00007f99dec4c3f7 verto_run (libverto.so.1) > >> > #17 > >> 0x00005576845795ab main (krb5kdc) > >> > #18 > >> 0x00007f99de8acfe0 __libc_start_main (libc.so.6) > >> > #19 > >> 0x00005576845798f0 _start (krb5kdc) > >> > > >> > Jan 26 03:15:59 ipa.example.net systemd-coredump[4999]: Process 4473 > >> (krb5kdc) of user 0 dumped core. > >> > > >> > Stack trace of > >> thread 4473: > >> > #0 > >> 0x00007f99de8c18d7 raise (libc.so.6) > >> > #1 > >> 0x00007f99de8c353a abort (libc.so.6) > >> > #2 > >> 0x00007f99de8ba47d __assert_fail_base (libc.so.6) > >> > #3 > >> 0x00007f99de8ba532 __assert_fail (libc.so.6) > >> > #4 > >> 0x00007f99d783a78f ldap_get_values_len (libldap_r-2.4.so.2) > >> > #5 > >> 0x00007f99d7c8173e ipadb_ldap_attr_to_int (ipadb.so) > >> > #6 > >> 0x00007f99d7c83f9c ipadb_parse_ldap_entry (ipadb.so) > >> > #7 > >> 0x00007f99d7c849ab ipadb_get_principal (ipadb.so) > >> > #8 > >> 0x00007f99e0433b14 krb5_db_get_principal (libkdb5.so.7) > >> > #9 > >> 0x000055768457c230 process_tgs_req (krb5kdc) > >> > #10 > >> 0x0000557684579fe3 dispatch (krb5kdc) > >> > #11 > >> 0x000055768458d8a0 process_packet (krb5kdc) > >> > #12 > >> 0x00007f99dec4cc78 verto_fire (libverto.so.1) > >> > #13 > >> 0x00007f99d6fb72a3 epoll_event_loop_once (libtevent.so.0) > >> > #14 > >> 0x00007f99d6fb5787 std_event_loop_once (libtevent.so.0) > >> > #15 > >> 0x00007f99d6fb1fed _tevent_loop_once (libtevent.so.0) > >> > #16 > >> 0x00007f99dec4c3f7 verto_run (libverto.so.1) > >> > #17 > >> 0x00005576845795ab main (krb5kdc) > >> > #18 > >> 0x00007f99de8acfe0 __libc_start_main (libc.so.6) > >> > #19 > >> 0x00005576845798f0 _start (krb5kdc) > >> > >> > -- > >> > Manage your subscription for the Freeipa-users mailing list: > >> > https://www.redhat.com/mailman/listinfo/freeipa-users > >> > Go to http://freeipa.org for more info on the project > >> > >> -- > >> Manage your subscription for the Freeipa-users mailing list: > >> https://www.redhat.com/mailman/listinfo/freeipa-users > >> Go to http://freeipa.org for more info on the project > >> > > > > From rob.verduijn at gmail.com Thu Jan 28 12:26:42 2016 From: rob.verduijn at gmail.com (Rob Verduijn) Date: Thu, 28 Jan 2016 13:26:42 +0100 Subject: [Freeipa-users] ipa replica is ad trust controller but refuses ad users Message-ID: Hello, I've set up an ipa-server with an one way trust to a windows 2012r2 controller. All works on this server. I can login with ad accounts on this server. I added an ipa replica, and checked it all worked. Now I tried ipa-trust-add --add-agents on the first ipa server. restarted ipa on both servers but this did not help then i did a ipa-adtrust-install on the second ipa server and a ipa trust-add --type=ad windows.domain all dns queries from the docs work https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/trust-requirements.html#verify-dns-configuration I get both ipa servers returned in the queries. On the windows server and the ipa server. On the first ipaserver I can issue : id WINDOWS.DOMAIN\\ad-user and get an answer On the second I get : unknown user What could be the cause of this, why does the second server not do ad-authentication ? Rob Verduijn From Terry.John at completeautomotivesolutions.co.uk Thu Jan 28 12:32:22 2016 From: Terry.John at completeautomotivesolutions.co.uk (Terry John) Date: Thu, 28 Jan 2016 12:32:22 +0000 Subject: [Freeipa-users] FREAK Vulnerability In-Reply-To: <56A99DBD.4010409@redhat.com> References: <56A0F065.7050407@redhat.com> <56A99DBD.4010409@redhat.com> Message-ID: I'm really confused now. After the problem where my feeipa server would not start and I had to use the backup I'm trying to do things in small steps. Listening to everything that has been said (thanks) I edited slapd-/dse.ldif slapd-PKI-IPA/dse.ldif and changed the lines nsSSL3Ciphers: to nsSSL3Ciphers:+aes_128_sha_256,+aes_256_sha_256,+ecdhe_ecdsa_aes_128_gcm_sha_256,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ecdsa_aes_256_gcm_sha_384,+ecdhe_ecdsa_aes_256_sha,+ecdhe_rsa_aes_128_gcm_sha_256,+ecdhe_rsa_aes_128_sha,+ecdhe_rsa_aes_256_gcm_sha_384,+ecdhe_rsa_aes_256_sha,+rsa_aes_128_gcm_sha_256,+rsa_aes_128_sha,+rsa_aes_256_gcm_sha_384,+rsa_aes_256_sha (There is a space after the colon) Then I did a 'service ip restart' and when I looked the dse.ldif files had reverted back to their original settings.. Where am I going wrong? Terry -----Original Message----- From: Rob Crittenden [mailto:rcritten at redhat.com] Sent: 28 January 2016 04:49 To: Marat Vyshegorodtsev; Terry John; freeipa-users at redhat.com Subject: Re: [Freeipa-users] FREAK Vulnerability Marat Vyshegorodtsev wrote: > My two cents: > > My "magic" string for NSS is like this (I had to move to Fedora 23 > from CentOS in order to get more recent NSS version though): > > NSSProtocol TLSv1.2 > NSSCipherSuite > -All,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ecdsa_aes_256_sha,+ecdh_ecdsa_aes > _128_sha,+ecdh_ecdsa_aes_256_sha,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ecdsa > _aes_256_sha,+aes_256_sha_256,+aes_128_sha_256,+rsa_aes_128_gcm_sha_25 > 6,+ecdhe_ecdsa_aes_128_sha_256,+ecdhe_rsa_aes_128_sha_256,+ecdhe_ecdsa > _aes_128_gcm_sha_256,+ecdhe_rsa_aes_128_gcm_sha_256 The -All is a syntax error (ignored). All ciphers are disabled by default anyway. I'd suggest using the ticket already referenced as a starting point. /usr/lib[64]/nss/unsupported-tools/listsuites is also handy to see what is enabled by default in NSS (though again, everything is disabled by mod_nss at startup). rob > > My cert is ECDSA private CA though. If you are interested, I can give > you my chef recipe snippets to configure it. > > On Thu, Jan 28, 2016 at 11:02 AM, Marat Vyshegorodtsev > wrote: >> My two cents: >> >> My "magic" string for NSS is like this (I had to move to Fedora 23 >> from CentOS in order to get more recent NSS version though): >> >> NSSProtocol TLSv1.2 >> NSSCipherSuite >> -All,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ecdsa_aes_256_sha,+ecdh_ecdsa_ae >> s_128_sha,+ecdh_ecdsa_aes_256_sha,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ecd >> sa_aes_256_sha,+aes_256_sha_256,+aes_128_sha_256,+rsa_aes_128_gcm_sha >> _256,+ecdhe_ecdsa_aes_128_sha_256,+ecdhe_rsa_aes_128_sha_256,+ecdhe_e >> cdsa_aes_128_gcm_sha_256,+ecdhe_rsa_aes_128_gcm_sha_256 >> >> My cert is ECDSA private CA though. If you are interested, I can give >> you my chef recipe snippets to configure it. >> >> Marat >> >> On Fri, Jan 22, 2016 at 1:54 AM, Terry John >> wrote: >>>>> I've been trying to tidy the security on my FreeIPA and this is >>>>> causing me some problems. I'm using OpenVAS vulnerability scanner >>>>> and it is coming up with this issue >>>>> >>>>> EXPORT_RSA cipher suites supported by the remote server: >>>>> TLSv1.0: TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0006) >>>>> TLSv1.0: TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0003) >>>>> >>>>> It seems we have to disable export TLS ciphers but I can't see how. I've edited /etc/httpd/conf.d/nss.conf and disabled all SSL and TLSV1.0. >>>> >>>>> NSSCipherSuite -all,-exp,+ >>>>> >>>>> I've restarted httpd and ipa but it still fails >>>>> >>>>> Is there something I have overlooked >>> >>> >>>> Hi Terry, >>>> >>>> Please check >>>> https://fedorahosted.org/freeipa/ticket/5589 >>>> >>>> We are trying to come up with a better cipher suite right now. The fix should be in some of the next FreeIPA 4.3.x versions. >>>> >>>> The ticket has more details in it. >>> >>> Thanks for the info. I have tried nearly all the NSSCipherSuite settings in that ticket but none so far has eliminated the FREAK report. >>> Christian thanks for the heads up on the syntax, I wasn't sure of >>> what I was doing >>> >>> Each time I've made a change I've run an sslscan from the OpenVAS scanner and I do get a different result each time but the errors still remains in OpenVAS. >>> Aaargh! Just noticed the port is 636/tcp(!) which is ns-slapd. >>> >>> Back to the drawing board :-) >>> >>> >>> >>> >>> The Manheim group of companies within the UK comprises: Manheim Europe Limited (registered number: 03183918), Manheim Auctions Limited (registered number: 00448761), Manheim Retail Services Limited (registered number: 02838588), Motors.co.uk Limited (registered number: 05975777), Real Time Communications Limited (registered number: 04277845) and Complete Automotive Solutions Limited (registered number: 05302535). Each of these companies is registered in England and Wales with the registered office address of Central House, Leeds Road, Rothwell, Leeds LS26 0JE. The Manheim group of companies operates under various brand/trading names including Manheim Inspection Services, Manheim Auctions, Manheim Direct, Manheim De-fleet and Manheim Aftersales Solutions. >>> >>> V:0CF72C13B2AC >>> >>> >>> >>> -- >>> Manage your subscription for the Freeipa-users mailing list: >>> https://www.redhat.com/mailman/listinfo/freeipa-users >>> Go to http://freeipa.org for more info on the project > From cheimes at redhat.com Thu Jan 28 12:46:12 2016 From: cheimes at redhat.com (Christian Heimes) Date: Thu, 28 Jan 2016 13:46:12 +0100 Subject: [Freeipa-users] FREAK Vulnerability In-Reply-To: References: <56A0F065.7050407@redhat.com> <56A99DBD.4010409@redhat.com> Message-ID: <56AA0D94.5070201@redhat.com> On 2016-01-28 13:32, Terry John wrote: > I'm really confused now. After the problem where my feeipa server would not start and I had to use the backup I'm trying to do things in small steps. > > Listening to everything that has been said (thanks) I edited > slapd-/dse.ldif slapd-PKI-IPA/dse.ldif and changed the lines > > nsSSL3Ciphers: > to > nsSSL3Ciphers:+aes_128_sha_256,+aes_256_sha_256,+ecdhe_ecdsa_aes_128_gcm_sha_256,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ecdsa_aes_256_gcm_sha_384,+ecdhe_ecdsa_aes_256_sha,+ecdhe_rsa_aes_128_gcm_sha_256,+ecdhe_rsa_aes_128_sha,+ecdhe_rsa_aes_256_gcm_sha_384,+ecdhe_rsa_aes_256_sha,+rsa_aes_128_gcm_sha_256,+rsa_aes_128_sha,+rsa_aes_256_gcm_sha_384,+rsa_aes_256_sha > (There is a space after the colon) > > Then I did a 'service ip restart' and when I looked the dse.ldif files had reverted back to their original settings.. > > Where am I going wrong? There is another catch. The SSL module of 389-DS uses different names for ciphers than mod_nss. Both have their own nick name table for the official TLS suite names. Recent versions of 389-DS also support the official cipher suite names. I don't know which version of 389-DS introduced the feature. I only looked at the most recent code. https://git.fedorahosted.org/cgit/389/ds.git/tree/ldap/servers/slapd/ssl.c#n150 https://git.fedorahosted.org/cgit/mod_nss.git/tree/nss_engine_cipher.c#n23 Regards, Christian -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: OpenPGP digital signature URL: From rmj at ast.cam.ac.uk Thu Jan 28 12:51:37 2016 From: rmj at ast.cam.ac.uk (Roderick Johnstone) Date: Thu, 28 Jan 2016 12:51:37 +0000 Subject: [Freeipa-users] netapp unable to do ldap lookups over ssl to RHEL 7.2 ipa server Message-ID: <56AA0ED9.9020505@ast.cam.ac.uk> Hi My netapp filer is happily doing ldap over ssl lookups for account information to my RHEL 6.7 testing ipa server (ipa-server-3.0.0-47.el6_7.1.x86_64). However, when I switch the filer to use my RHEL 7.2 ipa server (ipa-server-4.2.0-15.el7_2.3.x86_64) the lookup doesn't work. In the dirsrv log file I see entries like this: [28/Jan/2016:09:17:45 +0000] conn=1338 fd=112 slot=112 SSL connection from xxx.xxx.xxx.xxx to yyy.yyy.yy.yyy [28/Jan/2016:09:17:45 +0000] conn=1338 op=-1 fd=112 closed - Cannot communicate securely with peer: no common encryption algorithm(s). (xxx.xxx.xxx.xxx is the filer ip address and yyy.yyy.yyy.yyy is the ipa server ip address). Looking in the ldap directory for fields with cipher in the name shows a very different set of nssslenabledciphers between the two ipa-server versions. I wonder if this might be the issue? Can the ldap server tell me what ciphers its being requested to use by the filer? Thanks Roderick Johnstone From rob.verduijn at gmail.com Thu Jan 28 13:39:47 2016 From: rob.verduijn at gmail.com (Rob Verduijn) Date: Thu, 28 Jan 2016 14:39:47 +0100 Subject: [Freeipa-users] ipa replica is ad trust controller but refuses ad users In-Reply-To: References: Message-ID: hmmm It suddenly started to work.....weird. On both servers I changed dns_lookup_realm = true (was false) stoped sssd and cleared the sssd cache rm /var/lib/sss/db/* started sssd and it works now But I find it hard to believe that was the cause. Is there a cache involved somewhere ? Rob Verduijn 2016-01-28 13:26 GMT+01:00 Rob Verduijn : > Hello, > > I've set up an ipa-server with an one way trust to a windows 2012r2 controller. > All works on this server. > I can login with ad accounts on this server. > > I added an ipa replica, and checked it all worked. > > Now I tried > ipa-trust-add --add-agents on the first ipa server. > restarted ipa on both servers > > but this did not help > then i did a > ipa-adtrust-install on the second ipa server > and a ipa trust-add --type=ad windows.domain > > all dns queries from the docs work > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/trust-requirements.html#verify-dns-configuration > > I get both ipa servers returned in the queries. > On the windows server and the ipa server. > > On the first ipaserver I can issue : id WINDOWS.DOMAIN\\ad-user > and get an answer > On the second I get : unknown user > > What could be the cause of this, why does the second server not do > ad-authentication ? > > Rob Verduijn From cheimes at redhat.com Thu Jan 28 13:39:41 2016 From: cheimes at redhat.com (Christian Heimes) Date: Thu, 28 Jan 2016 14:39:41 +0100 Subject: [Freeipa-users] netapp unable to do ldap lookups over ssl to RHEL 7.2 ipa server In-Reply-To: <56AA0ED9.9020505@ast.cam.ac.uk> References: <56AA0ED9.9020505@ast.cam.ac.uk> Message-ID: <56AA1A1D.2080501@redhat.com> On 2016-01-28 13:51, Roderick Johnstone wrote: > Hi > > My netapp filer is happily doing ldap over ssl lookups for account > information to my RHEL 6.7 testing ipa server > (ipa-server-3.0.0-47.el6_7.1.x86_64). > > However, when I switch the filer to use my RHEL 7.2 ipa server > (ipa-server-4.2.0-15.el7_2.3.x86_64) the lookup doesn't work. > > In the dirsrv log file I see entries like this: > > [28/Jan/2016:09:17:45 +0000] conn=1338 fd=112 slot=112 SSL connection > from xxx.xxx.xxx.xxx to yyy.yyy.yy.yyy > [28/Jan/2016:09:17:45 +0000] conn=1338 op=-1 fd=112 closed - Cannot > communicate securely with peer: no common encryption algorithm(s). > > (xxx.xxx.xxx.xxx is the filer ip address and yyy.yyy.yyy.yyy is the ipa > server ip address). > > Looking in the ldap directory for fields with cipher in the name shows a > very different set of nssslenabledciphers between the two ipa-server > versions. > > I wonder if this might be the issue? > > Can the ldap server tell me what ciphers its being requested to use by > the filer? Yes, it looks like it is the issue. The supported cipher suites were hardened a while ago. The ticket https://fedorahosted.org/freeipa/ticket/4395 contains more information. During the TLS handshake the client sends a list of supported cipher suites to the server. The server also has a list of supported cipher suites. But the server never sends this list to the client. Instead it picks one common cipher suite (usually the most secure) from the common set of cipher suites. I don't know if you can get 389 DS to print the cipher suites. But you can snoop the ciper suites from the TLS handshake with wireshark or tshark. The handshake isnt't encrypted and can be captures on either the host or the server. # tshark -Vx -Y "ssl.handshake.ciphersuites" -i YOUR_INTERFACE tcp port ldaps Christian -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: OpenPGP digital signature URL: From rcritten at redhat.com Thu Jan 28 14:35:01 2016 From: rcritten at redhat.com (Rob Crittenden) Date: Thu, 28 Jan 2016 09:35:01 -0500 Subject: [Freeipa-users] FREAK Vulnerability In-Reply-To: References: <56A0F065.7050407@redhat.com> <56A99DBD.4010409@redhat.com> Message-ID: <56AA2715.8010509@redhat.com> Terry John wrote: > I'm really confused now. After the problem where my feeipa server would not start and I had to use the backup I'm trying to do things in small steps. > > Listening to everything that has been said (thanks) I edited > slapd-/dse.ldif slapd-PKI-IPA/dse.ldif and changed the lines > > nsSSL3Ciphers: > to > nsSSL3Ciphers:+aes_128_sha_256,+aes_256_sha_256,+ecdhe_ecdsa_aes_128_gcm_sha_256,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ecdsa_aes_256_gcm_sha_384,+ecdhe_ecdsa_aes_256_sha,+ecdhe_rsa_aes_128_gcm_sha_256,+ecdhe_rsa_aes_128_sha,+ecdhe_rsa_aes_256_gcm_sha_384,+ecdhe_rsa_aes_256_sha,+rsa_aes_128_gcm_sha_256,+rsa_aes_128_sha,+rsa_aes_256_gcm_sha_384,+rsa_aes_256_sha > (There is a space after the colon) > > Then I did a 'service ip restart' and when I looked the dse.ldif files had reverted back to their original settings.. > > Where am I going wrong? dse.ldif is written out when the server shuts down so any changes you make to it while 389-ds is running are lost. rob > > Terry > > > -----Original Message----- > From: Rob Crittenden [mailto:rcritten at redhat.com] > Sent: 28 January 2016 04:49 > To: Marat Vyshegorodtsev; Terry John; freeipa-users at redhat.com > Subject: Re: [Freeipa-users] FREAK Vulnerability > > Marat Vyshegorodtsev wrote: >> My two cents: >> >> My "magic" string for NSS is like this (I had to move to Fedora 23 >> from CentOS in order to get more recent NSS version though): >> >> NSSProtocol TLSv1.2 >> NSSCipherSuite >> -All,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ecdsa_aes_256_sha,+ecdh_ecdsa_aes >> _128_sha,+ecdh_ecdsa_aes_256_sha,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ecdsa >> _aes_256_sha,+aes_256_sha_256,+aes_128_sha_256,+rsa_aes_128_gcm_sha_25 >> 6,+ecdhe_ecdsa_aes_128_sha_256,+ecdhe_rsa_aes_128_sha_256,+ecdhe_ecdsa >> _aes_128_gcm_sha_256,+ecdhe_rsa_aes_128_gcm_sha_256 > > The -All is a syntax error (ignored). All ciphers are disabled by default anyway. > > I'd suggest using the ticket already referenced as a starting point. > > /usr/lib[64]/nss/unsupported-tools/listsuites is also handy to see what is enabled by default in NSS (though again, everything is disabled by mod_nss at startup). > > rob > >> >> My cert is ECDSA private CA though. If you are interested, I can give >> you my chef recipe snippets to configure it. >> >> On Thu, Jan 28, 2016 at 11:02 AM, Marat Vyshegorodtsev >> wrote: >>> My two cents: >>> >>> My "magic" string for NSS is like this (I had to move to Fedora 23 >>> from CentOS in order to get more recent NSS version though): >>> >>> NSSProtocol TLSv1.2 >>> NSSCipherSuite >>> -All,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ecdsa_aes_256_sha,+ecdh_ecdsa_ae >>> s_128_sha,+ecdh_ecdsa_aes_256_sha,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ecd >>> sa_aes_256_sha,+aes_256_sha_256,+aes_128_sha_256,+rsa_aes_128_gcm_sha >>> _256,+ecdhe_ecdsa_aes_128_sha_256,+ecdhe_rsa_aes_128_sha_256,+ecdhe_e >>> cdsa_aes_128_gcm_sha_256,+ecdhe_rsa_aes_128_gcm_sha_256 >>> >>> My cert is ECDSA private CA though. If you are interested, I can give >>> you my chef recipe snippets to configure it. >>> >>> Marat >>> >>> On Fri, Jan 22, 2016 at 1:54 AM, Terry John >>> wrote: >>>>>> I've been trying to tidy the security on my FreeIPA and this is >>>>>> causing me some problems. I'm using OpenVAS vulnerability scanner >>>>>> and it is coming up with this issue >>>>>> >>>>>> EXPORT_RSA cipher suites supported by the remote server: >>>>>> TLSv1.0: TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0006) >>>>>> TLSv1.0: TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0003) >>>>>> >>>>>> It seems we have to disable export TLS ciphers but I can't see how. I've edited /etc/httpd/conf.d/nss.conf and disabled all SSL and TLSV1.0. >>>>> >>>>>> NSSCipherSuite -all,-exp,+ >>>>>> >>>>>> I've restarted httpd and ipa but it still fails >>>>>> >>>>>> Is there something I have overlooked >>>> >>>> >>>>> Hi Terry, >>>>> >>>>> Please check >>>>> https://fedorahosted.org/freeipa/ticket/5589 >>>>> >>>>> We are trying to come up with a better cipher suite right now. The fix should be in some of the next FreeIPA 4.3.x versions. >>>>> >>>>> The ticket has more details in it. >>>> >>>> Thanks for the info. I have tried nearly all the NSSCipherSuite settings in that ticket but none so far has eliminated the FREAK report. >>>> Christian thanks for the heads up on the syntax, I wasn't sure of >>>> what I was doing >>>> >>>> Each time I've made a change I've run an sslscan from the OpenVAS scanner and I do get a different result each time but the errors still remains in OpenVAS. >>>> Aaargh! Just noticed the port is 636/tcp(!) which is ns-slapd. >>>> >>>> Back to the drawing board :-) >>>> >>>> >>>> >>>> >>>> The Manheim group of companies within the UK comprises: Manheim Europe Limited (registered number: 03183918), Manheim Auctions Limited (registered number: 00448761), Manheim Retail Services Limited (registered number: 02838588), Motors.co.uk Limited (registered number: 05975777), Real Time Communications Limited (registered number: 04277845) and Complete Automotive Solutions Limited (registered number: 05302535). Each of these companies is registered in England and Wales with the registered office address of Central House, Leeds Road, Rothwell, Leeds LS26 0JE. The Manheim group of companies operates under various brand/trading names including Manheim Inspection Services, Manheim Auctions, Manheim Direct, Manheim De-fleet and Manheim Aftersales Solutions. >>>> >>>> V:0CF72C13B2AC >>>> >>>> >>>> >>>> -- >>>> Manage your subscription for the Freeipa-users mailing list: >>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>>> Go to http://freeipa.org for more info on the project >> > From jhrozek at redhat.com Thu Jan 28 14:36:04 2016 From: jhrozek at redhat.com (Jakub Hrozek) Date: Thu, 28 Jan 2016 15:36:04 +0100 Subject: [Freeipa-users] ipa replica is ad trust controller but refuses ad users In-Reply-To: References: Message-ID: <20160128143604.GM5655@hendrix.redhat.com> On Thu, Jan 28, 2016 at 02:39:47PM +0100, Rob Verduijn wrote: > hmmm > It suddenly started to work.....weird. > > On both servers I changed dns_lookup_realm = true (was false) > stoped sssd and cleared the sssd cache > rm /var/lib/sss/db/* > started sssd and it works now it's hard to tell w/o logs but the sssd re-fetches the keytab it uses to establish the connection to the AD DCs on sssd restart (we implemeted this precisely so that admins have a known point -- sssd restart) when things go wrong. Maybe sssd just picked the trust keytab only after restart, not sure.. From jhrozek at redhat.com Thu Jan 28 14:45:29 2016 From: jhrozek at redhat.com (Jakub Hrozek) Date: Thu, 28 Jan 2016 15:45:29 +0100 Subject: [Freeipa-users] ipa replica is ad trust controller but refuses ad users In-Reply-To: <20160128143604.GM5655@hendrix.redhat.com> References: <20160128143604.GM5655@hendrix.redhat.com> Message-ID: <20160128144529.GO5655@hendrix.redhat.com> On Thu, Jan 28, 2016 at 03:36:04PM +0100, Jakub Hrozek wrote: > On Thu, Jan 28, 2016 at 02:39:47PM +0100, Rob Verduijn wrote: > > hmmm > > It suddenly started to work.....weird. > > > > On both servers I changed dns_lookup_realm = true (was false) > > stoped sssd and cleared the sssd cache > > rm /var/lib/sss/db/* > > started sssd and it works now > > it's hard to tell w/o logs but the sssd re-fetches the keytab it uses to > establish the connection to the AD DCs on sssd restart (we implemeted > this precisely so that admins have a known point -- sssd restart) when > things go wrong. Maybe sssd just picked the trust keytab only after oops, sorry, wrong parens. sssd always re-fetches the keytab from IPA master it's running on, not only when things go wrong. The sssd restart just is just a way for the admin to trigger this. > restart, not sure.. From david at cazena.com Thu Jan 28 15:18:06 2016 From: david at cazena.com (David Zabner) Date: Thu, 28 Jan 2016 15:18:06 +0000 Subject: [Freeipa-users] Client-Install failures In-Reply-To: <1063477297.13392692.1453978522689.JavaMail.zimbra@redhat.com> References: <56A9E2A1.8030203@redhat.com> <1063477297.13392692.1453978522689.JavaMail.zimbra@redhat.com> Message-ID: Any guess as what it would be then? The location that is ?missing a file? is specified by the gssapi config in /etc/httpd/conf.d/ipa.conf. So I assumed that this would be a mod_gssapi failure? Thanks for your help, David > On Jan 28, 2016, at 5:55 AM, Simo Sorce wrote: > > Doesn't look related to mod_auth_gssapi, it's past it. > > ----- Original Message ----- >> From: "Martin Kosek" >> To: "David Zabner" , freeipa-users at redhat.com, "Simo Sorce" >> Sent: Thursday, January 28, 2016 4:42:57 AM >> Subject: Re: [Freeipa-users] Client-Install failures >> >> On 01/26/2016 10:20 PM, David Zabner wrote: >>> Hi All, >>> I am working on automated deployment of ipa clients through a program >>> called salt and have been seeing an issue. >>> Specifically, calls to ipa.server.internal/ipa/json occasionally return a >>> 500 error. This tends to occur while using ipa-client-install and ipa-dns >>> commands. >>> >>> I am on free-ipa v 4.2.0 running on Centos 7 and will include the offending >>> httpd error log. >>> Thanks for your help, >>> David >> >> CCing Simo, I wonder if this error could be some problem caused by >> mod_auth_gssapi? >> >> [Tue Jan 26 20:28:00.456181 2016] [:error] [pid 9535] [remote >> 10.11.135.180:220] mod_wsgi (pid=9535): Exception occurred processing WSGI >> script '/usr/share/ipa/wsgi.py'. >> [Tue Jan 26 20:28:00.456211 2016] [:error] [pid 9535] [remote >> 10.11.135.180:220] Traceback (most recent call last): >> [Tue Jan 26 20:28:00.456223 2016] [:error] [pid 9535] [remote >> 10.11.135.180:220] File "/usr/share/ipa/wsgi.py", line 49, in application >> [Tue Jan 26 20:28:00.456245 2016] [:error] [pid 9535] [remote >> 10.11.135.180:220] return api.Backend.wsgi_dispatch(environ, >> start_response) >> [Tue Jan 26 20:28:00.456251 2016] [:error] [pid 9535] [remote >> 10.11.135.180:220] File >> "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 258, in >> __call__ >> [Tue Jan 26 20:28:00.456263 2016] [:error] [pid 9535] [remote >> 10.11.135.180:220] return self.route(environ, start_response) >> [Tue Jan 26 20:28:00.456268 2016] [:error] [pid 9535] [remote >> 10.11.135.180:220] File >> "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 270, in >> route >> [Tue Jan 26 20:28:00.456276 2016] [:error] [pid 9535] [remote >> 10.11.135.180:220] return app(environ, start_response) >> [Tue Jan 26 20:28:00.456281 2016] [:error] [pid 9535] [remote >> 10.11.135.180:220] File >> "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 447, in >> __call__ >> [Tue Jan 26 20:28:00.456288 2016] [:error] [pid 9535] [remote >> 10.11.135.180:220] response = super(jsonserver, self).__call__(environ, >> start_response) >> [Tue Jan 26 20:28:00.456293 2016] [:error] [pid 9535] [remote >> 10.11.135.180:220] File >> "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 647, in >> __call__ >> [Tue Jan 26 20:28:00.456299 2016] [:error] [pid 9535] [remote >> 10.11.135.180:220] 'xmlserver', user_ccache, environ, start_response, >> headers) >> [Tue Jan 26 20:28:00.456304 2016] [:error] [pid 9535] [remote >> 10.11.135.180:220] File >> "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 593, in >> finalize_kerberos_acquisition >> [Tue Jan 26 20:28:00.456310 2016] [:error] [pid 9535] [remote >> 10.11.135.180:220] session_data['ccache_data'] = >> load_ccache_data(ccache_name) >> [Tue Jan 26 20:28:00.456315 2016] [:error] [pid 9535] [remote >> 10.11.135.180:220] File >> "/usr/lib/python2.7/site-packages/ipalib/session.py", >> line 1231, in load_ccache_data >> [Tue Jan 26 20:28:00.456330 2016] [:error] [pid 9535] [remote >> 10.11.135.180:220] src = open(name) >> [Tue Jan 26 20:28:00.456344 2016] [:error] [pid 9535] [remote >> 10.11.135.180:220] IOError: [Errno 2] No such file or directory: >> '/var/run/httpd/ipa/ clientcaches/admin at FOO.INTERNAL' >> >> Martin >> From Terry.John at completeautomotivesolutions.co.uk Thu Jan 28 16:04:32 2016 From: Terry.John at completeautomotivesolutions.co.uk (Terry John) Date: Thu, 28 Jan 2016 16:04:32 +0000 Subject: [Freeipa-users] FREAK Vulnerability In-Reply-To: <56AA2715.8010509@redhat.com> References: <56A0F065.7050407@redhat.com> <56A99DBD.4010409@redhat.com> <56AA2715.8010509@redhat.com> Message-ID: Ok thanks for that but I've had to give up, our freeipa server is too critical to our business for me to continue even with outages of one or two minutes. The Ciphers below were not recognised and when I just tried to remove the export ciphers from the original list I got this error (Netscape Portable Runtime error -12266 - An unknown SSL cipher suite has been requested.) A type or a fundamental problem I don't know. I am working in an AWS environment and have tried making a clone and working on that but freeipa just gets confused and stops. I suppose another alternative is to build a freeipa server from scratch and work on that. Seems an awful lot of work to remove one cipher :-( terry -----Original Message----- From: Rob Crittenden [mailto:rcritten at redhat.com] Sent: 28 January 2016 14:35 To: Terry John; Marat Vyshegorodtsev; freeipa-users at redhat.com Subject: Re: [Freeipa-users] FREAK Vulnerability Terry John wrote: > I'm really confused now. After the problem where my feeipa server would not start and I had to use the backup I'm trying to do things in small steps. > > Listening to everything that has been said (thanks) I edited > slapd-/dse.ldif slapd-PKI-IPA/dse.ldif and changed the lines > > nsSSL3Ciphers: > to > nsSSL3Ciphers:+aes_128_sha_256,+aes_256_sha_256,+ecdhe_ecdsa_aes_128_g > cm_sha_256,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ecdsa_aes_256_gcm_sha_384,+ > ecdhe_ecdsa_aes_256_sha,+ecdhe_rsa_aes_128_gcm_sha_256,+ecdhe_rsa_aes_ > 128_sha,+ecdhe_rsa_aes_256_gcm_sha_384,+ecdhe_rsa_aes_256_sha,+rsa_aes > _128_gcm_sha_256,+rsa_aes_128_sha,+rsa_aes_256_gcm_sha_384,+rsa_aes_25 > 6_sha > (There is a space after the colon) > > Then I did a 'service ip restart' and when I looked the dse.ldif files had reverted back to their original settings.. > > Where am I going wrong? dse.ldif is written out when the server shuts down so any changes you make to it while 389-ds is running are lost. rob > > Terry > > > -----Original Message----- > From: Rob Crittenden [mailto:rcritten at redhat.com] > Sent: 28 January 2016 04:49 > To: Marat Vyshegorodtsev; Terry John; freeipa-users at redhat.com > Subject: Re: [Freeipa-users] FREAK Vulnerability > > Marat Vyshegorodtsev wrote: >> My two cents: >> >> My "magic" string for NSS is like this (I had to move to Fedora 23 >> from CentOS in order to get more recent NSS version though): >> >> NSSProtocol TLSv1.2 >> NSSCipherSuite >> -All,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ecdsa_aes_256_sha,+ecdh_ecdsa_ae >> s >> _128_sha,+ecdh_ecdsa_aes_256_sha,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ecds >> a >> _aes_256_sha,+aes_256_sha_256,+aes_128_sha_256,+rsa_aes_128_gcm_sha_2 >> 5 >> 6,+ecdhe_ecdsa_aes_128_sha_256,+ecdhe_rsa_aes_128_sha_256,+ecdhe_ecds >> a >> _aes_128_gcm_sha_256,+ecdhe_rsa_aes_128_gcm_sha_256 > > The -All is a syntax error (ignored). All ciphers are disabled by default anyway. > > I'd suggest using the ticket already referenced as a starting point. > > /usr/lib[64]/nss/unsupported-tools/listsuites is also handy to see what is enabled by default in NSS (though again, everything is disabled by mod_nss at startup). > > rob > >> >> My cert is ECDSA private CA though. If you are interested, I can give >> you my chef recipe snippets to configure it. >> >> On Thu, Jan 28, 2016 at 11:02 AM, Marat Vyshegorodtsev >> wrote: >>> My two cents: >>> >>> My "magic" string for NSS is like this (I had to move to Fedora 23 >>> from CentOS in order to get more recent NSS version though): >>> >>> NSSProtocol TLSv1.2 >>> NSSCipherSuite >>> -All,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ecdsa_aes_256_sha,+ecdh_ecdsa_a >>> e >>> s_128_sha,+ecdh_ecdsa_aes_256_sha,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ec >>> d >>> sa_aes_256_sha,+aes_256_sha_256,+aes_128_sha_256,+rsa_aes_128_gcm_sh >>> a >>> _256,+ecdhe_ecdsa_aes_128_sha_256,+ecdhe_rsa_aes_128_sha_256,+ecdhe_ >>> e >>> cdsa_aes_128_gcm_sha_256,+ecdhe_rsa_aes_128_gcm_sha_256 >>> >>> My cert is ECDSA private CA though. If you are interested, I can >>> give you my chef recipe snippets to configure it. >>> >>> Marat >>> >>> On Fri, Jan 22, 2016 at 1:54 AM, Terry John >>> wrote: >>>>>> I've been trying to tidy the security on my FreeIPA and this is >>>>>> causing me some problems. I'm using OpenVAS vulnerability scanner >>>>>> and it is coming up with this issue >>>>>> >>>>>> EXPORT_RSA cipher suites supported by the remote server: >>>>>> TLSv1.0: TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0006) >>>>>> TLSv1.0: TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0003) >>>>>> >>>>>> It seems we have to disable export TLS ciphers but I can't see how. I've edited /etc/httpd/conf.d/nss.conf and disabled all SSL and TLSV1.0. >>>>> >>>>>> NSSCipherSuite -all,-exp,+ >>>>>> >>>>>> I've restarted httpd and ipa but it still fails >>>>>> >>>>>> Is there something I have overlooked >>>> >>>> >>>>> Hi Terry, >>>>> >>>>> Please check >>>>> https://fedorahosted.org/freeipa/ticket/5589 >>>>> >>>>> We are trying to come up with a better cipher suite right now. The fix should be in some of the next FreeIPA 4.3.x versions. >>>>> >>>>> The ticket has more details in it. >>>> >>>> Thanks for the info. I have tried nearly all the NSSCipherSuite settings in that ticket but none so far has eliminated the FREAK report. >>>> Christian thanks for the heads up on the syntax, I wasn't sure of >>>> what I was doing >>>> >>>> Each time I've made a change I've run an sslscan from the OpenVAS scanner and I do get a different result each time but the errors still remains in OpenVAS. >>>> Aaargh! Just noticed the port is 636/tcp(!) which is ns-slapd. >>>> >>>> Back to the drawing board :-) >>>> >>>> >>>> >>>> >>>> The Manheim group of companies within the UK comprises: Manheim Europe Limited (registered number: 03183918), Manheim Auctions Limited (registered number: 00448761), Manheim Retail Services Limited (registered number: 02838588), Motors.co.uk Limited (registered number: 05975777), Real Time Communications Limited (registered number: 04277845) and Complete Automotive Solutions Limited (registered number: 05302535). Each of these companies is registered in England and Wales with the registered office address of Central House, Leeds Road, Rothwell, Leeds LS26 0JE. The Manheim group of companies operates under various brand/trading names including Manheim Inspection Services, Manheim Auctions, Manheim Direct, Manheim De-fleet and Manheim Aftersales Solutions. >>>> >>>> V:0CF72C13B2AC >>>> >>>> >>>> >>>> -- >>>> Manage your subscription for the Freeipa-users mailing list: >>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>>> Go to http://freeipa.org for more info on the project >> > From prashant at apigee.com Thu Jan 28 16:06:55 2016 From: prashant at apigee.com (Prashant Bapat) Date: Thu, 28 Jan 2016 21:36:55 +0530 Subject: [Freeipa-users] Kerberos process coredump | authentication fails In-Reply-To: <20160128112357.GC19151@p.redhat.com> References: <20160128082401.GX19151@p.redhat.com> <20160128112357.GC19151@p.redhat.com> Message-ID: Sure. Attached the stack trace with debuginfo installed. Thanks much! On 28 January 2016 at 16:53, Sumit Bose wrote: > On Thu, Jan 28, 2016 at 04:42:20PM +0530, Prashant Bapat wrote: > > gdb stacktrace attached. > > Can you install the debuginfo with > > debuginfo-install krb5-server-1.12.2-19.fc21.x86_64 > > as suggested by gdb and then call 'bt full' again to get more details. > Additionally the debuginfo of the freeipa package might be missing as > well. > > bye, > Sumit > > > > On 28 January 2016 at 16:27, Prashant Bapat wrote: > > > > > Thanks Sumit. > > > > > > From the logs there is nothing unusual around the time of core dump. I > > > found this one line odd though. > > > > > > *Jan 26 03:15:58 ipa.example.net > > > krb5kdc[4471](Error): worker 4473 exited with status 134* > > > > > > > > > Let me try to get the full BT. > > > > > > On 28 January 2016 at 13:54, Sumit Bose wrote: > > > > > >> On Thu, Jan 28, 2016 at 10:25:53AM +0530, Prashant Bapat wrote: > > >> > Hi, > > >> > > > >> > We have a FreeIPA 4.1.4 setup on F21 servers. There is 1 master and > 7 > > >> > replicas in different regions. Earlier there was only 1 replica. > Since I > > >> > added new replicas, on the master node, once in a while the kerberos > > >> > process dumps core and everything stops working - authentication, > > >> > replication etc. If we restart everything using "ipactl restart" > things > > >> are > > >> > back to normal. > > >> > > > >> > Attached is the output from journalctl for kerberos. > > >> > > > >> > Has anyone come across this ? Are there any pointers to > troubleshooting > > >> > this ? > > >> > > >> This might be fixed recently by a patch from Simo > > >> (2144b1eeb789639b8a3df287b580aeb6196188a8). But to help to better > > >> identify the issue the content of the kdc logs around the time of the > > >> crash might be useful. Additionally a full backtrace which you can get > > >> by calling > > >> > > >> coredumpclt gdb 4475 > > >> > > >> and then > > >> > > >> bt full > > >> > > >> bye, > > >> Sumit > > >> > > >> > > > >> > Any help is appreciated. > > >> > > > >> > Thanks. > > >> > --Prashant > > >> > > >> > Jan 26 03:15:59 ipa.example.net systemd-coredump[5000]: Process > 4475 > > >> (krb5kdc) of user 0 dumped core. > > >> > > > >> > Stack trace > of > > >> thread 4475: > > >> > #0 > > >> 0x00007f99de8c18d7 raise (libc.so.6) > > >> > #1 > > >> 0x00007f99de8c353a abort (libc.so.6) > > >> > #2 > > >> 0x00007f99de8ba47d __assert_fail_base (libc.so.6) > > >> > #3 > > >> 0x00007f99de8ba532 __assert_fail (libc.so.6) > > >> > #4 > > >> 0x00007f99d783a78f ldap_get_values_len (libldap_r-2.4.so.2) > > >> > #5 > > >> 0x00007f99d7c8173e ipadb_ldap_attr_to_int (ipadb.so) > > >> > #6 > > >> 0x00007f99d7c83f9c ipadb_parse_ldap_entry (ipadb.so) > > >> > #7 > > >> 0x00007f99d7c849ab ipadb_get_principal (ipadb.so) > > >> > #8 > > >> 0x00007f99e0433b14 krb5_db_get_principal (libkdb5.so.7) > > >> > #9 > > >> 0x000055768457c230 process_tgs_req (krb5kdc) > > >> > #10 > > >> 0x0000557684579fe3 dispatch (krb5kdc) > > >> > #11 > > >> 0x000055768458d8a0 process_packet (krb5kdc) > > >> > #12 > > >> 0x00007f99dec4cc78 verto_fire (libverto.so.1) > > >> > #13 > > >> 0x00007f99d6fb72a3 epoll_event_loop_once (libtevent.so.0) > > >> > #14 > > >> 0x00007f99d6fb5787 std_event_loop_once (libtevent.so.0) > > >> > #15 > > >> 0x00007f99d6fb1fed _tevent_loop_once (libtevent.so.0) > > >> > #16 > > >> 0x00007f99dec4c3f7 verto_run (libverto.so.1) > > >> > #17 > > >> 0x00005576845795ab main (krb5kdc) > > >> > #18 > > >> 0x00007f99de8acfe0 __libc_start_main (libc.so.6) > > >> > #19 > > >> 0x00005576845798f0 _start (krb5kdc) > > >> > > > >> > Jan 26 03:15:59 ipa.example.net systemd-coredump[4999]: Process > 4473 > > >> (krb5kdc) of user 0 dumped core. > > >> > > > >> > Stack trace > of > > >> thread 4473: > > >> > #0 > > >> 0x00007f99de8c18d7 raise (libc.so.6) > > >> > #1 > > >> 0x00007f99de8c353a abort (libc.so.6) > > >> > #2 > > >> 0x00007f99de8ba47d __assert_fail_base (libc.so.6) > > >> > #3 > > >> 0x00007f99de8ba532 __assert_fail (libc.so.6) > > >> > #4 > > >> 0x00007f99d783a78f ldap_get_values_len (libldap_r-2.4.so.2) > > >> > #5 > > >> 0x00007f99d7c8173e ipadb_ldap_attr_to_int (ipadb.so) > > >> > #6 > > >> 0x00007f99d7c83f9c ipadb_parse_ldap_entry (ipadb.so) > > >> > #7 > > >> 0x00007f99d7c849ab ipadb_get_principal (ipadb.so) > > >> > #8 > > >> 0x00007f99e0433b14 krb5_db_get_principal (libkdb5.so.7) > > >> > #9 > > >> 0x000055768457c230 process_tgs_req (krb5kdc) > > >> > #10 > > >> 0x0000557684579fe3 dispatch (krb5kdc) > > >> > #11 > > >> 0x000055768458d8a0 process_packet (krb5kdc) > > >> > #12 > > >> 0x00007f99dec4cc78 verto_fire (libverto.so.1) > > >> > #13 > > >> 0x00007f99d6fb72a3 epoll_event_loop_once (libtevent.so.0) > > >> > #14 > > >> 0x00007f99d6fb5787 std_event_loop_once (libtevent.so.0) > > >> > #15 > > >> 0x00007f99d6fb1fed _tevent_loop_once (libtevent.so.0) > > >> > #16 > > >> 0x00007f99dec4c3f7 verto_run (libverto.so.1) > > >> > #17 > > >> 0x00005576845795ab main (krb5kdc) > > >> > #18 > > >> 0x00007f99de8acfe0 __libc_start_main (libc.so.6) > > >> > #19 > > >> 0x00005576845798f0 _start (krb5kdc) > > >> > > >> > -- > > >> > Manage your subscription for the Freeipa-users mailing list: > > >> > https://www.redhat.com/mailman/listinfo/freeipa-users > > >> > Go to http://freeipa.org for more info on the project > > >> > > >> -- > > >> Manage your subscription for the Freeipa-users mailing list: > > >> https://www.redhat.com/mailman/listinfo/freeipa-users > > >> Go to http://freeipa.org for more info on the project > > >> > > > > > > > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: krb-coredump-debug.out Type: application/octet-stream Size: 13768 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: krb-coredump-debug2.out Type: application/octet-stream Size: 14162 bytes Desc: not available URL: From prasun.gera at gmail.com Thu Jan 28 16:35:04 2016 From: prasun.gera at gmail.com (Prasun Gera) Date: Thu, 28 Jan 2016 11:35:04 -0500 Subject: [Freeipa-users] FREAK Vulnerability In-Reply-To: References: <56A0F065.7050407@redhat.com> <56A99DBD.4010409@redhat.com> <56AA2715.8010509@redhat.com> Message-ID: Can someone at RH update this article https://access.redhat.com/articles/1467293 ? I found it to be fairly useful, but I'm not sure if it's up to date. On Thu, Jan 28, 2016 at 11:04 AM, Terry John < Terry.John at completeautomotivesolutions.co.uk> wrote: > Ok thanks for that but I've had to give up, our freeipa server is too > critical to our business for me to continue even with outages of one or two > minutes. > > The Ciphers below were not recognised and when I just tried to remove the > export ciphers from the original list I got this error > (Netscape Portable Runtime error -12266 - An unknown SSL cipher suite has > been requested.) > > A type or a fundamental problem I don't know. > > I am working in an AWS environment and have tried making a clone and > working on that but freeipa just gets confused and stops. I suppose another > alternative is to build a freeipa server from scratch and work on that. > Seems an awful lot of work to remove one cipher :-( > > terry > > -----Original Message----- > From: Rob Crittenden [mailto:rcritten at redhat.com] > Sent: 28 January 2016 14:35 > To: Terry John; Marat Vyshegorodtsev; freeipa-users at redhat.com > Subject: Re: [Freeipa-users] FREAK Vulnerability > > Terry John wrote: > > I'm really confused now. After the problem where my feeipa server would > not start and I had to use the backup I'm trying to do things in small > steps. > > > > Listening to everything that has been said (thanks) I edited > > slapd-/dse.ldif slapd-PKI-IPA/dse.ldif and changed the lines > > > > nsSSL3Ciphers: > > to > > nsSSL3Ciphers:+aes_128_sha_256,+aes_256_sha_256,+ecdhe_ecdsa_aes_128_g > > cm_sha_256,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ecdsa_aes_256_gcm_sha_384,+ > > ecdhe_ecdsa_aes_256_sha,+ecdhe_rsa_aes_128_gcm_sha_256,+ecdhe_rsa_aes_ > > 128_sha,+ecdhe_rsa_aes_256_gcm_sha_384,+ecdhe_rsa_aes_256_sha,+rsa_aes > > _128_gcm_sha_256,+rsa_aes_128_sha,+rsa_aes_256_gcm_sha_384,+rsa_aes_25 > > 6_sha > > (There is a space after the colon) > > > > Then I did a 'service ip restart' and when I looked the dse.ldif files > had reverted back to their original settings.. > > > > Where am I going wrong? > > dse.ldif is written out when the server shuts down so any changes you make > to it while 389-ds is running are lost. > > rob > > > > > Terry > > > > > > -----Original Message----- > > From: Rob Crittenden [mailto:rcritten at redhat.com] > > Sent: 28 January 2016 04:49 > > To: Marat Vyshegorodtsev; Terry John; freeipa-users at redhat.com > > Subject: Re: [Freeipa-users] FREAK Vulnerability > > > > Marat Vyshegorodtsev wrote: > >> My two cents: > >> > >> My "magic" string for NSS is like this (I had to move to Fedora 23 > >> from CentOS in order to get more recent NSS version though): > >> > >> NSSProtocol TLSv1.2 > >> NSSCipherSuite > >> -All,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ecdsa_aes_256_sha,+ecdh_ecdsa_ae > >> s > >> _128_sha,+ecdh_ecdsa_aes_256_sha,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ecds > >> a > >> _aes_256_sha,+aes_256_sha_256,+aes_128_sha_256,+rsa_aes_128_gcm_sha_2 > >> 5 > >> 6,+ecdhe_ecdsa_aes_128_sha_256,+ecdhe_rsa_aes_128_sha_256,+ecdhe_ecds > >> a > >> _aes_128_gcm_sha_256,+ecdhe_rsa_aes_128_gcm_sha_256 > > > > The -All is a syntax error (ignored). All ciphers are disabled by > default anyway. > > > > I'd suggest using the ticket already referenced as a starting point. > > > > /usr/lib[64]/nss/unsupported-tools/listsuites is also handy to see what > is enabled by default in NSS (though again, everything is disabled by > mod_nss at startup). > > > > rob > > > >> > >> My cert is ECDSA private CA though. If you are interested, I can give > >> you my chef recipe snippets to configure it. > >> > >> On Thu, Jan 28, 2016 at 11:02 AM, Marat Vyshegorodtsev > >> wrote: > >>> My two cents: > >>> > >>> My "magic" string for NSS is like this (I had to move to Fedora 23 > >>> from CentOS in order to get more recent NSS version though): > >>> > >>> NSSProtocol TLSv1.2 > >>> NSSCipherSuite > >>> -All,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ecdsa_aes_256_sha,+ecdh_ecdsa_a > >>> e > >>> s_128_sha,+ecdh_ecdsa_aes_256_sha,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ec > >>> d > >>> sa_aes_256_sha,+aes_256_sha_256,+aes_128_sha_256,+rsa_aes_128_gcm_sh > >>> a > >>> _256,+ecdhe_ecdsa_aes_128_sha_256,+ecdhe_rsa_aes_128_sha_256,+ecdhe_ > >>> e > >>> cdsa_aes_128_gcm_sha_256,+ecdhe_rsa_aes_128_gcm_sha_256 > >>> > >>> My cert is ECDSA private CA though. If you are interested, I can > >>> give you my chef recipe snippets to configure it. > >>> > >>> Marat > >>> > >>> On Fri, Jan 22, 2016 at 1:54 AM, Terry John > >>> wrote: > >>>>>> I've been trying to tidy the security on my FreeIPA and this is > >>>>>> causing me some problems. I'm using OpenVAS vulnerability scanner > >>>>>> and it is coming up with this issue > >>>>>> > >>>>>> EXPORT_RSA cipher suites supported by the remote server: > >>>>>> TLSv1.0: TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0006) > >>>>>> TLSv1.0: TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0003) > >>>>>> > >>>>>> It seems we have to disable export TLS ciphers but I can't see > how. I've edited /etc/httpd/conf.d/nss.conf and disabled all SSL and > TLSV1.0. > >>>>> > >>>>>> NSSCipherSuite -all,-exp,+ > >>>>>> > >>>>>> I've restarted httpd and ipa but it still fails > >>>>>> > >>>>>> Is there something I have overlooked > >>>> > >>>> > >>>>> Hi Terry, > >>>>> > >>>>> Please check > >>>>> https://fedorahosted.org/freeipa/ticket/5589 > >>>>> > >>>>> We are trying to come up with a better cipher suite right now. The > fix should be in some of the next FreeIPA 4.3.x versions. > >>>>> > >>>>> The ticket has more details in it. > >>>> > >>>> Thanks for the info. I have tried nearly all the NSSCipherSuite > settings in that ticket but none so far has eliminated the FREAK report. > >>>> Christian thanks for the heads up on the syntax, I wasn't sure of > >>>> what I was doing > >>>> > >>>> Each time I've made a change I've run an sslscan from the OpenVAS > scanner and I do get a different result each time but the errors still > remains in OpenVAS. > >>>> Aaargh! Just noticed the port is 636/tcp(!) which is ns-slapd. > >>>> > >>>> Back to the drawing board :-) > >>>> > >>>> > >>>> > >>>> > >>>> The Manheim group of companies within the UK comprises: Manheim > Europe Limited (registered number: 03183918), Manheim Auctions Limited > (registered number: 00448761), Manheim Retail Services Limited (registered > number: 02838588), Motors.co.uk Limited (registered number: 05975777), > Real Time Communications Limited (registered number: 04277845) and Complete > Automotive Solutions Limited (registered number: 05302535). Each of these > companies is registered in England and Wales with the registered office > address of Central House, Leeds Road, Rothwell, Leeds LS26 0JE. The Manheim > group of companies operates under various brand/trading names including > Manheim Inspection Services, Manheim Auctions, Manheim Direct, Manheim > De-fleet and Manheim Aftersales Solutions. > >>>> > >>>> V:0CF72C13B2AC > >>>> > >>>> > >>>> > >>>> -- > >>>> Manage your subscription for the Freeipa-users mailing list: > >>>> https://www.redhat.com/mailman/listinfo/freeipa-users > >>>> Go to http://freeipa.org for more info on the project > >> > > > > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project > -------------- next part -------------- An HTML attachment was scrubbed... URL: From simo at redhat.com Thu Jan 28 17:01:29 2016 From: simo at redhat.com (Simo Sorce) Date: Thu, 28 Jan 2016 12:01:29 -0500 (EST) Subject: [Freeipa-users] Client-Install failures In-Reply-To: References: <56A9E2A1.8030203@redhat.com> <1063477297.13392692.1453978522689.JavaMail.zimbra@redhat.com> Message-ID: <1001833605.13561861.1454000489102.JavaMail.zimbra@redhat.com> It is where mod_auth_gssapi drops the ccache file indeed. But if it failed to do so you should have an authentication error in the logs. Can you check if you see anything in the error log, perhaps rasing logging level to debug. Simo. ----- Original Message ----- > From: "David Zabner" > To: "Simo Sorce" > Cc: "Martin Kosek" , freeipa-users at redhat.com > Sent: Thursday, January 28, 2016 10:18:06 AM > Subject: Re: [Freeipa-users] Client-Install failures > > Any guess as what it would be then? > The location that is ?missing a file? is specified by the gssapi config in > /etc/httpd/conf.d/ipa.conf. So I assumed that this would be a mod_gssapi > failure? > > > Thanks for your help, > David > > On Jan 28, 2016, at 5:55 AM, Simo Sorce wrote: > > > > Doesn't look related to mod_auth_gssapi, it's past it. > > > > ----- Original Message ----- > >> From: "Martin Kosek" > >> To: "David Zabner" , freeipa-users at redhat.com, "Simo > >> Sorce" > >> Sent: Thursday, January 28, 2016 4:42:57 AM > >> Subject: Re: [Freeipa-users] Client-Install failures > >> > >> On 01/26/2016 10:20 PM, David Zabner wrote: > >>> Hi All, > >>> I am working on automated deployment of ipa clients through a program > >>> called salt and have been seeing an issue. > >>> Specifically, calls to ipa.server.internal/ipa/json occasionally return a > >>> 500 error. This tends to occur while using ipa-client-install and ipa-dns > >>> commands. > >>> > >>> I am on free-ipa v 4.2.0 running on Centos 7 and will include the > >>> offending > >>> httpd error log. > >>> Thanks for your help, > >>> David > >> > >> CCing Simo, I wonder if this error could be some problem caused by > >> mod_auth_gssapi? > >> > >> [Tue Jan 26 20:28:00.456181 2016] [:error] [pid 9535] [remote > >> 10.11.135.180:220] mod_wsgi (pid=9535): Exception occurred processing WSGI > >> script '/usr/share/ipa/wsgi.py'. > >> [Tue Jan 26 20:28:00.456211 2016] [:error] [pid 9535] [remote > >> 10.11.135.180:220] Traceback (most recent call last): > >> [Tue Jan 26 20:28:00.456223 2016] [:error] [pid 9535] [remote > >> 10.11.135.180:220] File "/usr/share/ipa/wsgi.py", line 49, in > >> application > >> [Tue Jan 26 20:28:00.456245 2016] [:error] [pid 9535] [remote > >> 10.11.135.180:220] return api.Backend.wsgi_dispatch(environ, > >> start_response) > >> [Tue Jan 26 20:28:00.456251 2016] [:error] [pid 9535] [remote > >> 10.11.135.180:220] File > >> "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 258, in > >> __call__ > >> [Tue Jan 26 20:28:00.456263 2016] [:error] [pid 9535] [remote > >> 10.11.135.180:220] return self.route(environ, start_response) > >> [Tue Jan 26 20:28:00.456268 2016] [:error] [pid 9535] [remote > >> 10.11.135.180:220] File > >> "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 270, in > >> route > >> [Tue Jan 26 20:28:00.456276 2016] [:error] [pid 9535] [remote > >> 10.11.135.180:220] return app(environ, start_response) > >> [Tue Jan 26 20:28:00.456281 2016] [:error] [pid 9535] [remote > >> 10.11.135.180:220] File > >> "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 447, in > >> __call__ > >> [Tue Jan 26 20:28:00.456288 2016] [:error] [pid 9535] [remote > >> 10.11.135.180:220] response = super(jsonserver, > >> self).__call__(environ, > >> start_response) > >> [Tue Jan 26 20:28:00.456293 2016] [:error] [pid 9535] [remote > >> 10.11.135.180:220] File > >> "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 647, in > >> __call__ > >> [Tue Jan 26 20:28:00.456299 2016] [:error] [pid 9535] [remote > >> 10.11.135.180:220] 'xmlserver', user_ccache, environ, start_response, > >> headers) > >> [Tue Jan 26 20:28:00.456304 2016] [:error] [pid 9535] [remote > >> 10.11.135.180:220] File > >> "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 593, in > >> finalize_kerberos_acquisition > >> [Tue Jan 26 20:28:00.456310 2016] [:error] [pid 9535] [remote > >> 10.11.135.180:220] session_data['ccache_data'] = > >> load_ccache_data(ccache_name) > >> [Tue Jan 26 20:28:00.456315 2016] [:error] [pid 9535] [remote > >> 10.11.135.180:220] File > >> "/usr/lib/python2.7/site-packages/ipalib/session.py", > >> line 1231, in load_ccache_data > >> [Tue Jan 26 20:28:00.456330 2016] [:error] [pid 9535] [remote > >> 10.11.135.180:220] src = open(name) > >> [Tue Jan 26 20:28:00.456344 2016] [:error] [pid 9535] [remote > >> 10.11.135.180:220] IOError: [Errno 2] No such file or directory: > >> '/var/run/httpd/ipa/ clientcaches/admin at FOO.INTERNAL' > >> > >> Martin > >> > > From rcritten at redhat.com Thu Jan 28 17:08:15 2016 From: rcritten at redhat.com (Rob Crittenden) Date: Thu, 28 Jan 2016 12:08:15 -0500 Subject: [Freeipa-users] FREAK Vulnerability In-Reply-To: References: <56A0F065.7050407@redhat.com> <56A99DBD.4010409@redhat.com> <56AA2715.8010509@redhat.com> Message-ID: <56AA4AFF.5090805@redhat.com> Prasun Gera wrote: > Can someone at RH update this > article https://access.redhat.com/articles/1467293 ? I found it to be > fairly useful, but I'm not sure if it's up to date. mod_nss was rebased from 1.0.8 to 1.0.10 in 7.2 which added TLSv1.2 support. I'll notify the author. rob > > On Thu, Jan 28, 2016 at 11:04 AM, Terry John > > wrote: > > Ok thanks for that but I've had to give up, our freeipa server is > too critical to our business for me to continue even with outages of > one or two minutes. > > The Ciphers below were not recognised and when I just tried to > remove the export ciphers from the original list I got this error > (Netscape Portable Runtime error -12266 - An unknown SSL cipher > suite has been requested.) > > A type or a fundamental problem I don't know. > > I am working in an AWS environment and have tried making a clone and > working on that but freeipa just gets confused and stops. I suppose > another alternative is to build a freeipa server from scratch and > work on that. Seems an awful lot of work to remove one cipher :-( > > terry > > -----Original Message----- > From: Rob Crittenden [mailto:rcritten at redhat.com > ] > Sent: 28 January 2016 14:35 > To: Terry John; Marat Vyshegorodtsev; freeipa-users at redhat.com > > Subject: Re: [Freeipa-users] FREAK Vulnerability > > Terry John wrote: > > I'm really confused now. After the problem where my feeipa server > would not start and I had to use the backup I'm trying to do things > in small steps. > > > > Listening to everything that has been said (thanks) I edited > > slapd-/dse.ldif slapd-PKI-IPA/dse.ldif and changed the lines > > > > nsSSL3Ciphers: > > to > > nsSSL3Ciphers:+aes_128_sha_256,+aes_256_sha_256,+ecdhe_ecdsa_aes_128_g > > cm_sha_256,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ecdsa_aes_256_gcm_sha_384,+ > > ecdhe_ecdsa_aes_256_sha,+ecdhe_rsa_aes_128_gcm_sha_256,+ecdhe_rsa_aes_ > > 128_sha,+ecdhe_rsa_aes_256_gcm_sha_384,+ecdhe_rsa_aes_256_sha,+rsa_aes > > _128_gcm_sha_256,+rsa_aes_128_sha,+rsa_aes_256_gcm_sha_384,+rsa_aes_25 > > 6_sha > > (There is a space after the colon) > > > > Then I did a 'service ip restart' and when I looked the dse.ldif > files had reverted back to their original settings.. > > > > Where am I going wrong? > > dse.ldif is written out when the server shuts down so any changes > you make to it while 389-ds is running are lost. > > rob > > > > > Terry > > > > > > -----Original Message----- > > From: Rob Crittenden [mailto:rcritten at redhat.com > ] > > Sent: 28 January 2016 04:49 > > To: Marat Vyshegorodtsev; Terry John; freeipa-users at redhat.com > > > Subject: Re: [Freeipa-users] FREAK Vulnerability > > > > Marat Vyshegorodtsev wrote: > >> My two cents: > >> > >> My "magic" string for NSS is like this (I had to move to Fedora 23 > >> from CentOS in order to get more recent NSS version though): > >> > >> NSSProtocol TLSv1.2 > >> NSSCipherSuite > >> -All,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ecdsa_aes_256_sha,+ecdh_ecdsa_ae > >> s > >> _128_sha,+ecdh_ecdsa_aes_256_sha,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ecds > >> a > >> _aes_256_sha,+aes_256_sha_256,+aes_128_sha_256,+rsa_aes_128_gcm_sha_2 > >> 5 > >> 6,+ecdhe_ecdsa_aes_128_sha_256,+ecdhe_rsa_aes_128_sha_256,+ecdhe_ecds > >> a > >> _aes_128_gcm_sha_256,+ecdhe_rsa_aes_128_gcm_sha_256 > > > > The -All is a syntax error (ignored). All ciphers are disabled by > default anyway. > > > > I'd suggest using the ticket already referenced as a starting point. > > > > /usr/lib[64]/nss/unsupported-tools/listsuites is also handy to see > what is enabled by default in NSS (though again, everything is > disabled by mod_nss at startup). > > > > rob > > > >> > >> My cert is ECDSA private CA though. If you are interested, I can give > >> you my chef recipe snippets to configure it. > >> > >> On Thu, Jan 28, 2016 at 11:02 AM, Marat Vyshegorodtsev > >> > wrote: > >>> My two cents: > >>> > >>> My "magic" string for NSS is like this (I had to move to Fedora 23 > >>> from CentOS in order to get more recent NSS version though): > >>> > >>> NSSProtocol TLSv1.2 > >>> NSSCipherSuite > >>> -All,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ecdsa_aes_256_sha,+ecdh_ecdsa_a > >>> e > >>> s_128_sha,+ecdh_ecdsa_aes_256_sha,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ec > >>> d > >>> sa_aes_256_sha,+aes_256_sha_256,+aes_128_sha_256,+rsa_aes_128_gcm_sh > >>> a > >>> _256,+ecdhe_ecdsa_aes_128_sha_256,+ecdhe_rsa_aes_128_sha_256,+ecdhe_ > >>> e > >>> cdsa_aes_128_gcm_sha_256,+ecdhe_rsa_aes_128_gcm_sha_256 > >>> > >>> My cert is ECDSA private CA though. If you are interested, I can > >>> give you my chef recipe snippets to configure it. > >>> > >>> Marat > >>> > >>> On Fri, Jan 22, 2016 at 1:54 AM, Terry John > >>> > wrote: > >>>>>> I've been trying to tidy the security on my FreeIPA and this is > >>>>>> causing me some problems. I'm using OpenVAS vulnerability scanner > >>>>>> and it is coming up with this issue > >>>>>> > >>>>>> EXPORT_RSA cipher suites supported by the remote server: > >>>>>> TLSv1.0: TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0006) > >>>>>> TLSv1.0: TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0003) > >>>>>> > >>>>>> It seems we have to disable export TLS ciphers but I can't > see how. I've edited /etc/httpd/conf.d/nss.conf and disabled all SSL > and TLSV1.0. > >>>>> > >>>>>> NSSCipherSuite -all,-exp,+ > >>>>>> > >>>>>> I've restarted httpd and ipa but it still fails > >>>>>> > >>>>>> Is there something I have overlooked > >>>> > >>>> > >>>>> Hi Terry, > >>>>> > >>>>> Please check > >>>>> https://fedorahosted.org/freeipa/ticket/5589 > >>>>> > >>>>> We are trying to come up with a better cipher suite right now. > The fix should be in some of the next FreeIPA 4.3.x versions. > >>>>> > >>>>> The ticket has more details in it. > >>>> > >>>> Thanks for the info. I have tried nearly all the NSSCipherSuite > settings in that ticket but none so far has eliminated the FREAK report. > >>>> Christian thanks for the heads up on the syntax, I wasn't sure of > >>>> what I was doing > >>>> > >>>> Each time I've made a change I've run an sslscan from the > OpenVAS scanner and I do get a different result each time but the > errors still remains in OpenVAS. > >>>> Aaargh! Just noticed the port is 636/tcp(!) which is ns-slapd. > >>>> > >>>> Back to the drawing board :-) > >>>> > >>>> > >>>> > >>>> > >>>> The Manheim group of companies within the UK comprises: Manheim > Europe Limited (registered number: 03183918), Manheim Auctions > Limited (registered number: 00448761), Manheim Retail Services > Limited (registered number: 02838588), Motors.co.uk > Limited (registered number: 05975777), Real > Time Communications Limited (registered number: 04277845) and > Complete Automotive Solutions Limited (registered number: 05302535). > Each of these companies is registered in England and Wales with the > registered office address of Central House, Leeds Road, Rothwell, > Leeds LS26 0JE. The Manheim group of companies operates under > various brand/trading names including Manheim Inspection Services, > Manheim Auctions, Manheim Direct, Manheim De-fleet and Manheim > Aftersales Solutions. > >>>> > >>>> V:0CF72C13B2AC > >>>> > >>>> > >>>> > >>>> -- > >>>> Manage your subscription for the Freeipa-users mailing list: > >>>> https://www.redhat.com/mailman/listinfo/freeipa-users > >>>> Go to http://freeipa.org for more info on the project > >> > > > > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project > > From sbose at redhat.com Thu Jan 28 17:54:23 2016 From: sbose at redhat.com (Sumit Bose) Date: Thu, 28 Jan 2016 18:54:23 +0100 Subject: [Freeipa-users] Kerberos process coredump | authentication fails In-Reply-To: References: <20160128082401.GX19151@p.redhat.com> <20160128112357.GC19151@p.redhat.com> Message-ID: <20160128175423.GF19151@p.redhat.com> On Thu, Jan 28, 2016 at 09:36:55PM +0530, Prashant Bapat wrote: > Sure. Attached the stack trace with debuginfo installed. > > Thanks much! This looks very much like the issue Simo fixed recently, but unfortunately I think it is so recent that it is not available in any release package. Additionally it would be quite some effort for me the generate a F21 test build because as Lukas said F21 is already End-of-life and there is not infrastructure anymore to easily build F21 package. If it would be possible to upgrade to a newer version of Fedora I'd be happy to provide a test build with the patch. bye, Sumit > > On 28 January 2016 at 16:53, Sumit Bose wrote: > > > On Thu, Jan 28, 2016 at 04:42:20PM +0530, Prashant Bapat wrote: > > > gdb stacktrace attached. > > > > Can you install the debuginfo with > > > > debuginfo-install krb5-server-1.12.2-19.fc21.x86_64 > > > > as suggested by gdb and then call 'bt full' again to get more details. > > Additionally the debuginfo of the freeipa package might be missing as > > well. > > > > bye, > > Sumit > > > > > > On 28 January 2016 at 16:27, Prashant Bapat wrote: > > > > > > > Thanks Sumit. > > > > > > > > From the logs there is nothing unusual around the time of core dump. I > > > > found this one line odd though. > > > > > > > > *Jan 26 03:15:58 ipa.example.net > > > > krb5kdc[4471](Error): worker 4473 exited with status 134* > > > > > > > > > > > > Let me try to get the full BT. > > > > > > > > On 28 January 2016 at 13:54, Sumit Bose wrote: > > > > > > > >> On Thu, Jan 28, 2016 at 10:25:53AM +0530, Prashant Bapat wrote: > > > >> > Hi, > > > >> > > > > >> > We have a FreeIPA 4.1.4 setup on F21 servers. There is 1 master and > > 7 > > > >> > replicas in different regions. Earlier there was only 1 replica. > > Since I > > > >> > added new replicas, on the master node, once in a while the kerberos > > > >> > process dumps core and everything stops working - authentication, > > > >> > replication etc. If we restart everything using "ipactl restart" > > things > > > >> are > > > >> > back to normal. > > > >> > > > > >> > Attached is the output from journalctl for kerberos. > > > >> > > > > >> > Has anyone come across this ? Are there any pointers to > > troubleshooting > > > >> > this ? > > > >> > > > >> This might be fixed recently by a patch from Simo > > > >> (2144b1eeb789639b8a3df287b580aeb6196188a8). But to help to better > > > >> identify the issue the content of the kdc logs around the time of the > > > >> crash might be useful. Additionally a full backtrace which you can get > > > >> by calling > > > >> > > > >> coredumpclt gdb 4475 > > > >> > > > >> and then > > > >> > > > >> bt full > > > >> > > > >> bye, > > > >> Sumit > > > >> > > > >> > > > > >> > Any help is appreciated. > > > >> > > > > >> > Thanks. > > > >> > --Prashant > > > >> > > > >> > Jan 26 03:15:59 ipa.example.net systemd-coredump[5000]: Process > > 4475 > > > >> (krb5kdc) of user 0 dumped core. > > > >> > > > > >> > Stack trace > > of > > > >> thread 4475: > > > >> > #0 > > > >> 0x00007f99de8c18d7 raise (libc.so.6) > > > >> > #1 > > > >> 0x00007f99de8c353a abort (libc.so.6) > > > >> > #2 > > > >> 0x00007f99de8ba47d __assert_fail_base (libc.so.6) > > > >> > #3 > > > >> 0x00007f99de8ba532 __assert_fail (libc.so.6) > > > >> > #4 > > > >> 0x00007f99d783a78f ldap_get_values_len (libldap_r-2.4.so.2) > > > >> > #5 > > > >> 0x00007f99d7c8173e ipadb_ldap_attr_to_int (ipadb.so) > > > >> > #6 > > > >> 0x00007f99d7c83f9c ipadb_parse_ldap_entry (ipadb.so) > > > >> > #7 > > > >> 0x00007f99d7c849ab ipadb_get_principal (ipadb.so) > > > >> > #8 > > > >> 0x00007f99e0433b14 krb5_db_get_principal (libkdb5.so.7) > > > >> > #9 > > > >> 0x000055768457c230 process_tgs_req (krb5kdc) > > > >> > #10 > > > >> 0x0000557684579fe3 dispatch (krb5kdc) > > > >> > #11 > > > >> 0x000055768458d8a0 process_packet (krb5kdc) > > > >> > #12 > > > >> 0x00007f99dec4cc78 verto_fire (libverto.so.1) > > > >> > #13 > > > >> 0x00007f99d6fb72a3 epoll_event_loop_once (libtevent.so.0) > > > >> > #14 > > > >> 0x00007f99d6fb5787 std_event_loop_once (libtevent.so.0) > > > >> > #15 > > > >> 0x00007f99d6fb1fed _tevent_loop_once (libtevent.so.0) > > > >> > #16 > > > >> 0x00007f99dec4c3f7 verto_run (libverto.so.1) > > > >> > #17 > > > >> 0x00005576845795ab main (krb5kdc) > > > >> > #18 > > > >> 0x00007f99de8acfe0 __libc_start_main (libc.so.6) > > > >> > #19 > > > >> 0x00005576845798f0 _start (krb5kdc) > > > >> > > > > >> > Jan 26 03:15:59 ipa.example.net systemd-coredump[4999]: Process > > 4473 > > > >> (krb5kdc) of user 0 dumped core. > > > >> > > > > >> > Stack trace > > of > > > >> thread 4473: > > > >> > #0 > > > >> 0x00007f99de8c18d7 raise (libc.so.6) > > > >> > #1 > > > >> 0x00007f99de8c353a abort (libc.so.6) > > > >> > #2 > > > >> 0x00007f99de8ba47d __assert_fail_base (libc.so.6) > > > >> > #3 > > > >> 0x00007f99de8ba532 __assert_fail (libc.so.6) > > > >> > #4 > > > >> 0x00007f99d783a78f ldap_get_values_len (libldap_r-2.4.so.2) > > > >> > #5 > > > >> 0x00007f99d7c8173e ipadb_ldap_attr_to_int (ipadb.so) > > > >> > #6 > > > >> 0x00007f99d7c83f9c ipadb_parse_ldap_entry (ipadb.so) > > > >> > #7 > > > >> 0x00007f99d7c849ab ipadb_get_principal (ipadb.so) > > > >> > #8 > > > >> 0x00007f99e0433b14 krb5_db_get_principal (libkdb5.so.7) > > > >> > #9 > > > >> 0x000055768457c230 process_tgs_req (krb5kdc) > > > >> > #10 > > > >> 0x0000557684579fe3 dispatch (krb5kdc) > > > >> > #11 > > > >> 0x000055768458d8a0 process_packet (krb5kdc) > > > >> > #12 > > > >> 0x00007f99dec4cc78 verto_fire (libverto.so.1) > > > >> > #13 > > > >> 0x00007f99d6fb72a3 epoll_event_loop_once (libtevent.so.0) > > > >> > #14 > > > >> 0x00007f99d6fb5787 std_event_loop_once (libtevent.so.0) > > > >> > #15 > > > >> 0x00007f99d6fb1fed _tevent_loop_once (libtevent.so.0) > > > >> > #16 > > > >> 0x00007f99dec4c3f7 verto_run (libverto.so.1) > > > >> > #17 > > > >> 0x00005576845795ab main (krb5kdc) > > > >> > #18 > > > >> 0x00007f99de8acfe0 __libc_start_main (libc.so.6) > > > >> > #19 > > > >> 0x00005576845798f0 _start (krb5kdc) > > > >> > > > >> > -- > > > >> > Manage your subscription for the Freeipa-users mailing list: > > > >> > https://www.redhat.com/mailman/listinfo/freeipa-users > > > >> > Go to http://freeipa.org for more info on the project > > > >> > > > >> -- > > > >> Manage your subscription for the Freeipa-users mailing list: > > > >> https://www.redhat.com/mailman/listinfo/freeipa-users > > > >> Go to http://freeipa.org for more info on the project > > > >> > > > > > > > > > > > > > > > > From aizzo01 at harris.com Thu Jan 28 18:10:48 2016 From: aizzo01 at harris.com (Izzo, Anthony) Date: Thu, 28 Jan 2016 18:10:48 +0000 Subject: [Freeipa-users] Server error with multiple clients joining domain simultaneously Message-ID: <3ea77fa3e86442108d946548d3ec9912@MLBXCH13.cs.myharris.net> I'm seeing what feels like a concurrency error. I'm in a cloud environment and launching a group of instances which are all trying to join a domain at about the same time via ipa-client-install. Some of these operations succeed, and others fail. The error message on those that fail is that they failed to join the domain, and the HTTP response was 500 instead of 200. The Apache error_log file on the server, shows a python stack trace (which unfortunately I can't reproduce in its entirety here), which culminates in the complaint that a file (/var/run/httpd/ipa/clientcaches/@) was not found. What it seems like is that multiple attempts to join the domain from different hosts are stepping on one another. I'm wondering if I am trying to do something that is not supported, or if I have something misconfigured. I'm tempted to catch the error and retry after a random interval (the output of the failing command indicates that it is rolling back to the initial state) - that would be the easiest thing. But if this is pointing to an underlying error on my part I'd rather fix it if possible. Additional info in case it helps - I'm running RHEL7/FreeIPA4.2 on the servers (two in a replication agreement). I'm running RHEL6/FreeIPA3.0 on the clients (most recent attempt I tried to launch 7 instances, three of which failed). Thanks. Tony -------------- next part -------------- An HTML attachment was scrubbed... URL: From david at cazena.com Thu Jan 28 18:31:10 2016 From: david at cazena.com (David Zabner) Date: Thu, 28 Jan 2016 18:31:10 +0000 Subject: [Freeipa-users] Server error with multiple clients joining domain simultaneously In-Reply-To: <3ea77fa3e86442108d946548d3ec9912@MLBXCH13.cs.myharris.net> References: <3ea77fa3e86442108d946548d3ec9912@MLBXCH13.cs.myharris.net> Message-ID: This sounds exactly like the problem I am having. I will attach my error log. Is this what yours looks like? -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: error_log Type: application/octet-stream Size: 13575 bytes Desc: error_log URL: -------------- next part -------------- An HTML attachment was scrubbed... URL: From aizzo01 at harris.com Thu Jan 28 18:35:03 2016 From: aizzo01 at harris.com (Izzo, Anthony) Date: Thu, 28 Jan 2016 18:35:03 +0000 Subject: [Freeipa-users] Server error with multiple clients joining domain simultaneously In-Reply-To: References: <3ea77fa3e86442108d946548d3ec9912@MLBXCH13.cs.myharris.net> Message-ID: Yes, that's it! From: David Zabner [mailto:david at cazena.com] Sent: Thursday, January 28, 2016 1:31 PM To: Izzo, Anthony (U.S. Person) Cc: freeipa-users at redhat.com Subject: Re: [Freeipa-users] Server error with multiple clients joining domain simultaneously This sounds exactly like the problem I am having. I will attach my error log. Is this what yours looks like? -------------- next part -------------- An HTML attachment was scrubbed... URL: From aizzo01 at harris.com Thu Jan 28 18:44:15 2016 From: aizzo01 at harris.com (Izzo, Anthony) Date: Thu, 28 Jan 2016 18:44:15 +0000 Subject: [Freeipa-users] Server error with multiple clients joining domain simultaneously References: <3ea77fa3e86442108d946548d3ec9912@MLBXCH13.cs.myharris.net> Message-ID: <4a2d11b12ca143bdad38d4f5cbb9cbc0@MLBXCH13.cs.myharris.net> I should add that some of my team members have tried serializing their instance launches, and this problem does not seem to occur under those circumstances. (That's not a solution, just a data point for those interested in this behavior). Thanks. From: Izzo, Anthony (U.S. Person) Sent: Thursday, January 28, 2016 1:35 PM To: freeipa-users at redhat.com Cc: 'David Zabner' Subject: RE: [Freeipa-users] Server error with multiple clients joining domain simultaneously Yes, that's it! From: David Zabner [mailto:david at cazena.com] Sent: Thursday, January 28, 2016 1:31 PM To: Izzo, Anthony (U.S. Person) > Cc: freeipa-users at redhat.com Subject: Re: [Freeipa-users] Server error with multiple clients joining domain simultaneously This sounds exactly like the problem I am having. I will attach my error log. Is this what yours looks like? -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmj at ast.cam.ac.uk Thu Jan 28 18:56:14 2016 From: rmj at ast.cam.ac.uk (Roderick Johnstone) Date: Thu, 28 Jan 2016 18:56:14 +0000 Subject: [Freeipa-users] netapp unable to do ldap lookups over ssl to RHEL 7.2 ipa server In-Reply-To: <56AA1A1D.2080501@redhat.com> References: <56AA0ED9.9020505@ast.cam.ac.uk> <56AA1A1D.2080501@redhat.com> Message-ID: <56AA644E.3080000@ast.cam.ac.uk> On 28/01/16 13:39, Christian Heimes wrote: > On 2016-01-28 13:51, Roderick Johnstone wrote: >> Hi >> >> My netapp filer is happily doing ldap over ssl lookups for account >> information to my RHEL 6.7 testing ipa server >> (ipa-server-3.0.0-47.el6_7.1.x86_64). >> >> However, when I switch the filer to use my RHEL 7.2 ipa server >> (ipa-server-4.2.0-15.el7_2.3.x86_64) the lookup doesn't work. >> >> In the dirsrv log file I see entries like this: >> >> [28/Jan/2016:09:17:45 +0000] conn=1338 fd=112 slot=112 SSL connection >> from xxx.xxx.xxx.xxx to yyy.yyy.yy.yyy >> [28/Jan/2016:09:17:45 +0000] conn=1338 op=-1 fd=112 closed - Cannot >> communicate securely with peer: no common encryption algorithm(s). >> >> (xxx.xxx.xxx.xxx is the filer ip address and yyy.yyy.yyy.yyy is the ipa >> server ip address). >> >> Looking in the ldap directory for fields with cipher in the name shows a >> very different set of nssslenabledciphers between the two ipa-server >> versions. >> >> I wonder if this might be the issue? >> >> Can the ldap server tell me what ciphers its being requested to use by >> the filer? > > Yes, it looks like it is the issue. The supported cipher suites were > hardened a while ago. The ticket > https://fedorahosted.org/freeipa/ticket/4395 contains more information. > > During the TLS handshake the client sends a list of supported cipher > suites to the server. The server also has a list of supported cipher > suites. But the server never sends this list to the client. Instead it > picks one common cipher suite (usually the most secure) from the common > set of cipher suites. > > I don't know if you can get 389 DS to print the cipher suites. But you > can snoop the ciper suites from the TLS handshake with wireshark or > tshark. The handshake isnt't encrypted and can be captures on either the > host or the server. > > # tshark -Vx -Y "ssl.handshake.ciphersuites" -i YOUR_INTERFACE tcp port > ldaps > > Christian > Thanks Christian. Thats really helpful. Now I have a list of ciphers being asked for and I found that the ldap server logs which ciphers its using when it starts up file /var/log/dirsrv/slapd-/error. There isn't any overlap. I noticed that there is a setting in the dn: cn=encryption,cn=config allowWeakCipher: off and nsSSL3Ciphers: +all and found some documentation on this here: http://directory.fedoraproject.org/docs/389ds/design/nss-cipher-design.html So, maybe I could add one (or several) of the required ciphers to nsSSL3Ciphers or possibly as a last resort set allowWeakCipher: on? Roderick From david at cazena.com Thu Jan 28 19:17:30 2016 From: david at cazena.com (David Zabner) Date: Thu, 28 Jan 2016 19:17:30 +0000 Subject: [Freeipa-users] Server error with multiple clients joining domain simultaneously In-Reply-To: <4a2d11b12ca143bdad38d4f5cbb9cbc0@MLBXCH13.cs.myharris.net> References: <3ea77fa3e86442108d946548d3ec9912@MLBXCH13.cs.myharris.net> <4a2d11b12ca143bdad38d4f5cbb9cbc0@MLBXCH13.cs.myharris.net> Message-ID: I was guessing that it was a problem with mod_auth_gssapi and so I tried switching the auth method back to mod_auth_kerb which did not work. (although it is entirely possible that I did not switch it correctly) I did it by changing the gssapi settings in /etc/httpd/conf.d/ipa.conf to: AuthType Kerberos AuthName "Kerberos Login" KrbMethodNegotiate on KrbMethodK5Passwd off KrbServiceName HTTP KrbAuthRealms $realm Krb5KeyTab /etc/httpd/conf/ipa.keytab KrbSaveCredentials on KrbConstrainedDelegation on Require valid-user ErrorDocument 401 /ipa/errors/unauthorized.html It just seemed to cause other problems... On Jan 28, 2016, at 1:44 PM, Izzo, Anthony > wrote: I should add that some of my team members have tried serializing their instance launches, and this problem does not seem to occur under those circumstances. (That?s not a solution, just a data point for those interested in this behavior). Thanks. From: Izzo, Anthony (U.S. Person) Sent: Thursday, January 28, 2016 1:35 PM To: freeipa-users at redhat.com Cc: 'David Zabner' > Subject: RE: [Freeipa-users] Server error with multiple clients joining domain simultaneously Yes, that?s it! From: David Zabner [mailto:david at cazena.com] Sent: Thursday, January 28, 2016 1:31 PM To: Izzo, Anthony (U.S. Person) > Cc: freeipa-users at redhat.com Subject: Re: [Freeipa-users] Server error with multiple clients joining domain simultaneously This sounds exactly like the problem I am having. I will attach my error log. Is this what yours looks like? -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project -------------- next part -------------- An HTML attachment was scrubbed... URL: From edewata at redhat.com Thu Jan 28 20:45:09 2016 From: edewata at redhat.com (Endi Sukma Dewata) Date: Thu, 28 Jan 2016 15:45:09 -0500 (EST) Subject: [Freeipa-users] Upgrading from 3.0.0 CentOS6 to 4.2.3 CentOS7 In-Reply-To: References: <564F46BB.8060906@redhat.com> <56A79741.30707@redhat.com> <56A870AB.6080304@redhat.com> Message-ID: <826785667.16953246.1454013909460.JavaMail.zimbra@redhat.com> Hi, If you're cloning from an IPA running on RHEL/CentOS 6 with CA signed by another CA you are likely hitting this issue: https://bugzilla.redhat.com/show_bug.cgi?id=1291747 The bug has been fixed in this package: pki-ca-9.0.3-45. You'll need to install it on the master, then restart the server, then try cloning again. The latest PKI available on RHEL/CentOS 7 is version 10.2.5, but it's patched with relevant bug fixes from newer versions. If you're still having a problem, try enabling the debug log on the master and clone by setting the following property in CS.cfg: debug.level=1 See also: http://pki.fedoraproject.org/wiki/PKI_Server_Logs -- Endi S. Dewata ----- Original Message ----- > Hi Martin > > I am happy to provide the necessary information. What packages should i check > for? As for IPA we are IPA CA being signed with other CA > > Thank You > > On Wed, Jan 27, 2016 at 2:24 AM, Martin Kosek < mkosek at redhat.com > wrote: > > > On 01/26/2016 09:45 PM, Ash Alam wrote: > > I didnt want to dig up an old thread but i am running into this issue. The > > old thread points to Pki 10.2.6 as the solution but i am not seeing that > > package on centos 7.2. > > > > STDERR: ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to > > configure CA instance: Command ''/usr/sbin/pkispawn' '-s' 'CA' '-f' > > '/tmp/tmpHfdvFD'' returned non-zero exit status 1 > > CCing David and Endi, they might have an idea what is wrong. There were > several > recent fixes, to again fix RHEL-6 to RHEL-7 migration, we would need to check > if you have them installed. As for your RHEL-6 IPA setup, is it running with > External CA, i.e. IPA CA with being signed with other CA? > > > > > On Tue, Jan 26, 2016 at 12:14 PM, Ash Alam < aalam at paperlesspost.com > > > wrote: > > > >> thank you! Out of curiosity has anyone been able to automate this using > >> chef/puppet etc? > >> > >> On Tue, Jan 26, 2016 at 10:56 AM, Martin Kosek < mkosek at redhat.com > > >> wrote: > >> > >>> Did you follow the instructions in the error message? There is also a > >>> longer > >>> description here: > >>> > >>> > >>> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/upgrading.html#migrating-ipa-proc > >>> > >>> Martin > >>> > >>> On 01/26/2016 04:38 PM, Ash Alam wrote: > >>>> I wanted to follow up on this as i finally gotten around to doing the > >>>> upgrade. I an running into this error. I also found a bugzilla ticket. > >>> Do > >>>> you have to do some type of schema upgrade like you do with active > >>>> directory? > >>>> > >>>> https://bugzilla.redhat.com/show_bug.cgi?id=1235766 > >>>> > >>>> STDERR: ipa : CRITICAL The master CA directory server does > >>> not > >>>> have necessary schema. Please copy the following script to all CA > >>> masters > >>>> and run it on them: /usr/share/ipa/copy-schema-to-ca.py > >>>> > >>>> If you are certain that this is a false positive, use > >>>> --skip-schema-check. > >>>> > >>>> ipa.ipapython.install.cli.install_tool(Replica): ERROR IPA schema > >>>> missing on master CA directory server > >>>> > >>>> > >>>> > >>>> Thank You > >>>> > >>>> > >>>> > >>>> > >>>> On Fri, Nov 20, 2015 at 11:13 AM, Martin Kosek < mkosek at redhat.com > > >>> wrote: > >>>> > >>>>> On 11/20/2015 04:08 PM, Ash Alam wrote: > >>>>> > >>>>>> Most of the clients in my env are centos 6.6 with ipa 3.0.0 client > >>>>>> installed. I > >>>>>> if bring up a replica on centos 7.2 with ipa 4.2.3 server and then > >>> start > >>>>>> phasing out the older 3.0.0 servers. Will the client that are still > >>>>>> running the > >>>>>> older client software still work? > >>>>>> > >>>>> > >>>>> It should, yes. It is expected that there are RHEL/CentOS-6 clients > >>> with > >>>>> RHEL-7 FreeIPA servers. The older clients just won't be able to use the > >>>>> newest features. > >>>>> > >>>>> > >>>>>> On Fri, Nov 20, 2015 at 4:31 AM, Martin Kosek < mkosek at redhat.com > >>>>>> > wrote: > >>>>>> > >>>>>> On 11/19/2015 11:03 PM, Ash Alam wrote: > >>>>>> > >>>>>> Hello All > >>>>>> > >>>>>> I am looking for some advice on upgrading. Currently our > >>> FreeIPA > >>>>>> servers are > >>>>>> 3.0.0 on centos 6.6. We are looking to go to 4.2.3 Centos7. > >>> This > >>>>>> upgrade path > >>>>>> is not possible per IPA documentation. Minimum version > >>> required > >>>>>> is 3.3.x. I > >>>>>> have also found that cenos6 does not provide anything past > >>> 3.0.0. > >>>>>> > >>>>>> > >>>>>> And it won't. There are no plans in updating FreeIPA version in > >>>>>> RHEL/CentOS-6.x, we encourage people who want the new features to > >>>>>> migrate > >>>>>> to RHEL-7.x: > >>>>>> > >>>>>> > >>>>>> > >>> http://www.freeipa.org/page/Howto/Migration#Migrating_Identity_Management_in_RHEL.2FCentOS > >>>>>> > >>>>>> > >>>>>> > >>> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/upgrading.html#migrating-ipa-proc > >>>>>> > >>>>>> If you want to wait on CentOS-7.2, it should be in works now: > >>>>>> http://seven.centos.org/2015/11/rhel-7-2-released-today/ > >>>>>> > >>>>>> One idea is to upgrade to 3.3.x first and then upgrade to > >>> 4.2.3 > >>>>>> on centos7. > >>>>>> This is harder since centos does not provide this. The other > >>>>>> issue is if > >>>>>> 3.0/3.3 client will be supported with 4.2.3 server. > >>>>>> > >>>>>> > >>>>>> The right way is to migrate via creating replicas in > >>> RHEL/CentOS-7.x > >>>>>> and > >>>>>> slowly deprecating RHEL/CentOS-6 ones. Detailed procedure in the > >>>>>> links above. > >>>>>> > >>>>>> > >>>>>> > >>>>> > >>>> > >>> > >>> > >> > > > > > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project From jeff.hallyburton at bloomip.com Thu Jan 28 21:25:51 2016 From: jeff.hallyburton at bloomip.com (Jeff Hallyburton) Date: Thu, 28 Jan 2016 16:25:51 -0500 Subject: [Freeipa-users] SSSD Crash Causing Inaccessibility Message-ID: We saw the following happen on a system today, and wanted to follow up: System became unresponsive to ssh logins with the error: ssh -v incentives01 OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 4: Applying options for * debug1: Connecting to incentives01 [172.31.9.16] port 22. debug1: Connection established. debug1: identity file /home/jeff.hallyburton/.ssh/id_rsa type -1 debug1: identity file /home/jeff.hallyburton/.ssh/id_rsa-cert type -1 debug1: identity file /home/jeff.hallyburton/.ssh/id_dsa type -1 debug1: identity file /home/jeff.hallyburton/.ssh/id_dsa-cert type -1 debug1: identity file /home/jeff.hallyburton/.ssh/id_ecdsa type -1 debug1: identity file /home/jeff.hallyburton/.ssh/id_ecdsa-cert type -1 debug1: identity file /home/jeff.hallyburton/.ssh/id_ed25519 type -1 debug1: identity file /home/jeff.hallyburton/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.6.1 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1 debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5-etm at openssh.com none debug1: kex: client->server aes128-ctr hmac-md5-etm at openssh.com none debug1: kex: curve25519-sha256 at libssh.org need=16 dh_need=16 debug1: kex: curve25519-sha256 at libssh.org need=16 dh_need=16 debug1: sending SSH2_MSG_KEX_ECDH_INIT debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ECDSA 89:e0:f8:25:21:db:c9:46:67:14:38:0c:c1:f4:f7:51 debug1: Host 'incentives01' is known and matches the ECDSA host key. debug1: Found key in /home/jeff.hallyburton/.ssh/known_hosts:7 debug1: ssh_ecdsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received This is a private computer system which is restricted to authorized individuals. Actual or attempted unauthorized use of this computer system will result in criminal and/or civil prosecution. We reserve the right to view, monitor and record activity on the system without notice or permission. Any information obtained by monitoring, reviewing or recording is subject to review by law enforcement organizations in connection with the investigation or prosecution of possible criminal activity on this system. If you are not an authorized user of this system or do not consent to continued monitoring, disconnect at this time. debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic debug1: Next authentication method: gssapi-keyex debug1: No valid Key exchange context debug1: Next authentication method: gssapi-with-mic debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic Received disconnect from 172.31.9.16: 2: Too many authentication failures for jeff.hallyburton Ultimately we rebooted the node to restore connectivity. After we were back in, we're seeing that sssd crashed due what looks like a memory allocation error: /var/log/sssd/sssd.log # cat /var/log/sssd/sssd.log (Thu Jan 28 20:15:56 2016) [sssd] [mt_svc_sigkill] (0x0010): [enervee.com][620] is not responding to SIGTERM. Sending SIGKILL. (Thu Jan 28 20:16:27 2016) [sssd] [talloc_log_fn] (0x0010): talloc: access after free error - first free may be at src/monitor/monitor.c:2760 (Thu Jan 28 20:16:27 2016) [sssd] [talloc_log_fn] (0x0010): Bad talloc magic value - access after free /var/log/secure Jan 28 20:05:48 incentives01 sshd[26145]: Timeout, client not responding. Jan 28 20:05:48 incentives01 sshd[26142]: pam_unix(sshd:session): session closed for user Jan 28 20:16:28 incentives01 sshd[14504]: Timeout, client not responding. Jan 28 20:16:28 incentives01 sshd[14501]: pam_systemd(sshd:session): Failed to release session: Connection timed out Jan 28 20:16:28 incentives01 sshd[14501]: pam_unix(sshd:session): session closed for user Jan 28 20:16:28 incentives01 sshd[14501]: pam_sss(sshd:session): Request to sssd failed. Bad address Jan 28 20:16:29 incentives01 sshd[14501]: fatal: login_init_entry: Cannot find user Jan 28 20:21:40 incentives01 sshd[26882]: Invalid user from 172.31.8.34 The system may have simply run out of ram, but wanted to check to see if there were any known or contributing issues. Thanks, Jeff Jeff Hallyburton Strategic Systems Engineer Bloomip Inc. Web: http://www.bloomip.com Engineering Support: support at bloomip.com Billing Support: billing at bloomip.com Customer Support Portal: https://my.bloomip.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From lslebodn at redhat.com Thu Jan 28 23:22:56 2016 From: lslebodn at redhat.com (Lukas Slebodnik) Date: Fri, 29 Jan 2016 00:22:56 +0100 Subject: [Freeipa-users] SSSD Crash Causing Inaccessibility In-Reply-To: References: Message-ID: <20160128232255.GA18347@mail.corp.redhat.com> On (28/01/16 16:25), Jeff Hallyburton wrote: >We saw the following happen on a system today, and wanted to follow up: > >System became unresponsive to ssh logins with the error: > >ssh -v incentives01 > //snip ># cat /var/log/sssd/sssd.log > >(Thu Jan 28 20:15:56 2016) [sssd] [mt_svc_sigkill] (0x0010): [enervee.com][620] >is not responding to SIGTERM. Sending SIGKILL. > >(Thu Jan 28 20:16:27 2016) [sssd] [talloc_log_fn] (0x0010): talloc: access >after free error - first free may be at src/monitor/monitor.c:2760 > > >(Thu Jan 28 20:16:27 2016) [sssd] [talloc_log_fn] (0x0010): Bad talloc >magic value - access after free > There was a crash in sssd. It might explain why you cannot login. Which version of sssd do you have? LS From jeff.hallyburton at bloomip.com Thu Jan 28 23:37:35 2016 From: jeff.hallyburton at bloomip.com (Jeff Hallyburton) Date: Thu, 28 Jan 2016 18:37:35 -0500 Subject: [Freeipa-users] SSSD Crash Causing Inaccessibility In-Reply-To: <20160128232255.GA18347@mail.corp.redhat.com> References: <20160128232255.GA18347@mail.corp.redhat.com> Message-ID: Application logs showed this to be due to an OOM error, so no need to chase this further. Thanks for the quick response! Jeff Jeff Hallyburton Strategic Systems Engineer Bloomip Inc. Web: http://www.bloomip.com Engineering Support: support at bloomip.com Billing Support: billing at bloomip.com Customer Support Portal: https://my.bloomip.com On Thu, Jan 28, 2016 at 6:22 PM, Lukas Slebodnik wrote: > On (28/01/16 16:25), Jeff Hallyburton wrote: > >We saw the following happen on a system today, and wanted to follow up: > > > >System became unresponsive to ssh logins with the error: > > > >ssh -v incentives01 > > > //snip > > ># cat /var/log/sssd/sssd.log > > > >(Thu Jan 28 20:15:56 2016) [sssd] [mt_svc_sigkill] (0x0010): [enervee.com > ][620] > >is not responding to SIGTERM. Sending SIGKILL. > > > >(Thu Jan 28 20:16:27 2016) [sssd] [talloc_log_fn] (0x0010): talloc: access > >after free error - first free may be at src/monitor/monitor.c:2760 > > > > > >(Thu Jan 28 20:16:27 2016) [sssd] [talloc_log_fn] (0x0010): Bad talloc > >magic value - access after free > > > There was a crash in sssd. It might explain why you cannot login. > Which version of sssd do you have? > > LS > -------------- next part -------------- An HTML attachment was scrubbed... URL: From prashant at apigee.com Fri Jan 29 09:43:10 2016 From: prashant at apigee.com (Prashant Bapat) Date: Fri, 29 Jan 2016 15:13:10 +0530 Subject: [Freeipa-users] Kerberos process coredump | authentication fails In-Reply-To: <20160128175423.GF19151@p.redhat.com> References: <20160128082401.GX19151@p.redhat.com> <20160128112357.GC19151@p.redhat.com> <20160128175423.GF19151@p.redhat.com> Message-ID: We will have to run with F21 for now. There are plans for moving to CentOS 7.x in the near future. Until then, I'm afraid I will have to live with this. Thanks much Sumit for all your help in identifying this. Regards. --Prashant? On 28 January 2016 at 23:24, Sumit Bose wrote: > On Thu, Jan 28, 2016 at 09:36:55PM +0530, Prashant Bapat wrote: > > Sure. Attached the stack trace with debuginfo installed. > > > > Thanks much! > > This looks very much like the issue Simo fixed recently, but > unfortunately I think it is so recent that it is not available in any > release package. Additionally it would be quite some effort for me the > generate a F21 test build because as Lukas said F21 is already > End-of-life and there is not infrastructure anymore to easily build F21 > package. If it would be possible to upgrade to a newer version of Fedora > I'd be happy to provide a test build with the patch. > > bye, > Sumit > > > > > On 28 January 2016 at 16:53, Sumit Bose wrote: > > > > > On Thu, Jan 28, 2016 at 04:42:20PM +0530, Prashant Bapat wrote: > > > > gdb stacktrace attached. > > > > > > Can you install the debuginfo with > > > > > > debuginfo-install krb5-server-1.12.2-19.fc21.x86_64 > > > > > > as suggested by gdb and then call 'bt full' again to get more details. > > > Additionally the debuginfo of the freeipa package might be missing as > > > well. > > > > > > bye, > > > Sumit > > > > > > > > On 28 January 2016 at 16:27, Prashant Bapat > wrote: > > > > > > > > > Thanks Sumit. > > > > > > > > > > From the logs there is nothing unusual around the time of core > dump. I > > > > > found this one line odd though. > > > > > > > > > > *Jan 26 03:15:58 ipa.example.net > > > > > krb5kdc[4471](Error): worker 4473 exited with status 134* > > > > > > > > > > > > > > > Let me try to get the full BT. > > > > > > > > > > On 28 January 2016 at 13:54, Sumit Bose wrote: > > > > > > > > > >> On Thu, Jan 28, 2016 at 10:25:53AM +0530, Prashant Bapat wrote: > > > > >> > Hi, > > > > >> > > > > > >> > We have a FreeIPA 4.1.4 setup on F21 servers. There is 1 master > and > > > 7 > > > > >> > replicas in different regions. Earlier there was only 1 replica. > > > Since I > > > > >> > added new replicas, on the master node, once in a while the > kerberos > > > > >> > process dumps core and everything stops working - > authentication, > > > > >> > replication etc. If we restart everything using "ipactl restart" > > > things > > > > >> are > > > > >> > back to normal. > > > > >> > > > > > >> > Attached is the output from journalctl for kerberos. > > > > >> > > > > > >> > Has anyone come across this ? Are there any pointers to > > > troubleshooting > > > > >> > this ? > > > > >> > > > > >> This might be fixed recently by a patch from Simo > > > > >> (2144b1eeb789639b8a3df287b580aeb6196188a8). But to help to better > > > > >> identify the issue the content of the kdc logs around the time of > the > > > > >> crash might be useful. Additionally a full backtrace which you > can get > > > > >> by calling > > > > >> > > > > >> coredumpclt gdb 4475 > > > > >> > > > > >> and then > > > > >> > > > > >> bt full > > > > >> > > > > >> bye, > > > > >> Sumit > > > > >> > > > > >> > > > > > >> > Any help is appreciated. > > > > >> > > > > > >> > Thanks. > > > > >> > --Prashant > > > > >> > > > > >> > Jan 26 03:15:59 ipa.example.net systemd-coredump[5000]: Process > > > 4475 > > > > >> (krb5kdc) of user 0 dumped core. > > > > >> > > > > > >> > Stack > trace > > > of > > > > >> thread 4475: > > > > >> > #0 > > > > >> 0x00007f99de8c18d7 raise (libc.so.6) > > > > >> > #1 > > > > >> 0x00007f99de8c353a abort (libc.so.6) > > > > >> > #2 > > > > >> 0x00007f99de8ba47d __assert_fail_base (libc.so.6) > > > > >> > #3 > > > > >> 0x00007f99de8ba532 __assert_fail (libc.so.6) > > > > >> > #4 > > > > >> 0x00007f99d783a78f ldap_get_values_len (libldap_r-2.4.so.2) > > > > >> > #5 > > > > >> 0x00007f99d7c8173e ipadb_ldap_attr_to_int (ipadb.so) > > > > >> > #6 > > > > >> 0x00007f99d7c83f9c ipadb_parse_ldap_entry (ipadb.so) > > > > >> > #7 > > > > >> 0x00007f99d7c849ab ipadb_get_principal (ipadb.so) > > > > >> > #8 > > > > >> 0x00007f99e0433b14 krb5_db_get_principal (libkdb5.so.7) > > > > >> > #9 > > > > >> 0x000055768457c230 process_tgs_req (krb5kdc) > > > > >> > #10 > > > > >> 0x0000557684579fe3 dispatch (krb5kdc) > > > > >> > #11 > > > > >> 0x000055768458d8a0 process_packet (krb5kdc) > > > > >> > #12 > > > > >> 0x00007f99dec4cc78 verto_fire (libverto.so.1) > > > > >> > #13 > > > > >> 0x00007f99d6fb72a3 epoll_event_loop_once (libtevent.so.0) > > > > >> > #14 > > > > >> 0x00007f99d6fb5787 std_event_loop_once (libtevent.so.0) > > > > >> > #15 > > > > >> 0x00007f99d6fb1fed _tevent_loop_once (libtevent.so.0) > > > > >> > #16 > > > > >> 0x00007f99dec4c3f7 verto_run (libverto.so.1) > > > > >> > #17 > > > > >> 0x00005576845795ab main (krb5kdc) > > > > >> > #18 > > > > >> 0x00007f99de8acfe0 __libc_start_main (libc.so.6) > > > > >> > #19 > > > > >> 0x00005576845798f0 _start (krb5kdc) > > > > >> > > > > > >> > Jan 26 03:15:59 ipa.example.net systemd-coredump[4999]: Process > > > 4473 > > > > >> (krb5kdc) of user 0 dumped core. > > > > >> > > > > > >> > Stack > trace > > > of > > > > >> thread 4473: > > > > >> > #0 > > > > >> 0x00007f99de8c18d7 raise (libc.so.6) > > > > >> > #1 > > > > >> 0x00007f99de8c353a abort (libc.so.6) > > > > >> > #2 > > > > >> 0x00007f99de8ba47d __assert_fail_base (libc.so.6) > > > > >> > #3 > > > > >> 0x00007f99de8ba532 __assert_fail (libc.so.6) > > > > >> > #4 > > > > >> 0x00007f99d783a78f ldap_get_values_len (libldap_r-2.4.so.2) > > > > >> > #5 > > > > >> 0x00007f99d7c8173e ipadb_ldap_attr_to_int (ipadb.so) > > > > >> > #6 > > > > >> 0x00007f99d7c83f9c ipadb_parse_ldap_entry (ipadb.so) > > > > >> > #7 > > > > >> 0x00007f99d7c849ab ipadb_get_principal (ipadb.so) > > > > >> > #8 > > > > >> 0x00007f99e0433b14 krb5_db_get_principal (libkdb5.so.7) > > > > >> > #9 > > > > >> 0x000055768457c230 process_tgs_req (krb5kdc) > > > > >> > #10 > > > > >> 0x0000557684579fe3 dispatch (krb5kdc) > > > > >> > #11 > > > > >> 0x000055768458d8a0 process_packet (krb5kdc) > > > > >> > #12 > > > > >> 0x00007f99dec4cc78 verto_fire (libverto.so.1) > > > > >> > #13 > > > > >> 0x00007f99d6fb72a3 epoll_event_loop_once (libtevent.so.0) > > > > >> > #14 > > > > >> 0x00007f99d6fb5787 std_event_loop_once (libtevent.so.0) > > > > >> > #15 > > > > >> 0x00007f99d6fb1fed _tevent_loop_once (libtevent.so.0) > > > > >> > #16 > > > > >> 0x00007f99dec4c3f7 verto_run (libverto.so.1) > > > > >> > #17 > > > > >> 0x00005576845795ab main (krb5kdc) > > > > >> > #18 > > > > >> 0x00007f99de8acfe0 __libc_start_main (libc.so.6) > > > > >> > #19 > > > > >> 0x00005576845798f0 _start (krb5kdc) > > > > >> > > > > >> > -- > > > > >> > Manage your subscription for the Freeipa-users mailing list: > > > > >> > https://www.redhat.com/mailman/listinfo/freeipa-users > > > > >> > Go to http://freeipa.org for more info on the project > > > > >> > > > > >> -- > > > > >> Manage your subscription for the Freeipa-users mailing list: > > > > >> https://www.redhat.com/mailman/listinfo/freeipa-users > > > > >> Go to http://freeipa.org for more info on the project > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From cheimes at redhat.com Fri Jan 29 10:31:54 2016 From: cheimes at redhat.com (Christian Heimes) Date: Fri, 29 Jan 2016 11:31:54 +0100 Subject: [Freeipa-users] netapp unable to do ldap lookups over ssl to RHEL 7.2 ipa server In-Reply-To: <56AA644E.3080000@ast.cam.ac.uk> References: <56AA0ED9.9020505@ast.cam.ac.uk> <56AA1A1D.2080501@redhat.com> <56AA644E.3080000@ast.cam.ac.uk> Message-ID: <56AB3F9A.6050309@redhat.com> On 2016-01-28 19:56, Roderick Johnstone wrote: > On 28/01/16 13:39, Christian Heimes wrote: >> On 2016-01-28 13:51, Roderick Johnstone wrote: >>> Hi >>> >>> My netapp filer is happily doing ldap over ssl lookups for account >>> information to my RHEL 6.7 testing ipa server >>> (ipa-server-3.0.0-47.el6_7.1.x86_64). >>> >>> However, when I switch the filer to use my RHEL 7.2 ipa server >>> (ipa-server-4.2.0-15.el7_2.3.x86_64) the lookup doesn't work. >>> >>> In the dirsrv log file I see entries like this: >>> >>> [28/Jan/2016:09:17:45 +0000] conn=1338 fd=112 slot=112 SSL connection >>> from xxx.xxx.xxx.xxx to yyy.yyy.yy.yyy >>> [28/Jan/2016:09:17:45 +0000] conn=1338 op=-1 fd=112 closed - Cannot >>> communicate securely with peer: no common encryption algorithm(s). >>> >>> (xxx.xxx.xxx.xxx is the filer ip address and yyy.yyy.yyy.yyy is the ipa >>> server ip address). >>> >>> Looking in the ldap directory for fields with cipher in the name shows a >>> very different set of nssslenabledciphers between the two ipa-server >>> versions. >>> >>> I wonder if this might be the issue? >>> >>> Can the ldap server tell me what ciphers its being requested to use by >>> the filer? >> >> Yes, it looks like it is the issue. The supported cipher suites were >> hardened a while ago. The ticket >> https://fedorahosted.org/freeipa/ticket/4395 contains more information. >> >> During the TLS handshake the client sends a list of supported cipher >> suites to the server. The server also has a list of supported cipher >> suites. But the server never sends this list to the client. Instead it >> picks one common cipher suite (usually the most secure) from the common >> set of cipher suites. >> >> I don't know if you can get 389 DS to print the cipher suites. But you >> can snoop the ciper suites from the TLS handshake with wireshark or >> tshark. The handshake isnt't encrypted and can be captures on either the >> host or the server. >> >> # tshark -Vx -Y "ssl.handshake.ciphersuites" -i YOUR_INTERFACE tcp port >> ldaps >> >> Christian >> > > Thanks Christian. Thats really helpful. > > Now I have a list of ciphers being asked for and I found that the ldap > server logs which ciphers its using when it starts up file > /var/log/dirsrv/slapd-/error. There isn't any overlap. > > I noticed that there is a setting in the > dn: cn=encryption,cn=config > allowWeakCipher: off > > and > nsSSL3Ciphers: +all > > and found some documentation on this here: > http://directory.fedoraproject.org/docs/389ds/design/nss-cipher-design.html > > So, maybe I could add one (or several) of the required ciphers to > nsSSL3Ciphers or possibly as a last resort set allowWeakCipher: on? Hi Roderick, I highly recommend against lowering the settings. Weak ciphers are broken and insecure ciphers, some even with NULL encryption or no authentication. At best weak ciphers may (!) protect your against a passive sniffer and incompetent attacker. They won't protect you against a serious attack. Are you able to reconfigure or update the client? Does the client even speak TLS 1.0 to the server or is it restricted to SSLv2 and SSLv3? If you show me the complete handshake, I can give you further advice. The handshake output of tshark starts like this: Secure Sockets Layer SSL Record Layer: Handshake Protocol: Client Hello Content Type: Handshake (22) Version: TLS 1.0 (0x0301) Christian -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: OpenPGP digital signature URL: From pspacek at redhat.com Fri Jan 29 11:35:41 2016 From: pspacek at redhat.com (Petr Spacek) Date: Fri, 29 Jan 2016 12:35:41 +0100 Subject: [Freeipa-users] Server error with multiple clients joining domain simultaneously In-Reply-To: References: <3ea77fa3e86442108d946548d3ec9912@MLBXCH13.cs.myharris.net> <4a2d11b12ca143bdad38d4f5cbb9cbc0@MLBXCH13.cs.myharris.net> Message-ID: <56AB4E8C.9000809@redhat.com> Interesting, we have to investigate it! Here is a ticket: https://fedorahosted.org/freeipa/ticket/5653 You can Cc yourself to it and watch the progress. Petr^2 Spacek On 28.1.2016 20:17, David Zabner wrote: > I was guessing that it was a problem with mod_auth_gssapi and so I tried switching the auth method back to mod_auth_kerb which did not work. (although it is entirely possible that I did not switch it correctly) > > I did it by changing the gssapi settings in /etc/httpd/conf.d/ipa.conf to: > > AuthType Kerberos > AuthName "Kerberos Login" > KrbMethodNegotiate on > KrbMethodK5Passwd off > KrbServiceName HTTP > KrbAuthRealms $realm > Krb5KeyTab /etc/httpd/conf/ipa.keytab > KrbSaveCredentials on > KrbConstrainedDelegation on > Require valid-user > ErrorDocument 401 /ipa/errors/unauthorized.html > > It just seemed to cause other problems... > > On Jan 28, 2016, at 1:44 PM, Izzo, Anthony > wrote: > > I should add that some of my team members have tried serializing their instance launches, and this problem does not seem to occur under those circumstances. (That?s not a solution, just a data point for those interested in this behavior). Thanks. > > > From: Izzo, Anthony (U.S. Person) > Sent: Thursday, January 28, 2016 1:35 PM > To: freeipa-users at redhat.com > Cc: 'David Zabner' > > Subject: RE: [Freeipa-users] Server error with multiple clients joining domain simultaneously > > Yes, that?s it! > > From: David Zabner [mailto:david at cazena.com] > Sent: Thursday, January 28, 2016 1:31 PM > To: Izzo, Anthony (U.S. Person) > > Cc: freeipa-users at redhat.com > Subject: Re: [Freeipa-users] Server error with multiple clients joining domain simultaneously > > This sounds exactly like the problem I am having. I will attach my error log. Is this what yours looks like? > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project > > > -- Petr^2 Spacek From rmj at ast.cam.ac.uk Fri Jan 29 12:03:21 2016 From: rmj at ast.cam.ac.uk (Roderick Johnstone) Date: Fri, 29 Jan 2016 12:03:21 +0000 Subject: [Freeipa-users] netapp unable to do ldap lookups over ssl to RHEL 7.2 ipa server In-Reply-To: <56AB3F9A.6050309@redhat.com> References: <56AA0ED9.9020505@ast.cam.ac.uk> <56AA1A1D.2080501@redhat.com> <56AA644E.3080000@ast.cam.ac.uk> <56AB3F9A.6050309@redhat.com> Message-ID: <56AB5509.2040403@ast.cam.ac.uk> On 29/01/16 10:31, Christian Heimes wrote: > On 2016-01-28 19:56, Roderick Johnstone wrote: >> On 28/01/16 13:39, Christian Heimes wrote: >>> On 2016-01-28 13:51, Roderick Johnstone wrote: >>>> Hi >>>> >>>> My netapp filer is happily doing ldap over ssl lookups for account >>>> information to my RHEL 6.7 testing ipa server >>>> (ipa-server-3.0.0-47.el6_7.1.x86_64). >>>> >>>> However, when I switch the filer to use my RHEL 7.2 ipa server >>>> (ipa-server-4.2.0-15.el7_2.3.x86_64) the lookup doesn't work. >>>> >>>> In the dirsrv log file I see entries like this: >>>> >>>> [28/Jan/2016:09:17:45 +0000] conn=1338 fd=112 slot=112 SSL connection >>>> from xxx.xxx.xxx.xxx to yyy.yyy.yy.yyy >>>> [28/Jan/2016:09:17:45 +0000] conn=1338 op=-1 fd=112 closed - Cannot >>>> communicate securely with peer: no common encryption algorithm(s). >>>> >>>> (xxx.xxx.xxx.xxx is the filer ip address and yyy.yyy.yyy.yyy is the ipa >>>> server ip address). >>>> >>>> Looking in the ldap directory for fields with cipher in the name shows a >>>> very different set of nssslenabledciphers between the two ipa-server >>>> versions. >>>> >>>> I wonder if this might be the issue? >>>> >>>> Can the ldap server tell me what ciphers its being requested to use by >>>> the filer? >>> >>> Yes, it looks like it is the issue. The supported cipher suites were >>> hardened a while ago. The ticket >>> https://fedorahosted.org/freeipa/ticket/4395 contains more information. >>> >>> During the TLS handshake the client sends a list of supported cipher >>> suites to the server. The server also has a list of supported cipher >>> suites. But the server never sends this list to the client. Instead it >>> picks one common cipher suite (usually the most secure) from the common >>> set of cipher suites. >>> >>> I don't know if you can get 389 DS to print the cipher suites. But you >>> can snoop the ciper suites from the TLS handshake with wireshark or >>> tshark. The handshake isnt't encrypted and can be captures on either the >>> host or the server. >>> >>> # tshark -Vx -Y "ssl.handshake.ciphersuites" -i YOUR_INTERFACE tcp port >>> ldaps >>> >>> Christian >>> >> >> Thanks Christian. Thats really helpful. >> >> Now I have a list of ciphers being asked for and I found that the ldap >> server logs which ciphers its using when it starts up file >> /var/log/dirsrv/slapd-/error. There isn't any overlap. >> >> I noticed that there is a setting in the >> dn: cn=encryption,cn=config >> allowWeakCipher: off >> >> and >> nsSSL3Ciphers: +all >> >> and found some documentation on this here: >> http://directory.fedoraproject.org/docs/389ds/design/nss-cipher-design.html >> >> So, maybe I could add one (or several) of the required ciphers to >> nsSSL3Ciphers or possibly as a last resort set allowWeakCipher: on? > > Hi Roderick, > > I highly recommend against lowering the settings. Weak ciphers are > broken and insecure ciphers, some even with NULL encryption or no > authentication. At best weak ciphers may (!) protect your against a > passive sniffer and incompetent attacker. They won't protect you against > a serious attack. > > Are you able to reconfigure or update the client? Does the client even > speak TLS 1.0 to the server or is it restricted to SSLv2 and SSLv3? > > If you show me the complete handshake, I can give you further advice. > The handshake output of tshark starts like this: > > Secure Sockets Layer > SSL Record Layer: Handshake Protocol: Client Hello > Content Type: Handshake (22) > Version: TLS 1.0 (0x0301) > > Christian > > Christian I don't think we have much control over the available client ciphers. We are running the latest Data OnTap version for our natapps so we have what we have. The netapp can do TLSv1 though. We do have firewalling on the ipa servers so that will help until one of our trusted networks is compromised! I'll send you the handshake output from tshark off list. Thanks Roderick From harald.dunkel at aixigo.de Fri Jan 29 12:20:56 2016 From: harald.dunkel at aixigo.de (Harald Dunkel) Date: Fri, 29 Jan 2016 13:20:56 +0100 Subject: [Freeipa-users] Joining realm failed with "SSL certificate problem: self signed certificate in certificate chain" Message-ID: <56AB5928.9090103@aixigo.de> Hi folks, Problem: ipa-client-install fails with # rm -f /etc/ipa/ca.crt # ipa-client-install Discovery was successful! Hostname: srvl023.ac.example.com Realm: EXAMPLE.COM DNS Domain: example.com IPA Server: ipa1.example.com BaseDN: dc=example,dc=com Continue to configure the system with these values? [no]: yes Synchronizing time with KDC... Unable to sync time with IPA NTP server, assuming the time is in sync. Please check that 123 UDP port is opened. User authorized to enroll computers: admin Password for admin at EXAMPLE.COM: Successfully retrieved CA cert Subject: CN=Certificate Authority,O=example AG,C=COM Issuer: CN=example Root CA,OU=example Certificate Authority,O=example AG,C=COM Valid From: Mon Dec 28 10:35:30 2015 UTC Valid Until: Mon Dec 31 23:59:59 2035 UTC Joining realm failed: libcurl failed to execute the HTTP POST transaction, explaining: SSL certificate problem: self signed certificate in certificate chain Installation failed. Rolling back changes. IPA client is not configured on this system. ??? Is this the chain sent from the ipa server to the new host? Every helpful idea would be highly appreciated. Regards Harri From cheimes at redhat.com Fri Jan 29 12:27:54 2016 From: cheimes at redhat.com (Christian Heimes) Date: Fri, 29 Jan 2016 13:27:54 +0100 Subject: [Freeipa-users] netapp unable to do ldap lookups over ssl to RHEL 7.2 ipa server In-Reply-To: <56AB5509.2040403@ast.cam.ac.uk> References: <56AA0ED9.9020505@ast.cam.ac.uk> <56AA1A1D.2080501@redhat.com> <56AA644E.3080000@ast.cam.ac.uk> <56AB3F9A.6050309@redhat.com> <56AB5509.2040403@ast.cam.ac.uk> Message-ID: <56AB5ACA.3080909@redhat.com> On 2016-01-29 13:03, Roderick Johnstone wrote: > On 29/01/16 10:31, Christian Heimes wrote: >> On 2016-01-28 19:56, Roderick Johnstone wrote: >>> On 28/01/16 13:39, Christian Heimes wrote: >>>> On 2016-01-28 13:51, Roderick Johnstone wrote: >>>>> Hi >>>>> >>>>> My netapp filer is happily doing ldap over ssl lookups for account >>>>> information to my RHEL 6.7 testing ipa server >>>>> (ipa-server-3.0.0-47.el6_7.1.x86_64). >>>>> >>>>> However, when I switch the filer to use my RHEL 7.2 ipa server >>>>> (ipa-server-4.2.0-15.el7_2.3.x86_64) the lookup doesn't work. >>>>> >>>>> In the dirsrv log file I see entries like this: >>>>> >>>>> [28/Jan/2016:09:17:45 +0000] conn=1338 fd=112 slot=112 SSL connection >>>>> from xxx.xxx.xxx.xxx to yyy.yyy.yy.yyy >>>>> [28/Jan/2016:09:17:45 +0000] conn=1338 op=-1 fd=112 closed - Cannot >>>>> communicate securely with peer: no common encryption algorithm(s). >>>>> >>>>> (xxx.xxx.xxx.xxx is the filer ip address and yyy.yyy.yyy.yyy is the >>>>> ipa >>>>> server ip address). >>>>> >>>>> Looking in the ldap directory for fields with cipher in the name >>>>> shows a >>>>> very different set of nssslenabledciphers between the two ipa-server >>>>> versions. >>>>> >>>>> I wonder if this might be the issue? >>>>> >>>>> Can the ldap server tell me what ciphers its being requested to use by >>>>> the filer? >>>> >>>> Yes, it looks like it is the issue. The supported cipher suites were >>>> hardened a while ago. The ticket >>>> https://fedorahosted.org/freeipa/ticket/4395 contains more information. >>>> >>>> During the TLS handshake the client sends a list of supported cipher >>>> suites to the server. The server also has a list of supported cipher >>>> suites. But the server never sends this list to the client. Instead it >>>> picks one common cipher suite (usually the most secure) from the common >>>> set of cipher suites. >>>> >>>> I don't know if you can get 389 DS to print the cipher suites. But you >>>> can snoop the ciper suites from the TLS handshake with wireshark or >>>> tshark. The handshake isnt't encrypted and can be captures on either >>>> the >>>> host or the server. >>>> >>>> # tshark -Vx -Y "ssl.handshake.ciphersuites" -i YOUR_INTERFACE tcp port >>>> ldaps >>>> >>>> Christian >>>> >>> >>> Thanks Christian. Thats really helpful. >>> >>> Now I have a list of ciphers being asked for and I found that the ldap >>> server logs which ciphers its using when it starts up file >>> /var/log/dirsrv/slapd-/error. There isn't any overlap. >>> >>> I noticed that there is a setting in the >>> dn: cn=encryption,cn=config >>> allowWeakCipher: off >>> >>> and >>> nsSSL3Ciphers: +all >>> >>> and found some documentation on this here: >>> http://directory.fedoraproject.org/docs/389ds/design/nss-cipher-design.html >>> >>> >>> So, maybe I could add one (or several) of the required ciphers to >>> nsSSL3Ciphers or possibly as a last resort set allowWeakCipher: on? >> >> Hi Roderick, >> >> I highly recommend against lowering the settings. Weak ciphers are >> broken and insecure ciphers, some even with NULL encryption or no >> authentication. At best weak ciphers may (!) protect your against a >> passive sniffer and incompetent attacker. They won't protect you against >> a serious attack. >> >> Are you able to reconfigure or update the client? Does the client even >> speak TLS 1.0 to the server or is it restricted to SSLv2 and SSLv3? >> >> If you show me the complete handshake, I can give you further advice. >> The handshake output of tshark starts like this: >> >> Secure Sockets Layer >> SSL Record Layer: Handshake Protocol: Client Hello >> Content Type: Handshake (22) >> Version: TLS 1.0 (0x0301) >> >> Christian >> >> > > Christian > > I don't think we have much control over the available client ciphers. We > are running the latest Data OnTap version for our natapps so we have > what we have. The netapp can do TLSv1 though. > > We do have firewalling on the ipa servers so that will help until one of > our trusted networks is compromised! > > I'll send you the handshake output from tshark off list. Hi Roderick, thanks for the handshake. It looks like the application initiates a SSLv2 handshake and then does a protocol upgrade to TLS 1.0. This alone makes the connection vulnerable to a man-in-the-middle attacks. You should disable SSLv2 and SSLv3 on the client app ASAP. The broken versions must be disabled on both sides. The cipher suite list is horrible, too. You don't want anything with SSL2, RC2, RC4, DES, DSS, DHE, MD5 or EXPORT in its name. TLS_RSA_WITH_3DES_EDE_CBC_SHA is the only cipher suite that is remotely good. 3DES is slow but not entirely broken as RC4. TLS/SSL in CBC mode has issues with padding, because TLS does MAC-then-encrypt. Christian -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: OpenPGP digital signature URL: From lslebodn at redhat.com Fri Jan 29 12:49:15 2016 From: lslebodn at redhat.com (Lukas Slebodnik) Date: Fri, 29 Jan 2016 13:49:15 +0100 Subject: [Freeipa-users] SSSD Crash Causing Inaccessibility In-Reply-To: References: <20160128232255.GA18347@mail.corp.redhat.com> Message-ID: <20160129124915.GK24839@mail.corp.redhat.com> On (28/01/16 18:37), Jeff Hallyburton wrote: >Application logs showed this to be due to an OOM error, so no need to chase >this further. Thanks for the quick response! > Even though it was OOM. I would still be interested in version of sssd. "access after free error" is bed error. Do you have a coredump. It might be stored by abrt or systemd-coredumpd (coredumpctl) LS From rmj at ast.cam.ac.uk Fri Jan 29 13:08:40 2016 From: rmj at ast.cam.ac.uk (Roderick Johnstone) Date: Fri, 29 Jan 2016 13:08:40 +0000 Subject: [Freeipa-users] netapp unable to do ldap lookups over ssl to RHEL 7.2 ipa server In-Reply-To: <56AB5ACA.3080909@redhat.com> References: <56AA0ED9.9020505@ast.cam.ac.uk> <56AA1A1D.2080501@redhat.com> <56AA644E.3080000@ast.cam.ac.uk> <56AB3F9A.6050309@redhat.com> <56AB5509.2040403@ast.cam.ac.uk> <56AB5ACA.3080909@redhat.com> Message-ID: <56AB6458.8050805@ast.cam.ac.uk> On 29/01/16 12:27, Christian Heimes wrote: > On 2016-01-29 13:03, Roderick Johnstone wrote: >> On 29/01/16 10:31, Christian Heimes wrote: >>> On 2016-01-28 19:56, Roderick Johnstone wrote: >>>> On 28/01/16 13:39, Christian Heimes wrote: >>>>> On 2016-01-28 13:51, Roderick Johnstone wrote: >>>>>> Hi >>>>>> >>>>>> My netapp filer is happily doing ldap over ssl lookups for account >>>>>> information to my RHEL 6.7 testing ipa server >>>>>> (ipa-server-3.0.0-47.el6_7.1.x86_64). >>>>>> >>>>>> However, when I switch the filer to use my RHEL 7.2 ipa server >>>>>> (ipa-server-4.2.0-15.el7_2.3.x86_64) the lookup doesn't work. >>>>>> >>>>>> In the dirsrv log file I see entries like this: >>>>>> >>>>>> [28/Jan/2016:09:17:45 +0000] conn=1338 fd=112 slot=112 SSL connection >>>>>> from xxx.xxx.xxx.xxx to yyy.yyy.yy.yyy >>>>>> [28/Jan/2016:09:17:45 +0000] conn=1338 op=-1 fd=112 closed - Cannot >>>>>> communicate securely with peer: no common encryption algorithm(s). >>>>>> >>>>>> (xxx.xxx.xxx.xxx is the filer ip address and yyy.yyy.yyy.yyy is the >>>>>> ipa >>>>>> server ip address). >>>>>> >>>>>> Looking in the ldap directory for fields with cipher in the name >>>>>> shows a >>>>>> very different set of nssslenabledciphers between the two ipa-server >>>>>> versions. >>>>>> >>>>>> I wonder if this might be the issue? >>>>>> >>>>>> Can the ldap server tell me what ciphers its being requested to use by >>>>>> the filer? >>>>> >>>>> Yes, it looks like it is the issue. The supported cipher suites were >>>>> hardened a while ago. The ticket >>>>> https://fedorahosted.org/freeipa/ticket/4395 contains more information. >>>>> >>>>> During the TLS handshake the client sends a list of supported cipher >>>>> suites to the server. The server also has a list of supported cipher >>>>> suites. But the server never sends this list to the client. Instead it >>>>> picks one common cipher suite (usually the most secure) from the common >>>>> set of cipher suites. >>>>> >>>>> I don't know if you can get 389 DS to print the cipher suites. But you >>>>> can snoop the ciper suites from the TLS handshake with wireshark or >>>>> tshark. The handshake isnt't encrypted and can be captures on either >>>>> the >>>>> host or the server. >>>>> >>>>> # tshark -Vx -Y "ssl.handshake.ciphersuites" -i YOUR_INTERFACE tcp port >>>>> ldaps >>>>> >>>>> Christian >>>>> >>>> >>>> Thanks Christian. Thats really helpful. >>>> >>>> Now I have a list of ciphers being asked for and I found that the ldap >>>> server logs which ciphers its using when it starts up file >>>> /var/log/dirsrv/slapd-/error. There isn't any overlap. >>>> >>>> I noticed that there is a setting in the >>>> dn: cn=encryption,cn=config >>>> allowWeakCipher: off >>>> >>>> and >>>> nsSSL3Ciphers: +all >>>> >>>> and found some documentation on this here: >>>> http://directory.fedoraproject.org/docs/389ds/design/nss-cipher-design.html >>>> >>>> >>>> So, maybe I could add one (or several) of the required ciphers to >>>> nsSSL3Ciphers or possibly as a last resort set allowWeakCipher: on? >>> >>> Hi Roderick, >>> >>> I highly recommend against lowering the settings. Weak ciphers are >>> broken and insecure ciphers, some even with NULL encryption or no >>> authentication. At best weak ciphers may (!) protect your against a >>> passive sniffer and incompetent attacker. They won't protect you against >>> a serious attack. >>> >>> Are you able to reconfigure or update the client? Does the client even >>> speak TLS 1.0 to the server or is it restricted to SSLv2 and SSLv3? >>> >>> If you show me the complete handshake, I can give you further advice. >>> The handshake output of tshark starts like this: >>> >>> Secure Sockets Layer >>> SSL Record Layer: Handshake Protocol: Client Hello >>> Content Type: Handshake (22) >>> Version: TLS 1.0 (0x0301) >>> >>> Christian >>> >>> >> >> Christian >> >> I don't think we have much control over the available client ciphers. We >> are running the latest Data OnTap version for our natapps so we have >> what we have. The netapp can do TLSv1 though. >> >> We do have firewalling on the ipa servers so that will help until one of >> our trusted networks is compromised! >> >> I'll send you the handshake output from tshark off list. > > Hi Roderick, > > thanks for the handshake. It looks like the application initiates a > SSLv2 handshake and then does a protocol upgrade to TLS 1.0. This alone > makes the connection vulnerable to a man-in-the-middle attacks. You > should disable SSLv2 and SSLv3 on the client app ASAP. The broken > versions must be disabled on both sides. > > The cipher suite list is horrible, too. You don't want anything with > SSL2, RC2, RC4, DES, DSS, DHE, MD5 or EXPORT in its name. > TLS_RSA_WITH_3DES_EDE_CBC_SHA is the only cipher suite that is remotely > good. 3DES is slow but not entirely broken as RC4. TLS/SSL in CBC mode > has issues with padding, because TLS does MAC-then-encrypt. > > Christian > Hi Christian Many thanks for the advice. I might even open a call with netapp about this. Will report back when I make some progress. Roderick From rcritten at redhat.com Fri Jan 29 15:12:06 2016 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 29 Jan 2016 10:12:06 -0500 Subject: [Freeipa-users] Joining realm failed with "SSL certificate problem: self signed certificate in certificate chain" In-Reply-To: <56AB5928.9090103@aixigo.de> References: <56AB5928.9090103@aixigo.de> Message-ID: <56AB8146.1080002@redhat.com> Harald Dunkel wrote: > Hi folks, > > Problem: ipa-client-install fails with > > # rm -f /etc/ipa/ca.crt > # ipa-client-install > Discovery was successful! > Hostname: srvl023.ac.example.com > Realm: EXAMPLE.COM > DNS Domain: example.com > IPA Server: ipa1.example.com > BaseDN: dc=example,dc=com > > Continue to configure the system with these values? [no]: yes > Synchronizing time with KDC... > Unable to sync time with IPA NTP server, assuming the time is in sync. Please check that 123 UDP port is opened. > User authorized to enroll computers: admin > Password for admin at EXAMPLE.COM: > Successfully retrieved CA cert > Subject: CN=Certificate Authority,O=example AG,C=COM > Issuer: CN=example Root CA,OU=example Certificate Authority,O=example AG,C=COM > Valid From: Mon Dec 28 10:35:30 2015 UTC > Valid Until: Mon Dec 31 23:59:59 2035 UTC > > Joining realm failed: libcurl failed to execute the HTTP POST transaction, explaining: SSL certificate problem: self signed certificate in certificate chain > > Installation failed. Rolling back changes. > IPA client is not configured on this system. > > > ??? > Is this the chain sent from the ipa server to the new host? > > Every helpful idea would be highly appreciated. > What version of server and client? I gather you have installed with an external CA? How many certs are in /etc/ipa/ca.crt? rob From david at cazena.com Fri Jan 29 15:37:49 2016 From: david at cazena.com (David Zabner) Date: Fri, 29 Jan 2016 15:37:49 +0000 Subject: [Freeipa-users] Server error with multiple clients joining domain simultaneously In-Reply-To: <56AB4E8C.9000809@redhat.com> References: <3ea77fa3e86442108d946548d3ec9912@MLBXCH13.cs.myharris.net> <4a2d11b12ca143bdad38d4f5cbb9cbc0@MLBXCH13.cs.myharris.net> <56AB4E8C.9000809@redhat.com> Message-ID: Any guesses as to why I couldn?t revert to using the mod_auth_kerb library? It seems like this is the only place where the library is referenced one way or the other? Thanks for all your help. > On Jan 29, 2016, at 6:35 AM, Petr Spacek wrote: > > Interesting, we have to investigate it! > > Here is a ticket: > https://fedorahosted.org/freeipa/ticket/5653 > > You can Cc yourself to it and watch the progress. > > Petr^2 Spacek > > On 28.1.2016 20:17, David Zabner wrote: >> I was guessing that it was a problem with mod_auth_gssapi and so I tried switching the auth method back to mod_auth_kerb which did not work. (although it is entirely possible that I did not switch it correctly) >> >> I did it by changing the gssapi settings in /etc/httpd/conf.d/ipa.conf to: >> >> AuthType Kerberos >> AuthName "Kerberos Login" >> KrbMethodNegotiate on >> KrbMethodK5Passwd off >> KrbServiceName HTTP >> KrbAuthRealms $realm >> Krb5KeyTab /etc/httpd/conf/ipa.keytab >> KrbSaveCredentials on >> KrbConstrainedDelegation on >> Require valid-user >> ErrorDocument 401 /ipa/errors/unauthorized.html >> >> It just seemed to cause other problems... >> >> On Jan 28, 2016, at 1:44 PM, Izzo, Anthony > wrote: >> >> I should add that some of my team members have tried serializing their instance launches, and this problem does not seem to occur under those circumstances. (That?s not a solution, just a data point for those interested in this behavior). Thanks. >> >> >> From: Izzo, Anthony (U.S. Person) >> Sent: Thursday, January 28, 2016 1:35 PM >> To: freeipa-users at redhat.com >> Cc: 'David Zabner' > >> Subject: RE: [Freeipa-users] Server error with multiple clients joining domain simultaneously >> >> Yes, that?s it! >> >> From: David Zabner [mailto:david at cazena.com] >> Sent: Thursday, January 28, 2016 1:31 PM >> To: Izzo, Anthony (U.S. Person) > >> Cc: freeipa-users at redhat.com >> Subject: Re: [Freeipa-users] Server error with multiple clients joining domain simultaneously >> >> This sounds exactly like the problem I am having. I will attach my error log. Is this what yours looks like? >> -- >> Manage your subscription for the Freeipa-users mailing list: >> https://www.redhat.com/mailman/listinfo/freeipa-users >> Go to http://freeipa.org for more info on the project >> >> >> > > > -- > Petr^2 Spacek > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project From harald.dunkel at aixigo.de Fri Jan 29 15:43:46 2016 From: harald.dunkel at aixigo.de (Harald Dunkel) Date: Fri, 29 Jan 2016 16:43:46 +0100 Subject: [Freeipa-users] Joining realm failed with "SSL certificate problem: self signed certificate in certificate chain" In-Reply-To: <56AB8146.1080002@redhat.com> References: <56AB5928.9090103@aixigo.de> <56AB8146.1080002@redhat.com> Message-ID: <56AB88B2.3050400@aixigo.de> Hi Rob, On 01/29/2016 04:12 PM, Rob Crittenden wrote: > > What version of server and client? > Server is freeipa 4.2 (Centos 7.2) Client is freeipa 4.0.5 (Debian 8) Sorry, I should have mentioned this in my first post. I am running >200 clients in this environment, appr. 40% are Debian Hosts with this freeipa version. One host cannot be joined :-(. > I gather you have installed with an external CA? How many certs are in > /etc/ipa/ca.crt? > Yes, its an external CA. There is one cert in ca.cert: It is the certificate of the ipa CA, signed by the expected external root CA. I see the same on the other hosts, but of course I checked only a few (4). Regards Harri From rcritten at redhat.com Fri Jan 29 16:04:00 2016 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 29 Jan 2016 11:04:00 -0500 Subject: [Freeipa-users] Server error with multiple clients joining domain simultaneously In-Reply-To: References: <3ea77fa3e86442108d946548d3ec9912@MLBXCH13.cs.myharris.net> <4a2d11b12ca143bdad38d4f5cbb9cbc0@MLBXCH13.cs.myharris.net> <56AB4E8C.9000809@redhat.com> Message-ID: <56AB8D70.9040804@redhat.com> David Zabner wrote: > Any guesses as to why I couldn?t revert to using the mod_auth_kerb library? It seems like this is the only place where the library is referenced one way or the other? > You need to set this globally: KrbConstrainedDelegationLock ipa And I assume you replaced $realm with your actual realm, right? It would also be useful to know how it doesn't work. rob > Thanks for all your help. > >> On Jan 29, 2016, at 6:35 AM, Petr Spacek wrote: >> >> Interesting, we have to investigate it! >> >> Here is a ticket: >> https://fedorahosted.org/freeipa/ticket/5653 >> >> You can Cc yourself to it and watch the progress. >> >> Petr^2 Spacek >> >> On 28.1.2016 20:17, David Zabner wrote: >>> I was guessing that it was a problem with mod_auth_gssapi and so I tried switching the auth method back to mod_auth_kerb which did not work. (although it is entirely possible that I did not switch it correctly) >>> >>> I did it by changing the gssapi settings in /etc/httpd/conf.d/ipa.conf to: >>> >>> AuthType Kerberos >>> AuthName "Kerberos Login" >>> KrbMethodNegotiate on >>> KrbMethodK5Passwd off >>> KrbServiceName HTTP >>> KrbAuthRealms $realm >>> Krb5KeyTab /etc/httpd/conf/ipa.keytab >>> KrbSaveCredentials on >>> KrbConstrainedDelegation on >>> Require valid-user >>> ErrorDocument 401 /ipa/errors/unauthorized.html >>> >>> It just seemed to cause other problems... >>> >>> On Jan 28, 2016, at 1:44 PM, Izzo, Anthony > wrote: >>> >>> I should add that some of my team members have tried serializing their instance launches, and this problem does not seem to occur under those circumstances. (That?s not a solution, just a data point for those interested in this behavior). Thanks. >>> >>> >>> From: Izzo, Anthony (U.S. Person) >>> Sent: Thursday, January 28, 2016 1:35 PM >>> To: freeipa-users at redhat.com >>> Cc: 'David Zabner' > >>> Subject: RE: [Freeipa-users] Server error with multiple clients joining domain simultaneously >>> >>> Yes, that?s it! >>> >>> From: David Zabner [mailto:david at cazena.com] >>> Sent: Thursday, January 28, 2016 1:31 PM >>> To: Izzo, Anthony (U.S. Person) > >>> Cc: freeipa-users at redhat.com >>> Subject: Re: [Freeipa-users] Server error with multiple clients joining domain simultaneously >>> >>> This sounds exactly like the problem I am having. I will attach my error log. Is this what yours looks like? >>> -- >>> Manage your subscription for the Freeipa-users mailing list: >>> https://www.redhat.com/mailman/listinfo/freeipa-users >>> Go to http://freeipa.org for more info on the project >>> >>> >>> >> >> >> -- >> Petr^2 Spacek >> >> -- >> Manage your subscription for the Freeipa-users mailing list: >> https://www.redhat.com/mailman/listinfo/freeipa-users >> Go to http://freeipa.org for more info on the project > > From david at cazena.com Fri Jan 29 17:48:47 2016 From: david at cazena.com (David Zabner) Date: Fri, 29 Jan 2016 17:48:47 +0000 Subject: [Freeipa-users] Server error with multiple clients joining domain simultaneously In-Reply-To: <56AB8D70.9040804@redhat.com> References: <3ea77fa3e86442108d946548d3ec9912@MLBXCH13.cs.myharris.net> <4a2d11b12ca143bdad38d4f5cbb9cbc0@MLBXCH13.cs.myharris.net> <56AB4E8C.9000809@redhat.com> <56AB8D70.9040804@redhat.com> Message-ID: Ok so I added the line "KrbConstrainedDelegationLock ipa? to ipa.conf (httpd configuration) My error log is now full of network errors: -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: error_log.txt URL: -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: ATT00001.txt URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: ipa.conf Type: application/octet-stream Size: 4727 bytes Desc: ipa.conf URL: -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: ATT00002.txt URL: From jeff.hallyburton at bloomip.com Fri Jan 29 19:08:04 2016 From: jeff.hallyburton at bloomip.com (Jeff Hallyburton) Date: Fri, 29 Jan 2016 14:08:04 -0500 Subject: [Freeipa-users] SSSD Crash Causing Inaccessibility In-Reply-To: <20160129124915.GK24839@mail.corp.redhat.com> References: <20160128232255.GA18347@mail.corp.redhat.com> <20160129124915.GK24839@mail.corp.redhat.com> Message-ID: Lukas, Installed versions of sssd: # rpm -qa | grep -i sssd sssd-common-1.13.0-40.el7_2.1.x86_64 sssd-ipa-1.13.0-40.el7_2.1.x86_64 sssd-1.13.0-40.el7_2.1.x86_64 sssd-krb5-common-1.13.0-40.el7_2.1.x86_64 sssd-ad-1.13.0-40.el7_2.1.x86_64 sssd-ldap-1.13.0-40.el7_2.1.x86_64 sssd-proxy-1.13.0-40.el7_2.1.x86_64 python-sssdconfig-1.13.0-40.el7_2.1.noarch sssd-client-1.13.0-40.el7_2.1.x86_64 sssd-common-pac-1.13.0-40.el7_2.1.x86_64 sssd-krb5-1.13.0-40.el7_2.1.x86_64 No core dumps unfortunately. Thanks, Jeff Jeff Hallyburton Strategic Systems Engineer Bloomip Inc. Web: http://www.bloomip.com Engineering Support: support at bloomip.com Billing Support: billing at bloomip.com Customer Support Portal: https://my.bloomip.com On Fri, Jan 29, 2016 at 7:49 AM, Lukas Slebodnik wrote: > On (28/01/16 18:37), Jeff Hallyburton wrote: > >Application logs showed this to be due to an OOM error, so no need to > chase > >this further. Thanks for the quick response! > > > Even though it was OOM. > I would still be interested in version of sssd. > "access after free error" is bed error. > > Do you have a coredump. It might be stored > by abrt or systemd-coredumpd (coredumpctl) > > LS > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rcritten at redhat.com Fri Jan 29 19:14:44 2016 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 29 Jan 2016 14:14:44 -0500 Subject: [Freeipa-users] Server error with multiple clients joining domain simultaneously In-Reply-To: References: <3ea77fa3e86442108d946548d3ec9912@MLBXCH13.cs.myharris.net> <4a2d11b12ca143bdad38d4f5cbb9cbc0@MLBXCH13.cs.myharris.net> <56AB4E8C.9000809@redhat.com> <56AB8D70.9040804@redhat.com> Message-ID: <56ABBA24.2030509@redhat.com> David Zabner wrote: > Ok so I added the line "KrbConstrainedDelegationLock ipa? to ipa.conf (httpd configuration) > > > My error log is now full of network errors: > config looks right to me. Does this mean that some requests are successful and others are not? I'd set LogLevel debug in nss.conf and restart and you should get more verbose info out of mod_auth_kerb. rob From jeff.hallyburton at bloomip.com Fri Jan 29 19:20:38 2016 From: jeff.hallyburton at bloomip.com (Jeff Hallyburton) Date: Fri, 29 Jan 2016 14:20:38 -0500 Subject: [Freeipa-users] IPA Web Portal using outdated ciphers, breaking with some clients Message-ID: Hi, We're also seeing that the free-ipa web-portal is using TLS 1.2 by default, which is being flagged as insecure / obsolete. This also seems to be causing some clients (some instances of Chrome) to fail logins: [Fri Jan 29 18:34:26.638350 2016] [:error] [pid 6603] SSL Library Error: -12286 No common encryption algorithm(s) with client What do we need to do to update this to TLS 1.3? Thanks, Jeff Jeff Hallyburton Strategic Systems Engineer Bloomip Inc. Web: http://www.bloomip.com Engineering Support: support at bloomip.com Billing Support: billing at bloomip.com Customer Support Portal: https://my.bloomip.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From rcritten at redhat.com Fri Jan 29 19:36:48 2016 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 29 Jan 2016 14:36:48 -0500 Subject: [Freeipa-users] IPA Web Portal using outdated ciphers, breaking with some clients In-Reply-To: References: Message-ID: <56ABBF50.5050107@redhat.com> Jeff Hallyburton wrote: > Hi, > > We're also seeing that the free-ipa web-portal is using TLS 1.2 by > default, which is being flagged as insecure / obsolete. This also seems > to be causing some clients (some instances of Chrome) to fail logins: > > [Fri Jan 29 18:34:26.638350 2016] [:error] [pid 6603] SSL Library Error: > -12286 No common encryption algorithm(s) with client > > > What do we need to do to update this to TLS 1.3? TLS 1.2 insecure/obsolete? Flagged by what? Need more info on what the handshake looks like and what the server configuration is. AFAIK 1.3 is still in draft form. rob From jeff.hallyburton at bloomip.com Fri Jan 29 19:52:10 2016 From: jeff.hallyburton at bloomip.com (Jeff Hallyburton) Date: Fri, 29 Jan 2016 14:52:10 -0500 Subject: [Freeipa-users] IPA Web Portal using outdated ciphers, breaking with some clients In-Reply-To: <56ABBF50.5050107@redhat.com> References: <56ABBF50.5050107@redhat.com> Message-ID: Rob, Chrome is flagging this, and given the error (I've attached a copy) its probably due to the cipher suite (possibly specifically that it uses SHA1). This article has more details and is consistent with what we're seeing: http://security.stackexchange.com/questions/83831/google-chrome-your-connection-to-website-is-encrypted-with-obsolete-cryptograph We've also seen similar issues come up with other applications during penetration scans (e.g., Qualys) which is why I've noted it here. Thanks, Jeff Jeff Hallyburton Strategic Systems Engineer Bloomip Inc. Web: http://www.bloomip.com Engineering Support: support at bloomip.com Billing Support: billing at bloomip.com Customer Support Portal: https://my.bloomip.com On Fri, Jan 29, 2016 at 2:36 PM, Rob Crittenden wrote: > Jeff Hallyburton wrote: > > Hi, > > > > We're also seeing that the free-ipa web-portal is using TLS 1.2 by > > default, which is being flagged as insecure / obsolete. This also seems > > to be causing some clients (some instances of Chrome) to fail logins: > > > > [Fri Jan 29 18:34:26.638350 2016] [:error] [pid 6603] SSL Library Error: > > -12286 No common encryption algorithm(s) with client > > > > > > What do we need to do to update this to TLS 1.3? > > TLS 1.2 insecure/obsolete? Flagged by what? Need more info on what the > handshake looks like and what the server configuration is. > > AFAIK 1.3 is still in draft form. > > rob > -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: Chrome SSL Cipher SS.png Type: image/png Size: 29939 bytes Desc: not available URL: From jhrozek at redhat.com Fri Jan 29 22:44:43 2016 From: jhrozek at redhat.com (Jakub Hrozek) Date: Fri, 29 Jan 2016 23:44:43 +0100 Subject: [Freeipa-users] SSSD Crash Causing Inaccessibility In-Reply-To: <20160129124915.GK24839@mail.corp.redhat.com> References: <20160128232255.GA18347@mail.corp.redhat.com> <20160129124915.GK24839@mail.corp.redhat.com> Message-ID: <20160129224443.GJ27885@hendrix.redhat.com> On Fri, Jan 29, 2016 at 01:49:15PM +0100, Lukas Slebodnik wrote: > On (28/01/16 18:37), Jeff Hallyburton wrote: > >Application logs showed this to be due to an OOM error, so no need to chase > >this further. Thanks for the quick response! > > > Even though it was OOM. > I would still be interested in version of sssd. > "access after free error" is bed error. > > Do you have a coredump. It might be stored > by abrt or systemd-coredumpd (coredumpctl) This problem reminds me of: https://fedorahosted.org/sssd/ticket/2886 Sadly, that one was also a one-time condition and we could never get to the root cause from the corefile. I agree with Lukas the core would be nice to see.. From jeff.hallyburton at bloomip.com Fri Jan 29 23:41:07 2016 From: jeff.hallyburton at bloomip.com (Jeff Hallyburton) Date: Fri, 29 Jan 2016 18:41:07 -0500 Subject: [Freeipa-users] SSSD Crash Causing Inaccessibility In-Reply-To: <20160129224443.GJ27885@hendrix.redhat.com> References: <20160128232255.GA18347@mail.corp.redhat.com> <20160129124915.GK24839@mail.corp.redhat.com> <20160129224443.GJ27885@hendrix.redhat.com> Message-ID: Understood. Unfortunately, this event has been diagnosed and mitigated, so re-occurance is unlikely. Will respond to this thread if we see any repeats however, totally understand the need for further information here. Jeff Jeff Hallyburton Strategic Systems Engineer Bloomip Inc. Web: http://www.bloomip.com Engineering Support: support at bloomip.com Billing Support: billing at bloomip.com Customer Support Portal: https://my.bloomip.com On Fri, Jan 29, 2016 at 5:44 PM, Jakub Hrozek wrote: > On Fri, Jan 29, 2016 at 01:49:15PM +0100, Lukas Slebodnik wrote: > > On (28/01/16 18:37), Jeff Hallyburton wrote: > > >Application logs showed this to be due to an OOM error, so no need to > chase > > >this further. Thanks for the quick response! > > > > > Even though it was OOM. > > I would still be interested in version of sssd. > > "access after free error" is bed error. > > > > Do you have a coredump. It might be stored > > by abrt or systemd-coredumpd (coredumpctl) > > This problem reminds me of: > https://fedorahosted.org/sssd/ticket/2886 > > Sadly, that one was also a one-time condition and we could never get to > the root cause from the corefile. > > I agree with Lukas the core would be nice to see.. > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project > -------------- next part -------------- An HTML attachment was scrubbed... URL: From wodel.youchi at gmail.com Sat Jan 30 14:01:52 2016 From: wodel.youchi at gmail.com (wodel youchi) Date: Sat, 30 Jan 2016 15:01:52 +0100 Subject: [Freeipa-users] [Centos7.2 Freeipa 4.2] browser : your session has expired Message-ID: Hi, When accessing the webui of Freeipa from the browser using login password, I get your session has expired. As a workaround I have to either : - Delete the https certificate of the ipa server from the browser and delete history then relogin again. - Restart ipa services : ipactl restart PS: The machine I am using to connect to the webui of freeipa is not enrolled in it, I am using login/pass to connect not kerberos. Regards -------------- next part -------------- An HTML attachment was scrubbed... URL: From abokovoy at redhat.com Sat Jan 30 16:54:59 2016 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Sat, 30 Jan 2016 11:54:59 -0500 (EST) Subject: [Freeipa-users] [Centos7.2 Freeipa 4.2] browser : your session has expired In-Reply-To: References: Message-ID: <2135244242.20514616.1454172899622.JavaMail.zimbra@redhat.com> ----- Original Message ----- > Hi, > > When accessing the webui of Freeipa from the browser using login password, I > get your session has expired. > > > As a workaround I have to either : > - Delete the https certificate of the ipa server from the browser and delete > history then relogin again. > - Restart ipa services : ipactl restart - delete cookies in the browser corresponding to IPA server. > PS: The machine I am using to connect to the webui of freeipa is not enrolled > in it, I am using login/pass to connect not kerberos. Web UI session is set to 30 minutes or so. -- / Alexander Bokovoy From wodel.youchi at gmail.com Sun Jan 31 08:49:34 2016 From: wodel.youchi at gmail.com (wodel youchi) Date: Sun, 31 Jan 2016 09:49:34 +0100 Subject: [Freeipa-users] [Centos7.2 Freeipa 4.2] browser : your session has expired In-Reply-To: <2135244242.20514616.1454172899622.JavaMail.zimbra@redhat.com> References: <2135244242.20514616.1454172899622.JavaMail.zimbra@redhat.com> Message-ID: Hi, I miss explained myself apparently, here it is: I open a session with login/password, I do some work, I left it for a while, the session disconnects which is normal. I come back, I try to authenticate with login/password it keeps telling me : your session has expired. Regards. 2016-01-30 17:54 GMT+01:00 Alexander Bokovoy : > > > ----- Original Message ----- > > Hi, > > > > When accessing the webui of Freeipa from the browser using login > password, I > > get your session has expired. > > > > > > As a workaround I have to either : > > - Delete the https certificate of the ipa server from the browser and > delete > > history then relogin again. > > - Restart ipa services : ipactl restart > - delete cookies in the browser corresponding to IPA server. > > > PS: The machine I am using to connect to the webui of freeipa is not > enrolled > > in it, I am using login/pass to connect not kerberos. > Web UI session is set to 30 minutes or so. > > -- > / Alexander Bokovoy > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nix125432512689712 at gmail.com Wed Jan 27 16:36:13 2016 From: nix125432512689712 at gmail.com (sysadmin ofdoom) Date: Wed, 27 Jan 2016 09:36:13 -0700 Subject: [Freeipa-users] Sudo privilege inheritance in FreeIPA (3.0.x branch) Message-ID: I am trying to implement FreeIPA in a larger environment. Due to the complexity of the environment I've been constructing a user group structure such that i have groups at the following levels: project --> project_at_site --> project_site_vendor HBAC rules are defined at the lowest level (vendor at site) and associated with a host group at the same level. Each of the above user group levels will have a corresponding sudo group. (Used to provide a vendor access to servers the vendor supports at a specific site at a moments notice) HBAC rules are propagating up the chain correctly. When a user is added to a top level group (e.g. project or project-sudo) the indirect membership shows up for both Sudo and HBAC rules. The problem is that I can't get the sudo privileges to work when the user shows indirect membership for the sudo rule. If i make the user a direct member of the sudo rule, i can use sudo. As I've looked at debug logs, i was able to see that the query used when i was identical when i was successful at using sudo and when i i got denied. The difference is the failure would have a message like [sudosrv_get_sudorules_from_cache] (0x0400): Returning 1 rules for [ user at example.com] The successes returned 2 rules. The only change made between the success and failure was making the user a direct member of the sudo rule where the failure was an indirect member. Thanks for any help! -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael at stroeder.com Sun Jan 31 20:58:40 2016 From: michael at stroeder.com (=?UTF-8?Q?Michael_Str=c3=b6der?=) Date: Sun, 31 Jan 2016 21:58:40 +0100 Subject: [Freeipa-users] [SSSD-users] heads-up: new code to fetch sudo rules from an IPA server coming to Fedora and RHEL-6 In-Reply-To: <20160127152103.GD3448@hendrix.redhat.com> References: <20160127152103.GD3448@hendrix.redhat.com> Message-ID: <56AE7580.6060501@stroeder.com> Jakub Hrozek wrote: > the sssd's code that fetches sudo rules from the IPA server got an > overhaul recently. The search would no longer be performed against the > compat tree, but against IPA's native LDAP tree. This would have the > advantage that environments that don't use the slapi-nis' compat tree > for another reason (like old or non-Linux clients) would no longer > require slapi-nis to be running at all. Frankly I don't understand this text. Especially I don't know what the terms "compat tree" and "IPA's native LDAP tree" really mean. Does this only affect the IPA provider? Ciao, Michael. -- Michael Str?der E-Mail: michael at stroeder.com http://www.stroeder.com -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4245 bytes Desc: S/MIME Cryptographic Signature URL: